Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/VMw3kqwYfQN4oSi-DRARjMQn7ps.roa
File:                     VMw3kqwYfQN4oSi-DRARjMQn7ps.roa (raw, json)
Hash identifier:          mVuoVTIk9aSGegNQzJXvHOfw+zw1bYFPft1RH3s7Nqs=
Subject key identifier:   54:CC:37:92:AC:18:7D:03:78:A1:28:BE:0D:10:11:8C:C4:27:EE:9B
Certificate issuer:       /CN=b404cc0e038eb0e697ec6e7ae49d0286146e0c1a
Certificate serial:       0199EBA0F766E8C2FEBC642CCFA3D2494607
Authority key identifier: B4:04:CC:0E:03:8E:B0:E6:97:EC:6E:7A:E4:9D:02:86:14:6E:0C:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/VMw3kqwYfQN4oSi-DRARjMQn7ps.roa
Signing time:             Thu 16 Oct 2025 06:06:58 +0000
ROA not before:           Thu 16 Oct 2025 06:06:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206888
IP address blocks:        74.122.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:eb:a0:f7:66:e8:c2:fe:bc:64:2c:cf:a3:d2:49:46:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b404cc0e038eb0e697ec6e7ae49d0286146e0c1a
        Validity
            Not Before: Oct 16 06:06:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54cc3792ac187d0378a128be0d10118cc427ee9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:bf:63:60:1d:e7:fe:d2:9d:85:3a:59:2d:c5:
                    23:04:cb:78:6b:65:ab:36:62:55:63:de:05:f2:6d:
                    37:52:67:8a:38:f5:e9:81:89:df:5a:96:31:3e:1b:
                    c9:22:17:bf:24:87:9d:7a:e4:b1:7c:32:ba:6b:fb:
                    7b:ed:af:47:79:fc:8f:44:61:d0:ad:0a:2d:f3:c5:
                    c2:55:f2:08:7c:45:22:8b:84:b8:b3:0e:fc:98:97:
                    9b:e8:bc:3c:75:a3:4e:55:5f:6c:ea:2a:be:68:5f:
                    31:98:11:95:c2:9d:97:51:cc:e5:2a:b4:5f:6b:99:
                    86:e2:27:92:c3:83:2b:6d:5b:59:06:aa:a6:aa:90:
                    7d:23:dc:86:ff:71:26:de:e8:9f:79:a4:a4:2d:ff:
                    94:d2:6f:49:a6:a2:49:b1:be:56:64:f0:8b:03:09:
                    7a:dd:05:14:08:06:a4:2f:99:6b:76:f5:38:8a:95:
                    c4:f1:a6:8c:4b:75:28:29:56:31:2a:df:81:3e:14:
                    f6:c7:9f:f8:df:65:3c:be:cd:ed:d4:e0:e2:f9:4e:
                    b4:4d:ec:60:21:7a:dc:ec:8f:8d:6c:d9:a0:e3:e6:
                    be:77:db:d9:a6:b2:6c:93:f1:a9:e8:57:22:f1:27:
                    db:ea:c5:57:8d:99:51:b6:a5:4f:43:6b:b8:0b:c9:
                    1b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:CC:37:92:AC:18:7D:03:78:A1:28:BE:0D:10:11:8C:C4:27:EE:9B
            X509v3 Authority Key Identifier:
                keyid:B4:04:CC:0E:03:8E:B0:E6:97:EC:6E:7A:E4:9D:02:86:14:6E:0C:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/VMw3kqwYfQN4oSi-DRARjMQn7ps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  74.122.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:a8:40:81:4c:d5:b8:a6:e1:7b:3c:4b:88:80:8f:c1:66:ca:
         96:fb:30:37:1c:73:90:5c:79:e5:66:7a:78:55:6d:e1:1e:57:
         7e:d8:d0:16:ff:d8:07:9d:c7:94:75:cf:8f:b0:51:82:34:42:
         4a:c2:c7:61:85:cb:7c:05:b4:30:cf:ae:18:3e:6d:78:f2:21:
         1a:e9:bf:98:ec:a8:44:15:1f:0a:48:db:e2:29:04:ae:1c:f0:
         6d:84:31:b9:c4:3f:96:9b:27:7d:06:d9:fa:01:42:fc:d9:55:
         67:ce:f8:7d:15:4d:28:90:63:b5:54:ad:12:0c:ea:5b:be:b4:
         ee:c9:a7:38:ce:8b:f9:20:ce:58:b4:47:de:cb:64:b4:b1:9c:
         45:a4:94:85:28:a1:9e:63:48:e9:dd:ab:7d:01:62:54:83:7e:
         0f:90:c8:1a:5b:25:5a:d9:74:37:a7:f8:e5:37:50:27:06:50:
         73:0a:e3:03:3b:a1:a9:5e:87:5b:d1:75:c5:de:48:35:fb:96:
         93:de:7c:d2:2b:70:22:44:c0:da:20:04:90:1e:7d:67:af:16:
         0c:7c:e9:2e:64:47:fc:a2:44:bf:e9:23:da:c8:49:74:84:3f:
         7b:08:b1:e6:c2:1b:74:0f:dc:66:35:4e:69:69:69:d8:01:c7:
         32:5d:12:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnroPdm6ML+vGQsz6PSSUYHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MDRjYzBlMDM4ZWIwZTY5N2VjNmU3YWU0OWQwMjg2MTQ2
ZTBjMWEwHhcNMjUxMDE2MDYwNjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGNjMzc5MmFjMTg3ZDAzNzhhMTI4YmUwZDEwMTE4Y2M0MjdlZTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxb9jYB3n/tKdhTpZLcUjBMt4a2Wr
NmJVY94F8m03UmeKOPXpgYnfWpYxPhvJIhe/JIedeuSxfDK6a/t77a9HefyPRGHQ
rQot88XCVfIIfEUii4S4sw78mJeb6Lw8daNOVV9s6iq+aF8xmBGVwp2XUczlKrRf
a5mG4ieSw4MrbVtZBqqmqpB9I9yG/3Em3uifeaSkLf+U0m9JpqJJsb5WZPCLAwl6
3QUUCAakL5lrdvU4ipXE8aaMS3UoKVYxKt+BPhT2x5/432U8vs3t1ODi+U60Texg
IXrc7I+NbNmg4+a+d9vZprJsk/Gp6Fci8Sfb6sVXjZlRtqVPQ2u4C8kb8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFTMN5KsGH0DeKEovg0QEYzEJ+6bMB8GA1UdIwQY
MBaAFLQEzA4DjrDml+xueuSdAoYUbgwaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEFUTURnT09zT2FYN0c1NjVKMENoaFJ1REJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9hYmUxNmItOTJjYy00OGUzLWI1Yjkt
ODZhMmYwNjdiNGU4LzEvVk13M2txd1lmUU40b1NpLURSQVJqTVFuN3BzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9hYmUxNmItOTJjYy00OGUzLWI1YjktODZhMmYwNjdiNGU4
LzEvdEFUTURnT09zT2FYN0c1NjVKMENoaFJ1REJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQASnoZMA0G
CSqGSIb3DQEBCwUAA4IBAQB4qECBTNW4puF7PEuIgI/BZsqW+zA3HHOQXHnlZnp4
VW3hHld+2NAW/9gHnceUdc+PsFGCNEJKwsdhhct8BbQwz64YPm148iEa6b+Y7KhE
FR8KSNviKQSuHPBthDG5xD+Wmyd9Btn6AUL82VVnzvh9FU0okGO1VK0SDOpbvrTu
yac4zov5IM5YtEfey2S0sZxFpJSFKKGeY0jp3at9AWJUg34PkMgaWyVa2XQ3p/jl
N1AnBlBzCuMDO6GpXodb0XXF3kg1+5aT3nzSK3AiRMDaIASQHn1nrxYMfOkuZEf8
okS/6SPayEl0hD97CLHmwht0D9xmNU5paWnYAccyXRJB
-----END CERTIFICATE-----