Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/pCwDdjVqKehtW8BEUKXN0O7wEnk.roa
File:                     pCwDdjVqKehtW8BEUKXN0O7wEnk.roa (raw, json)
Hash identifier:          9s0GASAbpwgJKOxbp75/GwEb4yuJGmhv0RUIKaWppDk=
Subject key identifier:   A4:2C:03:76:35:6A:29:E8:6D:5B:C0:44:50:A5:CD:D0:EE:F0:12:79
Certificate issuer:       /CN=2378a4a9c52325a85920809ba1a4d89e21c02f17
Certificate serial:       01990AA78BA791E274AE7D7D94EE404D3CFA
Authority key identifier: 23:78:A4:A9:C5:23:25:A8:59:20:80:9B:A1:A4:D8:9E:21:C0:2F:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I3ikqcUjJahZIICboaTYniHALxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/pCwDdjVqKehtW8BEUKXN0O7wEnk.roa
Signing time:             Tue 02 Sep 2025 13:39:36 +0000
ROA not before:           Tue 02 Sep 2025 13:39:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42714
IP address blocks:        195.230.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/I3ikqcUjJahZIICboaTYniHALxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/I3ikqcUjJahZIICboaTYniHALxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I3ikqcUjJahZIICboaTYniHALxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0a:a7:8b:a7:91:e2:74:ae:7d:7d:94:ee:40:4d:3c:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2378a4a9c52325a85920809ba1a4d89e21c02f17
        Validity
            Not Before: Sep  2 13:39:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a42c0376356a29e86d5bc04450a5cdd0eef01279
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:6c:fb:47:af:61:fe:3f:5f:b0:91:76:07:50:
                    de:fc:7b:70:67:d8:d8:11:06:c6:f1:f9:96:e7:dd:
                    a5:9a:51:02:9d:5b:00:94:da:a1:5f:3c:ec:c9:b4:
                    82:13:15:e7:85:3a:ae:02:55:35:d2:38:1b:69:ee:
                    a5:b7:cd:7a:24:0d:25:72:e9:a1:3a:68:7c:aa:60:
                    87:38:25:66:6a:d4:b7:eb:e0:19:0a:8b:e1:fe:b0:
                    43:ac:b6:31:f8:fc:40:58:62:05:e9:07:df:dc:26:
                    01:54:0c:0f:b3:09:32:22:40:b5:a0:41:1f:72:07:
                    d6:9e:d7:5a:33:87:10:e9:bd:92:9d:37:54:39:ed:
                    b2:d8:76:c2:34:99:2e:1f:36:26:80:99:6b:0d:84:
                    a2:6f:46:73:ef:41:da:0d:fc:66:01:0a:cc:4c:64:
                    f2:69:bb:54:7a:e3:8c:48:e9:df:a9:5e:64:ff:35:
                    cc:04:5c:99:a5:10:f9:53:eb:cd:20:0c:56:ea:c6:
                    bf:f2:36:d7:51:17:81:15:1d:19:8e:21:d9:fe:d3:
                    2d:bc:2c:62:5d:a7:c9:00:fb:e5:54:a7:f7:3a:09:
                    e5:d7:b8:4b:d2:bc:44:71:80:18:d4:95:b5:e3:f8:
                    22:14:0a:1b:ea:f9:61:06:58:40:f4:6d:8a:7d:bf:
                    56:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:2C:03:76:35:6A:29:E8:6D:5B:C0:44:50:A5:CD:D0:EE:F0:12:79
            X509v3 Authority Key Identifier:
