Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/068a6c-921b-4e0b-ba7e-3a6de99ede47/1/cs2tcig_htwGIdVMlsEbECr1KUs.roa
File:                     cs2tcig_htwGIdVMlsEbECr1KUs.roa (raw, json)
Hash identifier:          Ltjte90H2AR0ZhY5ZboX1HAAoGLfM6x2vjLJ6VTAc2Q=
Subject key identifier:   72:CD:AD:72:28:3F:86:DC:06:21:D5:4C:96:C1:1B:10:2A:F5:29:4B
Certificate issuer:       /CN=2d3c3987e7c34b366aa0f09c40ea4c80bfed0e01
Certificate serial:       0199E85D171A14C5F4791390F7F32DEC0B8E
Authority key identifier: 2D:3C:39:87:E7:C3:4B:36:6A:A0:F0:9C:40:EA:4C:80:BF:ED:0E:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LTw5h-fDSzZqoPCcQOpMgL_tDgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/068a6c-921b-4e0b-ba7e-3a6de99ede47/1/cs2tcig_htwGIdVMlsEbECr1KUs.roa
Signing time:             Wed 15 Oct 2025 14:53:58 +0000
ROA not before:           Wed 15 Oct 2025 14:53:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215413
IP address blocks:        194.150.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/068a6c-921b-4e0b-ba7e-3a6de99ede47/1/LTw5h-fDSzZqoPCcQOpMgL_tDgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/068a6c-921b-4e0b-ba7e-3a6de99ede47/1/LTw5h-fDSzZqoPCcQOpMgL_tDgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LTw5h-fDSzZqoPCcQOpMgL_tDgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 17:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e8:5d:17:1a:14:c5:f4:79:13:90:f7:f3:2d:ec:0b:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d3c3987e7c34b366aa0f09c40ea4c80bfed0e01
        Validity
            Not Before: Oct 15 14:53:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72cdad72283f86dc0621d54c96c11b102af5294b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:4e:76:ad:32:26:3c:c2:bb:0c:8a:9a:34:07:
                    fc:d4:8c:ed:7d:09:04:f8:20:a0:f2:2f:fc:5b:66:
                    f2:f8:d5:b5:f9:b1:91:77:47:f1:d4:83:a9:3f:c6:
                    f8:8b:54:a3:bc:2a:35:32:c8:1a:c8:39:61:e7:18:
                    9f:e6:32:45:7c:c7:58:71:af:4e:ae:c2:cf:d6:66:
                    f2:09:6c:fa:fb:bc:29:fe:b2:51:ab:dc:df:9a:f2:
                    8b:bf:e2:34:34:5d:d2:55:ac:5d:05:b9:ef:3d:5b:
                    5c:b6:ed:cc:3a:cd:16:5a:ce:e3:1f:6a:08:28:ce:
                    a9:a1:96:49:cf:c1:13:43:f4:e6:bd:48:c9:e5:01:
                    7d:39:34:e7:69:8e:6d:d4:74:56:9c:86:23:90:c1:
                    34:71:eb:7d:f7:ae:84:3b:ac:6e:33:16:e4:36:5b:
                    d3:db:13:93:59:a0:c1:e6:f6:2f:af:06:44:f7:05:
                    cd:0a:b5:e6:a5:07:d8:e6:bb:e0:5b:67:0f:21:93:
                    ae:27:68:84:9e:19:e5:7a:36:e9:9d:0f:d2:34:28:
                    62:5c:cb:bc:39:28:a3:c8:f0:aa:e6:20:30:ea:c0:
                    ce:fc:f6:b7:11:aa:6b:bd:c4:83:6f:4a:10:c6:cc:
                    ee:fb:67:b2:cc:1c:dc:73:61:48:fa:55:4c:b2:d5:
                    9c:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:CD:AD:72:28:3F:86:DC:06:21:D5:4C:96:C1:1B:10:2A:F5:29:4B
            X509v3 Authority Key Identifier:
                keyid:2D:3C:39:87:E7:C3:4B:36:6A:A0:F0:9C:40:EA:4C:80:BF:ED:0E:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LTw5h-fDSzZqoPCcQOpMgL_tDgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/068a6c-921b-4e0b-ba7e-3a6de99ede47/1/cs2tcig_htwGIdVMlsEbECr1KUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/068a6c-921b-4e0b-ba7e-3a6de99ede47/1/LTw5h-fDSzZqoPCcQOpMgL_tDgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:98:b6:8a:f1:c8:59:8f:6d:d5:80:51:82:01:e3:65:6d:e8:
         29:31:8f:22:8d:c4:40:04:c2:bb:ba:ed:2a:af:55:f5:91:47:
         dc:30:4b:91:19:d3:76:68:39:3e:df:87:53:24:ef:c2:cc:27:
         8b:9e:aa:c8:88:12:dc:53:2c:eb:0c:cd:59:89:54:7b:44:3f:
         8c:67:c7:fd:ea:9f:98:dd:ad:b5:9e:cf:9d:8a:42:eb:d0:5d:
         74:eb:ea:6d:aa:ad:21:c8:e5:4c:f0:55:72:6d:cb:b4:d0:52:
         9e:1e:94:f0:85:64:b5:fe:df:a5:24:eb:7c:54:90:ea:52:84:
         69:40:26:7d:46:b4:99:22:36:6d:4d:37:dd:f6:eb:86:e7:1d:
         05:f3:7b:ad:7f:31:f4:da:07:39:72:44:d7:cf:0a:29:5b:06:
         d7:88:e9:8e:24:80:b0:a1:69:f8:37:14:1a:b2:22:f4:a0:1e:
         56:a8:c5:d2:d3:5d:3b:7e:f5:31:42:a6:09:23:57:4a:21:16:
         cb:f8:b4:d4:fa:67:c9:94:45:53:98:de:29:fd:6c:86:80:75:
         57:93:94:ea:68:07:4a:9f:a9:e7:90:ec:a5:6d:07:52:10:a2:
         b1:39:d7:a6:41:da:17:1f:7c:e3:ac:ed:3b:5c:a9:8a:05:97:
         57:bc:1c:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnoXRcaFMX0eROQ9/Mt7AuOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkM2MzOTg3ZTdjMzRiMzY2YWEwZjA5YzQwZWE0YzgwYmZl
ZDBlMDEwHhcNMjUxMDE1MTQ1MzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmNkYWQ3MjI4M2Y4NmRjMDYyMWQ1NGM5NmMxMWIxMDJhZjUyOTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzU52rTImPMK7DIqaNAf81IztfQkE
+CCg8i/8W2by+NW1+bGRd0fx1IOpP8b4i1SjvCo1MsgayDlh5xif5jJFfMdYca9O
rsLP1mbyCWz6+7wp/rJRq9zfmvKLv+I0NF3SVaxdBbnvPVtctu3MOs0WWs7jH2oI
KM6poZZJz8ETQ/TmvUjJ5QF9OTTnaY5t1HRWnIYjkME0cet9966EO6xuMxbkNlvT
2xOTWaDB5vYvrwZE9wXNCrXmpQfY5rvgW2cPIZOuJ2iEnhnlejbpnQ/SNChiXMu8
OSijyPCq5iAw6sDO/Pa3EaprvcSDb0oQxszu+2eyzBzcc2FI+lVMstWcHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHLNrXIoP4bcBiHVTJbBGxAq9SlLMB8GA1UdIwQY
MBaAFC08OYfnw0s2aqDwnEDqTIC/7Q4BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFR3NWgtZkRTelpxb1BDY1FPcE1nTF90RGdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wNjhhNmMtOTIxYi00ZTBiLWJhN2Ut
M2E2ZGU5OWVkZTQ3LzEvY3MydGNpZ19odHdHSWRWTWxzRWJFQ3IxS1VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wNjhhNmMtOTIxYi00ZTBiLWJhN2UtM2E2ZGU5OWVkZTQ3
LzEvTFR3NWgtZkRTelpxb1BDY1FPcE1nTF90RGdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpZJMA0G
CSqGSIb3DQEBCwUAA4IBAQBumLaK8chZj23VgFGCAeNlbegpMY8ijcRABMK7uu0q
r1X1kUfcMEuRGdN2aDk+34dTJO/CzCeLnqrIiBLcUyzrDM1ZiVR7RD+MZ8f96p+Y
3a21ns+dikLr0F106+ptqq0hyOVM8FVybcu00FKeHpTwhWS1/t+lJOt8VJDqUoRp
QCZ9RrSZIjZtTTfd9uuG5x0F83utfzH02gc5ckTXzwopWwbXiOmOJICwoWn4NxQa
siL0oB5WqMXS0107fvUxQqYJI1dKIRbL+LTU+mfJlEVTmN4p/WyGgHVXk5TqaAdK
n6nnkOylbQdSEKKxOdemQdoXH3zjrO07XKmKBZdXvBzL
-----END CERTIFICATE-----