Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/1tqeFI86U-oQsEyCsrwBNStsU0E.roa
File:                     1tqeFI86U-oQsEyCsrwBNStsU0E.roa (raw, json)
Hash identifier:          fy/B4N7s6y5mWPPUzB7p9Y9MWBW/CcKcmLv8555ehVw=
Subject key identifier:   D6:DA:9E:14:8F:3A:53:EA:10:B0:4C:82:B2:BC:01:35:2B:6C:53:41
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019950B3B14A875C7FB9C216CF52809FADE9
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/1tqeFI86U-oQsEyCsrwBNStsU0E.roa
Signing time:             Tue 16 Sep 2025 04:06:17 +0000
ROA not before:           Tue 16 Sep 2025 04:06:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214929
IP address blocks:        94.249.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:50:b3:b1:4a:87:5c:7f:b9:c2:16:cf:52:80:9f:ad:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Sep 16 04:06:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6da9e148f3a53ea10b04c82b2bc01352b6c5341
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:8a:8b:5b:16:b9:c6:7e:82:13:d0:0b:6e:c8:
                    67:6a:44:9b:ae:19:c7:42:67:7b:b9:c4:6f:c4:2d:
                    4c:72:ad:fb:a1:29:18:da:dc:52:d1:ee:77:00:1c:
                    d3:84:b0:d0:de:f5:3a:3a:06:23:ee:bb:46:8f:27:
                    9d:9d:34:32:65:73:0c:9a:08:50:57:a5:52:f2:ba:
                    ce:ac:d8:77:b4:7d:d7:fc:25:6c:7e:80:e5:65:30:
                    74:81:d1:52:92:82:34:5d:9d:7d:5a:d4:ca:32:6d:
                    e4:bf:1e:d5:da:63:e8:b1:0d:55:be:db:ec:7b:d6:
                    b7:24:40:2f:a3:cd:fb:d4:06:cf:e7:c3:e0:d7:be:
                    51:3c:78:d6:26:47:81:d6:6f:4e:57:0e:57:a5:c6:
                    33:94:81:3f:4a:6b:07:e4:8e:14:64:a4:65:b4:a8:
                    71:1b:9d:2f:3a:d1:c3:8a:bb:14:71:b5:f3:c3:39:
                    b0:16:82:c6:dd:6b:a3:d4:41:f5:86:67:94:40:4c:
                    25:c9:07:8a:8b:5a:80:96:2d:06:7c:7a:e4:cc:02:
                    1f:50:eb:57:fa:e7:e2:1f:7d:5a:26:c0:af:7b:53:
                    b5:35:c0:41:f9:37:42:ee:77:2a:17:69:77:78:4b:
                    84:16:5f:af:b9:6c:f2:a9:6c:2e:1e:82:54:f3:b3:
                    3d:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:DA:9E:14:8F:3A:53:EA:10:B0:4C:82:B2:BC:01:35:2B:6C:53:41
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/1tqeFI86U-oQsEyCsrwBNStsU0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.249.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:56:3a:02:2c:73:cd:ee:d5:e4:a5:3e:9f:11:ac:08:30:eb:
         16:76:5b:61:c2:06:d2:d1:98:1b:51:27:c8:76:74:f6:80:ef:
         a2:bb:34:f2:d0:0d:0c:a8:f0:4e:0e:ea:67:81:c3:01:80:41:
         95:15:d6:56:96:21:e2:22:4b:40:c0:f3:71:a6:e2:ba:dd:75:
         e6:01:99:e5:32:5b:43:f9:9f:e8:58:a2:ce:46:f2:d4:29:4c:
         a1:c1:3c:18:ed:52:9d:63:b3:bb:62:cc:1c:9f:5e:56:84:9a:
         c0:ac:1d:82:02:5d:d6:63:f2:38:a8:92:dd:40:ee:de:cb:0a:
         f5:ba:d4:88:69:83:7d:b6:76:19:3b:09:58:4f:5c:55:bd:49:
         59:8b:dd:96:78:af:ab:b5:2e:ba:d1:dc:2a:e3:c8:d2:cc:bd:
         f3:aa:b9:aa:a0:36:0c:e6:fa:38:35:60:1d:bc:60:3b:36:d5:
         12:e6:c8:37:d4:a8:ee:c7:2f:33:aa:e9:ef:34:46:e4:f1:93:
         b1:83:31:4f:66:2f:d9:2a:a3:a4:18:6b:42:68:71:ef:93:e9:
         2d:a9:db:0a:30:f4:d3:63:a4:1f:6f:28:fe:91:88:8e:cd:be:
         e4:20:bf:5a:c3:1c:b3:3a:df:1a:af:a9:48:c9:8f:1b:09:72:
         c2:ac:99:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlQs7FKh1x/ucIWz1KAn63pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwOTE2MDQwNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmRhOWUxNDhmM2E1M2VhMTBiMDRjODJiMmJjMDEzNTJiNmM1MzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2oqLWxa5xn6CE9ALbshnakSbrhnH
Qmd7ucRvxC1Mcq37oSkY2txS0e53ABzThLDQ3vU6OgYj7rtGjyednTQyZXMMmghQ
V6VS8rrOrNh3tH3X/CVsfoDlZTB0gdFSkoI0XZ19WtTKMm3kvx7V2mPosQ1Vvtvs
e9a3JEAvo8371AbP58Pg175RPHjWJkeB1m9OVw5XpcYzlIE/SmsH5I4UZKRltKhx
G50vOtHDirsUcbXzwzmwFoLG3Wuj1EH1hmeUQEwlyQeKi1qAli0GfHrkzAIfUOtX
+ufiH31aJsCve1O1NcBB+TdC7ncqF2l3eEuEFl+vuWzyqWwuHoJU87M98wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNbanhSPOlPqELBMgrK8ATUrbFNBMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvMXRxZUZJODZVLW9Rc0V5Q3Nyd0JOU3RzVTBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXvnkMA0G
CSqGSIb3DQEBCwUAA4IBAQCxVjoCLHPN7tXkpT6fEawIMOsWdlthwgbS0ZgbUSfI
dnT2gO+iuzTy0A0MqPBODupngcMBgEGVFdZWliHiIktAwPNxpuK63XXmAZnlMltD
+Z/oWKLORvLUKUyhwTwY7VKdY7O7Yswcn15WhJrArB2CAl3WY/I4qJLdQO7eywr1
utSIaYN9tnYZOwlYT1xVvUlZi92WeK+rtS660dwq48jSzL3zqrmqoDYM5vo4NWAd
vGA7NtUS5sg31Kjuxy8zqunvNEbk8ZOxgzFPZi/ZKqOkGGtCaHHvk+ktqdsKMPTT
Y6Qfbyj+kYiOzb7kIL9awxyzOt8ar6lIyY8bCXLCrJk3
-----END CERTIFICATE-----