Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/eM9eBjal4_y1POkPGbCQnwiZoSY.roa
File:                     eM9eBjal4_y1POkPGbCQnwiZoSY.roa (raw, json)
Hash identifier:          K0YjjeAMEyPylhZxZo/IupUyAhS45lKcJpo4UDpKlMI=
Subject key identifier:   78:CF:5E:06:36:A5:E3:FC:B5:3C:E9:0F:19:B0:90:9F:08:99:A1:26
Certificate issuer:       /CN=c105adc5c4262dff6b3f3e606830c7f971d766ce
Certificate serial:       01992DBD8F1896B4C35CACDB8053BF28F57A
Authority key identifier: C1:05:AD:C5:C4:26:2D:FF:6B:3F:3E:60:68:30:C7:F9:71:D7:66:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/eM9eBjal4_y1POkPGbCQnwiZoSY.roa
Signing time:             Tue 09 Sep 2025 09:10:21 +0000
ROA not before:           Tue 09 Sep 2025 09:10:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197726
IP address blocks:        195.123.188.0/24 maxlen: 24
                          195.123.189.0/24 maxlen: 24
                          195.123.190.0/24 maxlen: 24
                          195.123.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 20:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2d:bd:8f:18:96:b4:c3:5c:ac:db:80:53:bf:28:f5:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c105adc5c4262dff6b3f3e606830c7f971d766ce
        Validity
            Not Before: Sep  9 09:10:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=78cf5e0636a5e3fcb53ce90f19b0909f0899a126
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:20:39:02:05:cf:09:f6:11:1b:bc:8e:90:40:
                    7e:42:4f:b0:5e:1a:3c:83:1c:e1:03:05:c8:f2:90:
                    34:5e:94:91:63:5a:12:e4:87:8a:9c:5f:aa:7e:16:
                    ba:ae:25:7f:ab:8d:3b:05:67:e6:98:f4:a8:9a:6f:
                    88:86:e5:15:3b:e0:8a:34:14:2d:37:21:3d:f4:c1:
                    fa:ae:5e:58:da:45:5f:77:11:a6:12:52:a4:4a:91:
                    6c:00:f8:ec:7f:ee:a9:0c:ff:69:d0:d8:90:67:f5:
                    61:92:28:70:4a:c3:7c:4c:e7:80:83:a1:5d:49:48:
                    80:cb:79:14:d9:98:68:c1:a7:43:00:25:79:ba:6a:
                    ff:b8:f1:61:87:8f:f5:e2:41:9f:73:26:a7:2c:e6:
                    89:2d:63:ac:a2:14:a2:5e:5d:3a:82:ff:cf:a5:58:
                    ad:8b:02:cf:aa:26:53:00:8f:53:6c:62:33:eb:e8:
                    bd:e3:98:9f:cf:1c:19:03:b0:c6:b0:3a:29:d9:2d:
                    3a:45:d4:0f:a0:94:d4:7d:90:48:b9:56:a5:c0:0e:
                    9b:07:8d:5f:a0:62:98:17:2d:ec:91:c2:21:a6:b0:
                    e0:f4:29:b7:6c:b6:0c:73:13:3b:c7:51:e0:4a:c2:
                    56:1c:fe:cf:b3:ce:85:b5:b5:4a:30:84:cc:d0:b4:
                    4a:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:CF:5E:06:36:A5:E3:FC:B5:3C:E9:0F:19:B0:90:9F:08:99:A1:26
            X509v3 Authority Key Identifier:
