Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/3e7210-0528-4456-b68e-a713a1915c90/1/xvsRInrWKS5s7BFPqZmvGE0s2hc.roa
File:                     xvsRInrWKS5s7BFPqZmvGE0s2hc.roa (raw, json)
Hash identifier:          vqluH5uE90JrgU5HmvgOgqmyqSAabArFrkPQ0aAKYvU=
Subject key identifier:   C6:FB:11:22:7A:D6:29:2E:6C:EC:11:4F:A9:99:AF:18:4D:2C:DA:17
Certificate issuer:       /CN=9c1394768c9a39a6112674d7375972a6696b4680
Certificate serial:       01975E5D898A6BA36560919B680A71E15BD8
Authority key identifier: 9C:13:94:76:8C:9A:39:A6:11:26:74:D7:37:59:72:A6:69:6B:46:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nBOUdoyaOaYRJnTXN1lypmlrRoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/3e7210-0528-4456-b68e-a713a1915c90/1/xvsRInrWKS5s7BFPqZmvGE0s2hc.roa
Signing time:             Wed 11 Jun 2025 09:41:17 +0000
ROA not before:           Wed 11 Jun 2025 09:41:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40092
IP address blocks:        194.146.104.0/24 maxlen: 24
                          194.146.116.0/24 maxlen: 24
                          194.146.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/3e7210-0528-4456-b68e-a713a1915c90/1/nBOUdoyaOaYRJnTXN1lypmlrRoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/3e7210-0528-4456-b68e-a713a1915c90/1/nBOUdoyaOaYRJnTXN1lypmlrRoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nBOUdoyaOaYRJnTXN1lypmlrRoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5e:5d:89:8a:6b:a3:65:60:91:9b:68:0a:71:e1:5b:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c1394768c9a39a6112674d7375972a6696b4680
        Validity
            Not Before: Jun 11 09:41:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c6fb11227ad6292e6cec114fa999af184d2cda17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:bb:29:61:65:91:c6:5f:4a:84:c6:bf:4b:0d:
                    8f:91:85:bd:9b:c7:41:24:c1:48:e7:fb:41:5d:8d:
                    05:54:6b:b3:4a:fc:2a:f4:26:10:38:f0:0e:8e:d0:
                    07:44:8a:98:1a:ff:1e:0f:9d:dc:1b:1f:2d:fc:ad:
                    88:6c:71:76:27:90:b0:aa:fc:14:d9:ce:48:95:27:
                    b9:21:a3:0f:4e:61:e6:8e:48:f9:b3:c2:b2:77:9e:
                    7a:83:31:5b:50:2f:e1:20:3a:25:2a:0b:97:18:2f:
                    e6:42:09:ac:e4:d7:c8:93:77:c7:b0:ff:08:70:9b:
                    df:e4:a1:88:30:0d:d1:03:86:81:af:2d:97:84:c1:
                    1d:81:fd:68:dc:c1:1f:84:4c:4f:0e:ff:45:49:34:
                    0d:4e:ca:ca:f9:3b:93:81:6e:08:03:cc:9b:df:6b:
                    fd:a6:39:4a:9b:f6:27:ae:9a:b6:63:00:91:bc:52:
                    75:a8:a3:23:ca:db:19:90:0f:31:c9:28:0f:c6:fc:
                    a0:c9:25:d6:21:b4:18:b4:98:e8:a7:52:77:fc:57:
                    67:13:3a:d9:2e:9e:d3:95:54:e7:a7:9b:47:0d:ba:
                    9a:a0:0b:d2:00:f8:da:ab:28:b7:28:9c:7f:92:08:
                    ad:ef:1b:1e:0b:10:c3:a7:16:5d:a4:27:fa:70:84:
                    92:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:FB:11:22:7A:D6:29:2E:6C:EC:11:4F:A9:99:AF:18:4D:2C:DA:17
            X509v3 Authority Key Identifier:
