Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/vKfEUggSmeN1QnZLqXG04etpiPg.roa
File:                     vKfEUggSmeN1QnZLqXG04etpiPg.roa (raw, json)
Hash identifier:          YSgw9NA3h6S4POGsrrMkyK+GnsnUKKzFwVL8h2Y0UDg=
Subject key identifier:   BC:A7:C4:52:08:12:99:E3:75:42:76:4B:A9:71:B4:E1:EB:69:88:F8
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       0199C276EF3FFCC594A5225AA19E8490160E
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/vKfEUggSmeN1QnZLqXG04etpiPg.roa
Signing time:             Wed 08 Oct 2025 06:16:38 +0000
ROA not before:           Wed 08 Oct 2025 06:16:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214526
IP address blocks:        178.239.144.0/24 maxlen: 24
                          178.239.157.0/24 maxlen: 24
                          185.124.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c2:76:ef:3f:fc:c5:94:a5:22:5a:a1:9e:84:90:16:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Oct  8 06:16:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bca7c452081299e37542764ba971b4e1eb6988f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:cc:99:af:24:6b:74:e3:42:28:73:3d:ff:bd:
                    e9:26:79:1d:8d:3b:de:0e:9e:97:f4:2b:57:fd:f3:
                    fd:86:a6:cb:fd:a9:dc:e2:55:6a:d5:61:01:bd:37:
                    5c:68:12:fd:7e:6a:94:50:58:32:5f:7a:11:f0:5c:
                    88:3b:05:3a:00:37:5d:5e:8b:93:f9:41:0e:da:59:
                    78:ce:bb:f3:c1:13:d1:02:26:b4:19:ae:e4:aa:8f:
                    17:f5:a8:ea:e4:1b:a5:4e:cf:09:4d:5e:db:66:79:
                    ba:f9:42:4b:a4:b5:c8:90:b6:18:80:34:d0:6d:fb:
                    1a:d9:90:d6:86:e1:6f:ab:54:37:87:f6:0b:6e:a7:
                    7e:27:5f:d7:ba:d0:8e:d8:96:03:87:1a:e5:d4:83:
                    4f:95:00:8e:f9:90:54:ab:cd:bc:a5:71:3d:1b:fd:
                    8a:27:8c:fb:f5:76:22:09:7e:ed:7c:00:1b:d8:22:
                    e5:2b:af:12:91:35:fe:8a:59:78:7c:91:f5:95:01:
                    62:2a:0e:5d:c0:41:7a:cc:06:1c:08:55:de:2f:44:
                    39:15:d3:8d:99:fe:82:82:6b:52:ff:77:f6:cd:98:
                    ac:2d:9a:8f:7a:3b:68:9d:91:09:79:6d:72:eb:e1:
                    3c:59:9e:1d:d5:90:56:f9:d2:67:32:9f:4c:26:58:
                    1d:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:A7:C4:52:08:12:99:E3:75:42:76:4B:A9:71:B4:E1:EB:69:88:F8
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/vKfEUggSmeN1QnZLqXG04etpiPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.144.0/24
                  178.239.157.0/24
                  185.124.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:62:ce:b6:6b:12:2f:f9:56:fc:dc:be:a2:09:47:0a:35:3e:
         bc:02:b4:81:65:e4:1d:7e:89:f2:37:b6:35:71:c7:a3:1e:9b:
         14:80:69:f0:af:28:4b:58:ac:e7:76:21:d3:87:35:e4:52:28:
         a1:8f:10:ce:c8:be:f5:81:3e:1d:52:a6:25:2a:12:10:03:79:
         2d:8e:29:c6:43:2d:55:a0:80:76:b4:b8:a9:4b:45:3a:e3:40:
         a2:7a:94:81:ac:6f:cc:d2:08:ef:83:a0:28:56:af:f7:51:97:
         ea:39:73:88:5c:75:a7:8d:e2:95:ac:54:9a:76:dc:24:8b:43:
         47:02:bf:62:4c:91:71:36:5f:50:f9:da:ca:4d:e2:ce:9a:9f:
         eb:3e:3a:97:f5:a1:37:ba:84:50:89:4b:bf:d3:7c:df:bd:ca:
         b3:36:e8:35:a6:79:cb:b1:b6:3e:64:d9:8f:f5:d3:6a:97:ae:
         0a:08:c6:a2:1b:9e:df:db:96:77:c9:6d:39:1a:ef:97:bd:7c:
         e2:83:e9:0e:5c:2e:37:29:0c:f3:6f:92:17:a0:df:4f:3f:23:
         cf:00:d3:61:49:c8:14:72:bf:92:0c:d0:ea:3e:89:8c:a4:30:
         58:33:3a:da:37:47:2f:07:b8:74:8e:6f:61:0f:7e:43:5f:9a:
         6b:be:51:be
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZnCdu8//MWUpSJaoZ6EkBYOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUxMDA4MDYxNjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2E3YzQ1MjA4MTI5OWUzNzU0Mjc2NGJhOTcxYjRlMWViNjk4OGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMyZryRrdONCKHM9/73pJnkdjTve
Dp6X9CtX/fP9hqbL/anc4lVq1WEBvTdcaBL9fmqUUFgyX3oR8FyIOwU6ADddXouT
+UEO2ll4zrvzwRPRAia0Ga7kqo8X9ajq5BulTs8JTV7bZnm6+UJLpLXIkLYYgDTQ
bfsa2ZDWhuFvq1Q3h/YLbqd+J1/XutCO2JYDhxrl1INPlQCO+ZBUq828pXE9G/2K
J4z79XYiCX7tfAAb2CLlK68SkTX+ill4fJH1lQFiKg5dwEF6zAYcCFXeL0Q5FdON
mf6CgmtS/3f2zZisLZqPejtonZEJeW1y6+E8WZ4d1ZBW+dJnMp9MJlgdmwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLynxFIIEpnjdUJ2S6lxtOHraYj4MB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvdktmRVVnZ1NtZU4xUW5aTHFYRzA0ZXRwaVBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAsu+QAwQA
su+dAwQAuXyvMA0GCSqGSIb3DQEBCwUAA4IBAQAQYs62axIv+Vb83L6iCUcKNT68
ArSBZeQdfonyN7Y1ccejHpsUgGnwryhLWKzndiHThzXkUiihjxDOyL71gT4dUqYl
KhIQA3ktjinGQy1VoIB2tLipS0U640CiepSBrG/M0gjvg6AoVq/3UZfqOXOIXHWn
jeKVrFSadtwki0NHAr9iTJFxNl9Q+drKTeLOmp/rPjqX9aE3uoRQiUu/03zfvcqz
Nug1pnnLsbY+ZNmP9dNql64KCMaiG57f25Z3yW05Gu+XvXzig+kOXC43KQzzb5IX
oN9PPyPPANNhScgUcr+SDNDqPomMpDBYMzraN0cvB7h0jm9hD35DX5prvlG+
-----END CERTIFICATE-----