Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/C_6jHHvmJCuXf7-9ZrzZKkeinQ0.roa
File:                     C_6jHHvmJCuXf7-9ZrzZKkeinQ0.roa (raw, json)
Hash identifier:          DpUPOeeCn88xeSleMuuST/hLTdDc3MQtSglU/x83oyg=
Subject key identifier:   0B:FE:A3:1C:7B:E6:24:2B:97:7F:BF:BD:66:BC:D9:2A:47:A2:9D:0D
Certificate issuer:       /CN=0d2087b0f6716d23c8d23eb3d0392b6bf642ad4b
Certificate serial:       0199DD813CACA35F0AFC7A762F5C7ED869FE
Authority key identifier: 0D:20:87:B0:F6:71:6D:23:C8:D2:3E:B3:D0:39:2B:6B:F6:42:AD:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/C_6jHHvmJCuXf7-9ZrzZKkeinQ0.roa
Signing time:             Mon 13 Oct 2025 12:17:38 +0000
ROA not before:           Mon 13 Oct 2025 12:17:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29084
IP address blocks:        94.190.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:dd:81:3c:ac:a3:5f:0a:fc:7a:76:2f:5c:7e:d8:69:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2087b0f6716d23c8d23eb3d0392b6bf642ad4b
        Validity
            Not Before: Oct 13 12:17:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0bfea31c7be6242b977fbfbd66bcd92a47a29d0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:1c:2d:ac:61:3d:6e:28:66:fc:d5:fc:18:eb:
                    ff:de:83:55:a7:78:b8:d7:7c:6e:c0:e2:d0:4e:bc:
                    de:ab:ea:86:40:e2:38:1b:55:cd:bd:b2:61:ab:66:
                    8c:bd:5f:20:23:2b:e8:e5:1e:6f:3f:a3:01:4d:55:
                    a0:be:e7:77:4c:6b:bd:85:59:34:09:30:cf:c4:91:
                    19:46:81:0c:20:b2:30:5d:2a:9d:3c:3e:5f:51:da:
                    70:3a:55:1a:50:2d:5e:88:44:30:8a:8b:60:52:61:
                    81:de:85:2e:1b:51:3b:c4:6d:b5:86:cb:de:08:8e:
                    ec:ec:34:d9:75:9a:26:3d:13:20:22:29:a4:d9:a4:
                    27:cb:84:f8:96:3f:09:3a:4c:61:2e:97:8e:d5:80:
                    18:90:43:43:ad:f7:b9:79:10:a6:7b:fc:8c:40:98:
                    61:5b:ce:43:02:00:66:8b:28:e6:1d:5a:3a:2f:9b:
                    ed:dc:50:58:db:d8:61:c5:88:9e:44:38:2f:07:3c:
                    2a:40:a3:de:fd:53:34:05:1f:c2:99:92:30:86:3a:
                    80:bd:26:b2:cc:f7:79:6e:6f:68:67:c9:a2:9d:8a:
                    0c:c9:ac:7c:d6:c7:3f:33:3b:57:64:46:ae:10:e2:
                    fd:1d:03:24:3d:17:de:6c:09:ef:89:c4:f8:6a:e7:
                    09:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:FE:A3:1C:7B:E6:24:2B:97:7F:BF:BD:66:BC:D9:2A:47:A2:9D:0D
            X509v3 Authority Key Identifier:
                keyid:0D:20:87:B0:F6:71:6D:23:C8:D2:3E:B3:D0:39:2B:6B:F6:42:AD:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/C_6jHHvmJCuXf7-9ZrzZKkeinQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.190.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:ee:6f:f3:64:62:bc:a8:1b:0d:fb:94:e1:e8:ac:8a:33:f9:
         72:41:8a:45:62:07:c9:57:d9:8d:64:f5:e0:1b:66:99:3f:90:
         7c:a0:15:b9:68:fa:60:b9:d9:53:e3:e2:d6:4a:ad:1b:a9:79:
         2a:c8:0b:8b:08:65:30:a2:a1:a5:75:6f:bb:71:16:ea:63:2e:
         18:fe:06:cb:e7:d0:50:19:b4:1f:c2:73:99:5f:92:b6:0b:e4:
         fa:4a:ea:9f:51:4b:18:8c:e1:7b:b1:51:71:33:93:50:0e:7b:
         70:3a:f6:57:c7:78:94:df:6d:ee:61:66:a7:ed:0b:69:cb:64:
         cb:b7:da:f8:b3:e8:47:4c:07:f4:20:1f:4f:68:a7:88:02:f2:
         38:0f:b8:c5:14:13:48:54:00:bb:5d:f5:5c:38:f7:1c:91:0d:
         c5:0b:d6:ef:c3:b7:a0:af:d4:d9:35:d4:cc:9f:9f:12:5b:29:
         1e:37:39:05:f3:2b:4d:ac:c3:d6:f9:54:19:2b:20:b8:ac:0c:
         7c:cc:23:3e:04:5c:2b:a7:59:88:20:86:61:06:82:39:f0:8c:
         c7:ad:28:a3:39:3e:2a:31:71:d1:fa:b7:83:f7:e4:15:3b:43:
         9a:aa:e2:66:68:e8:46:85:f4:50:18:59:ba:ed:50:35:2c:1c:
         fd:75:f7:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZndgTyso18K/Hp2L1x+2Gn+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjA4N2IwZjY3MTZkMjNjOGQyM2ViM2QwMzkyYjZiZjY0
MmFkNGIwHhcNMjUxMDEzMTIxNzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmZlYTMxYzdiZTYyNDJiOTc3ZmJmYmQ2NmJjZDkyYTQ3YTI5ZDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBwtrGE9bihm/NX8GOv/3oNVp3i4
13xuwOLQTrzeq+qGQOI4G1XNvbJhq2aMvV8gIyvo5R5vP6MBTVWgvud3TGu9hVk0
CTDPxJEZRoEMILIwXSqdPD5fUdpwOlUaUC1eiEQwiotgUmGB3oUuG1E7xG21hsve
CI7s7DTZdZomPRMgIimk2aQny4T4lj8JOkxhLpeO1YAYkENDrfe5eRCme/yMQJhh
W85DAgBmiyjmHVo6L5vt3FBY29hhxYieRDgvBzwqQKPe/VM0BR/CmZIwhjqAvSay
zPd5bm9oZ8minYoMyax81sc/MztXZEauEOL9HQMkPRfebAnvicT4aucJ8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAv+oxx75iQrl3+/vWa82SpHop0NMB8GA1UdIwQY
MBaAFA0gh7D2cW0jyNI+s9A5K2v2Qq1LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNDSHNQWnhiU1BJMGo2ejBEa3JhX1pDclVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9mY2I3MjktYzI4OC00ZTE1LTkzODQt
YTIwZDJkNzUxZWI1LzEvQ182akhIdm1KQ3VYZjctOVpyelpLa2VpblEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9mY2I3MjktYzI4OC00ZTE1LTkzODQtYTIwZDJkNzUxZWI1
LzEvRFNDSHNQWnhiU1BJMGo2ejBEa3JhX1pDclVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXr78MA0G
CSqGSIb3DQEBCwUAA4IBAQAI7m/zZGK8qBsN+5Th6KyKM/lyQYpFYgfJV9mNZPXg
G2aZP5B8oBW5aPpgudlT4+LWSq0bqXkqyAuLCGUwoqGldW+7cRbqYy4Y/gbL59BQ
GbQfwnOZX5K2C+T6SuqfUUsYjOF7sVFxM5NQDntwOvZXx3iU323uYWan7Qtpy2TL
t9r4s+hHTAf0IB9PaKeIAvI4D7jFFBNIVAC7XfVcOPcckQ3FC9bvw7egr9TZNdTM
n58SWykeNzkF8ytNrMPW+VQZKyC4rAx8zCM+BFwrp1mIIIZhBoI58IzHrSijOT4q
MXHR+reD9+QVO0OaquJmaOhGhfRQGFm67VA1LBz9dffs
-----END CERTIFICATE-----