                keyid:9C:13:94:76:8C:9A:39:A6:11:26:74:D7:37:59:72:A6:69:6B:46:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nBOUdoyaOaYRJnTXN1lypmlrRoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/3e7210-0528-4456-b68e-a713a1915c90/1/xvsRInrWKS5s7BFPqZmvGE0s2hc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/3e7210-0528-4456-b68e-a713a1915c90/1/nBOUdoyaOaYRJnTXN1lypmlrRoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.146.104.0/24
                  194.146.116.0/24
                  194.146.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:a6:e7:00:6f:79:87:70:d2:2e:a8:ae:02:0c:54:93:d5:6a:
         c2:67:68:b6:d4:9e:41:da:82:8f:69:6f:fd:70:a7:e5:37:f8:
         5d:cc:f3:d6:1c:e8:2d:8a:53:bd:65:b4:a2:17:b8:58:46:5f:
         f3:0a:5f:94:f0:62:f1:32:e0:06:d1:6c:16:4c:05:8f:f0:c6:
         8f:31:dd:85:b9:d2:72:97:7f:8a:00:15:a6:ff:73:55:93:59:
         f3:ee:17:fd:5d:b0:9e:9d:b8:54:a4:a4:de:be:89:61:f0:b2:
         92:d3:72:52:68:b7:30:0c:db:06:14:52:31:8c:fd:bb:ff:9f:
         47:79:71:cc:0d:e4:db:61:9c:21:ca:30:08:61:9e:37:cb:ea:
         83:d4:f9:c9:47:e4:d1:bd:a7:89:5b:4b:a7:b7:bb:68:d0:90:
         c8:b1:2b:a7:37:2e:55:4e:3a:5f:5a:1c:5f:80:5e:95:13:7f:
         4e:a1:35:fb:a5:b4:2a:f8:e8:db:ed:51:ab:66:12:3d:9a:eb:
         61:4b:f9:81:91:43:58:e5:35:56:38:68:65:48:a3:74:41:e2:
         69:f7:ce:40:bd:a4:08:f1:2b:90:e5:df:c5:8c:5e:2d:7d:9f:
         50:3c:6a:4d:12:a4:b9:46:49:3a:18:2a:38:29:7f:b1:d4:a4:
         0f:76:76:e5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZdeXYmKa6NlYJGbaApx4VvYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljMTM5NDc2OGM5YTM5YTYxMTI2NzRkNzM3NTk3MmE2Njk2
YjQ2ODAwHhcNMjUwNjExMDk0MTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmZiMTEyMjdhZDYyOTJlNmNlYzExNGZhOTk5YWYxODRkMmNkYTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2bspYWWRxl9KhMa/Sw2PkYW9m8dB
JMFI5/tBXY0FVGuzSvwq9CYQOPAOjtAHRIqYGv8eD53cGx8t/K2IbHF2J5CwqvwU
2c5IlSe5IaMPTmHmjkj5s8Kyd556gzFbUC/hIDolKguXGC/mQgms5NfIk3fHsP8I
cJvf5KGIMA3RA4aBry2XhMEdgf1o3MEfhExPDv9FSTQNTsrK+TuTgW4IA8yb32v9
pjlKm/Ynrpq2YwCRvFJ1qKMjytsZkA8xySgPxvygySXWIbQYtJjop1J3/FdnEzrZ
Lp7TlVTnp5tHDbqaoAvSAPjaqyi3KJx/kgit7xseCxDDpxZdpCf6cISSbwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMb7ESJ61ikubOwRT6mZrxhNLNoXMB8GA1UdIwQY
MBaAFJwTlHaMmjmmESZ01zdZcqZpa0aAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkJPVWRveWFPYVlSSm5UWE4xbHlwbWxyUm9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zZTcyMTAtMDUyOC00NDU2LWI2OGUt
YTcxM2ExOTE1YzkwLzEveHZzUklucldLUzVzN0JGUHFabXZHRTBzMmhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zZTcyMTAtMDUyOC00NDU2LWI2OGUtYTcxM2ExOTE1Yzkw
LzEvbkJPVWRveWFPYVlSSm5UWE4xbHlwbWxyUm9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwpJoAwQA
wpJ0AwQAwpJ8MA0GCSqGSIb3DQEBCwUAA4IBAQB6pucAb3mHcNIuqK4CDFST1WrC
Z2i21J5B2oKPaW/9cKflN/hdzPPWHOgtilO9ZbSiF7hYRl/zCl+U8GLxMuAG0WwW
TAWP8MaPMd2FudJyl3+KABWm/3NVk1nz7hf9XbCenbhUpKTevolh8LKS03JSaLcw
DNsGFFIxjP27/59HeXHMDeTbYZwhyjAIYZ43y+qD1PnJR+TRvaeJW0unt7to0JDI
sSunNy5VTjpfWhxfgF6VE39OoTX7pbQq+Ojb7VGrZhI9muthS/mBkUNY5TVWOGhl
SKN0QeJp985AvaQI8SuQ5d/FjF4tfZ9QPGpNEqS5Rkk6GCo4KX+x1KQPdnbl
-----END CERTIFICATE-----