Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/v2gP_L7mOdlv0td2mrGDA7hw0_Q.roa
File:                     v2gP_L7mOdlv0td2mrGDA7hw0_Q.roa (raw, json)
Hash identifier:          fU5eCiZuN0cnMylI3cPe13vdeQ6MK7KpvTfdAbqCesw=
Subject key identifier:   BF:68:0F:FC:BE:E6:39:D9:6F:D2:D7:76:9A:B1:83:03:B8:70:D3:F4
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       0199DE60A1D65DC91BF483AFA8C8081ABD1B
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/v2gP_L7mOdlv0td2mrGDA7hw0_Q.roa
Signing time:             Mon 13 Oct 2025 16:21:38 +0000
ROA not before:           Mon 13 Oct 2025 16:21:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51369
IP address blocks:        194.190.2.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:de:60:a1:d6:5d:c9:1b:f4:83:af:a8:c8:08:1a:bd:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Oct 13 16:21:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf680ffcbee639d96fd2d7769ab18303b870d3f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:53:4b:02:35:78:29:e8:f9:c8:ea:23:81:6e:
                    3f:ca:79:d1:a3:a1:ef:a7:df:0d:82:61:fa:b9:14:
                    88:26:a9:38:ae:ce:2f:45:3c:ef:08:53:ca:c8:15:
                    44:57:f6:e3:c9:dc:47:0f:80:71:c7:05:13:37:63:
                    ec:53:02:68:db:57:61:a7:2f:fc:de:83:03:c3:77:
                    f7:5c:8a:0d:12:27:64:4b:23:bc:ad:8b:e8:ad:ee:
                    c0:a6:c9:78:79:c6:d0:f2:bb:5f:47:70:6f:67:5a:
                    13:45:4e:e1:59:82:39:b8:53:7a:b0:fb:39:95:31:
                    b9:56:74:1c:2b:25:24:2e:42:0e:08:e4:96:47:b1:
                    0f:0b:d2:7c:ac:c0:ed:4a:d3:85:48:78:c1:3d:2e:
                    f9:3c:ce:ea:fa:15:62:04:a1:64:79:ff:06:52:c2:
                    61:3e:ce:7b:25:7e:ca:0a:e3:72:b1:85:0d:3a:34:
                    2d:97:1f:11:ba:e7:6f:1f:35:34:a1:79:92:24:33:
                    30:ac:10:aa:be:d3:9b:72:3a:a2:56:e0:0a:74:2d:
                    35:35:29:3b:e6:62:44:fe:f5:40:f7:2a:b7:58:47:
                    7f:9d:b7:2b:96:3a:91:26:81:74:93:dd:e6:54:76:
                    5d:2d:a3:3f:f3:be:25:10:9f:6b:e3:05:26:4b:39:
                    f4:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:68:0F:FC:BE:E6:39:D9:6F:D2:D7:76:9A:B1:83:03:B8:70:D3:F4
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/v2gP_L7mOdlv0td2mrGDA7hw0_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.190.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1c:9f:46:8f:f0:8a:e1:05:e6:0f:bb:51:10:eb:65:53:12:b2:
         16:7e:dd:c7:59:06:cd:ec:a3:14:f0:d3:c5:5b:8f:e8:e9:2d:
         3b:a0:87:b6:bf:24:58:75:dd:02:1b:a6:bd:34:e2:fe:40:22:
         3d:8c:ff:ba:a9:7e:58:6c:94:b8:1b:df:c5:c8:09:e4:47:0d:
         5a:b7:c1:9b:11:82:ff:77:e8:69:d0:5a:79:0a:48:13:7e:44:
         02:3b:a7:a9:63:2e:e1:d3:9b:c9:6f:ec:67:ce:1d:35:c5:c0:
         f8:3e:02:16:57:d0:20:4d:78:96:73:9a:ca:67:e1:1a:08:b8:
         45:5d:2d:08:77:4c:9e:5a:67:fe:78:6c:9a:68:cf:23:59:e4:
         19:3c:36:2e:b6:dc:33:95:6b:78:e9:e0:c0:71:19:9a:59:be:
         1e:6f:f5:97:b0:ac:08:ca:46:f1:5e:91:b6:a9:18:a1:fc:83:
         69:d7:6d:62:1c:a7:05:9f:8f:c6:07:93:3e:99:1a:b2:1c:64:
         53:5b:ea:d9:41:dc:e6:fc:e8:54:7c:77:c3:4d:f0:d3:d4:3e:
         7a:86:a8:85:0d:eb:21:48:a6:f4:16:38:84:2f:ea:90:6f:ad:
         25:da:41:23:76:4c:7b:41:bf:0b:77:d6:19:56:4e:28:e8:2a:
         41:39:88:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZneYKHWXckb9IOvqMgIGr0bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUxMDEzMTYyMTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjY4MGZmY2JlZTYzOWQ5NmZkMmQ3NzY5YWIxODMwM2I4NzBkM2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulNLAjV4Kej5yOojgW4/ynnRo6Hv
p98NgmH6uRSIJqk4rs4vRTzvCFPKyBVEV/bjydxHD4BxxwUTN2PsUwJo21dhpy/8
3oMDw3f3XIoNEidkSyO8rYvore7Apsl4ecbQ8rtfR3BvZ1oTRU7hWYI5uFN6sPs5
lTG5VnQcKyUkLkIOCOSWR7EPC9J8rMDtStOFSHjBPS75PM7q+hViBKFkef8GUsJh
Ps57JX7KCuNysYUNOjQtlx8RuudvHzU0oXmSJDMwrBCqvtObcjqiVuAKdC01NSk7
5mJE/vVA9yq3WEd/nbcrljqRJoF0k93mVHZdLaM/874lEJ9r4wUmSzn0eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9oD/y+5jnZb9LXdpqxgwO4cNP0MB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvdjJnUF9MN21PZGx2MHRkMm1yR0RBN2h3MF9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwr4CMA0G
CSqGSIb3DQEBCwUAA4IBAQAcn0aP8IrhBeYPu1EQ62VTErIWft3HWQbN7KMU8NPF
W4/o6S07oIe2vyRYdd0CG6a9NOL+QCI9jP+6qX5YbJS4G9/FyAnkRw1at8GbEYL/
d+hp0Fp5CkgTfkQCO6epYy7h05vJb+xnzh01xcD4PgIWV9AgTXiWc5rKZ+EaCLhF
XS0Id0yeWmf+eGyaaM8jWeQZPDYuttwzlWt46eDAcRmaWb4eb/WXsKwIykbxXpG2
qRih/INp121iHKcFn4/GB5M+mRqyHGRTW+rZQdzm/OhUfHfDTfDT1D56hqiFDesh
SKb0FjiEL+qQb60l2kEjdkx7Qb8Ld9YZVk4o6CpBOYi6
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:51:38 2025 by rpki-client