Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/f89170-138e-4999-aef7-c440298dfc5c/1/TceaNjn9IF5oTmJkTl9-AAXNV44.roa
File:                     TceaNjn9IF5oTmJkTl9-AAXNV44.roa (raw, json)
Hash identifier:          qomOIj4ZRrJ4B8QNZahwO894PoNKgI7449eoXim1hno=
Subject key identifier:   4D:C7:9A:36:39:FD:20:5E:68:4E:62:64:4E:5F:7E:00:05:CD:57:8E
Certificate issuer:       /CN=7cab39c6e0412235efc7877a9f737899313ed15e
Certificate serial:       0199A419900B4FCC154D7B8BBB39FED4440F
Authority key identifier: 7C:AB:39:C6:E0:41:22:35:EF:C7:87:7A:9F:73:78:99:31:3E:D1:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fKs5xuBBIjXvx4d6n3N4mTE-0V4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/f89170-138e-4999-aef7-c440298dfc5c/1/TceaNjn9IF5oTmJkTl9-AAXNV44.roa
Signing time:             Thu 02 Oct 2025 08:46:02 +0000
ROA not before:           Thu 02 Oct 2025 08:46:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5619
IP address blocks:        194.242.108.0/24 maxlen: 24
                          194.242.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/f89170-138e-4999-aef7-c440298dfc5c/1/fKs5xuBBIjXvx4d6n3N4mTE-0V4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/f89170-138e-4999-aef7-c440298dfc5c/1/fKs5xuBBIjXvx4d6n3N4mTE-0V4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fKs5xuBBIjXvx4d6n3N4mTE-0V4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a4:19:90:0b:4f:cc:15:4d:7b:8b:bb:39:fe:d4:44:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7cab39c6e0412235efc7877a9f737899313ed15e
        Validity
            Not Before: Oct  2 08:46:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4dc79a3639fd205e684e62644e5f7e0005cd578e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:7d:27:a6:3a:dd:5a:1a:d7:66:5a:33:4a:0e:
                    d7:78:34:ea:a9:c0:46:ea:9d:c4:3b:ac:0e:12:93:
                    75:b9:0a:ce:6e:b1:e1:e5:96:42:6e:5b:0e:52:55:
                    27:aa:4f:63:5a:02:82:79:4c:86:4e:bc:7d:83:b9:
                    63:96:e0:8d:fb:4d:7e:cf:dd:bb:f3:6a:72:fa:b6:
                    ad:4c:db:e5:19:46:02:09:6e:da:1b:f1:df:4a:8a:
                    bf:35:3c:51:ce:51:44:ff:bb:d7:50:1f:aa:74:cc:
                    7d:8f:77:51:f6:e5:2c:d1:28:42:27:e0:61:8d:4e:
                    3d:52:3a:51:a7:ea:8f:24:ee:5f:ca:96:23:25:da:
                    8a:6d:d4:0b:14:8c:50:5c:95:54:57:e3:fe:f2:fb:
                    e3:6f:20:48:d0:75:d4:eb:30:1c:9c:d0:4f:72:a9:
                    e1:5d:96:a7:cf:c5:2a:46:b6:af:b9:34:96:48:e4:
                    08:02:ca:a6:c9:f1:f2:9e:23:61:33:f3:7b:06:db:
                    77:e9:4b:00:14:37:fa:37:f9:87:2e:ce:a9:d9:59:
                    22:91:e8:16:fc:ed:15:8d:32:92:16:ab:d7:ff:c4:
                    10:67:94:33:14:d0:9d:fd:30:32:c4:18:7a:6e:b8:
                    fc:46:4c:a2:6a:ad:43:f5:5b:9c:be:ee:2b:d6:47:
                    ff:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:C7:9A:36:39:FD:20:5E:68:4E:62:64:4E:5F:7E:00:05:CD:57:8E
            X509v3 Authority Key Identifier:
