Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/3uFQKPWJKcDIvIEeAENW1NzNn44.roa
File:                     3uFQKPWJKcDIvIEeAENW1NzNn44.roa (raw, json)
Hash identifier:          fnvFL8/JoFoe9FclNSH9uFw8LFKWDcq7HGx2lOk3h+8=
Subject key identifier:   DE:E1:50:28:F5:89:29:C0:C8:BC:81:1E:00:43:56:D4:DC:CD:9F:8E
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019A4439F492B02F67B386FD173041599AC5
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/3uFQKPWJKcDIvIEeAENW1NzNn44.roa
Signing time:             Sun 02 Nov 2025 11:00:40 +0000
ROA not before:           Sun 02 Nov 2025 11:00:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42831
IP address blocks:        178.254.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:44:39:f4:92:b0:2f:67:b3:86:fd:17:30:41:59:9a:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Nov  2 11:00:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dee15028f58929c0c8bc811e004356d4dccd9f8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:3f:66:40:ed:18:90:d4:46:21:f6:d5:41:c5:
                    99:86:43:ed:c4:b5:9a:9c:f6:11:4d:90:83:7d:c8:
                    59:28:04:86:5f:8a:4a:16:78:b4:8a:2a:6c:14:69:
                    d2:a5:5b:7b:7b:5f:08:f9:d5:0a:4f:a2:3d:ad:cc:
                    af:42:88:8e:9e:1e:4c:0d:62:cc:ca:29:53:2e:4f:
                    d2:03:44:19:57:c1:c2:af:4e:79:58:d6:82:b6:89:
                    a8:6e:03:b2:fc:3b:62:a0:47:88:dc:d0:8f:f2:60:
                    bf:c2:7b:3f:63:23:ac:ba:cf:04:c5:29:da:ac:e4:
                    fc:b8:ed:53:59:48:ed:e6:a0:fe:d8:fa:0e:ca:0d:
                    be:c0:f1:00:89:05:27:5f:8c:ef:77:48:4f:45:18:
                    78:e7:90:4b:9d:7a:6a:2f:8a:a5:28:85:86:b9:5e:
                    f1:1b:62:6d:44:e6:c7:e2:fa:91:5f:6e:3e:36:fe:
                    3e:15:0f:57:d2:29:6a:2c:88:15:df:ba:2e:ad:72:
                    87:1a:ac:d5:dc:d0:e3:bc:10:05:97:c4:ba:81:9f:
                    45:ee:19:fb:2f:f7:7a:c6:2f:d0:7a:cd:d1:a4:a4:
                    f7:58:b4:93:d6:9b:29:18:ba:8e:6c:a0:cc:5b:49:
                    a6:6f:30:cf:25:c5:15:cd:61:7f:e8:3c:95:4e:2a:
                    c5:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:E1:50:28:F5:89:29:C0:C8:BC:81:1E:00:43:56:D4:DC:CD:9F:8E
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/3uFQKPWJKcDIvIEeAENW1NzNn44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.254.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:02:d7:cf:1e:f7:8b:91:4b:2f:d0:b2:24:ab:52:21:2c:14:
         3c:0d:94:bc:36:02:e5:c5:f5:08:d6:ea:83:4b:a2:90:93:fe:
         a8:c0:86:c9:ca:05:f9:63:f1:4d:c6:c9:84:20:58:3b:a7:ad:
         f0:6e:52:b7:b0:38:24:bd:86:a7:4a:66:1f:90:77:ea:d3:d9:
         24:90:6d:f6:9e:43:02:37:cd:ea:73:29:26:c6:09:5b:02:e1:
         64:74:0e:de:1d:79:8d:8f:8e:c1:0d:bc:1b:bc:3d:62:3e:ad:
         fb:ba:af:2d:5b:01:4e:e3:ef:8d:b4:b5:18:32:2e:78:ba:93:
         3d:da:43:69:4f:6c:d8:87:e8:de:67:32:9a:78:01:2e:9d:72:
         03:5b:94:3a:be:36:ea:a4:1b:d4:80:07:3f:a2:b4:3f:b2:75:
         50:d4:27:1f:6f:b9:cc:28:1c:cc:03:9d:9a:9f:3e:5b:43:8a:
         8d:35:01:bf:a4:94:61:a0:c0:58:08:c6:8f:0f:89:ac:d9:db:
         d0:7f:d0:3c:2c:de:51:c9:10:22:25:f0:d4:b9:ea:d0:33:9e:
         e7:a7:8f:c0:16:da:c3:72:04:59:bd:8e:8e:ed:03:8a:21:98:
         6f:9f:6d:f5:d2:8f:f7:e4:dd:88:b2:3b:03:37:e7:74:80:1c:
         c0:fa:4f:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpEOfSSsC9ns4b9FzBBWZrFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUxMTAyMTEwMDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWUxNTAyOGY1ODkyOWMwYzhiYzgxMWUwMDQzNTZkNGRjY2Q5ZjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsT9mQO0YkNRGIfbVQcWZhkPtxLWa
nPYRTZCDfchZKASGX4pKFni0iipsFGnSpVt7e18I+dUKT6I9rcyvQoiOnh5MDWLM
yilTLk/SA0QZV8HCr055WNaCtomobgOy/DtioEeI3NCP8mC/wns/YyOsus8ExSna
rOT8uO1TWUjt5qD+2PoOyg2+wPEAiQUnX4zvd0hPRRh455BLnXpqL4qlKIWGuV7x
G2JtRObH4vqRX24+Nv4+FQ9X0ilqLIgV37ourXKHGqzV3NDjvBAFl8S6gZ9F7hn7
L/d6xi/Qes3RpKT3WLST1pspGLqObKDMW0mmbzDPJcUVzWF/6DyVTirFHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN7hUCj1iSnAyLyBHgBDVtTczZ+OMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvM3VGUUtQV0pLY0RJdklFZUFFTlcxTnpObjQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv60MA0G
CSqGSIb3DQEBCwUAA4IBAQBBAtfPHveLkUsv0LIkq1IhLBQ8DZS8NgLlxfUI1uqD
S6KQk/6owIbJygX5Y/FNxsmEIFg7p63wblK3sDgkvYanSmYfkHfq09kkkG32nkMC
N83qcykmxglbAuFkdA7eHXmNj47BDbwbvD1iPq37uq8tWwFO4++NtLUYMi54upM9
2kNpT2zYh+jeZzKaeAEunXIDW5Q6vjbqpBvUgAc/orQ/snVQ1Ccfb7nMKBzMA52a
nz5bQ4qNNQG/pJRhoMBYCMaPD4ms2dvQf9A8LN5RyRAiJfDUuerQM57np4/AFtrD
cgRZvY6O7QOKIZhvn2310o/35N2IsjsDN+d0gBzA+k8H
-----END CERTIFICATE-----