Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/068a6c-921b-4e0b-ba7e-3a6de99ede47/1/9WhKoBtA9w1RuKedqOS6XFmsO3I.roa
File:                     9WhKoBtA9w1RuKedqOS6XFmsO3I.roa (raw, json)
Hash identifier:          CbHe2gPopFpWls+9aZrP72edEhK5Goer7R+Ctk2HNZY=
Subject key identifier:   F5:68:4A:A0:1B:40:F7:0D:51:B8:A7:9D:A8:E4:BA:5C:59:AC:3B:72
Certificate issuer:       /CN=2d3c3987e7c34b366aa0f09c40ea4c80bfed0e01
Certificate serial:       019A2E9DC5D378C747FAD787152AA22CE1EE
Authority key identifier: 2D:3C:39:87:E7:C3:4B:36:6A:A0:F0:9C:40:EA:4C:80:BF:ED:0E:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LTw5h-fDSzZqoPCcQOpMgL_tDgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/068a6c-921b-4e0b-ba7e-3a6de99ede47/1/9WhKoBtA9w1RuKedqOS6XFmsO3I.roa
Signing time:             Wed 29 Oct 2025 06:18:03 +0000
ROA not before:           Wed 29 Oct 2025 06:18:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203866
IP address blocks:        194.150.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/068a6c-921b-4e0b-ba7e-3a6de99ede47/1/LTw5h-fDSzZqoPCcQOpMgL_tDgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/068a6c-921b-4e0b-ba7e-3a6de99ede47/1/LTw5h-fDSzZqoPCcQOpMgL_tDgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LTw5h-fDSzZqoPCcQOpMgL_tDgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 09:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2e:9d:c5:d3:78:c7:47:fa:d7:87:15:2a:a2:2c:e1:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d3c3987e7c34b366aa0f09c40ea4c80bfed0e01
        Validity
            Not Before: Oct 29 06:18:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5684aa01b40f70d51b8a79da8e4ba5c59ac3b72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:61:32:b9:f4:48:ec:77:32:92:3c:ac:87:cc:
                    7c:5c:b5:a6:e9:89:2a:29:de:8f:16:29:31:d6:47:
                    40:35:a4:92:25:b0:b7:6c:91:4a:63:b7:0a:e3:fe:
                    a8:83:aa:20:e4:0d:f3:bf:21:d0:9d:bf:37:b7:7c:
                    f7:c3:b2:3c:bb:27:ac:9f:77:49:bd:d5:22:36:e8:
                    18:80:a9:5e:a6:92:a8:52:4a:53:43:37:84:2e:bc:
                    f6:a5:a7:9a:f4:71:ad:6d:57:77:1d:85:1a:5b:29:
                    9f:73:96:e5:b1:e0:ca:61:06:78:84:94:b4:fa:2a:
                    8f:71:24:c3:d1:59:4d:b1:da:a8:60:06:dd:35:f1:
                    96:72:33:c2:ed:32:b1:e7:55:09:c2:ea:0d:01:99:
                    c2:86:3e:ed:70:75:ba:c8:b7:f9:f9:1b:88:23:2e:
                    de:c2:27:ad:6e:42:01:c0:f8:0c:40:e6:35:6f:3f:
                    89:13:3a:79:fc:ed:22:fa:a6:0f:ac:d5:2c:03:cc:
                    3e:89:f0:92:81:c5:58:b1:e9:d4:f7:97:ff:ac:11:
                    81:05:4c:17:8c:df:e3:39:e2:cc:0e:8e:33:e5:c9:
                    6b:48:a9:68:4d:05:f5:0a:23:51:18:72:93:0a:d8:
                    fb:cf:8f:0b:8b:95:f8:cf:90:45:d3:5e:45:f4:90:
                    45:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:68:4A:A0:1B:40:F7:0D:51:B8:A7:9D:A8:E4:BA:5C:59:AC:3B:72
            X509v3 Authority Key Identifier:
                keyid:2D:3C:39:87:E7:C3:4B:36:6A:A0:F0:9C:40:EA:4C:80:BF:ED:0E:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LTw5h-fDSzZqoPCcQOpMgL_tDgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/068a6c-921b-4e0b-ba7e-3a6de99ede47/1/9WhKoBtA9w1RuKedqOS6XFmsO3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/068a6c-921b-4e0b-ba7e-3a6de99ede47/1/LTw5h-fDSzZqoPCcQOpMgL_tDgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:02:8c:eb:bd:8d:b8:62:fd:3d:da:96:76:5e:c5:c8:5a:ce:
         3f:f6:87:cb:82:15:a5:91:bb:33:11:4b:e0:b7:f6:73:d6:5d:
         8e:57:0d:8d:06:56:46:3d:b6:03:d4:07:b0:1e:77:f1:9b:e6:
         4b:2d:0d:89:70:e2:27:53:4b:fb:d1:82:ad:5f:57:4b:45:94:
         ba:75:fe:f7:cf:7b:24:50:84:76:92:c4:35:6c:cb:ba:11:f1:
         39:46:27:94:f2:2a:49:5f:ba:ec:ba:37:ef:40:6d:f0:48:bb:
         55:1b:42:a4:a3:9f:4d:71:3b:99:5f:3f:c1:0f:9f:36:f8:c7:
         89:97:59:8f:fc:d5:9e:fc:88:bf:c9:40:80:b2:b3:d8:01:95:
         f2:cc:bf:ab:87:46:da:95:eb:49:6f:73:7e:9c:e1:9a:72:08:
         40:d9:1c:98:63:19:64:7b:08:1a:25:41:9c:a0:47:87:9c:ae:
         b3:3d:7c:7f:f4:00:31:b8:d0:45:f5:ae:40:b4:17:8d:43:a1:
         2c:5f:57:ef:d6:22:0e:8e:b1:43:2d:f8:e6:38:82:3a:85:25:
         d5:3d:c3:b9:a0:1d:3c:5c:c2:c9:6d:3d:6a:d4:49:c8:22:e9:
         93:8d:56:1a:bb:8c:bf:ca:73:a7:e7:0b:ff:41:d7:a4:47:46:
         e4:20:20:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZouncXTeMdH+teHFSqiLOHuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkM2MzOTg3ZTdjMzRiMzY2YWEwZjA5YzQwZWE0YzgwYmZl
ZDBlMDEwHhcNMjUxMDI5MDYxODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTY4NGFhMDFiNDBmNzBkNTFiOGE3OWRhOGU0YmE1YzU5YWMzYjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3mEyufRI7Hcykjysh8x8XLWm6Ykq
Kd6PFikx1kdANaSSJbC3bJFKY7cK4/6og6og5A3zvyHQnb83t3z3w7I8uyesn3dJ
vdUiNugYgKleppKoUkpTQzeELrz2paea9HGtbVd3HYUaWymfc5blseDKYQZ4hJS0
+iqPcSTD0VlNsdqoYAbdNfGWcjPC7TKx51UJwuoNAZnChj7tcHW6yLf5+RuIIy7e
wietbkIBwPgMQOY1bz+JEzp5/O0i+qYPrNUsA8w+ifCSgcVYsenU95f/rBGBBUwX
jN/jOeLMDo4z5clrSKloTQX1CiNRGHKTCtj7z48Li5X4z5BF015F9JBFwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVoSqAbQPcNUbinnajkulxZrDtyMB8GA1UdIwQY
MBaAFC08OYfnw0s2aqDwnEDqTIC/7Q4BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFR3NWgtZkRTelpxb1BDY1FPcE1nTF90RGdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wNjhhNmMtOTIxYi00ZTBiLWJhN2Ut
M2E2ZGU5OWVkZTQ3LzEvOVdoS29CdEE5dzFSdUtlZHFPUzZYRm1zTzNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wNjhhNmMtOTIxYi00ZTBiLWJhN2UtM2E2ZGU5OWVkZTQ3
LzEvTFR3NWgtZkRTelpxb1BDY1FPcE1nTF90RGdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpZKMA0G
CSqGSIb3DQEBCwUAA4IBAQAfAozrvY24Yv092pZ2XsXIWs4/9ofLghWlkbszEUvg
t/Zz1l2OVw2NBlZGPbYD1AewHnfxm+ZLLQ2JcOInU0v70YKtX1dLRZS6df73z3sk
UIR2ksQ1bMu6EfE5RieU8ipJX7rsujfvQG3wSLtVG0Kko59NcTuZXz/BD582+MeJ
l1mP/NWe/Ii/yUCAsrPYAZXyzL+rh0baletJb3N+nOGacghA2RyYYxlkewgaJUGc
oEeHnK6zPXx/9AAxuNBF9a5AtBeNQ6EsX1fv1iIOjrFDLfjmOII6hSXVPcO5oB08
XMLJbT1q1EnIIumTjVYau4y/ynOn5wv/QdekR0bkICA8
-----END CERTIFICATE-----