                keyid:23:78:A4:A9:C5:23:25:A8:59:20:80:9B:A1:A4:D8:9E:21:C0:2F:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I3ikqcUjJahZIICboaTYniHALxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/pCwDdjVqKehtW8BEUKXN0O7wEnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/I3ikqcUjJahZIICboaTYniHALxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.230.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:de:e2:41:7c:fc:1a:af:2d:c9:e0:c1:cc:32:cf:27:bf:a5:
         a5:43:b0:b7:31:2f:ec:14:69:1d:e4:5d:62:e3:49:71:87:97:
         61:0f:24:e6:3e:6d:7c:d5:04:93:1e:00:f7:a8:6c:69:b4:ef:
         b4:0e:cd:f1:0d:95:ac:8a:24:d7:ce:df:d2:82:3c:02:dd:0c:
         72:7a:8a:ab:a8:4b:74:a7:63:1b:bd:8a:38:45:ae:cf:81:74:
         6a:9a:89:ee:91:d0:cd:76:4d:bd:1a:06:67:4c:8d:22:58:8b:
         e9:38:58:f7:29:c3:18:36:e3:78:ab:f1:a8:27:b2:eb:ed:fc:
         b6:d0:b2:44:cd:bc:ba:6a:e2:0b:37:b0:3e:8a:7b:fe:e2:88:
         85:df:1b:e7:f1:32:9f:d2:62:c0:1e:84:e6:b5:b2:20:07:70:
         11:ea:e8:52:c8:e5:58:e6:fc:c5:cd:67:4f:79:f2:5c:43:b6:
         7c:9b:fa:84:bf:41:23:1e:54:70:22:df:ba:9c:ad:3a:36:bc:
         94:21:60:ec:52:a8:ae:06:32:97:37:12:d9:50:e5:eb:16:4c:
         cc:ed:82:8a:1d:ee:7b:8a:34:1b:65:df:70:43:27:b4:7a:c2:
         dd:21:0f:b4:35:ae:ab:f8:dc:fa:a0:04:bd:c1:a9:61:66:05:
         57:7a:de:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkKp4unkeJ0rn19lO5ATTz6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNzhhNGE5YzUyMzI1YTg1OTIwODA5YmExYTRkODllMjFj
MDJmMTcwHhcNMjUwOTAyMTMzOTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDJjMDM3NjM1NmEyOWU4NmQ1YmMwNDQ1MGE1Y2RkMGVlZjAxMjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGz7R69h/j9fsJF2B1De/HtwZ9jY
EQbG8fmW592lmlECnVsAlNqhXzzsybSCExXnhTquAlU10jgbae6lt816JA0lcumh
Omh8qmCHOCVmatS36+AZCovh/rBDrLYx+PxAWGIF6Qff3CYBVAwPswkyIkC1oEEf
cgfWntdaM4cQ6b2SnTdUOe2y2HbCNJkuHzYmgJlrDYSib0Zz70HaDfxmAQrMTGTy
abtUeuOMSOnfqV5k/zXMBFyZpRD5U+vNIAxW6sa/8jbXUReBFR0ZjiHZ/tMtvCxi
XafJAPvlVKf3Ognl17hL0rxEcYAY1JW14/giFAob6vlhBlhA9G2Kfb9WdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKQsA3Y1ainobVvARFClzdDu8BJ5MB8GA1UdIwQY
MBaAFCN4pKnFIyWoWSCAm6Gk2J4hwC8XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTNpa3FjVWpKYWhaSUlDYm9hVFluaUhBTHhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9kNjU0YmUtMTc0ZS00MWY3LTljZmIt
OTM3ZTI3ZWUxYjViLzEvcEN3RGRqVnFLZWh0VzhCRVVLWE4wTzd3RW5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9kNjU0YmUtMTc0ZS00MWY3LTljZmItOTM3ZTI3ZWUxYjVi
LzEvSTNpa3FjVWpKYWhaSUlDYm9hVFluaUhBTHhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+aBMA0G
CSqGSIb3DQEBCwUAA4IBAQBZ3uJBfPwary3J4MHMMs8nv6WlQ7C3MS/sFGkd5F1i
40lxh5dhDyTmPm181QSTHgD3qGxptO+0Ds3xDZWsiiTXzt/SgjwC3QxyeoqrqEt0
p2MbvYo4Ra7PgXRqmonukdDNdk29GgZnTI0iWIvpOFj3KcMYNuN4q/GoJ7Lr7fy2
0LJEzby6auILN7A+inv+4oiF3xvn8TKf0mLAHoTmtbIgB3AR6uhSyOVY5vzFzWdP
efJcQ7Z8m/qEv0EjHlRwIt+6nK06NryUIWDsUqiuBjKXNxLZUOXrFkzM7YKKHe57
ijQbZd9wQye0esLdIQ+0Na6r+Nz6oAS9walhZgVXet5a
-----END CERTIFICATE-----