Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/KnWgWU_7tSy0QwJItQyhrmcQEmQ.roa
File:                     KnWgWU_7tSy0QwJItQyhrmcQEmQ.roa (raw, json)
Hash identifier:          0+7VaaUxeNIxZdr7QP8QI1laRDOBauPxLbksDD5Lyd4=
Subject key identifier:   2A:75:A0:59:4F:FB:B5:2C:B4:43:02:48:B5:0C:A1:AE:67:10:12:64
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       019A170F3489FCD9D1A6CD3C5ADAF6F6764F
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/KnWgWU_7tSy0QwJItQyhrmcQEmQ.roa
Signing time:             Fri 24 Oct 2025 16:31:03 +0000
ROA not before:           Fri 24 Oct 2025 16:31:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136907
IP address blocks:        188.132.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 13:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:17:0f:34:89:fc:d9:d1:a6:cd:3c:5a:da:f6:f6:76:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Oct 24 16:31:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a75a0594ffbb52cb4430248b50ca1ae67101264
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:70:88:a9:d6:14:93:43:80:d5:37:08:32:11:
                    03:37:fa:9b:f7:af:3f:ae:d9:d5:1c:8f:a0:6b:93:
                    dd:5b:c6:a3:b6:3b:3e:92:5e:4c:f5:b7:8d:42:63:
                    7c:71:cd:cd:59:21:62:90:16:4d:96:9b:cb:68:0d:
                    78:23:8a:cf:6c:01:14:ab:41:de:c3:40:71:b7:34:
                    46:23:bc:90:d7:a8:33:c4:da:83:54:a9:9a:c6:18:
                    de:9e:9f:33:82:55:d4:98:45:46:aa:8e:92:01:42:
                    af:6b:ae:eb:1e:b6:ea:64:fa:83:0f:56:84:4c:6a:
                    d2:09:ad:31:28:d0:08:35:ac:db:6f:6e:b9:8d:fa:
                    ee:66:f1:3c:71:6b:2d:ab:c0:4b:ba:81:a4:78:e2:
                    43:95:45:de:16:dd:6e:89:05:48:a0:b9:4b:d5:ec:
                    8a:ef:66:40:d2:97:81:17:9a:07:c0:e9:63:50:2a:
                    cd:30:c0:fb:6e:18:14:1f:0a:76:08:5f:ef:c5:3d:
                    76:92:e3:dc:a3:4c:b9:e0:73:fc:2b:d7:dd:da:64:
                    1d:2d:02:e6:af:7c:77:47:19:ec:e9:ba:a2:ed:56:
                    3b:97:ae:7a:d3:6e:56:89:2d:07:c7:f1:84:92:66:
                    63:6b:25:87:51:3b:c7:a7:11:11:d0:71:dd:0c:ae:
                    23:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:75:A0:59:4F:FB:B5:2C:B4:43:02:48:B5:0C:A1:AE:67:10:12:64
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/KnWgWU_7tSy0QwJItQyhrmcQEmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:8b:90:f2:a2:e8:ec:94:46:72:49:a2:0d:c9:89:68:bb:0f:
         aa:11:83:d5:d5:6f:d0:47:74:66:ff:a7:6a:f4:f6:c3:f0:46:
         49:10:01:7c:61:5b:dd:c6:33:50:8f:e9:f1:5f:94:b8:0a:fc:
         f0:19:90:5c:6c:39:f9:60:3e:11:89:d5:c5:7f:fa:84:54:74:
         dc:cc:89:42:a1:22:0f:67:10:15:a8:2e:04:6e:ca:17:3f:09:
         68:93:c5:f7:3c:33:98:6f:b2:85:eb:71:7f:6a:28:2a:7d:f5:
         5c:55:4b:95:f1:79:f1:05:d8:81:bf:9b:f7:45:4c:aa:c1:40:
         f3:02:b0:29:59:fc:b4:ec:ef:da:21:fe:79:96:94:4d:db:8f:
         8f:19:2e:60:47:11:a4:9e:fa:b7:e5:12:e8:97:47:c2:5d:ee:
         25:c3:5f:2b:ec:ff:18:ee:e2:68:86:f4:20:57:d5:ea:e1:74:
         54:af:78:24:ef:e9:f7:5d:30:3a:fd:ca:70:58:e5:e4:f4:3c:
         28:a1:b0:7a:8c:14:54:3b:e0:31:f9:dc:ae:01:55:6e:39:82:
         ee:6e:6e:ce:a6:aa:fe:04:86:31:72:2a:76:68:55:cf:9e:56:
         82:c1:6d:5c:7b:d9:c4:8c:6d:a0:42:9f:b1:4b:2a:20:b0:c0:
         24:94:75:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoXDzSJ/NnRps08Wtr29nZPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUxMDI0MTYzMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTc1YTA1OTRmZmJiNTJjYjQ0MzAyNDhiNTBjYTFhZTY3MTAxMjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHCIqdYUk0OA1TcIMhEDN/qb968/
rtnVHI+ga5PdW8ajtjs+kl5M9beNQmN8cc3NWSFikBZNlpvLaA14I4rPbAEUq0He
w0BxtzRGI7yQ16gzxNqDVKmaxhjenp8zglXUmEVGqo6SAUKva67rHrbqZPqDD1aE
TGrSCa0xKNAINazbb265jfruZvE8cWstq8BLuoGkeOJDlUXeFt1uiQVIoLlL1eyK
72ZA0peBF5oHwOljUCrNMMD7bhgUHwp2CF/vxT12kuPco0y54HP8K9fd2mQdLQLm
r3x3Rxns6bqi7VY7l656025WiS0Hx/GEkmZjayWHUTvHpxER0HHdDK4j0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCp1oFlP+7UstEMCSLUMoa5nEBJkMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvS25XZ1dVXzd0U3kwUXdKSXRReWhybWNRRW1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvIS8MA0G
CSqGSIb3DQEBCwUAA4IBAQB/i5DyoujslEZySaINyYlouw+qEYPV1W/QR3Rm/6dq
9PbD8EZJEAF8YVvdxjNQj+nxX5S4CvzwGZBcbDn5YD4RidXFf/qEVHTczIlCoSIP
ZxAVqC4EbsoXPwlok8X3PDOYb7KF63F/aigqffVcVUuV8XnxBdiBv5v3RUyqwUDz
ArApWfy07O/aIf55lpRN24+PGS5gRxGknvq35RLol0fCXe4lw18r7P8Y7uJohvQg
V9Xq4XRUr3gk7+n3XTA6/cpwWOXk9DwoobB6jBRUO+Ax+dyuAVVuOYLubm7Opqr+
BIYxcip2aFXPnlaCwW1ce9nEjG2gQp+xSyogsMAklHVs
-----END CERTIFICATE-----