Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/f69975-affd-4f8e-a9f2-5ce9832e7495/1/SpZQMZasDnFvSHk0hsSQsjr39Pk.roa
File:                     SpZQMZasDnFvSHk0hsSQsjr39Pk.roa (raw, json)
Hash identifier:          0yRKRNGlypprPpNYWnGY3uPL+vLYa/tp92ZMslVRtjs=
Subject key identifier:   4A:96:50:31:96:AC:0E:71:6F:48:79:34:86:C4:90:B2:3A:F7:F4:F9
Certificate issuer:       /CN=fc9282a576fd62a0a24166b5ec1f124e4258db49
Certificate serial:       0197E936BF3CECECFA3320AD26B5CA988D67
Authority key identifier: FC:92:82:A5:76:FD:62:A0:A2:41:66:B5:EC:1F:12:4E:42:58:DB:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_JKCpXb9YqCiQWa17B8STkJY20k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/f69975-affd-4f8e-a9f2-5ce9832e7495/1/SpZQMZasDnFvSHk0hsSQsjr39Pk.roa
Signing time:             Tue 08 Jul 2025 08:46:08 +0000
ROA not before:           Tue 08 Jul 2025 08:46:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215773
IP address blocks:        194.56.182.0/24 maxlen: 24
                          212.32.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/f69975-affd-4f8e-a9f2-5ce9832e7495/1/_JKCpXb9YqCiQWa17B8STkJY20k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/f69975-affd-4f8e-a9f2-5ce9832e7495/1/_JKCpXb9YqCiQWa17B8STkJY20k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_JKCpXb9YqCiQWa17B8STkJY20k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e9:36:bf:3c:ec:ec:fa:33:20:ad:26:b5:ca:98:8d:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc9282a576fd62a0a24166b5ec1f124e4258db49
        Validity
            Not Before: Jul  8 08:46:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a96503196ac0e716f48793486c490b23af7f4f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:13:4f:dc:de:19:d8:ce:88:8a:ce:57:ef:c8:
                    6f:3b:13:a3:53:c2:4f:c8:ff:74:cb:d1:32:65:51:
                    f2:17:5f:8c:d9:bd:ca:b0:3f:2c:d3:ee:c4:2d:aa:
                    8a:f9:6e:fb:f9:08:20:bf:09:d6:52:b6:56:f4:ad:
                    06:f4:e2:01:23:85:52:02:b0:f7:74:54:15:e8:f7:
                    7f:4a:b5:89:24:d4:e0:19:f6:1f:8b:60:37:ab:60:
                    b7:f7:12:14:60:5a:09:7b:06:75:51:ea:e1:8f:94:
                    4c:05:f3:29:dd:65:ce:b5:ea:da:49:3a:e6:02:ee:
                    37:3d:fa:a3:b9:7e:5b:df:e1:a7:0c:d3:8f:13:99:
                    be:81:e8:c7:96:fd:67:e4:49:8e:e5:fd:ee:f0:fd:
                    fe:de:eb:0d:dd:98:06:71:aa:32:0f:dc:0c:1f:3e:
                    55:c2:4c:5d:72:93:8d:73:69:71:3a:9d:1e:97:25:
                    8f:25:b8:78:f2:cc:4c:f6:dc:98:b6:81:ee:24:0c:
                    db:c1:f2:1c:87:7c:5e:86:a1:65:91:83:e6:c4:98:
                    e4:90:2a:39:ac:bf:4b:2c:5f:5a:2d:38:07:7e:df:
                    38:01:8c:5a:16:43:a4:25:1e:b0:da:d7:fc:fe:57:
                    f8:fc:40:80:bf:73:04:3d:18:8b:dc:f3:21:e0:d9:
                    e5:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:96:50:31:96:AC:0E:71:6F:48:79:34:86:C4:90:B2:3A:F7:F4:F9
            X509v3 Authority Key Identifier:
