Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/JFPB3uodgu0Gtl2wY044BZR5QnM.roa
File:                     JFPB3uodgu0Gtl2wY044BZR5QnM.roa (raw, json)
Hash identifier:          BoazJepaaj+nQ3+vbpvJADkcm/ka8XF9GvGPFx6HQMM=
Subject key identifier:   24:53:C1:DE:EA:1D:82:ED:06:B6:5D:B0:63:4E:38:05:94:79:42:73
Certificate issuer:       /CN=88fb410a3bfc7340b667b4f221c7cb806267896e
Certificate serial:       019A48B91F307A42087F6CD0D7D628835C11
Authority key identifier: 88:FB:41:0A:3B:FC:73:40:B6:67:B4:F2:21:C7:CB:80:62:67:89:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iPtBCjv8c0C2Z7TyIcfLgGJniW4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/JFPB3uodgu0Gtl2wY044BZR5QnM.roa
Signing time:             Mon 03 Nov 2025 07:58:02 +0000
ROA not before:           Mon 03 Nov 2025 07:58:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42216
IP address blocks:        194.99.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/iPtBCjv8c0C2Z7TyIcfLgGJniW4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/iPtBCjv8c0C2Z7TyIcfLgGJniW4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iPtBCjv8c0C2Z7TyIcfLgGJniW4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:48:b9:1f:30:7a:42:08:7f:6c:d0:d7:d6:28:83:5c:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88fb410a3bfc7340b667b4f221c7cb806267896e
        Validity
            Not Before: Nov  3 07:58:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2453c1deea1d82ed06b65db0634e380594794273
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:89:c7:8d:83:3f:ca:f7:41:b0:9c:15:6b:85:
                    ef:57:35:68:a2:61:03:8e:35:59:4f:d8:72:57:0c:
                    dc:69:14:56:56:76:10:11:27:32:fc:e4:09:15:67:
                    ee:78:3c:76:83:b1:9f:e8:94:59:ee:2a:2d:16:89:
                    9a:42:96:92:38:5e:0a:04:31:47:c2:ee:a9:1f:38:
                    4e:8c:5f:e4:35:5c:05:20:95:00:01:da:10:08:51:
                    c3:3f:7e:57:6c:8a:24:ec:35:38:98:46:d1:8d:87:
                    94:49:be:cc:c1:88:9f:3a:9e:c2:2e:5a:2b:3b:72:
                    41:2e:fa:ce:71:30:a5:8f:31:ac:c3:97:5e:71:d5:
                    bc:5f:4d:51:1d:80:99:d2:99:b1:65:68:e3:d1:55:
                    26:ab:00:b3:18:3b:ac:94:f0:db:ee:35:e4:ec:bc:
                    b0:c1:f7:88:24:85:4f:42:8c:52:27:df:f6:ec:b1:
                    9a:80:31:16:e4:55:96:a1:3e:fa:8a:01:58:17:f0:
                    53:e9:33:7e:79:96:b1:49:35:1e:ab:09:3b:4c:c6:
                    b5:cf:54:cc:c0:7b:cc:0a:b9:77:80:c2:c5:38:17:
                    88:1c:3a:a9:92:c4:0a:b8:84:dc:fc:6f:7e:23:c7:
                    80:b6:8c:ad:cb:66:d5:d3:84:ef:60:5b:74:fa:c5:
                    cf:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:53:C1:DE:EA:1D:82:ED:06:B6:5D:B0:63:4E:38:05:94:79:42:73
            X509v3 Authority Key Identifier:
                keyid:88:FB:41:0A:3B:FC:73:40:B6:67:B4:F2:21:C7:CB:80:62:67:89:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iPtBCjv8c0C2Z7TyIcfLgGJniW4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/JFPB3uodgu0Gtl2wY044BZR5QnM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/44624f-231d-466c-bb02-b38c80951981/1/iPtBCjv8c0C2Z7TyIcfLgGJniW4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.99.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:58:fb:4c:ab:7f:c8:49:c1:de:2a:be:f9:7f:51:6e:7f:59:
         8b:c2:09:0b:5c:c6:ac:20:c1:59:3d:f1:b9:e9:e9:9a:3b:fd:
         9f:40:04:5e:d5:ee:42:ca:d6:95:dd:98:42:de:42:fa:22:0c:
         f5:02:01:3a:e4:ec:95:32:4e:c4:da:73:16:0a:c6:20:b4:af:
         ca:98:3e:c7:92:9a:56:76:cc:d1:90:f5:72:b7:ec:cd:04:86:
         88:62:b9:03:3f:24:df:3c:f6:22:d3:93:f8:03:a3:fb:e1:33:
         72:da:9e:2f:d7:07:52:d6:54:7f:df:a1:c2:84:97:08:7a:c1:
         57:b7:f0:9e:b5:56:8e:98:c9:25:1e:f6:0c:05:1a:9f:15:23:
         e2:67:79:a5:97:f9:12:76:1c:ea:4a:6b:f9:fd:73:95:73:d8:
         84:90:37:7c:d0:bb:a9:a4:e6:19:61:f9:e5:64:95:a4:86:6e:
         a9:dd:d4:58:c9:10:1c:1b:44:da:57:c3:3d:58:64:cc:23:ae:
         c1:5c:f2:9d:18:3e:67:3a:57:26:73:97:8c:de:08:9e:dd:cb:
         2e:2e:c6:81:a6:99:2d:fe:5d:7f:6c:5d:74:35:83:ec:6d:1e:
         2b:92:90:78:63:49:09:67:dc:11:60:47:ac:ea:a4:57:22:6a:
         3e:5b:62:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpIuR8wekIIf2zQ19Yog1wRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZmI0MTBhM2JmYzczNDBiNjY3YjRmMjIxYzdjYjgwNjI2
Nzg5NmUwHhcNMjUxMTAzMDc1ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDUzYzFkZWVhMWQ4MmVkMDZiNjVkYjA2MzRlMzgwNTk0Nzk0MjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtonHjYM/yvdBsJwVa4XvVzVoomED
jjVZT9hyVwzcaRRWVnYQEScy/OQJFWfueDx2g7Gf6JRZ7iotFomaQpaSOF4KBDFH
wu6pHzhOjF/kNVwFIJUAAdoQCFHDP35XbIok7DU4mEbRjYeUSb7MwYifOp7CLlor
O3JBLvrOcTCljzGsw5decdW8X01RHYCZ0pmxZWjj0VUmqwCzGDuslPDb7jXk7Lyw
wfeIJIVPQoxSJ9/27LGagDEW5FWWoT76igFYF/BT6TN+eZaxSTUeqwk7TMa1z1TM
wHvMCrl3gMLFOBeIHDqpksQKuITc/G9+I8eAtoyty2bV04TvYFt0+sXP+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCRTwd7qHYLtBrZdsGNOOAWUeUJzMB8GA1UdIwQY
MBaAFIj7QQo7/HNAtme08iHHy4BiZ4luMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVB0QkNqdjhjMEMyWjdUeUljZkxnR0puaVc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80NDYyNGYtMjMxZC00NjZjLWJiMDIt
YjM4YzgwOTUxOTgxLzEvSkZQQjN1b2RndTBHdGwyd1kwNDRCWlI1UW5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80NDYyNGYtMjMxZC00NjZjLWJiMDItYjM4YzgwOTUxOTgx
LzEvaVB0QkNqdjhjMEMyWjdUeUljZkxnR0puaVc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmNKMA0G
CSqGSIb3DQEBCwUAA4IBAQDFWPtMq3/IScHeKr75f1Fuf1mLwgkLXMasIMFZPfG5
6emaO/2fQARe1e5CytaV3ZhC3kL6Igz1AgE65OyVMk7E2nMWCsYgtK/KmD7HkppW
dszRkPVyt+zNBIaIYrkDPyTfPPYi05P4A6P74TNy2p4v1wdS1lR/36HChJcIesFX
t/CetVaOmMklHvYMBRqfFSPiZ3mll/kSdhzqSmv5/XOVc9iEkDd80LuppOYZYfnl
ZJWkhm6p3dRYyRAcG0TaV8M9WGTMI67BXPKdGD5nOlcmc5eM3gie3csuLsaBppkt
/l1/bF10NYPsbR4rkpB4Y0kJZ9wRYEes6qRXImo+W2Ke
-----END CERTIFICATE-----