Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/cf4d9e-59c9-4f9f-8f32-a348821ca1e0/1/zCy2TEUINZmipMaXJF_ZJiCXKXs.roa
File:                     zCy2TEUINZmipMaXJF_ZJiCXKXs.roa (raw, json)
Hash identifier:          kFNybXZv7aLQUvfMaX6TQe+E+VLOfa/7bi5eq9XGzik=
Subject key identifier:   CC:2C:B6:4C:45:08:35:99:A2:A4:C6:97:24:5F:D9:26:20:97:29:7B
Certificate issuer:       /CN=9d08735a357d31fa8ada31e29f19586a6ffd9592
Certificate serial:       0196CEF786B8E40CDA3FF8C29C7EA9AC4DEF
Authority key identifier: 9D:08:73:5A:35:7D:31:FA:8A:DA:31:E2:9F:19:58:6A:6F:FD:95:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nQhzWjV9MfqK2jHinxlYam_9lZI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/cf4d9e-59c9-4f9f-8f32-a348821ca1e0/1/zCy2TEUINZmipMaXJF_ZJiCXKXs.roa
Signing time:             Wed 14 May 2025 13:24:10 +0000
ROA not before:           Wed 14 May 2025 13:24:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215604
IP address blocks:        194.169.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/cf4d9e-59c9-4f9f-8f32-a348821ca1e0/1/nQhzWjV9MfqK2jHinxlYam_9lZI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/cf4d9e-59c9-4f9f-8f32-a348821ca1e0/1/nQhzWjV9MfqK2jHinxlYam_9lZI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nQhzWjV9MfqK2jHinxlYam_9lZI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Jun 2025 16:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ce:f7:86:b8:e4:0c:da:3f:f8:c2:9c:7e:a9:ac:4d:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d08735a357d31fa8ada31e29f19586a6ffd9592
        Validity
            Not Before: May 14 13:24:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc2cb64c45083599a2a4c697245fd9262097297b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:10:04:5c:b0:0e:7a:cf:69:e5:fc:a6:64:84:
                    42:a4:5d:15:f8:0b:e6:59:7b:14:3f:3c:07:77:aa:
                    e8:9e:a5:a1:fc:49:67:26:a4:53:64:d1:46:fb:60:
                    c5:23:af:6a:31:1a:84:0c:33:95:65:32:47:38:a0:
                    9c:a9:b4:a8:3a:86:74:1d:6d:38:10:11:be:1b:cf:
                    ed:30:f3:6c:6a:1b:7f:3c:bb:55:c2:26:52:2b:e9:
                    7b:16:c7:7f:07:79:81:d8:44:c8:38:60:28:2e:df:
                    a3:7a:64:f3:33:f9:b9:a2:ec:8a:0e:06:61:8b:e9:
                    24:bb:df:a9:92:b5:6b:0d:c2:38:16:95:31:3d:a2:
                    64:6f:67:ab:2d:36:88:89:80:aa:3f:ef:35:da:33:
                    95:a9:67:73:d6:36:3f:44:8e:55:ac:1c:b9:b7:48:
                    4d:d5:d2:10:b8:76:fa:d1:c8:3f:61:41:31:f1:9f:
                    43:ea:68:5a:bd:1c:a2:21:4c:0a:ff:7b:6f:ae:3d:
                    88:88:e8:c2:d7:63:1e:cb:bb:be:03:8a:8a:7f:1e:
                    96:a2:0b:31:ae:ab:50:4d:7e:5a:ce:96:f8:ab:e5:
                    2b:4b:d1:ae:0b:73:77:b9:a3:3c:75:02:c4:2d:18:
                    3a:cb:f5:ce:de:ce:07:d9:e8:9d:48:17:ab:a9:38:
                    f4:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:2C:B6:4C:45:08:35:99:A2:A4:C6:97:24:5F:D9:26:20:97:29:7B
            X509v3 Authority Key Identifier:
                keyid:9D:08:73:5A:35:7D:31:FA:8A:DA:31:E2:9F:19:58:6A:6F:FD:95:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nQhzWjV9MfqK2jHinxlYam_9lZI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/cf4d9e-59c9-4f9f-8f32-a348821ca1e0/1/zCy2TEUINZmipMaXJF_ZJiCXKXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/cf4d9e-59c9-4f9f-8f32-a348821ca1e0/1/nQhzWjV9MfqK2jHinxlYam_9lZI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:7d:fd:cf:05:f6:98:cf:5a:4f:1d:cb:71:5a:c0:d8:64:6a:
         c4:46:e8:e8:21:e4:4f:31:c3:3f:69:ab:b2:aa:68:b8:66:e7:
         49:01:27:d6:af:6e:8f:3c:01:01:76:22:aa:fd:17:95:72:07:
         c8:ac:8a:44:98:52:d2:0a:f4:45:05:7d:f3:e3:86:30:25:c0:
         ec:13:39:e3:22:fb:6f:f5:13:8d:d8:61:a1:22:a3:d3:ba:cf:
         5c:2a:5f:55:d0:df:bd:44:62:c1:67:38:14:ad:8c:25:e0:de:
         87:9f:25:c7:04:c3:a6:f1:21:f5:b9:a4:02:b2:8d:cd:ac:d0:
         36:d0:05:69:92:e0:81:bd:ac:14:4f:ba:e8:62:2d:9e:29:0b:
         e5:f6:9c:f8:22:59:db:14:06:53:1d:4e:98:09:3d:3e:7f:34:
         cd:05:89:57:74:7a:c8:08:aa:f9:4d:73:16:e5:98:2c:0a:e4:
         20:bd:bc:36:ab:64:2a:5e:a6:43:58:23:b0:3d:e8:21:8a:0f:
         6c:a8:f7:15:a3:6b:47:e3:05:0e:9a:c5:66:92:e6:76:ca:02:
         bc:de:59:64:94:e9:f7:94:b4:b6:20:20:bf:dd:76:8f:00:5b:
         9e:df:56:e9:9d:eb:c8:50:b9:98:f6:d3:c5:1f:4f:d6:ad:c4:
         86:c9:fa:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbO94a45AzaP/jCnH6prE3vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMDg3MzVhMzU3ZDMxZmE4YWRhMzFlMjlmMTk1ODZhNmZm
ZDk1OTIwHhcNMjUwNTE0MTMyNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzJjYjY0YzQ1MDgzNTk5YTJhNGM2OTcyNDVmZDkyNjIwOTcyOTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhAEXLAOes9p5fymZIRCpF0V+Avm
WXsUPzwHd6ronqWh/ElnJqRTZNFG+2DFI69qMRqEDDOVZTJHOKCcqbSoOoZ0HW04
EBG+G8/tMPNsaht/PLtVwiZSK+l7Fsd/B3mB2ETIOGAoLt+jemTzM/m5ouyKDgZh
i+kku9+pkrVrDcI4FpUxPaJkb2erLTaIiYCqP+812jOVqWdz1jY/RI5VrBy5t0hN
1dIQuHb60cg/YUEx8Z9D6mhavRyiIUwK/3tvrj2IiOjC12Mey7u+A4qKfx6Wogsx
rqtQTX5azpb4q+UrS9GuC3N3uaM8dQLELRg6y/XO3s4H2eidSBerqTj0SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMwstkxFCDWZoqTGlyRf2SYglyl7MB8GA1UdIwQY
MBaAFJ0Ic1o1fTH6itox4p8ZWGpv/ZWSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblFoeldqVjlNZnFLMmpIaW54bFlhbV85bFpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9jZjRkOWUtNTljOS00ZjlmLThmMzIt
YTM0ODgyMWNhMWUwLzEvekN5MlRFVUlOWm1pcE1hWEpGX1pKaUNYS1hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9jZjRkOWUtNTljOS00ZjlmLThmMzItYTM0ODgyMWNhMWUw
LzEvblFoeldqVjlNZnFLMmpIaW54bFlhbV85bFpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwql9MA0G
CSqGSIb3DQEBCwUAA4IBAQAiff3PBfaYz1pPHctxWsDYZGrERujoIeRPMcM/aauy
qmi4ZudJASfWr26PPAEBdiKq/ReVcgfIrIpEmFLSCvRFBX3z44YwJcDsEznjIvtv
9RON2GGhIqPTus9cKl9V0N+9RGLBZzgUrYwl4N6HnyXHBMOm8SH1uaQCso3NrNA2
0AVpkuCBvawUT7roYi2eKQvl9pz4IlnbFAZTHU6YCT0+fzTNBYlXdHrICKr5TXMW
5ZgsCuQgvbw2q2QqXqZDWCOwPeghig9sqPcVo2tH4wUOmsVmkuZ2ygK83llklOn3
lLS2ICC/3XaPAFue31bpnevIULmY9tPFH0/WrcSGyfqY
-----END CERTIFICATE-----