                keyid:FC:92:82:A5:76:FD:62:A0:A2:41:66:B5:EC:1F:12:4E:42:58:DB:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_JKCpXb9YqCiQWa17B8STkJY20k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/f69975-affd-4f8e-a9f2-5ce9832e7495/1/SpZQMZasDnFvSHk0hsSQsjr39Pk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/f69975-affd-4f8e-a9f2-5ce9832e7495/1/_JKCpXb9YqCiQWa17B8STkJY20k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.182.0/24
                  212.32.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:b2:01:70:8f:d4:65:65:42:ec:1b:e1:19:05:87:f6:13:52:
         93:94:91:dc:34:75:43:67:77:bb:8e:db:e5:77:40:94:ee:b4:
         f1:f0:15:5e:41:ac:06:99:ec:1a:b8:b2:28:7b:b6:22:37:cb:
         97:e4:eb:99:cb:e1:e8:c8:38:bd:05:ee:5a:34:31:7b:84:f5:
         11:0e:45:2b:3b:a6:af:1c:80:d3:1b:67:5f:6b:2c:2d:0c:10:
         13:18:02:2d:ef:dd:14:67:b2:14:6a:f9:e3:7f:e3:0a:bb:22:
         cc:ed:9d:60:35:6e:74:39:e2:72:f2:cf:3d:27:97:22:98:9d:
         95:c3:ab:72:09:bd:e7:19:ef:76:68:49:2a:3f:df:9a:76:fa:
         0c:90:f3:dd:1c:56:33:4c:43:11:95:c8:48:79:99:ac:a2:5f:
         fb:15:51:89:7d:11:0d:10:3e:81:d4:b8:07:40:20:79:cc:b4:
         28:7f:5e:38:8f:01:46:f1:a0:31:d2:de:5a:6b:76:14:8f:7d:
         ea:0b:ec:5c:66:1a:a0:c3:ed:f4:7c:06:24:23:94:50:b6:ad:
         6a:72:96:0c:d6:40:9b:9d:d5:23:14:92:92:cf:49:0f:1e:54:
         d0:73:5e:49:59:11:ab:c3:13:c8:b7:0b:f5:ed:1b:47:da:52:
         05:3c:ce:a7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfpNr887Oz6MyCtJrXKmI1nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjOTI4MmE1NzZmZDYyYTBhMjQxNjZiNWVjMWYxMjRlNDI1
OGRiNDkwHhcNMjUwNzA4MDg0NjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTk2NTAzMTk2YWMwZTcxNmY0ODc5MzQ4NmM0OTBiMjNhZjdmNGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRNP3N4Z2M6Iis5X78hvOxOjU8JP
yP90y9EyZVHyF1+M2b3KsD8s0+7ELaqK+W77+QggvwnWUrZW9K0G9OIBI4VSArD3
dFQV6Pd/SrWJJNTgGfYfi2A3q2C39xIUYFoJewZ1Uerhj5RMBfMp3WXOteraSTrm
Au43PfqjuX5b3+GnDNOPE5m+gejHlv1n5EmO5f3u8P3+3usN3ZgGcaoyD9wMHz5V
wkxdcpONc2lxOp0elyWPJbh48sxM9tyYtoHuJAzbwfIch3xehqFlkYPmxJjkkCo5
rL9LLF9aLTgHft84AYxaFkOkJR6w2tf8/lf4/ECAv3MEPRiL3PMh4Nnl4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEqWUDGWrA5xb0h5NIbEkLI69/T5MB8GA1UdIwQY
MBaAFPySgqV2/WKgokFmtewfEk5CWNtJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0pLQ3BYYjlZcUNpUVdhMTdCOFNUa0pZMjBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9mNjk5NzUtYWZmZC00ZjhlLWE5ZjIt
NWNlOTgzMmU3NDk1LzEvU3BaUU1aYXNEbkZ2U0hrMGhzU1FzanIzOVBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9mNjk5NzUtYWZmZC00ZjhlLWE5ZjItNWNlOTgzMmU3NDk1
LzEvX0pLQ3BYYjlZcUNpUVdhMTdCOFNUa0pZMjBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwji2AwQA
1CArMA0GCSqGSIb3DQEBCwUAA4IBAQCcsgFwj9RlZULsG+EZBYf2E1KTlJHcNHVD
Z3e7jtvld0CU7rTx8BVeQawGmewauLIoe7YiN8uX5OuZy+HoyDi9Be5aNDF7hPUR
DkUrO6avHIDTG2dfaywtDBATGAIt790UZ7IUavnjf+MKuyLM7Z1gNW50OeJy8s89
J5cimJ2Vw6tyCb3nGe92aEkqP9+advoMkPPdHFYzTEMRlchIeZmsol/7FVGJfREN
ED6B1LgHQCB5zLQof144jwFG8aAx0t5aa3YUj33qC+xcZhqgw+30fAYkI5RQtq1q
cpYM1kCbndUjFJKSz0kPHlTQc15JWRGrwxPItwv17RtH2lIFPM6n
-----END CERTIFICATE-----