Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/rstqmC9C3deFRwlh7GBOdnhea6U.roa
File:                     rstqmC9C3deFRwlh7GBOdnhea6U.roa (raw, json)
Hash identifier:          hc6+4Nud2mXg12AKMVOC6jspD/lRAhLFUQSwRN33KxM=
Subject key identifier:   AE:CB:6A:98:2F:42:DD:D7:85:47:09:61:EC:60:4E:76:78:5E:6B:A5
Certificate issuer:       /CN=df895a3ee2211b6ee2df7202f09a426680d66269
Certificate serial:       0199A5F68D364C26EE49F72C74676935C840
Authority key identifier: DF:89:5A:3E:E2:21:1B:6E:E2:DF:72:02:F0:9A:42:66:80:D6:62:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/34laPuIhG27i33IC8JpCZoDWYmk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/rstqmC9C3deFRwlh7GBOdnhea6U.roa
Signing time:             Thu 02 Oct 2025 17:27:02 +0000
ROA not before:           Thu 02 Oct 2025 17:27:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42031
IP address blocks:        185.225.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/34laPuIhG27i33IC8JpCZoDWYmk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/34laPuIhG27i33IC8JpCZoDWYmk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/34laPuIhG27i33IC8JpCZoDWYmk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a5:f6:8d:36:4c:26:ee:49:f7:2c:74:67:69:35:c8:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df895a3ee2211b6ee2df7202f09a426680d66269
        Validity
            Not Before: Oct  2 17:27:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aecb6a982f42ddd785470961ec604e76785e6ba5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:df:64:17:03:87:73:53:11:f6:24:5e:5a:e1:
                    2a:76:5f:68:9c:d5:8d:af:9b:90:87:8b:0c:0d:82:
                    ed:c1:45:6a:59:65:74:b4:a2:e2:e8:d3:63:48:e5:
                    49:6f:63:c0:28:bf:c1:a2:97:77:d1:37:fc:2b:26:
                    9b:6f:96:ec:4b:68:ad:60:7e:a4:04:d9:6c:ce:1d:
                    0c:2b:22:73:59:05:38:00:cc:94:ed:5f:30:b8:69:
                    05:c1:df:b8:30:24:61:07:c1:c5:31:c9:c7:84:66:
                    33:ed:21:05:82:f6:55:7e:2d:d1:53:36:ab:5c:bd:
                    b6:40:60:7f:d7:13:cd:dd:b9:8b:2b:d2:fc:80:c5:
                    29:fc:f0:dc:93:ee:fa:dc:c1:17:6b:1d:14:a8:0d:
                    c0:c1:f5:82:26:55:fd:54:1c:65:09:f0:ff:6a:d2:
                    41:a3:01:53:9d:ec:0f:f5:da:f4:5e:87:f6:e3:47:
                    f4:9a:ea:57:94:f2:41:c7:f8:ce:33:f9:cc:79:12:
                    86:ea:b9:01:3c:1a:95:a3:f8:af:a8:8c:89:d9:7b:
                    00:c8:0f:ba:14:80:75:52:f0:5c:84:10:a5:32:ab:
                    14:a4:72:d7:09:28:11:b0:d4:aa:ce:c9:0f:66:56:
                    52:e1:59:4c:ea:a1:cd:8f:80:de:45:3f:1b:49:33:
                    8e:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:CB:6A:98:2F:42:DD:D7:85:47:09:61:EC:60:4E:76:78:5E:6B:A5
            X509v3 Authority Key Identifier:
