Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/L1JnyxKjOHi7xB_CoD6-8VdOJOE.roa
File:                     L1JnyxKjOHi7xB_CoD6-8VdOJOE.roa (raw, json)
Hash identifier:          z7FNoaJNNwwldQRQ9qyoKyigXc/rQPbw3AP13sNDTIs=
Subject key identifier:   2F:52:67:CB:12:A3:38:78:BB:C4:1F:C2:A0:3E:BE:F1:57:4E:24:E1
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       0198A24A755575C93AB1D471EA0FE30ACCF9
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/L1JnyxKjOHi7xB_CoD6-8VdOJOE.roa
Signing time:             Wed 13 Aug 2025 07:17:25 +0000
ROA not before:           Wed 13 Aug 2025 07:17:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202561
IP address blocks:        188.132.221.0/24 maxlen: 24
                          188.132.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 13:02:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a2:4a:75:55:75:c9:3a:b1:d4:71:ea:0f:e3:0a:cc:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Aug 13 07:17:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f5267cb12a33878bbc41fc2a03ebef1574e24e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:bd:68:85:cf:31:6c:7b:41:6c:17:1a:0e:cd:
                    16:7b:62:f9:83:ac:1d:30:e9:54:78:7d:0b:4d:25:
                    5b:40:51:ce:ab:5e:b2:ae:99:f9:35:12:90:e6:9b:
                    3b:b1:3b:b9:14:9e:76:b6:45:7f:d0:89:cf:c5:90:
                    2e:06:70:25:4a:ac:d7:1b:3a:9c:39:c3:a4:1d:20:
                    1e:7d:6f:7f:13:f1:ab:0d:dc:4f:61:20:40:b3:08:
                    17:27:58:b0:a8:aa:86:06:62:95:b1:3f:2e:92:72:
                    0f:53:f3:1d:39:79:ee:21:80:a5:67:cb:a0:8d:26:
                    10:f4:64:54:b3:15:a3:0e:15:f6:4d:42:71:05:8f:
                    75:db:1c:1c:15:74:0a:2f:62:21:e9:f5:0b:6c:3c:
                    81:68:2a:d5:28:18:54:e6:75:67:0f:75:67:33:cb:
                    d9:c1:1e:d0:65:3a:c8:ef:2f:5c:84:cc:ce:e1:c4:
                    da:0d:de:1e:e0:86:a2:e8:ca:27:c4:d3:a0:53:8a:
                    03:8c:ec:9b:50:ec:10:a8:5a:7a:91:65:bf:40:19:
                    d2:b8:12:9d:ed:8b:3f:fa:8f:77:63:54:5a:77:05:
                    06:ef:89:06:6f:02:c9:b8:78:f8:3d:10:a1:bd:14:
                    60:8e:ff:62:8b:24:fa:b2:18:4b:ac:c7:4a:89:d6:
                    bf:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:52:67:CB:12:A3:38:78:BB:C4:1F:C2:A0:3E:BE:F1:57:4E:24:E1
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/L1JnyxKjOHi7xB_CoD6-8VdOJOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.221.0-188.132.222.255

    Signature Algorithm: sha256WithRSAEncryption
         1b:41:2a:30:41:96:85:08:f8:a5:7d:69:95:f6:72:06:9e:e6:
         b4:08:ff:92:6f:de:e0:42:59:03:f4:c3:04:52:9c:14:48:c9:
         11:f7:bd:3a:5f:24:1c:0a:d7:39:4c:76:62:ba:65:fe:20:95:
         3a:a4:3e:63:bc:6d:32:12:1f:aa:73:89:1f:6c:37:10:16:bd:
         36:38:45:cd:82:d2:20:ee:ad:e2:c6:49:0f:1d:6d:3e:ca:c7:
         ca:3e:58:94:1f:b4:5c:a0:2f:2c:4a:bc:d7:ea:8e:ef:70:72:
         68:6a:6c:47:50:43:ef:20:28:28:54:9a:55:80:86:f9:50:e1:
         1e:e7:68:3a:58:24:86:48:99:da:52:3f:36:42:6a:10:8c:99:
         b1:58:41:40:9c:a2:40:3e:5d:4e:66:d7:f4:06:b6:e6:4a:31:
         7c:f8:90:96:94:cf:9d:1a:55:85:4e:91:dd:8d:d3:b5:03:32:
         be:8e:e8:2e:75:f9:96:ac:a9:0b:57:e0:56:1c:70:62:42:37:
         fe:49:c3:13:9a:f0:cd:29:a9:9a:96:82:dc:b4:8c:f7:d0:c2:
         ff:41:1a:50:08:a7:ea:93:8e:15:cc:13:ec:f8:fc:d6:72:cd:
         a9:0d:7a:98:64:dc:9a:6a:eb:0b:f7:63:bc:b7:f6:fb:78:fa:
         11:eb:f0:cb
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZiiSnVVdck6sdRx6g/jCsz5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwODEzMDcxNzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjUyNjdjYjEyYTMzODc4YmJjNDFmYzJhMDNlYmVmMTU3NGUyNGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA271ohc8xbHtBbBcaDs0We2L5g6wd
MOlUeH0LTSVbQFHOq16yrpn5NRKQ5ps7sTu5FJ52tkV/0InPxZAuBnAlSqzXGzqc
OcOkHSAefW9/E/GrDdxPYSBAswgXJ1iwqKqGBmKVsT8uknIPU/MdOXnuIYClZ8ug
jSYQ9GRUsxWjDhX2TUJxBY912xwcFXQKL2Ih6fULbDyBaCrVKBhU5nVnD3VnM8vZ
wR7QZTrI7y9chMzO4cTaDd4e4Iai6MonxNOgU4oDjOybUOwQqFp6kWW/QBnSuBKd
7Ys/+o93Y1RadwUG74kGbwLJuHj4PRChvRRgjv9iiyT6shhLrMdKida/ZQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFC9SZ8sSozh4u8QfwqA+vvFXTiThMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvTDFKbnl4S2pPSGk3eEJfQ29ENi04VmRPSk9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC8hN0D
BAC8hN4wDQYJKoZIhvcNAQELBQADggEBABtBKjBBloUI+KV9aZX2cgae5rQI/5Jv
3uBCWQP0wwRSnBRIyRH3vTpfJBwK1zlMdmK6Zf4glTqkPmO8bTISH6pziR9sNxAW
vTY4Rc2C0iDureLGSQ8dbT7Kx8o+WJQftFygLyxKvNfqju9wcmhqbEdQQ+8gKChU
mlWAhvlQ4R7naDpYJIZImdpSPzZCahCMmbFYQUCcokA+XU5m1/QGtuZKMXz4kJaU
z50aVYVOkd2N07UDMr6O6C51+ZasqQtX4FYccGJCN/5JwxOa8M0pqZqWgty0jPfQ
wv9BGlAIp+qTjhXME+z4/NZyzakNephk3Jpq6wv3Y7y39vt4+hHr8Ms=
-----END CERTIFICATE-----