Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/CTpVhPCoPHqKWTpKCjGFjdYTHxU.roa
File:                     CTpVhPCoPHqKWTpKCjGFjdYTHxU.roa (raw, json)
Hash identifier:          Puy8MVTTNRlJVwOE7fGN2ckttFN6H6KOwMhA0Wrei7I=
Subject key identifier:   09:3A:55:84:F0:A8:3C:7A:8A:59:3A:4A:0A:31:85:8D:D6:13:1F:15
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       0199259AC52E3311E39A12BAAB6CE8F33974
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/CTpVhPCoPHqKWTpKCjGFjdYTHxU.roa
Signing time:             Sun 07 Sep 2025 19:15:24 +0000
ROA not before:           Sun 07 Sep 2025 19:15:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216246
IP address blocks:        185.96.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:25:9a:c5:2e:33:11:e3:9a:12:ba:ab:6c:e8:f3:39:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Sep  7 19:15:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=093a5584f0a83c7a8a593a4a0a31858dd6131f15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:39:a7:31:45:88:52:5e:ba:b9:ca:a5:8b:fd:
                    30:f1:9f:8a:f1:2e:7e:1e:da:a7:a2:da:e5:2e:b0:
                    c1:f5:ae:8c:f6:7e:a3:d0:27:6b:a6:3f:78:a0:8c:
                    59:ed:3e:33:0e:32:02:b2:52:f1:63:2a:07:fa:40:
                    55:72:03:24:4a:40:c4:59:e7:b1:78:52:95:ed:fe:
                    83:f3:73:be:32:f6:17:f1:f2:2c:fb:6d:80:b5:6d:
                    73:5a:b2:ee:a6:eb:38:9e:ff:49:57:26:87:70:23:
                    d6:92:7c:97:a6:fc:fa:1f:17:b4:32:14:65:75:fe:
                    b7:a6:14:fc:2d:1b:55:81:68:e8:d2:e7:70:5b:cf:
                    b7:05:dc:18:a1:5b:e6:4b:5c:a5:0f:02:2b:a4:1b:
                    b3:92:f3:5e:24:ef:5a:3e:60:98:1d:41:3d:33:0b:
                    bc:c7:db:3f:e4:3d:f4:d6:5d:e2:86:2f:28:75:08:
                    b0:d0:97:9b:cd:bf:bc:22:92:9e:1f:a6:a5:da:fb:
                    23:6a:38:4b:83:b0:a3:1f:4a:45:8f:0d:e1:50:0d:
                    c5:ba:a6:c9:09:a4:22:ba:ed:e4:e0:e5:c0:d0:29:
                    f9:76:53:ab:4e:d3:5d:ea:0c:dd:5d:a7:bd:95:28:
                    eb:1e:97:c4:35:81:34:26:8b:dc:5d:c9:8a:dd:9d:
                    6f:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:3A:55:84:F0:A8:3C:7A:8A:59:3A:4A:0A:31:85:8D:D6:13:1F:15
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/CTpVhPCoPHqKWTpKCjGFjdYTHxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.96.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:12:ce:0b:09:b8:e9:aa:a1:60:cc:5b:32:92:5c:be:38:22:
         dc:1e:a6:56:0e:2e:01:c3:9f:0b:d7:96:c1:2c:1f:7d:8f:27:
         5f:04:98:71:03:60:e3:80:9a:83:04:4c:e9:69:47:b3:4c:b6:
         5d:66:84:a4:6b:02:1a:2b:17:84:35:f9:ad:56:8c:d8:b4:ad:
         a3:f3:cf:d6:e3:7d:7b:44:27:69:dd:f4:34:75:ac:03:da:9d:
         88:91:98:f5:61:5a:e9:e2:8d:2b:e2:bf:d8:7d:51:6f:b0:1f:
         b0:bd:63:10:6f:2e:6c:d9:5a:70:ff:65:a7:3a:97:b9:dc:3f:
         38:1c:68:69:1c:b6:00:df:b5:b5:37:97:24:ef:71:c0:e1:4e:
         64:37:32:9c:12:49:78:a0:5c:69:ba:e7:d6:25:3c:e0:0a:cc:
         1b:4a:01:11:6e:81:9f:3a:6e:df:9a:e2:d1:5a:86:1b:59:ce:
         ad:8a:25:84:36:b7:f8:2d:75:ea:67:37:b1:00:17:51:57:15:
         c1:38:48:79:fd:23:98:42:ee:0c:48:7c:d1:6a:d6:70:6f:1a:
         02:02:0c:63:91:59:3d:b9:88:48:3f:6e:83:51:2c:c9:9e:7b:
         90:b7:b0:87:9e:3c:95:91:24:fa:7b:a9:b2:4f:13:6a:1c:5a:
         21:a8:d8:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZklmsUuMxHjmhK6q2zo8zl0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjUwOTA3MTkxNTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTNhNTU4NGYwYTgzYzdhOGE1OTNhNGEwYTMxODU4ZGQ2MTMxZjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zmnMUWIUl66ucqli/0w8Z+K8S5+
HtqnotrlLrDB9a6M9n6j0Cdrpj94oIxZ7T4zDjICslLxYyoH+kBVcgMkSkDEWeex
eFKV7f6D83O+MvYX8fIs+22AtW1zWrLupus4nv9JVyaHcCPWknyXpvz6Hxe0MhRl
df63phT8LRtVgWjo0udwW8+3BdwYoVvmS1ylDwIrpBuzkvNeJO9aPmCYHUE9Mwu8
x9s/5D301l3ihi8odQiw0Jebzb+8IpKeH6al2vsjajhLg7CjH0pFjw3hUA3FuqbJ
CaQiuu3k4OXA0Cn5dlOrTtNd6gzdXae9lSjrHpfENYE0JovcXcmK3Z1vfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAk6VYTwqDx6ilk6SgoxhY3WEx8VMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvQ1RwVmhQQ29QSHFLV1RwS0NqR0ZqZFlUSHhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWBQMA0G
CSqGSIb3DQEBCwUAA4IBAQApEs4LCbjpqqFgzFsykly+OCLcHqZWDi4Bw58L15bB
LB99jydfBJhxA2DjgJqDBEzpaUezTLZdZoSkawIaKxeENfmtVozYtK2j88/W4317
RCdp3fQ0dawD2p2IkZj1YVrp4o0r4r/YfVFvsB+wvWMQby5s2Vpw/2WnOpe53D84
HGhpHLYA37W1N5ck73HA4U5kNzKcEkl4oFxpuufWJTzgCswbSgERboGfOm7fmuLR
WoYbWc6tiiWENrf4LXXqZzexABdRVxXBOEh5/SOYQu4MSHzRatZwbxoCAgxjkVk9
uYhIP26DUSzJnnuQt7CHnjyVkST6e6myTxNqHFohqNiT
-----END CERTIFICATE-----