Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/d03982-e753-4e56-ab35-b0adec934671/1/cErth6LGJ37Tdtl1lcefLoJD4nM.roa
File:                     cErth6LGJ37Tdtl1lcefLoJD4nM.roa (raw, json)
Hash identifier:          OoCTZM3oJW/h0+9oZEB+kSNNGcZqSaTzGyAN+23CU/M=
Subject key identifier:   70:4A:ED:87:A2:C6:27:7E:D3:76:D9:75:95:C7:9F:2E:82:43:E2:73
Certificate issuer:       /CN=a369f4b78cc4d935fb1f39bbdecc8a413b0faf9d
Certificate serial:       0199DE21732E7756B641D378B60D3D906FC7
Authority key identifier: A3:69:F4:B7:8C:C4:D9:35:FB:1F:39:BB:DE:CC:8A:41:3B:0F:AF:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o2n0t4zE2TX7Hzm73syKQTsPr50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/d03982-e753-4e56-ab35-b0adec934671/1/cErth6LGJ37Tdtl1lcefLoJD4nM.roa
Signing time:             Mon 13 Oct 2025 15:12:38 +0000
ROA not before:           Mon 13 Oct 2025 15:12:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207415
IP address blocks:        194.117.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/d03982-e753-4e56-ab35-b0adec934671/1/o2n0t4zE2TX7Hzm73syKQTsPr50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/d03982-e753-4e56-ab35-b0adec934671/1/o2n0t4zE2TX7Hzm73syKQTsPr50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o2n0t4zE2TX7Hzm73syKQTsPr50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:de:21:73:2e:77:56:b6:41:d3:78:b6:0d:3d:90:6f:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a369f4b78cc4d935fb1f39bbdecc8a413b0faf9d
        Validity
            Not Before: Oct 13 15:12:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=704aed87a2c6277ed376d97595c79f2e8243e273
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ec:de:ac:46:26:42:62:92:ec:a7:d9:56:8f:
                    0b:50:c7:2a:50:59:fa:8d:e0:4b:d8:b0:c3:74:a3:
                    2e:4f:25:5b:23:50:15:4d:7d:bf:fb:b3:31:c9:eb:
                    7c:52:dd:4a:0b:02:38:aa:29:e9:91:03:b8:a7:4e:
                    45:93:71:a1:c0:d7:a1:55:a4:37:72:92:db:f8:38:
                    fa:48:65:b5:4c:d6:53:52:2c:66:57:de:aa:46:50:
                    23:11:24:93:a7:a2:e0:00:8d:d3:b8:1b:c6:57:4f:
                    bf:93:3a:5c:80:74:e9:fb:77:f5:65:bc:04:eb:41:
                    9e:ec:9a:7e:08:2d:4d:a1:d8:e7:58:71:5f:e7:18:
                    66:c0:9f:33:2a:27:f0:4a:b0:03:ea:8e:ab:65:d6:
                    56:32:44:62:40:e0:da:93:78:02:8e:46:d0:9d:c4:
                    6f:b4:af:a7:e9:2a:73:ea:ad:57:98:57:76:de:bf:
                    e5:41:64:36:be:8d:d0:e3:fb:13:fa:02:3d:49:d3:
                    90:bd:00:97:e2:9e:61:22:10:35:bf:ff:da:e2:5a:
                    93:0d:6b:03:33:31:01:1e:27:89:3e:8a:8a:81:a2:
                    5e:65:8a:86:88:a8:6c:7c:83:aa:d2:7c:07:c6:35:
                    e6:33:b3:04:78:1a:e3:a6:fc:d5:ff:db:22:09:5f:
                    7e:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:4A:ED:87:A2:C6:27:7E:D3:76:D9:75:95:C7:9F:2E:82:43:E2:73
            X509v3 Authority Key Identifier:
                keyid:A3:69:F4:B7:8C:C4:D9:35:FB:1F:39:BB:DE:CC:8A:41:3B:0F:AF:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o2n0t4zE2TX7Hzm73syKQTsPr50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/d03982-e753-4e56-ab35-b0adec934671/1/cErth6LGJ37Tdtl1lcefLoJD4nM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/d03982-e753-4e56-ab35-b0adec934671/1/o2n0t4zE2TX7Hzm73syKQTsPr50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.117.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:92:48:82:cd:5d:f1:52:0f:40:85:b8:ef:4c:54:da:d1:0e:
         70:0f:fc:43:86:de:2d:6b:2c:80:8b:5a:a6:a1:3a:2a:f0:c1:
         77:c0:57:66:34:61:69:43:02:17:e8:d0:a0:d4:8c:71:81:04:
         45:0f:a1:06:e8:b4:96:72:7f:23:84:c8:5e:00:43:75:fb:c0:
         55:e0:c5:d3:9f:4a:f2:fa:18:2a:98:22:d7:37:5e:62:2b:9d:
         66:c9:58:0c:cc:ad:5e:5f:4a:a2:50:1b:52:f0:15:94:18:4c:
         34:de:58:5f:73:c4:ec:c9:b5:73:b8:0c:02:f3:fb:28:16:41:
         b9:dd:b4:0e:33:65:2d:9b:c3:ba:b3:5d:33:fe:dd:b7:74:ac:
         dd:1f:c9:97:e5:a9:4d:7c:98:b4:35:43:a5:a4:d1:46:26:30:
         1d:15:49:25:0c:20:9b:7f:02:7a:6d:54:c2:ff:44:a7:69:3e:
         a4:8f:2f:33:85:83:28:ce:b9:8a:21:c6:1f:16:6e:55:2f:7c:
         4b:4c:70:07:4c:31:d8:d7:ff:b7:a8:b4:9e:ff:1e:c3:34:c6:
         33:f6:3b:50:5d:95:ca:b3:54:20:e6:03:94:b8:cb:ad:b8:7c:
         f5:be:b4:6c:1e:f2:be:d7:30:f6:96:05:08:52:94:eb:d3:e1:
         c3:37:be:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZneIXMud1a2QdN4tg09kG/HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNjlmNGI3OGNjNGQ5MzVmYjFmMzliYmRlY2M4YTQxM2Iw
ZmFmOWQwHhcNMjUxMDEzMTUxMjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDRhZWQ4N2EyYzYyNzdlZDM3NmQ5NzU5NWM3OWYyZTgyNDNlMjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoezerEYmQmKS7KfZVo8LUMcqUFn6
jeBL2LDDdKMuTyVbI1AVTX2/+7Mxyet8Ut1KCwI4qinpkQO4p05Fk3GhwNehVaQ3
cpLb+Dj6SGW1TNZTUixmV96qRlAjESSTp6LgAI3TuBvGV0+/kzpcgHTp+3f1ZbwE
60Ge7Jp+CC1NodjnWHFf5xhmwJ8zKifwSrAD6o6rZdZWMkRiQODak3gCjkbQncRv
tK+n6Spz6q1XmFd23r/lQWQ2vo3Q4/sT+gI9SdOQvQCX4p5hIhA1v//a4lqTDWsD
MzEBHieJPoqKgaJeZYqGiKhsfIOq0nwHxjXmM7MEeBrjpvzV/9siCV9+4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHBK7Yeixid+03bZdZXHny6CQ+JzMB8GA1UdIwQY
MBaAFKNp9LeMxNk1+x85u97MikE7D6+dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzJuMHQ0ekUyVFg3SHptNzNzeUtRVHNQcjUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9kMDM5ODItZTc1My00ZTU2LWFiMzUt
YjBhZGVjOTM0NjcxLzEvY0VydGg2TEdKMzdUZHRsMWxjZWZMb0pENG5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9kMDM5ODItZTc1My00ZTU2LWFiMzUtYjBhZGVjOTM0Njcx
LzEvbzJuMHQ0ekUyVFg3SHptNzNzeUtRVHNQcjUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnVLMA0G
CSqGSIb3DQEBCwUAA4IBAQA/kkiCzV3xUg9AhbjvTFTa0Q5wD/xDht4tayyAi1qm
oToq8MF3wFdmNGFpQwIX6NCg1IxxgQRFD6EG6LSWcn8jhMheAEN1+8BV4MXTn0ry
+hgqmCLXN15iK51myVgMzK1eX0qiUBtS8BWUGEw03lhfc8TsybVzuAwC8/soFkG5
3bQOM2Utm8O6s10z/t23dKzdH8mX5alNfJi0NUOlpNFGJjAdFUklDCCbfwJ6bVTC
/0SnaT6kjy8zhYMozrmKIcYfFm5VL3xLTHAHTDHY1/+3qLSe/x7DNMYz9jtQXZXK
s1Qg5gOUuMutuHz1vrRsHvK+1zD2lgUIUpTr0+HDN75t
-----END CERTIFICATE-----