Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/2aZUesyn49QKctastVKzOPCfQ4w.roa
File:                     2aZUesyn49QKctastVKzOPCfQ4w.roa (raw, json)
Hash identifier:          HfxVkx+IdJ9mebTCZylb1qWvTCSUSDeW5EtiRH5D4Q8=
Subject key identifier:   D9:A6:54:7A:CC:A7:E3:D4:0A:72:D6:AC:B5:52:B3:38:F0:9F:43:8C
Certificate issuer:       /CN=583d76051017d0afa915fcfb790a00f4667b0a88
Certificate serial:       019A016D1B6C89CEEA7B42EA650BE97EDD34
Authority key identifier: 58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/2aZUesyn49QKctastVKzOPCfQ4w.roa
Signing time:             Mon 20 Oct 2025 11:41:58 +0000
ROA not before:           Mon 20 Oct 2025 11:41:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34837
IP address blocks:        193.104.212.0/24 maxlen: 24
                          194.225.130.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:01:6d:1b:6c:89:ce:ea:7b:42:ea:65:0b:e9:7e:dd:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=583d76051017d0afa915fcfb790a00f4667b0a88
        Validity
            Not Before: Oct 20 11:41:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9a6547acca7e3d40a72d6acb552b338f09f438c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5f:f0:79:0e:2b:23:d8:ba:ce:77:5b:83:04:
                    65:51:ec:ce:05:39:2d:c8:1c:eb:d9:a9:c8:2b:b4:
                    f5:65:fd:91:86:71:ab:58:5f:f6:b0:d2:c4:a5:d1:
                    53:05:ba:04:27:67:44:57:c3:6e:0f:9a:71:78:f9:
                    9c:b3:d4:b1:53:d6:d7:cb:20:06:9d:88:56:84:67:
                    bd:a9:f5:d2:3a:9f:1c:5e:57:f5:ab:2b:3d:fa:53:
                    28:c9:56:d4:74:97:45:a1:73:05:c2:a6:e7:36:a2:
                    07:72:7d:84:3e:9b:29:e0:21:20:ae:75:fc:cc:15:
                    94:01:eb:73:d5:4c:e1:ab:4c:2d:40:e9:09:49:48:
                    93:0e:b2:6c:16:08:fa:25:fa:f5:0d:4d:8b:08:f5:
                    b0:f7:e7:e0:74:a4:97:e7:10:30:3b:5d:ef:26:e6:
                    2f:ef:3f:21:09:a4:a5:ec:0a:6b:e3:9f:98:49:35:
                    46:a4:0b:18:20:49:30:82:ea:b4:c5:30:0c:34:d0:
                    a0:e8:4e:8b:01:cb:11:16:66:f3:3c:7e:b0:66:44:
                    ee:cc:7b:e6:dc:a5:5d:3f:b2:ed:3e:bb:84:60:93:
                    9e:6b:5a:36:50:b4:10:60:39:2c:9e:8c:e3:44:c5:
                    43:48:03:2f:14:f4:90:2c:5c:f6:36:84:32:10:72:
                    46:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:A6:54:7A:CC:A7:E3:D4:0A:72:D6:AC:B5:52:B3:38:F0:9F:43:8C
            X509v3 Authority Key Identifier:
                keyid:58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/2aZUesyn49QKctastVKzOPCfQ4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.212.0/24
                  194.225.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         30:d2:80:84:b1:3d:f3:40:f1:72:16:37:d4:01:bd:97:7f:06:
         32:0c:86:4a:00:a9:54:56:20:7e:50:6f:e4:a6:a2:54:f9:c4:
         bc:3e:8c:02:a1:08:ea:48:ce:72:9b:51:00:b9:97:67:02:d3:
         e9:db:26:63:4c:b2:f4:b8:db:9b:47:83:e2:50:d3:52:4f:be:
         76:fd:80:0b:23:16:f3:df:28:53:69:83:73:95:71:e2:34:70:
         08:e5:99:01:f9:16:88:d7:2a:2d:80:ef:14:12:9c:c1:42:28:
         3e:22:cc:67:52:14:70:d3:40:96:d4:86:34:96:31:30:98:2d:
         06:44:df:14:b0:a4:32:6f:12:a1:c6:f2:e4:e1:0b:66:e0:fb:
         2f:9f:a3:c3:d2:7d:8f:83:e8:8f:f7:ff:ac:3f:08:22:12:a6:
         1f:a7:98:a6:bc:2e:c5:90:9b:62:13:42:37:3f:bd:e7:51:14:
         8d:bb:63:e4:70:01:d0:85:48:4d:47:8d:26:5b:1c:06:5b:57:
         4b:72:bf:c7:37:08:3e:75:62:3b:63:c2:91:24:e7:74:5a:9d:
         a9:d7:4a:d7:2e:4a:27:90:35:5b:55:8e:fa:98:32:39:ae:c9:
         bc:d4:69:7f:d5:74:33:20:ad:0b:6e:69:ee:0c:b7:3a:0e:fc:
         3b:98:b1:c4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoBbRtsic7qe0LqZQvpft00MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4M2Q3NjA1MTAxN2QwYWZhOTE1ZmNmYjc5MGEwMGY0NjY3
YjBhODgwHhcNMjUxMDIwMTE0MTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWE2NTQ3YWNjYTdlM2Q0MGE3MmQ2YWNiNTUyYjMzOGYwOWY0MzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1/weQ4rI9i6zndbgwRlUezOBTkt
yBzr2anIK7T1Zf2RhnGrWF/2sNLEpdFTBboEJ2dEV8NuD5pxePmcs9SxU9bXyyAG
nYhWhGe9qfXSOp8cXlf1qys9+lMoyVbUdJdFoXMFwqbnNqIHcn2EPpsp4CEgrnX8
zBWUAetz1Uzhq0wtQOkJSUiTDrJsFgj6Jfr1DU2LCPWw9+fgdKSX5xAwO13vJuYv
7z8hCaSl7Apr45+YSTVGpAsYIEkwguq0xTAMNNCg6E6LAcsRFmbzPH6wZkTuzHvm
3KVdP7LtPruEYJOea1o2ULQQYDksnozjRMVDSAMvFPSQLFz2NoQyEHJGUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNmmVHrMp+PUCnLWrLVSszjwn0OMMB8GA1UdIwQY
MBaAFFg9dgUQF9CvqRX8+3kKAPRmewqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGIt
ZGE2MTUzODg1ZjNiLzEvMmFaVWVzeW40OVFLY3Rhc3RWS3pPUENmUTR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGItZGE2MTUzODg1ZjNi
LzEvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwWjUAwQB
wuGCMA0GCSqGSIb3DQEBCwUAA4IBAQAw0oCEsT3zQPFyFjfUAb2XfwYyDIZKAKlU
ViB+UG/kpqJU+cS8PowCoQjqSM5ym1EAuZdnAtPp2yZjTLL0uNubR4PiUNNST752
/YALIxbz3yhTaYNzlXHiNHAI5ZkB+RaI1yotgO8UEpzBQig+IsxnUhRw00CW1IY0
ljEwmC0GRN8UsKQybxKhxvLk4Qtm4Psvn6PD0n2Pg+iP9/+sPwgiEqYfp5imvC7F
kJtiE0I3P73nURSNu2PkcAHQhUhNR40mWxwGW1dLcr/HNwg+dWI7Y8KRJOd0Wp2p
10rXLkonkDVbVY76mDI5rsm81Gl/1XQzIK0LbmnuDLc6Dvw7mLHE
-----END CERTIFICATE-----