Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/29bf61-fdc8-49e6-84d9-0385349ff1e8/1/KcL9v8r1ilJRcQB0ccfbEYTCJtg.roa
File:                     KcL9v8r1ilJRcQB0ccfbEYTCJtg.roa (raw, json)
Hash identifier:          rlzaxnEOZCErQdw9cvJ2yLX/BKeb6IB9wJmrnWDfV8E=
Subject key identifier:   29:C2:FD:BF:CA:F5:8A:52:51:71:00:74:71:C7:DB:11:84:C2:26:D8
Certificate issuer:       /CN=75f5286ee38559bdd989c764f5a6474347b03b6f
Certificate serial:       0199C4637C2A21C921F462E1F458F981FC3C
Authority key identifier: 75:F5:28:6E:E3:85:59:BD:D9:89:C7:64:F5:A6:47:43:47:B0:3B:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dfUobuOFWb3Zicdk9aZHQ0ewO28.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/29bf61-fdc8-49e6-84d9-0385349ff1e8/1/KcL9v8r1ilJRcQB0ccfbEYTCJtg.roa
Signing time:             Wed 08 Oct 2025 15:14:38 +0000
ROA not before:           Wed 08 Oct 2025 15:14:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35003
IP address blocks:        194.126.158.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/29bf61-fdc8-49e6-84d9-0385349ff1e8/1/dfUobuOFWb3Zicdk9aZHQ0ewO28.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/29bf61-fdc8-49e6-84d9-0385349ff1e8/1/dfUobuOFWb3Zicdk9aZHQ0ewO28.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dfUobuOFWb3Zicdk9aZHQ0ewO28.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 12:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c4:63:7c:2a:21:c9:21:f4:62:e1:f4:58:f9:81:fc:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75f5286ee38559bdd989c764f5a6474347b03b6f
        Validity
            Not Before: Oct  8 15:14:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29c2fdbfcaf58a525171007471c7db1184c226d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:c2:58:71:72:50:ef:9a:91:88:4e:bf:f4:96:
                    f1:87:69:0e:2c:16:64:ae:16:6c:1f:69:47:7d:29:
                    df:7d:ee:ce:81:ec:e0:8e:2d:f9:d3:87:b2:32:9d:
                    d7:29:c9:b1:40:7c:78:cb:89:4f:d7:5f:6b:73:2f:
                    54:5c:6e:87:1e:75:7b:f9:53:bf:d0:d6:f7:d6:7a:
                    c8:58:cf:0e:93:92:ee:af:b5:03:5c:7f:28:33:47:
                    c3:ce:ee:11:70:e7:8d:fd:1d:68:69:a2:3b:35:4b:
                    66:3e:1a:2a:62:89:0d:09:68:af:00:3c:27:61:a9:
                    88:d7:5e:d8:67:50:a4:d5:1a:92:cf:50:a4:e9:8d:
                    92:5c:fe:b7:a1:58:e3:8b:eb:af:4f:01:e2:95:f2:
                    03:a8:34:56:fb:d2:c3:84:af:49:b0:b6:f3:e9:c5:
                    be:06:aa:f2:7d:d9:4a:2c:61:6c:50:84:27:09:e9:
                    28:cc:cb:e0:7a:e7:b8:9c:13:1b:c5:4d:3b:f8:13:
                    19:5e:6f:ea:4b:68:42:b7:37:5b:7e:e9:da:b4:7d:
                    8b:65:8f:29:70:9e:ec:32:0f:9d:a9:7d:0d:84:97:
                    52:c6:57:5c:73:54:7d:73:79:d0:04:59:2b:e7:56:
                    d0:d2:26:dd:e6:93:74:7d:7b:66:72:62:cc:0c:cc:
                    bd:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:C2:FD:BF:CA:F5:8A:52:51:71:00:74:71:C7:DB:11:84:C2:26:D8
            X509v3 Authority Key Identifier:
