Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/kQQMluEEaohF79OTZ8bcWvlU-Co.roa
File:                     kQQMluEEaohF79OTZ8bcWvlU-Co.roa (raw, json)
Hash identifier:          dl3qCtdJH25DpnYgl9oNV0A73FSnbFC6+HCWr/+ZXCU=
Subject key identifier:   91:04:0C:96:E1:04:6A:88:45:EF:D3:93:67:C6:DC:5A:F9:54:F8:2A
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019A1794DD1A26E7EA37BB3F91008460C1BD
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/kQQMluEEaohF79OTZ8bcWvlU-Co.roa
Signing time:             Fri 24 Oct 2025 18:57:03 +0000
ROA not before:           Fri 24 Oct 2025 18:57:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207513
IP address blocks:        144.31.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 12:18:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:17:94:dd:1a:26:e7:ea:37:bb:3f:91:00:84:60:c1:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Oct 24 18:57:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91040c96e1046a8845efd39367c6dc5af954f82a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:95:cf:6a:3b:f3:ad:b0:ba:b7:d3:35:51:25:
                    ad:a7:54:d8:49:e6:71:0b:aa:c7:16:29:b7:2a:63:
                    1c:b0:3c:8c:e2:c2:27:ff:66:78:f7:23:9d:1a:50:
                    2d:c9:82:d6:9e:f6:bf:78:6d:08:22:b4:ab:e7:db:
                    e4:58:4e:10:f2:60:c0:cd:b5:5b:bf:de:a2:d3:ec:
                    ae:d5:3f:0a:dd:0d:1e:1b:95:a7:0d:b8:c0:b0:e2:
                    e0:5d:0d:6c:38:6b:86:2f:99:3a:23:fa:6f:c9:f3:
                    69:26:9e:e3:ee:85:42:0e:6b:2f:9f:44:92:12:e0:
                    4b:42:93:6b:36:6b:e0:4e:82:df:f7:04:28:91:9e:
                    5b:5c:d7:b8:1e:b1:8b:7e:08:09:69:84:15:0d:7e:
                    a2:d0:cc:6c:46:a7:35:00:a6:54:2e:e6:47:19:47:
                    30:69:10:7e:39:aa:42:ae:e3:6c:65:fd:54:bb:e6:
                    6a:bb:cf:86:d3:ff:83:bf:ab:56:4d:43:c9:e8:c2:
                    4f:28:0f:58:46:e0:b5:37:33:6d:e3:7f:c5:25:4a:
                    fa:8f:19:6f:09:c0:40:5c:3b:98:60:e1:a9:04:bb:
                    62:bb:38:0a:28:1d:86:d8:56:5d:12:92:a3:a5:56:
                    56:11:a0:28:56:79:9a:db:b5:31:ed:e2:b5:46:d1:
                    f4:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:04:0C:96:E1:04:6A:88:45:EF:D3:93:67:C6:DC:5A:F9:54:F8:2A
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/kQQMluEEaohF79OTZ8bcWvlU-Co.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.31.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:2c:68:a2:7b:24:b8:56:7c:3c:a2:ac:bc:ec:58:4e:34:65:
         d6:c3:89:75:b3:0a:79:b8:00:0b:88:49:fd:55:4a:c2:fe:4e:
         c8:d3:c3:d3:eb:29:d4:62:9c:64:df:68:a5:97:4a:d7:05:82:
         27:1f:4f:7b:16:ce:52:50:d5:f4:e4:ee:cd:9c:65:20:19:f4:
         d3:ca:8b:7d:02:2c:1e:3e:44:39:f8:b2:86:32:e2:bc:a9:66:
         ca:d1:f7:46:8b:15:ac:39:fa:65:88:f6:71:5c:87:43:42:69:
         25:ed:6e:47:53:38:96:47:84:e8:d9:1a:5c:17:74:b6:67:bc:
         ea:d2:2f:ed:94:8b:6e:bd:3f:99:80:11:c2:7d:51:4f:fa:6e:
         47:fe:2d:8f:ce:f8:61:63:90:2f:c1:10:e2:6a:69:ff:c8:c5:
         43:91:c6:3f:f5:0c:bd:3d:93:75:f8:a8:7c:b6:21:a5:73:39:
         c9:cb:97:02:8a:07:de:e9:ab:eb:c4:bc:7e:b7:8b:80:b1:96:
         5b:7d:58:b9:89:99:f2:f2:58:9d:ae:2b:bb:7a:5f:0c:a4:44:
         b5:8d:fb:2e:c3:e1:76:04:f8:86:c0:a7:65:63:28:29:1d:51:
         ab:1d:28:58:f2:3a:d0:5e:2d:80:89:39:6f:6b:9d:37:1e:c6:
         97:3a:dd:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoXlN0aJufqN7s/kQCEYMG9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUxMDI0MTg1NzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTA0MGM5NmUxMDQ2YTg4NDVlZmQzOTM2N2M2ZGM1YWY5NTRmODJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZXPajvzrbC6t9M1USWtp1TYSeZx
C6rHFim3KmMcsDyM4sIn/2Z49yOdGlAtyYLWnva/eG0IIrSr59vkWE4Q8mDAzbVb
v96i0+yu1T8K3Q0eG5WnDbjAsOLgXQ1sOGuGL5k6I/pvyfNpJp7j7oVCDmsvn0SS
EuBLQpNrNmvgToLf9wQokZ5bXNe4HrGLfggJaYQVDX6i0MxsRqc1AKZULuZHGUcw
aRB+OapCruNsZf1Uu+Zqu8+G0/+Dv6tWTUPJ6MJPKA9YRuC1NzNt43/FJUr6jxlv
CcBAXDuYYOGpBLtiuzgKKB2G2FZdEpKjpVZWEaAoVnma27Ux7eK1RtH0mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJEEDJbhBGqIRe/Tk2fG3Fr5VPgqMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEva1FRTWx1RUVhb2hGNzlPVFo4YmNXdmxVLUNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkB9cMA0G
CSqGSIb3DQEBCwUAA4IBAQCZLGiieyS4Vnw8oqy87FhONGXWw4l1swp5uAALiEn9
VUrC/k7I08PT6ynUYpxk32ill0rXBYInH097Fs5SUNX05O7NnGUgGfTTyot9Aiwe
PkQ5+LKGMuK8qWbK0fdGixWsOfpliPZxXIdDQmkl7W5HUziWR4To2RpcF3S2Z7zq
0i/tlItuvT+ZgBHCfVFP+m5H/i2PzvhhY5AvwRDiamn/yMVDkcY/9Qy9PZN1+Kh8
tiGlcznJy5cCigfe6avrxLx+t4uAsZZbfVi5iZny8lidriu7el8MpES1jfsuw+F2
BPiGwKdlYygpHVGrHShY8jrQXi2AiTlva503HsaXOt2i
-----END CERTIFICATE-----