Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/R0Hwt2TjrZqW1C7ySxLTYzMnXrc.roa
File:                     R0Hwt2TjrZqW1C7ySxLTYzMnXrc.roa (raw, json)
Hash identifier:          s6HOXG1qMIRlgT7xfEGOeNiratV5XemVYRhMFOe3pX8=
Subject key identifier:   47:41:F0:B7:64:E3:AD:9A:96:D4:2E:F2:4B:12:D3:63:33:27:5E:B7
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       019A1A97BC88FCD2876C9C75A14BA13133CD
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/R0Hwt2TjrZqW1C7ySxLTYzMnXrc.roa
Signing time:             Sat 25 Oct 2025 08:59:03 +0000
ROA not before:           Sat 25 Oct 2025 08:59:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        194.79.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:49:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:1a:97:bc:88:fc:d2:87:6c:9c:75:a1:4b:a1:31:33:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Oct 25 08:59:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4741f0b764e3ad9a96d42ef24b12d36333275eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:bf:0c:69:74:67:7c:83:54:b9:16:c9:10:c5:
                    09:65:3a:56:cc:e7:a3:37:a2:c4:6e:04:d7:af:f1:
                    7f:5e:65:8f:00:a1:fa:e4:f7:a1:80:ff:e9:04:bb:
                    8c:03:a5:f9:cc:2e:cd:18:38:b3:26:07:ae:e3:75:
                    43:cf:f0:14:70:d8:89:1d:62:cc:85:e2:16:14:2b:
                    cc:63:b7:a0:c0:47:a6:ec:17:61:7e:4b:08:28:39:
                    5f:cc:d1:91:38:78:da:31:bf:b3:d0:08:52:a6:84:
                    87:81:4c:74:42:07:85:1a:3d:55:0b:b3:70:a9:d5:
                    31:76:88:56:8f:35:de:63:af:53:7c:a9:54:bd:b3:
                    38:f4:2d:df:ad:64:1d:f2:3c:6a:27:ee:50:77:3b:
                    cc:a2:b8:4b:c3:42:c4:8b:20:5d:4a:1e:6f:18:42:
                    a4:57:c3:5e:cf:b2:d0:6b:77:af:8c:f6:b3:c0:2a:
                    ae:55:71:6a:30:f0:30:21:aa:42:09:84:8b:a6:d7:
                    fe:f2:cd:1b:35:62:47:cb:2a:f9:6e:76:25:39:0c:
                    c0:87:cf:49:6d:55:4c:b6:3f:27:41:52:c0:5d:10:
                    04:a6:f4:fc:a4:99:6c:7a:2e:f8:5d:b8:e1:0f:5c:
                    2d:71:33:5b:87:c9:a5:f9:7a:1e:c2:c8:84:df:b7:
                    31:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:41:F0:B7:64:E3:AD:9A:96:D4:2E:F2:4B:12:D3:63:33:27:5E:B7
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/R0Hwt2TjrZqW1C7ySxLTYzMnXrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.79.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:93:4a:d6:ae:a6:27:77:0c:51:21:b3:0d:2f:90:c2:f4:92:
         2d:ee:10:81:f0:ab:74:7c:fe:8b:86:19:b7:5a:c5:fa:78:b6:
         ae:29:7b:7a:43:f6:c1:ff:78:fa:e8:3e:77:cd:8f:68:40:c2:
         f5:dd:d4:36:72:a2:23:3e:d6:d7:d5:9b:1d:5e:bd:bc:35:ac:
         b5:f8:5e:65:6a:df:40:94:bb:87:c2:b8:1c:78:b0:45:bf:5d:
         04:03:55:5f:45:c8:09:47:5d:2e:e3:56:17:7e:f1:2b:1d:cb:
         1e:6c:0f:5a:bb:5a:79:0e:e7:58:be:a3:dc:16:3d:df:25:c7:
         57:bc:f9:ff:0b:59:a3:77:70:36:d6:a1:ce:83:74:5a:dd:8f:
         52:9b:74:04:63:f7:33:f0:5c:c8:ba:8d:b3:fa:46:e2:ec:6f:
         0e:5d:61:aa:32:39:18:cb:6d:78:e9:de:2f:a5:58:ce:fb:59:
         17:3a:f0:5c:8c:21:b5:b2:d2:dd:f9:68:c3:9d:b4:8b:7a:8c:
         91:c0:20:a8:44:bd:bf:3c:eb:cc:88:b6:83:56:60:1d:bf:27:
         db:ac:46:05:8b:6a:ad:69:6a:ff:59:86:b3:83:ee:ab:04:2f:
         37:0f:54:fc:7c:4c:21:7c:1c:2b:01:22:49:1d:97:c8:20:c4:
         17:6e:a5:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoal7yI/NKHbJx1oUuhMTPNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjUxMDI1MDg1OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzQxZjBiNzY0ZTNhZDlhOTZkNDJlZjI0YjEyZDM2MzMzMjc1ZWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0r8MaXRnfINUuRbJEMUJZTpWzOej
N6LEbgTXr/F/XmWPAKH65PehgP/pBLuMA6X5zC7NGDizJgeu43VDz/AUcNiJHWLM
heIWFCvMY7egwEem7BdhfksIKDlfzNGROHjaMb+z0AhSpoSHgUx0QgeFGj1VC7Nw
qdUxdohWjzXeY69TfKlUvbM49C3frWQd8jxqJ+5QdzvMorhLw0LEiyBdSh5vGEKk
V8Nez7LQa3evjPazwCquVXFqMPAwIapCCYSLptf+8s0bNWJHyyr5bnYlOQzAh89J
bVVMtj8nQVLAXRAEpvT8pJlsei74XbjhD1wtcTNbh8ml+XoewsiE37cxhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEdB8Ldk462altQu8ksS02MzJ163MB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvUjBId3QyVGpyWnFXMUM3eVN4TFRZek1uWHJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwk8OMA0G
CSqGSIb3DQEBCwUAA4IBAQBMk0rWrqYndwxRIbMNL5DC9JIt7hCB8Kt0fP6Lhhm3
WsX6eLauKXt6Q/bB/3j66D53zY9oQML13dQ2cqIjPtbX1ZsdXr28Nay1+F5lat9A
lLuHwrgceLBFv10EA1VfRcgJR10u41YXfvErHcsebA9au1p5DudYvqPcFj3fJcdX
vPn/C1mjd3A21qHOg3Ra3Y9Sm3QEY/cz8FzIuo2z+kbi7G8OXWGqMjkYy2146d4v
pVjO+1kXOvBcjCG1stLd+WjDnbSLeoyRwCCoRL2/POvMiLaDVmAdvyfbrEYFi2qt
aWr/WYazg+6rBC83D1T8fEwhfBwrASJJHZfIIMQXbqUi
-----END CERTIFICATE-----