Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/qUWmCZxdUSRnDPjCNtjG9yIEy8E.roa
File:                     qUWmCZxdUSRnDPjCNtjG9yIEy8E.roa (raw, json)
Hash identifier:          3dcjO2CrIBxJnQGMnpiQH+cyqL5Tjf5calEMq7eXGOc=
Subject key identifier:   A9:45:A6:09:9C:5D:51:24:67:0C:F8:C2:36:D8:C6:F7:22:04:CB:C1
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       0199C396688AD812A9BD3B5E66EE94FB07CF
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/qUWmCZxdUSRnDPjCNtjG9yIEy8E.roa
Signing time:             Wed 08 Oct 2025 11:30:38 +0000
ROA not before:           Wed 08 Oct 2025 11:30:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213657
IP address blocks:        31.210.43.0/24 maxlen: 24
                          188.132.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c3:96:68:8a:d8:12:a9:bd:3b:5e:66:ee:94:fb:07:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Oct  8 11:30:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a945a6099c5d5124670cf8c236d8c6f72204cbc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:de:a0:a4:72:0f:9f:99:3d:1c:e9:b7:e9:ac:
                    4d:87:e8:d6:f6:be:e4:31:ea:de:5f:4f:f6:27:92:
                    39:3c:b2:c4:c6:15:45:2e:f5:bb:b7:a0:a3:75:74:
                    5e:31:2b:d1:d0:be:7a:be:0a:c3:42:39:f1:0e:3a:
                    a3:f8:39:c8:b0:2e:a7:5a:82:45:30:57:a5:3e:24:
                    65:72:5d:32:28:86:92:f4:89:1a:86:ff:ed:4b:e1:
                    66:cc:ec:28:e2:66:dc:97:17:cf:f0:27:35:93:87:
                    67:6b:48:e4:45:e3:73:ca:ae:17:e7:d7:3e:c3:6d:
                    ef:b0:b3:77:7a:81:cd:09:1b:7b:76:e8:24:5b:9f:
                    5a:f6:29:4b:f1:ec:96:26:97:e0:fd:d2:1d:5b:31:
                    cd:39:64:13:f8:93:72:90:00:21:58:1f:81:6a:70:
                    b9:d8:d3:b3:e0:9c:38:c0:ce:c5:29:d3:19:a9:05:
                    04:da:ba:20:6d:27:c1:cd:a7:4e:50:96:fb:74:79:
                    1e:c9:19:fd:b0:2e:66:9e:2e:36:9a:11:89:6f:8d:
                    f6:ec:c3:9c:fc:bb:06:d8:a0:0c:4a:7e:70:86:43:
                    db:36:85:76:7e:09:24:56:e3:71:35:3f:05:fd:95:
                    65:57:d8:8e:70:9b:21:2e:e0:fa:bf:2d:5c:28:88:
                    83:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:45:A6:09:9C:5D:51:24:67:0C:F8:C2:36:D8:C6:F7:22:04:CB:C1
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/qUWmCZxdUSRnDPjCNtjG9yIEy8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.43.0/24
                  188.132.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:16:b6:82:43:8e:33:c5:28:6a:32:96:60:ef:93:f7:f8:4c:
         56:af:1d:92:8b:19:4a:da:63:37:36:de:b2:7d:e4:40:ea:1d:
         8a:cc:5b:a0:20:6f:8c:f0:60:4c:04:6a:ec:43:3c:ab:ad:c2:
         7c:1f:dd:93:50:65:84:b7:59:ba:d1:47:db:b8:d7:52:63:c0:
         34:6e:e7:ac:5b:53:bc:20:8a:6b:9f:95:22:62:8f:b8:bd:32:
         de:2d:6c:0b:6b:37:c6:69:f2:5a:d7:64:07:03:75:27:38:90:
         41:43:80:bc:98:6f:5c:f6:90:0e:ac:16:7e:11:ee:d4:6b:80:
         6c:06:c6:0a:d5:0b:8f:b5:77:7e:7f:6f:95:58:e5:49:0b:49:
         aa:43:79:b6:2c:a1:8b:e9:ea:47:d6:2b:8a:ac:a8:71:91:85:
         92:fd:9c:aa:5a:f9:81:f1:bf:dd:dd:bd:45:c6:b7:0a:87:ff:
         52:17:47:8e:c9:e5:9b:b7:dc:49:21:92:74:f7:7c:97:75:79:
         7b:eb:bb:f8:65:f8:92:9a:29:ac:7d:80:da:46:a9:ac:b5:d5:
         e5:6d:09:8b:c4:b5:fd:a9:d6:29:c9:80:0c:81:23:5a:42:7a:
         83:97:6e:39:7e:ad:61:fe:4e:ba:1e:79:d4:08:b9:9d:70:de:
         a2:2d:28:74
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnDlmiK2BKpvTteZu6U+wfPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUxMDA4MTEzMDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTQ1YTYwOTljNWQ1MTI0NjcwY2Y4YzIzNmQ4YzZmNzIyMDRjYmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx96gpHIPn5k9HOm36axNh+jW9r7k
MereX0/2J5I5PLLExhVFLvW7t6CjdXReMSvR0L56vgrDQjnxDjqj+DnIsC6nWoJF
MFelPiRlcl0yKIaS9Ikahv/tS+FmzOwo4mbclxfP8Cc1k4dna0jkReNzyq4X59c+
w23vsLN3eoHNCRt7dugkW59a9ilL8eyWJpfg/dIdWzHNOWQT+JNykAAhWB+BanC5
2NOz4Jw4wM7FKdMZqQUE2rogbSfBzadOUJb7dHkeyRn9sC5mni42mhGJb4327MOc
/LsG2KAMSn5whkPbNoV2fgkkVuNxNT8F/ZVlV9iOcJshLuD6vy1cKIiDHwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKlFpgmcXVEkZwz4wjbYxvciBMvBMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvcVVXbUNaeGRVU1JuRFBqQ050akc5eUlFeThFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH9IrAwQA
vITtMA0GCSqGSIb3DQEBCwUAA4IBAQAnFraCQ44zxShqMpZg75P3+ExWrx2SixlK
2mM3Nt6yfeRA6h2KzFugIG+M8GBMBGrsQzyrrcJ8H92TUGWEt1m60UfbuNdSY8A0
buesW1O8IIprn5UiYo+4vTLeLWwLazfGafJa12QHA3UnOJBBQ4C8mG9c9pAOrBZ+
Ee7Ua4BsBsYK1QuPtXd+f2+VWOVJC0mqQ3m2LKGL6epH1iuKrKhxkYWS/ZyqWvmB
8b/d3b1FxrcKh/9SF0eOyeWbt9xJIZJ093yXdXl767v4ZfiSmimsfYDaRqmstdXl
bQmLxLX9qdYpyYAMgSNaQnqDl245fq1h/k66HnnUCLmdcN6iLSh0
-----END CERTIFICATE-----