                keyid:7C:AB:39:C6:E0:41:22:35:EF:C7:87:7A:9F:73:78:99:31:3E:D1:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fKs5xuBBIjXvx4d6n3N4mTE-0V4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f89170-138e-4999-aef7-c440298dfc5c/1/TceaNjn9IF5oTmJkTl9-AAXNV44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f89170-138e-4999-aef7-c440298dfc5c/1/fKs5xuBBIjXvx4d6n3N4mTE-0V4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.242.108.0/24
                  194.242.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:21:1c:81:22:50:59:ad:b1:5f:fb:25:59:4f:4d:9a:20:89:
         b5:86:71:13:59:d0:ac:12:f8:85:24:e7:bd:4d:6f:55:f2:b1:
         97:71:cf:e0:58:3f:e3:ef:45:b2:a3:bf:fd:0c:b5:78:46:05:
         7d:5b:0d:1a:ac:6d:3d:eb:1f:0e:97:38:7c:b5:35:3d:44:21:
         8b:ae:30:6a:8f:23:b5:a7:d5:32:c2:d9:e4:b6:56:94:b6:d8:
         e6:13:be:33:62:87:15:6c:e9:e7:06:7c:07:62:63:b7:94:dd:
         30:03:bf:0f:b3:cf:eb:5c:4d:b4:d8:b4:3f:e9:75:19:f1:d1:
         c0:58:a7:25:b0:17:54:6d:5e:f8:c2:87:b6:d0:d7:af:c4:14:
         e1:f2:78:7b:12:91:fd:45:11:14:03:6a:70:41:98:4c:bb:a3:
         78:d5:cc:81:6b:43:66:b9:ce:c7:d3:5d:25:6f:21:da:a3:6c:
         9e:74:c0:e0:0f:e1:0c:80:b0:4b:4a:6b:af:9e:87:25:81:81:
         78:e5:a0:b6:e9:87:54:2e:92:85:a4:c8:81:82:83:c5:f9:46:
         33:7f:7e:b4:d4:8e:46:a0:04:d6:18:f0:85:7d:e6:fe:07:40:
         aa:4c:54:9b:8f:00:2b:b2:a7:bd:3c:2a:aa:d2:a8:72:56:2c:
         01:1a:50:69
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmkGZALT8wVTXuLuzn+1EQPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjYWIzOWM2ZTA0MTIyMzVlZmM3ODc3YTlmNzM3ODk5MzEz
ZWQxNWUwHhcNMjUxMDAyMDg0NjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGM3OWEzNjM5ZmQyMDVlNjg0ZTYyNjQ0ZTVmN2UwMDA1Y2Q1NzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0X0npjrdWhrXZlozSg7XeDTqqcBG
6p3EO6wOEpN1uQrObrHh5ZZCblsOUlUnqk9jWgKCeUyGTrx9g7ljluCN+01+z927
82py+ratTNvlGUYCCW7aG/HfSoq/NTxRzlFE/7vXUB+qdMx9j3dR9uUs0ShCJ+Bh
jU49UjpRp+qPJO5fypYjJdqKbdQLFIxQXJVUV+P+8vvjbyBI0HXU6zAcnNBPcqnh
XZanz8UqRravuTSWSOQIAsqmyfHyniNhM/N7Btt36UsAFDf6N/mHLs6p2VkikegW
/O0VjTKSFqvX/8QQZ5QzFNCd/TAyxBh6brj8Rkyiaq1D9Vucvu4r1kf/NQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE3HmjY5/SBeaE5iZE5ffgAFzVeOMB8GA1UdIwQY
MBaAFHyrOcbgQSI178eHep9zeJkxPtFeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZktzNXh1QkJJalh2eDRkNm4zTjRtVEUtMFY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9mODkxNzAtMTM4ZS00OTk5LWFlZjct
YzQ0MDI5OGRmYzVjLzEvVGNlYU5qbjlJRjVvVG1Ka1RsOS1BQVhOVjQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9mODkxNzAtMTM4ZS00OTk5LWFlZjctYzQ0MDI5OGRmYzVj
LzEvZktzNXh1QkJJalh2eDRkNm4zTjRtVEUtMFY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwvJsAwQA
wvJvMA0GCSqGSIb3DQEBCwUAA4IBAQCiIRyBIlBZrbFf+yVZT02aIIm1hnETWdCs
EviFJOe9TW9V8rGXcc/gWD/j70Wyo7/9DLV4RgV9Ww0arG096x8Olzh8tTU9RCGL
rjBqjyO1p9UywtnktlaUttjmE74zYocVbOnnBnwHYmO3lN0wA78Ps8/rXE202LQ/
6XUZ8dHAWKclsBdUbV74woe20NevxBTh8nh7EpH9RREUA2pwQZhMu6N41cyBa0Nm
uc7H010lbyHao2yedMDgD+EMgLBLSmuvnoclgYF45aC26YdULpKFpMiBgoPF+UYz
f3601I5GoATWGPCFfeb+B0CqTFSbjwArsqe9PCqq0qhyViwBGlBp
-----END CERTIFICATE-----