Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/S9eHYiR7zb_n9KKRSQ3CI3RMfOw.roa
File:                     S9eHYiR7zb_n9KKRSQ3CI3RMfOw.roa (raw, json)
Hash identifier:          eZwoYKRlHkuxjVELwJDXBFEZEcPRJ/7FengEXTtUVeo=
Subject key identifier:   4B:D7:87:62:24:7B:CD:BF:E7:F4:A2:91:49:0D:C2:23:74:4C:7C:EC
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0199707DE89267A926620DE6A4FA6FBED44E
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/S9eHYiR7zb_n9KKRSQ3CI3RMfOw.roa
Signing time:             Mon 22 Sep 2025 08:15:23 +0000
ROA not before:           Mon 22 Sep 2025 08:15:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203172
IP address blocks:        194.87.20.0/23 maxlen: 23
                          194.87.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:70:7d:e8:92:67:a9:26:62:0d:e6:a4:fa:6f:be:d4:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Sep 22 08:15:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4bd78762247bcdbfe7f4a291490dc223744c7cec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:fe:0e:04:55:49:1c:46:10:d6:13:f7:87:dd:
                    b4:e1:67:31:2d:4b:a7:9e:65:86:77:fb:c3:43:50:
                    01:00:12:74:86:11:d0:84:9c:b4:e8:4f:f2:13:4e:
                    ed:4d:99:d8:5e:cc:de:f5:64:20:63:ce:cc:8f:fa:
                    a8:ab:da:0f:b1:a6:b5:ac:e8:da:eb:06:4e:66:f3:
                    50:a0:29:75:0e:d9:95:27:95:5b:3c:96:37:b5:56:
                    75:b0:e8:e6:f6:f7:06:ee:e2:58:c2:71:c8:7d:a2:
                    07:4c:a9:fd:e0:7c:fd:1c:35:aa:e4:2e:5a:92:61:
                    ef:29:83:e7:18:d7:c1:54:8f:f8:0d:a9:67:96:c5:
                    f7:1f:cb:3a:36:c4:ec:e4:14:03:77:90:41:e5:bf:
                    21:fa:c7:46:b6:a9:c6:23:9f:69:6a:c6:8b:db:d4:
                    6d:e9:34:d1:84:f0:87:25:49:79:6c:c1:01:63:fe:
                    1e:67:6b:2b:6e:bb:8f:85:78:e9:df:46:3a:dd:7e:
                    59:cf:5c:fe:74:b7:6b:e8:e2:88:90:78:8d:a4:75:
                    36:7c:28:52:d6:7d:73:48:ce:6b:93:ae:d8:e8:26:
                    68:17:02:24:a8:70:f1:8b:15:e1:c1:0b:35:f9:41:
                    d8:7f:1a:1d:3c:1e:24:9f:6a:88:40:d1:23:b5:dd:
                    d9:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:D7:87:62:24:7B:CD:BF:E7:F4:A2:91:49:0D:C2:23:74:4C:7C:EC
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/S9eHYiR7zb_n9KKRSQ3CI3RMfOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.20.0/23
                  194.87.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:87:0f:aa:5b:a6:90:20:63:06:84:f7:4c:88:1d:8b:df:26:
         07:1c:17:4c:3c:f7:95:ce:19:59:c1:43:dd:09:5f:71:44:3d:
         85:63:f4:ab:15:30:0d:b8:5f:c0:e9:15:b7:89:03:36:de:c2:
         fe:eb:a2:41:b4:f4:ad:1b:77:2b:40:1a:b5:28:d5:27:86:56:
         9e:da:a4:66:1e:e6:79:79:e9:9b:48:70:7a:90:6f:fd:f6:cd:
         4a:f9:52:8b:84:37:35:31:4e:7e:6f:aa:82:20:5c:0f:a7:b3:
         54:ce:e4:22:37:39:73:bd:b9:fc:6a:7b:59:25:da:17:ee:da:
         c3:65:0d:14:ca:6d:44:fd:6d:0c:29:11:e6:a4:27:f1:20:ea:
         3f:84:14:a0:64:b8:79:72:4b:f7:de:81:26:b3:b9:aa:a1:45:
         d3:6e:e9:3c:bd:b1:3b:6e:54:83:f0:a5:cf:1f:07:dc:37:89:
         52:70:16:2c:f5:c9:71:e3:22:d0:d8:b1:83:13:94:25:12:a3:
         f9:8d:90:95:03:b7:87:a5:91:33:43:b8:61:67:cf:14:6f:a0:
         0a:06:13:b4:d0:94:77:58:d6:0e:09:36:3d:d8:89:c8:1b:ae:
         0e:dd:74:b0:9b:d2:a3:66:f5:85:8b:2b:ef:46:be:e2:89:bb:
         cf:cd:5e:a7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlwfeiSZ6kmYg3mpPpvvtROMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwOTIyMDgxNTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmQ3ODc2MjI0N2JjZGJmZTdmNGEyOTE0OTBkYzIyMzc0NGM3Y2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvv4OBFVJHEYQ1hP3h9204WcxLUun
nmWGd/vDQ1ABABJ0hhHQhJy06E/yE07tTZnYXsze9WQgY87Mj/qoq9oPsaa1rOja
6wZOZvNQoCl1DtmVJ5VbPJY3tVZ1sOjm9vcG7uJYwnHIfaIHTKn94Hz9HDWq5C5a
kmHvKYPnGNfBVI/4DalnlsX3H8s6NsTs5BQDd5BB5b8h+sdGtqnGI59pasaL29Rt
6TTRhPCHJUl5bMEBY/4eZ2srbruPhXjp30Y63X5Zz1z+dLdr6OKIkHiNpHU2fChS
1n1zSM5rk67Y6CZoFwIkqHDxixXhwQs1+UHYfxodPB4kn2qIQNEjtd3ZvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEvXh2Ike82/5/SikUkNwiN0THzsMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvUzllSFlpUjd6Yl9uOUtLUlNRM0NJM1JNZk93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwlcUAwQA
wlffMA0GCSqGSIb3DQEBCwUAA4IBAQBqhw+qW6aQIGMGhPdMiB2L3yYHHBdMPPeV
zhlZwUPdCV9xRD2FY/SrFTANuF/A6RW3iQM23sL+66JBtPStG3crQBq1KNUnhlae
2qRmHuZ5eembSHB6kG/99s1K+VKLhDc1MU5+b6qCIFwPp7NUzuQiNzlzvbn8antZ
JdoX7trDZQ0Uym1E/W0MKRHmpCfxIOo/hBSgZLh5ckv33oEms7mqoUXTbuk8vbE7
blSD8KXPHwfcN4lScBYs9clx4yLQ2LGDE5QlEqP5jZCVA7eHpZEzQ7hhZ88Ub6AK
BhO00JR3WNYOCTY92InIG64O3XSwm9KjZvWFiyvvRr7iibvPzV6n
-----END CERTIFICATE-----