                keyid:DF:89:5A:3E:E2:21:1B:6E:E2:DF:72:02:F0:9A:42:66:80:D6:62:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/34laPuIhG27i33IC8JpCZoDWYmk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/rstqmC9C3deFRwlh7GBOdnhea6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/34laPuIhG27i33IC8JpCZoDWYmk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:7e:e7:2a:b6:3b:a2:9d:6a:eb:1a:fa:06:81:3a:df:a4:9d:
         40:6c:5c:6e:c4:32:57:0f:0b:71:66:06:6e:8b:a4:5c:77:d5:
         c4:87:a4:bf:ea:2f:f2:16:5f:06:7e:3c:e9:d9:78:47:57:e0:
         47:56:6f:f4:c1:c0:37:b4:e4:55:09:55:06:65:f7:7a:68:e8:
         5c:33:bc:1e:33:4d:ff:a6:73:90:f4:6d:f5:7a:4e:ad:d7:e9:
         d7:d2:f8:be:89:55:33:65:f3:48:9d:99:d8:26:13:84:97:db:
         09:a5:a1:52:26:91:0c:45:df:6f:36:c1:27:c7:21:08:e5:05:
         3b:71:b4:bb:0d:84:c9:d2:3b:3f:73:b9:81:29:97:4d:38:f8:
         99:9b:fa:31:c8:40:0a:65:b6:a3:f7:f6:02:5c:c1:1c:7d:26:
         93:c4:14:56:68:b6:38:c1:13:a9:59:0d:1c:2c:52:2f:f8:12:
         77:b1:34:6c:60:72:56:f7:f3:24:58:1d:d0:a6:8c:91:b1:1d:
         a0:b6:50:75:59:b8:58:65:80:c6:9a:c3:42:e3:8a:f8:b7:7d:
         0a:e5:b5:a3:d1:d4:24:c5:15:b0:c4:e1:3c:10:4d:53:48:1c:
         c8:59:38:5a:5e:7a:fa:bb:f1:51:84:73:c8:9d:63:9a:5c:20:
         f2:65:f9:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZml9o02TCbuSfcsdGdpNchAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmODk1YTNlZTIyMTFiNmVlMmRmNzIwMmYwOWE0MjY2ODBk
NjYyNjkwHhcNMjUxMDAyMTcyNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWNiNmE5ODJmNDJkZGQ3ODU0NzA5NjFlYzYwNGU3Njc4NWU2YmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsN9kFwOHc1MR9iReWuEqdl9onNWN
r5uQh4sMDYLtwUVqWWV0tKLi6NNjSOVJb2PAKL/Bopd30Tf8Kyabb5bsS2itYH6k
BNlszh0MKyJzWQU4AMyU7V8wuGkFwd+4MCRhB8HFMcnHhGYz7SEFgvZVfi3RUzar
XL22QGB/1xPN3bmLK9L8gMUp/PDck+763MEXax0UqA3AwfWCJlX9VBxlCfD/atJB
owFTnewP9dr0Xof240f0mupXlPJBx/jOM/nMeRKG6rkBPBqVo/ivqIyJ2XsAyA+6
FIB1UvBchBClMqsUpHLXCSgRsNSqzskPZlZS4VlM6qHNj4DeRT8bSTOO0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK7LapgvQt3XhUcJYexgTnZ4XmulMB8GA1UdIwQY
MBaAFN+JWj7iIRtu4t9yAvCaQmaA1mJpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzRsYVB1SWhHMjdpMzNJQzhKcENab0RXWW1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8xYTcyYTctMjc3ZC00NGY1LTg3ZGUt
NzBiMmViZDUxNDM4LzEvcnN0cW1DOUMzZGVGUndsaDdHQk9kbmhlYTZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8xYTcyYTctMjc3ZC00NGY1LTg3ZGUtNzBiMmViZDUxNDM4
LzEvMzRsYVB1SWhHMjdpMzNJQzhKcENab0RXWW1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueHLMA0G
CSqGSIb3DQEBCwUAA4IBAQBRfucqtjuinWrrGvoGgTrfpJ1AbFxuxDJXDwtxZgZu
i6Rcd9XEh6S/6i/yFl8Gfjzp2XhHV+BHVm/0wcA3tORVCVUGZfd6aOhcM7weM03/
pnOQ9G31ek6t1+nX0vi+iVUzZfNInZnYJhOEl9sJpaFSJpEMRd9vNsEnxyEI5QU7
cbS7DYTJ0js/c7mBKZdNOPiZm/oxyEAKZbaj9/YCXMEcfSaTxBRWaLY4wROpWQ0c
LFIv+BJ3sTRsYHJW9/MkWB3QpoyRsR2gtlB1WbhYZYDGmsNC44r4t30K5bWj0dQk
xRWwxOE8EE1TSBzIWThaXnr6u/FRhHPInWOaXCDyZflB
-----END CERTIFICATE-----