Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/2Fz3gDQO1Ko4Uhz-WKqbPvSyHuY.roa
File:                     2Fz3gDQO1Ko4Uhz-WKqbPvSyHuY.roa (raw, json)
Hash identifier:          qDVXlglB84tjlEcwlG5YSSXNovaEgcbeYtxfS2oty2U=
Subject key identifier:   D8:5C:F7:80:34:0E:D4:AA:38:52:1C:FE:58:AA:9B:3E:F4:B2:1E:E6
Certificate issuer:       /CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
Certificate serial:       0199511773F50C05E5581830A00C31F65813
Authority key identifier: A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/2Fz3gDQO1Ko4Uhz-WKqbPvSyHuY.roa
Signing time:             Tue 16 Sep 2025 05:55:15 +0000
ROA not before:           Tue 16 Sep 2025 05:55:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6079
IP address blocks:        188.208.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:51:17:73:f5:0c:05:e5:58:18:30:a0:0c:31:f6:58:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
        Validity
            Not Before: Sep 16 05:55:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d85cf780340ed4aa38521cfe58aa9b3ef4b21ee6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c8:5a:0c:a7:35:6b:22:05:a2:ef:4c:40:29:
                    a7:d2:fd:4d:53:d7:c7:0f:a8:23:4c:27:88:e4:ae:
                    de:ba:15:e5:ce:a1:a1:18:09:77:73:e7:4b:c0:c4:
                    53:4f:18:3b:e1:61:67:84:ff:99:35:bf:e1:eb:91:
                    af:a9:29:02:60:8b:e7:ab:f8:3e:76:21:c5:3b:a9:
                    7b:be:bb:9a:8f:8d:4e:ef:c1:e5:31:52:ec:8c:85:
                    bd:08:06:0d:13:6c:10:d6:4a:df:4e:c7:dd:a1:8c:
                    2f:47:fd:37:67:58:a8:c6:f5:3d:69:dd:fb:6b:68:
                    a7:32:c2:12:27:c1:c0:57:db:dd:b9:87:d7:35:3c:
                    a0:9c:31:73:e0:bd:2d:9b:64:d7:fd:40:d2:e8:a6:
                    99:ed:35:88:0f:7a:0a:f1:b6:5e:b3:23:83:d1:30:
                    66:01:b3:1c:2b:e8:69:b2:26:94:6d:49:8d:64:b2:
                    5e:df:9f:28:db:16:94:43:7f:93:ff:2b:39:a1:51:
                    f0:6e:3d:89:93:1f:f7:1c:a3:a8:4c:2b:75:da:73:
                    7b:5f:dd:26:4e:f0:98:ec:f1:a8:6d:fa:d5:18:97:
                    e7:4c:c5:3d:46:01:68:08:e9:cd:16:17:f7:c5:1f:
                    66:d1:24:51:1e:df:fc:8b:c6:8a:ef:ad:ae:05:c9:
                    22:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:5C:F7:80:34:0E:D4:AA:38:52:1C:FE:58:AA:9B:3E:F4:B2:1E:E6
            X509v3 Authority Key Identifier:
                keyid:A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/2Fz3gDQO1Ko4Uhz-WKqbPvSyHuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.208.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:7c:09:a1:1d:ac:b6:2f:80:5f:2d:83:75:be:82:00:26:76:
         d3:17:6d:20:6d:b0:2c:bb:07:96:89:97:92:2f:91:f2:9c:48:
         05:37:0c:a7:39:fd:8a:75:59:2d:60:66:b0:b5:10:de:a2:cc:
         bc:23:f9:67:b2:67:c0:d7:9d:6a:7e:c2:26:97:e9:11:3e:a8:
         53:cc:62:66:1c:4b:54:7e:be:a4:79:d7:7d:bc:08:3e:16:28:
         f3:ec:a4:41:5d:02:63:fe:26:49:d3:72:e6:84:f5:23:47:7c:
         28:11:20:f2:8b:02:21:03:41:7a:73:05:0c:04:22:d8:d6:78:
         d8:d4:eb:7e:6e:9f:21:29:74:14:4d:65:11:9b:02:dd:3b:1b:
         0c:06:9e:b6:0d:6d:74:74:4b:46:fe:ae:1a:42:e7:f9:e7:84:
         92:3c:5a:9a:8a:16:59:83:b0:40:30:d2:ef:5b:3f:91:24:f5:
         b5:86:76:d5:d5:27:a6:fd:95:7b:f7:58:f1:bf:ec:66:d4:2c:
         f5:e5:34:33:ea:68:61:23:96:7e:70:d2:7c:86:a3:e3:a6:72:
         d0:8e:fc:60:9a:3f:99:12:d2:cc:f3:43:ae:86:e5:8c:c6:5f:
         30:03:48:f5:a6:75:ea:bc:d3:e8:3e:8c:41:9c:9d:01:07:c1:
         bc:9b:ea:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlRF3P1DAXlWBgwoAwx9lgTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMDg4ZTA2ZDU1M2NmZjI5M2QyNzdmNGQ3NmMzYTcxMGJk
OGIyZjcwHhcNMjUwOTE2MDU1NTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODVjZjc4MDM0MGVkNGFhMzg1MjFjZmU1OGFhOWIzZWY0YjIxZWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8haDKc1ayIFou9MQCmn0v1NU9fH
D6gjTCeI5K7euhXlzqGhGAl3c+dLwMRTTxg74WFnhP+ZNb/h65GvqSkCYIvnq/g+
diHFO6l7vruaj41O78HlMVLsjIW9CAYNE2wQ1krfTsfdoYwvR/03Z1ioxvU9ad37
a2inMsISJ8HAV9vduYfXNTygnDFz4L0tm2TX/UDS6KaZ7TWID3oK8bZesyOD0TBm
AbMcK+hpsiaUbUmNZLJe358o2xaUQ3+T/ys5oVHwbj2Jkx/3HKOoTCt12nN7X90m
TvCY7PGobfrVGJfnTMU9RgFoCOnNFhf3xR9m0SRRHt/8i8aK762uBckiUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNhc94A0DtSqOFIc/liqmz70sh7mMB8GA1UdIwQY
MBaAFKIIjgbVU8/yk9J39NdsOnEL2LL3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTct
YmJlYTI5MThlMTAyLzEvMkZ6M2dEUU8xS280VWh6LVdLcWJQdlN5SHVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTctYmJlYTI5MThlMTAy
LzEvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNB/MA0G
CSqGSIb3DQEBCwUAA4IBAQAKfAmhHay2L4BfLYN1voIAJnbTF20gbbAsuweWiZeS
L5HynEgFNwynOf2KdVktYGawtRDeosy8I/lnsmfA151qfsIml+kRPqhTzGJmHEtU
fr6kedd9vAg+Fijz7KRBXQJj/iZJ03LmhPUjR3woESDyiwIhA0F6cwUMBCLY1njY
1Ot+bp8hKXQUTWURmwLdOxsMBp62DW10dEtG/q4aQuf554SSPFqaihZZg7BAMNLv
Wz+RJPW1hnbV1Sem/ZV791jxv+xm1Cz15TQz6mhhI5Z+cNJ8hqPjpnLQjvxgmj+Z
EtLM80OuhuWMxl8wA0j1pnXqvNPoPoxBnJ0BB8G8m+rb
-----END CERTIFICATE-----