Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/_CppwLlq6EutxXy9VYLWRzQtpMI.roa
File:                     _CppwLlq6EutxXy9VYLWRzQtpMI.roa (raw, json)
Hash identifier:          HLVjcT4MvYXdp8jvaIO+svVJJc+g5S0hq1BnrCGWs9M=
Subject key identifier:   FC:2A:69:C0:B9:6A:E8:4B:AD:C5:7C:BD:55:82:D6:47:34:2D:A4:C2
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       0199E426495131DBA2BBD8004563E1EB38D8
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/_CppwLlq6EutxXy9VYLWRzQtpMI.roa
Signing time:             Tue 14 Oct 2025 19:15:38 +0000
ROA not before:           Tue 14 Oct 2025 19:15:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        213.137.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e4:26:49:51:31:db:a2:bb:d8:00:45:63:e1:eb:38:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: Oct 14 19:15:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc2a69c0b96ae84badc57cbd5582d647342da4c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:32:4a:ca:c0:9f:17:ba:2a:66:e5:fa:bb:dd:
                    14:c7:a4:88:fc:bd:5f:0e:84:10:53:81:66:32:cb:
                    23:be:3d:4d:1d:51:f7:42:e5:93:85:39:c8:b3:34:
                    de:a5:b3:41:38:be:ef:a1:cc:2f:bb:a9:aa:5a:a3:
                    ff:61:2b:57:5f:00:0b:1c:bb:59:02:ba:f1:55:d6:
                    7e:c1:b5:9a:fe:43:b6:6a:83:a6:8c:bb:a1:56:b9:
                    50:52:50:c0:76:9d:cb:8e:d5:42:52:36:18:fb:97:
                    e4:cd:58:8a:62:99:f7:e6:90:92:2b:8c:55:24:f8:
                    c4:2b:55:f9:26:15:52:d7:1d:78:25:e7:f2:f1:3d:
                    d4:03:b1:1f:9b:c7:6c:d3:ca:4e:e2:f8:e3:64:4f:
                    93:69:94:d5:8e:76:38:41:c1:c2:83:74:9b:e5:9e:
                    12:8e:d0:6d:6a:62:7b:49:d9:04:4b:c8:19:16:12:
                    72:50:15:96:18:c0:64:3b:3f:36:ff:5d:8b:69:d6:
                    d5:1e:0d:68:1c:89:0c:71:42:d5:3c:29:1a:23:a8:
                    4e:57:3a:ac:93:47:d5:e1:37:56:0f:31:6c:8e:f1:
                    55:6c:69:03:ea:ed:de:a4:3c:51:fe:20:d5:7e:9e:
                    30:69:71:3c:f5:b8:e6:a0:5f:2c:03:ea:99:1b:2d:
                    a9:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:2A:69:C0:B9:6A:E8:4B:AD:C5:7C:BD:55:82:D6:47:34:2D:A4:C2
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/_CppwLlq6EutxXy9VYLWRzQtpMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.137.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:25:e6:28:f6:a5:12:5d:dc:93:58:81:58:c2:44:94:70:03:
         e9:55:39:c0:92:cc:bf:2b:1a:5b:96:81:2c:96:d9:f7:1b:8e:
         49:9f:ea:45:65:d6:75:db:92:48:98:6d:cd:54:a0:66:6a:c9:
         10:c1:bc:25:23:83:47:3e:dd:e5:f2:05:7b:fb:86:84:4c:32:
         51:f6:6b:ce:c5:d4:64:82:ed:23:1a:8e:9a:6c:97:74:ac:48:
         ac:21:8e:1e:74:85:31:5b:5c:fb:fa:59:f1:0a:ad:47:9a:01:
         5b:53:b6:8d:f5:bc:55:a9:d6:39:a6:16:00:14:00:8b:42:7f:
         fa:28:02:c2:d5:83:7d:87:f5:0c:5c:5b:3f:34:50:42:ea:c2:
         2c:4c:f6:49:37:85:d2:52:d7:23:4f:8c:31:b3:90:01:3a:4d:
         94:76:7d:77:fb:13:9c:7c:14:c1:26:5c:f4:49:27:17:12:35:
         a4:21:0a:63:cb:00:e9:fe:e4:6d:a0:1d:89:42:c3:36:2a:28:
         95:77:c0:64:af:1c:71:86:1b:c8:0f:37:3c:1f:ea:79:8b:b7:
         69:68:8a:90:8f:ee:76:9b:39:ab:31:bd:f3:d4:10:8f:21:71:
         7a:39:7b:a0:cd:7b:1c:e7:27:7b:b2:5f:3f:41:47:25:88:96:
         e2:05:ac:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnkJklRMduiu9gARWPh6zjYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjUxMDE0MTkxNTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzJhNjljMGI5NmFlODRiYWRjNTdjYmQ1NTgyZDY0NzM0MmRhNGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDJKysCfF7oqZuX6u90Ux6SI/L1f
DoQQU4FmMssjvj1NHVH3QuWThTnIszTepbNBOL7vocwvu6mqWqP/YStXXwALHLtZ
ArrxVdZ+wbWa/kO2aoOmjLuhVrlQUlDAdp3LjtVCUjYY+5fkzViKYpn35pCSK4xV
JPjEK1X5JhVS1x14Jefy8T3UA7Efm8ds08pO4vjjZE+TaZTVjnY4QcHCg3Sb5Z4S
jtBtamJ7SdkES8gZFhJyUBWWGMBkOz82/12LadbVHg1oHIkMcULVPCkaI6hOVzqs
k0fV4TdWDzFsjvFVbGkD6u3epDxR/iDVfp4waXE89bjmoF8sA+qZGy2p8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwqacC5auhLrcV8vVWC1kc0LaTCMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvX0NwcHdMbHE2RXV0eFh5OVZZTFdSelF0cE1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YleMA0G
CSqGSIb3DQEBCwUAA4IBAQABJeYo9qUSXdyTWIFYwkSUcAPpVTnAksy/KxpbloEs
ltn3G45Jn+pFZdZ125JImG3NVKBmaskQwbwlI4NHPt3l8gV7+4aETDJR9mvOxdRk
gu0jGo6abJd0rEisIY4edIUxW1z7+lnxCq1HmgFbU7aN9bxVqdY5phYAFACLQn/6
KALC1YN9h/UMXFs/NFBC6sIsTPZJN4XSUtcjT4wxs5ABOk2Udn13+xOcfBTBJlz0
SScXEjWkIQpjywDp/uRtoB2JQsM2KiiVd8BkrxxxhhvIDzc8H+p5i7dpaIqQj+52
mzmrMb3z1BCPIXF6OXugzXsc5yd7sl8/QUcliJbiBaxI
-----END CERTIFICATE-----