Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/P_P8CHxsQVPvqcqoB7rCVHRf8xg.roa
File:                     P_P8CHxsQVPvqcqoB7rCVHRf8xg.roa (raw, json)
Hash identifier:          DeSn5e1S5lCTlAhkzlJiCShJ5gI92BILyI/aNPpUmaM=
Subject key identifier:   3F:F3:FC:08:7C:6C:41:53:EF:A9:CA:A8:07:BA:C2:54:74:5F:F3:18
Certificate issuer:       /CN=dc11daefaff81c7e501278d87d9bc2b204d71155
Certificate serial:       019A2B2B34C3B921D432D5FB645A36BBFEC4
Authority key identifier: DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/P_P8CHxsQVPvqcqoB7rCVHRf8xg.roa
Signing time:             Tue 28 Oct 2025 14:14:03 +0000
ROA not before:           Tue 28 Oct 2025 14:14:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208185
IP address blocks:        94.154.41.0/24 maxlen: 24
                          94.154.43.0/24 maxlen: 24
                          94.154.44.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2b:2b:34:c3:b9:21:d4:32:d5:fb:64:5a:36:bb:fe:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc11daefaff81c7e501278d87d9bc2b204d71155
        Validity
            Not Before: Oct 28 14:14:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ff3fc087c6c4153efa9caa807bac254745ff318
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:aa:57:ca:91:f5:ad:45:ad:e7:c1:fb:8b:18:
                    df:f2:ee:71:9e:10:f7:22:70:31:c3:00:41:6c:a1:
                    1a:07:0e:f8:08:cc:ff:1e:10:75:fe:66:f1:00:ee:
                    b8:e7:f4:57:4c:c0:fc:a8:49:95:6b:46:54:67:44:
                    19:39:00:36:34:c1:dc:e2:5d:b2:68:aa:2b:0c:33:
                    6c:40:94:2e:ea:b5:e2:e5:bb:72:f4:0a:60:e1:ba:
                    c0:b6:31:78:e0:31:a3:1e:a8:e2:98:34:a2:22:19:
                    65:ae:da:97:d4:77:75:1f:84:ef:50:3f:1f:05:cb:
                    7c:a5:29:54:04:af:ab:91:c5:44:da:ff:35:6b:29:
                    de:70:b2:da:58:71:e0:7c:19:6b:b5:82:6d:6c:68:
                    5c:37:22:f9:9b:d0:68:c1:68:73:11:a6:f9:66:f9:
                    40:12:f2:7b:7f:45:63:73:bc:f4:fa:e5:5f:b7:36:
                    94:b3:12:53:f5:84:51:83:6a:d9:51:46:a6:fb:a6:
                    a0:1c:fb:f5:c1:34:26:db:6d:6c:d9:16:5e:0b:67:
                    ec:03:3a:4c:0d:6d:37:c3:a5:05:7b:48:f6:e6:e4:
                    0c:2c:a5:4a:c7:25:49:cd:b9:df:68:fc:ec:79:a2:
                    11:97:f1:47:d7:85:93:a1:8a:4d:c7:56:c5:1d:26:
                    b1:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:F3:FC:08:7C:6C:41:53:EF:A9:CA:A8:07:BA:C2:54:74:5F:F3:18
            X509v3 Authority Key Identifier:
                keyid:DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/P_P8CHxsQVPvqcqoB7rCVHRf8xg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.41.0/24
                  94.154.43.0-94.154.45.255

    Signature Algorithm: sha256WithRSAEncryption
         37:02:89:21:ff:ed:0b:76:07:fe:13:31:d3:9d:92:38:91:65:
         ec:c3:6e:83:6a:a8:9a:07:dc:c5:3a:e1:ec:9c:b4:da:04:ae:
         71:e1:77:7b:d2:15:67:ee:db:15:dc:b2:dc:7a:25:6c:dd:1e:
         ad:ab:a2:fe:74:82:2b:79:d7:45:c7:b2:91:34:b3:ad:ee:25:
         1e:1b:ae:5b:40:44:fb:bd:3c:d5:e6:a7:a3:aa:8a:96:ae:3a:
         ff:37:0c:28:0b:c6:9c:fd:8d:a6:c1:cf:73:e7:fe:b2:92:9e:
         10:29:35:da:98:ec:7c:03:8a:63:c4:ed:7e:bc:2f:54:91:3f:
         85:32:3c:a9:13:90:67:39:ac:3a:3b:99:99:9b:68:42:d8:ce:
         91:ca:9d:5f:d2:b6:5b:3d:fb:c2:b4:5f:bb:9c:d4:b9:ec:ad:
         0f:87:4c:32:c0:ab:3a:eb:98:28:37:58:81:38:37:22:7b:0d:
         6d:d1:cf:8f:a7:e3:09:4a:8f:05:97:00:3b:bc:f9:f0:c9:68:
         10:5c:35:45:85:45:04:3e:b0:16:5e:7a:83:33:df:71:ea:4b:
         d9:60:73:0d:95:c0:30:10:b3:b8:49:12:83:0d:0b:64:d1:c7:
         7a:49:aa:26:14:31:ae:f0:43:69:9d:1d:46:51:31:4a:a6:6a:
         ef:65:12:fb
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZorKzTDuSHUMtX7ZFo2u/7EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMTFkYWVmYWZmODFjN2U1MDEyNzhkODdkOWJjMmIyMDRk
NzExNTUwHhcNMjUxMDI4MTQxNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmYzZmMwODdjNmM0MTUzZWZhOWNhYTgwN2JhYzI1NDc0NWZmMzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6pXypH1rUWt58H7ixjf8u5xnhD3
InAxwwBBbKEaBw74CMz/HhB1/mbxAO645/RXTMD8qEmVa0ZUZ0QZOQA2NMHc4l2y
aKorDDNsQJQu6rXi5bty9Apg4brAtjF44DGjHqjimDSiIhllrtqX1Hd1H4TvUD8f
Bct8pSlUBK+rkcVE2v81aynecLLaWHHgfBlrtYJtbGhcNyL5m9BowWhzEab5ZvlA
EvJ7f0Vjc7z0+uVftzaUsxJT9YRRg2rZUUam+6agHPv1wTQm221s2RZeC2fsAzpM
DW03w6UFe0j25uQMLKVKxyVJzbnfaPzseaIRl/FH14WToYpNx1bFHSaxvwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFD/z/Ah8bEFT76nKqAe6wlR0X/MYMB8GA1UdIwQY
MBaAFNwR2u+v+Bx+UBJ42H2bwrIE1xFVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYt
NjUyNDljYmM1NzNjLzEvUF9QOENIeHNRVlB2cWNxb0I3ckNWSFJmOHhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYtNjUyNDljYmM1NzNj
LzEvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAXpopMAwD
BABemisDBAFemiwwDQYJKoZIhvcNAQELBQADggEBADcCiSH/7Qt2B/4TMdOdkjiR
ZezDboNqqJoH3MU64eyctNoErnHhd3vSFWfu2xXcstx6JWzdHq2rov50git510XH
spE0s63uJR4brltARPu9PNXmp6OqipauOv83DCgLxpz9jabBz3Pn/rKSnhApNdqY
7HwDimPE7X68L1SRP4UyPKkTkGc5rDo7mZmbaELYzpHKnV/Stls9+8K0X7uc1Lns
rQ+HTDLAqzrrmCg3WIE4NyJ7DW3Rz4+n4wlKjwWXADu8+fDJaBBcNUWFRQQ+sBZe
eoMz33HqS9lgcw2VwDAQs7hJEoMNC2TRx3pJqiYUMa7wQ2mdHUZRMUqmau9lEvs=
-----END CERTIFICATE-----