                keyid:C1:05:AD:C5:C4:26:2D:FF:6B:3F:3E:60:68:30:C7:F9:71:D7:66:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/eM9eBjal4_y1POkPGbCQnwiZoSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.123.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:34:da:4b:bd:d2:d3:6d:42:94:dc:93:4b:35:51:17:f1:1b:
         31:ea:32:ce:1d:6e:54:05:48:19:38:d9:02:9b:91:b9:a8:f3:
         00:9a:17:6e:1d:39:ee:45:ee:f1:46:ee:d3:69:86:8e:53:bb:
         8b:3d:fe:f9:90:83:82:d0:1e:39:cf:b3:91:4d:cf:6b:f2:8f:
         5e:f9:ef:ba:36:00:e7:70:3e:72:65:f2:af:e0:40:c8:66:3b:
         7b:97:73:78:3b:ea:c7:89:f4:d4:b3:ca:26:21:0c:26:03:ac:
         04:b1:9c:87:5c:2b:51:dd:02:6d:20:21:1c:71:ba:5e:dd:e6:
         47:74:2a:b9:e3:fe:bf:51:8a:38:c9:bd:5f:72:d5:af:8c:66:
         0f:8e:04:db:7d:10:60:bb:17:62:c1:be:82:d4:28:e7:f7:a0:
         88:9f:20:3b:d1:4d:08:f5:4f:12:54:c9:e5:bb:e4:56:2d:5c:
         c1:7a:5c:3a:94:4d:a3:6a:6e:af:df:fb:8a:33:cc:86:f3:81:
         56:ca:f3:dd:4f:42:f0:b4:71:73:1b:76:f9:a8:d7:79:bf:f4:
         14:bf:b6:64:d5:a7:56:72:b8:32:41:d9:a8:e8:da:9b:40:ac:
         e2:a7:67:7b:d4:0d:85:19:2a:04:96:20:dd:06:a3:ab:95:d2:
         56:0c:e4:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZktvY8YlrTDXKzbgFO/KPV6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMDVhZGM1YzQyNjJkZmY2YjNmM2U2MDY4MzBjN2Y5NzFk
NzY2Y2UwHhcNMjUwOTA5MDkxMDIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGNmNWUwNjM2YTVlM2ZjYjUzY2U5MGYxOWIwOTA5ZjA4OTlhMTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCA5AgXPCfYRG7yOkEB+Qk+wXho8
gxzhAwXI8pA0XpSRY1oS5IeKnF+qfha6riV/q407BWfmmPSomm+IhuUVO+CKNBQt
NyE99MH6rl5Y2kVfdxGmElKkSpFsAPjsf+6pDP9p0NiQZ/VhkihwSsN8TOeAg6Fd
SUiAy3kU2ZhowadDACV5umr/uPFhh4/14kGfcyanLOaJLWOsohSiXl06gv/PpVit
iwLPqiZTAI9TbGIz6+i945ifzxwZA7DGsDop2S06RdQPoJTUfZBIuValwA6bB41f
oGKYFy3skcIhprDg9Cm3bLYMcxM7x1HgSsJWHP7Ps86FtbVKMITM0LRKNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHjPXgY2peP8tTzpDxmwkJ8ImaEmMB8GA1UdIwQY
MBaAFMEFrcXEJi3/az8+YGgwx/lx12bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1FXdHhjUW1MZjlyUHo1Z2FEREgtWEhYWnM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jNDkxNzItZjhkYS00MTI4LTg2ODkt
NTE1ODQ1ZTZjMzE3LzEvZU05ZUJqYWw0X3kxUE9rUEdiQ1Fud2lab1NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jNDkxNzItZjhkYS00MTI4LTg2ODktNTE1ODQ1ZTZjMzE3
LzEvd1FXdHhjUW1MZjlyUHo1Z2FEREgtWEhYWnM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw3u8MA0G
CSqGSIb3DQEBCwUAA4IBAQADNNpLvdLTbUKU3JNLNVEX8Rsx6jLOHW5UBUgZONkC
m5G5qPMAmhduHTnuRe7xRu7TaYaOU7uLPf75kIOC0B45z7ORTc9r8o9e+e+6NgDn
cD5yZfKv4EDIZjt7l3N4O+rHifTUs8omIQwmA6wEsZyHXCtR3QJtICEccbpe3eZH
dCq54/6/UYo4yb1fctWvjGYPjgTbfRBguxdiwb6C1Cjn96CInyA70U0I9U8SVMnl
u+RWLVzBelw6lE2jam6v3/uKM8yG84FWyvPdT0LwtHFzG3b5qNd5v/QUv7Zk1adW
crgyQdmo6NqbQKzip2d71A2FGSoEliDdBqOrldJWDOSk
-----END CERTIFICATE-----