Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/740b1d-751d-4afa-b700-1943bb7eaec7/1/7DaGcZguX6rZmp70WlL3jIsnpbM.roa
File:                     7DaGcZguX6rZmp70WlL3jIsnpbM.roa (raw, json)
Hash identifier:          KsS60nPCDyv8jj+cofaFoNq94Rj7AglBtrtXHDvUhUs=
Subject key identifier:   EC:36:86:71:98:2E:5F:AA:D9:9A:9E:F4:5A:52:F7:8C:8B:27:A5:B3
Certificate issuer:       /CN=e3958384e346956a00663a565507b96f14cc0973
Certificate serial:       019A2B9DA54E25BBE1D315E2E7556209B61A
Authority key identifier: E3:95:83:84:E3:46:95:6A:00:66:3A:56:55:07:B9:6F:14:CC:09:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/45WDhONGlWoAZjpWVQe5bxTMCXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/740b1d-751d-4afa-b700-1943bb7eaec7/1/7DaGcZguX6rZmp70WlL3jIsnpbM.roa
Signing time:             Tue 28 Oct 2025 16:19:03 +0000
ROA not before:           Tue 28 Oct 2025 16:19:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212131
IP address blocks:        194.9.58.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/740b1d-751d-4afa-b700-1943bb7eaec7/1/45WDhONGlWoAZjpWVQe5bxTMCXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/740b1d-751d-4afa-b700-1943bb7eaec7/1/45WDhONGlWoAZjpWVQe5bxTMCXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/45WDhONGlWoAZjpWVQe5bxTMCXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2b:9d:a5:4e:25:bb:e1:d3:15:e2:e7:55:62:09:b6:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3958384e346956a00663a565507b96f14cc0973
        Validity
            Not Before: Oct 28 16:19:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec368671982e5faad99a9ef45a52f78c8b27a5b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:3b:47:06:07:94:a0:0a:65:e2:cf:2c:d9:04:
                    66:72:e8:95:ae:83:ee:2f:fc:1c:ea:2c:f7:df:14:
                    6c:cc:44:96:0a:12:54:1f:ed:09:77:42:d4:d8:97:
                    b4:6b:19:e7:bf:b0:9c:64:d4:10:7c:69:82:42:6e:
                    39:a0:74:e7:ab:75:d5:91:43:f0:d2:97:9d:c4:73:
                    7a:ae:38:b4:c8:68:6c:34:9a:0d:34:0d:2e:02:e4:
                    76:81:88:d3:ac:7d:b3:93:68:b4:26:b7:d3:a6:08:
                    75:37:2d:21:ed:d7:ca:f5:ba:ae:ea:01:bf:f6:6e:
                    53:c6:ef:de:84:ff:ab:e2:40:1b:d3:de:d0:4e:b6:
                    11:5f:21:14:cc:b8:18:55:ad:b1:0d:87:03:c5:b7:
                    a5:a0:82:d0:81:c2:e7:93:ff:51:dc:68:62:19:cc:
                    05:6d:de:09:1a:23:09:c3:fb:0c:a1:bb:c9:21:67:
                    1c:48:3b:1d:db:00:f5:85:dd:d6:0b:85:b2:45:c8:
                    4c:bd:d7:6c:57:51:e5:73:06:e4:85:20:12:9e:48:
                    46:7e:d4:ca:c7:b7:5d:2b:36:9e:aa:89:03:3a:63:
                    c5:c5:5e:26:80:60:69:03:0e:df:d5:0a:87:ae:61:
                    a0:e2:29:60:7c:a8:52:d9:c1:ea:bc:c9:89:a8:2a:
                    67:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:36:86:71:98:2E:5F:AA:D9:9A:9E:F4:5A:52:F7:8C:8B:27:A5:B3
            X509v3 Authority Key Identifier:
                keyid:E3:95:83:84:E3:46:95:6A:00:66:3A:56:55:07:B9:6F:14:CC:09:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/45WDhONGlWoAZjpWVQe5bxTMCXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/740b1d-751d-4afa-b700-1943bb7eaec7/1/7DaGcZguX6rZmp70WlL3jIsnpbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/740b1d-751d-4afa-b700-1943bb7eaec7/1/45WDhONGlWoAZjpWVQe5bxTMCXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:76:05:01:6d:79:1b:50:2b:ac:72:b2:51:fb:6f:1e:d0:67:
         ad:15:7f:61:21:38:2c:6f:47:a9:8e:bd:fc:8e:c9:60:c1:4c:
         7b:cc:b9:78:92:e1:ce:74:4f:f6:55:2d:7f:76:8d:7c:f4:83:
         cb:63:af:db:0a:33:cd:ec:0a:1b:ca:51:fa:41:fd:32:8a:28:
         eb:2a:75:52:69:e5:13:75:b6:90:d1:85:f9:51:bc:dd:86:ac:
         88:01:e6:67:61:e4:8f:2e:ba:92:3b:4f:26:48:2d:98:eb:1e:
         5a:2e:99:d2:a5:68:4d:53:bf:b0:ab:77:ef:de:9f:e3:e8:f7:
         d1:af:61:ee:00:12:5c:84:6c:41:a5:61:a9:17:78:c7:49:08:
         40:bf:43:e9:2c:35:75:ed:fb:24:7c:51:f0:da:51:df:a7:7e:
         5d:38:ea:e5:8a:96:0b:c8:b6:e7:81:cd:7a:d7:4f:d9:8a:5e:
         92:d3:22:6d:7e:4c:82:91:df:5c:47:69:03:f0:51:a5:de:d4:
         9f:34:27:67:83:9a:72:95:8a:39:81:03:f4:2a:7f:18:d2:e2:
         62:05:4b:44:03:7f:2e:f2:00:2c:70:87:a5:29:a4:17:6d:80:
         5d:d3:83:29:51:d5:34:6f:05:6e:84:6e:9b:f4:ca:5d:d1:4c:
         a3:d9:32:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZornaVOJbvh0xXi51ViCbYaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzOTU4Mzg0ZTM0Njk1NmEwMDY2M2E1NjU1MDdiOTZmMTRj
YzA5NzMwHhcNMjUxMDI4MTYxOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzM2ODY3MTk4MmU1ZmFhZDk5YTllZjQ1YTUyZjc4YzhiMjdhNWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6DtHBgeUoApl4s8s2QRmcuiVroPu
L/wc6iz33xRszESWChJUH+0Jd0LU2Je0axnnv7CcZNQQfGmCQm45oHTnq3XVkUPw
0pedxHN6rji0yGhsNJoNNA0uAuR2gYjTrH2zk2i0JrfTpgh1Ny0h7dfK9bqu6gG/
9m5Txu/ehP+r4kAb097QTrYRXyEUzLgYVa2xDYcDxbeloILQgcLnk/9R3GhiGcwF
bd4JGiMJw/sMobvJIWccSDsd2wD1hd3WC4WyRchMvddsV1HlcwbkhSASnkhGftTK
x7ddKzaeqokDOmPFxV4mgGBpAw7f1QqHrmGg4ilgfKhS2cHqvMmJqCpnaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOw2hnGYLl+q2Zqe9FpS94yLJ6WzMB8GA1UdIwQY
MBaAFOOVg4TjRpVqAGY6VlUHuW8UzAlzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDVXRGhPTkdsV29BWmpwV1ZRZTVieFRNQ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS83NDBiMWQtNzUxZC00YWZhLWI3MDAt
MTk0M2JiN2VhZWM3LzEvN0RhR2NaZ3VYNnJabXA3MFdsTDNqSXNucGJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS83NDBiMWQtNzUxZC00YWZhLWI3MDAtMTk0M2JiN2VhZWM3
LzEvNDVXRGhPTkdsV29BWmpwV1ZRZTVieFRNQ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwgk6MA0G
CSqGSIb3DQEBCwUAA4IBAQBudgUBbXkbUCuscrJR+28e0GetFX9hITgsb0epjr38
jslgwUx7zLl4kuHOdE/2VS1/do189IPLY6/bCjPN7AobylH6Qf0yiijrKnVSaeUT
dbaQ0YX5UbzdhqyIAeZnYeSPLrqSO08mSC2Y6x5aLpnSpWhNU7+wq3fv3p/j6PfR
r2HuABJchGxBpWGpF3jHSQhAv0PpLDV17fskfFHw2lHfp35dOOrlipYLyLbngc16
10/Zil6S0yJtfkyCkd9cR2kD8FGl3tSfNCdng5pylYo5gQP0Kn8Y0uJiBUtEA38u
8gAscIelKaQXbYBd04MpUdU0bwVuhG6b9Mpd0Uyj2TJi
-----END CERTIFICATE-----