                keyid:75:F5:28:6E:E3:85:59:BD:D9:89:C7:64:F5:A6:47:43:47:B0:3B:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dfUobuOFWb3Zicdk9aZHQ0ewO28.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/29bf61-fdc8-49e6-84d9-0385349ff1e8/1/KcL9v8r1ilJRcQB0ccfbEYTCJtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/29bf61-fdc8-49e6-84d9-0385349ff1e8/1/dfUobuOFWb3Zicdk9aZHQ0ewO28.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:f1:1f:5d:11:46:63:00:8b:4c:c3:95:e8:a7:96:ba:9f:a0:
         3d:82:81:e0:c3:13:49:7d:f9:d6:d8:8e:92:de:99:61:4b:62:
         1c:dd:21:98:ee:70:83:3a:ef:8c:ce:cf:60:a0:9c:50:9a:48:
         0b:00:a8:29:66:5c:4f:31:45:00:7c:02:af:7b:68:9e:53:51:
         b7:05:6f:ce:04:95:06:2e:6d:ed:d1:98:43:45:e0:a8:24:73:
         cd:e1:0e:2e:c9:5f:e5:30:db:2c:2e:d1:f5:39:1a:fe:3d:f6:
         0a:29:65:b2:04:58:b8:77:dc:3f:81:e3:a3:55:dd:5d:2b:6c:
         67:e6:86:8b:49:37:08:cf:f6:ab:1b:2b:dd:48:14:b1:aa:0b:
         5d:f9:25:a9:70:98:e1:45:81:6b:9c:0c:e6:97:52:eb:1f:64:
         58:f4:e7:5b:bb:7e:e1:1d:70:85:28:56:0a:04:3c:50:d1:20:
         bf:76:f4:f9:c6:2b:03:ba:de:23:89:08:b0:77:3b:e5:a2:26:
         5a:2f:82:0c:1d:9b:f5:6d:d1:96:e3:c9:e8:9b:df:a8:f8:d7:
         7c:98:75:39:77:32:a8:69:9d:d6:14:4e:19:5d:24:d3:31:be:
         2c:65:e2:da:34:38:be:f7:bc:cd:b4:c6:73:fe:27:87:71:c1:
         c1:27:a8:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnEY3wqIckh9GLh9Fj5gfw8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ZjUyODZlZTM4NTU5YmRkOTg5Yzc2NGY1YTY0NzQzNDdi
MDNiNmYwHhcNMjUxMDA4MTUxNDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWMyZmRiZmNhZjU4YTUyNTE3MTAwNzQ3MWM3ZGIxMTg0YzIyNmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8JYcXJQ75qRiE6/9Jbxh2kOLBZk
rhZsH2lHfSnffe7Ogezgji3504eyMp3XKcmxQHx4y4lP119rcy9UXG6HHnV7+VO/
0Nb31nrIWM8Ok5Lur7UDXH8oM0fDzu4RcOeN/R1oaaI7NUtmPhoqYokNCWivADwn
YamI117YZ1Ck1RqSz1Ck6Y2SXP63oVjji+uvTwHilfIDqDRW+9LDhK9JsLbz6cW+
BqryfdlKLGFsUIQnCekozMvgeue4nBMbxU07+BMZXm/qS2hCtzdbfunatH2LZY8p
cJ7sMg+dqX0NhJdSxldcc1R9c3nQBFkr51bQ0ibd5pN0fXtmcmLMDMy9qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCnC/b/K9YpSUXEAdHHH2xGEwibYMB8GA1UdIwQY
MBaAFHX1KG7jhVm92YnHZPWmR0NHsDtvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGZVb2J1T0ZXYjNaaWNkazlhWkhRMGV3TzI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC8yOWJmNjEtZmRjOC00OWU2LTg0ZDkt
MDM4NTM0OWZmMWU4LzEvS2NMOXY4cjFpbEpSY1FCMGNjZmJFWVRDSnRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC8yOWJmNjEtZmRjOC00OWU2LTg0ZDktMDM4NTM0OWZmMWU4
LzEvZGZVb2J1T0ZXYjNaaWNkazlhWkhRMGV3TzI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwn6eMA0G
CSqGSIb3DQEBCwUAA4IBAQA08R9dEUZjAItMw5Xop5a6n6A9goHgwxNJffnW2I6S
3plhS2Ic3SGY7nCDOu+Mzs9goJxQmkgLAKgpZlxPMUUAfAKve2ieU1G3BW/OBJUG
Lm3t0ZhDReCoJHPN4Q4uyV/lMNssLtH1ORr+PfYKKWWyBFi4d9w/geOjVd1dK2xn
5oaLSTcIz/arGyvdSBSxqgtd+SWpcJjhRYFrnAzml1LrH2RY9Odbu37hHXCFKFYK
BDxQ0SC/dvT5xisDut4jiQiwdzvloiZaL4IMHZv1bdGW48nom9+o+Nd8mHU5dzKo
aZ3WFE4ZXSTTMb4sZeLaNDi+97zNtMZz/ieHccHBJ6hF
-----END CERTIFICATE-----