Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/4AoUOv0FI3bJOWNB03o-fqag36g.roa
File:                     4AoUOv0FI3bJOWNB03o-fqag36g.roa (raw, json)
Hash identifier:          lE0wM7qhSogQ0qa/Rafsku4glOJqw2l70ocwo2WeE/c=
Subject key identifier:   E0:0A:14:3A:FD:05:23:76:C9:39:63:41:D3:7A:3E:7E:A6:A0:DF:A8
Certificate issuer:       /CN=29390ec0adca5f0743d181145c7899f991fb65e0
Certificate serial:       0199A4743313781A1355096770F92AF93845
Authority key identifier: 29:39:0E:C0:AD:CA:5F:07:43:D1:81:14:5C:78:99:F9:91:FB:65:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/4AoUOv0FI3bJOWNB03o-fqag36g.roa
Signing time:             Thu 02 Oct 2025 10:25:02 +0000
ROA not before:           Thu 02 Oct 2025 10:25:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208008
IP address blocks:        212.176.94.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a4:74:33:13:78:1a:13:55:09:67:70:f9:2a:f9:38:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29390ec0adca5f0743d181145c7899f991fb65e0
        Validity
            Not Before: Oct  2 10:25:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e00a143afd052376c9396341d37a3e7ea6a0dfa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ee:48:98:37:ff:54:51:63:0a:03:fd:94:03:
                    49:fc:d8:2b:c3:a4:bd:56:fb:91:04:6c:76:9e:18:
                    bb:c2:75:c1:d8:41:5c:de:3e:cd:1f:30:b1:14:38:
                    6e:ba:37:06:c7:57:83:64:99:73:0a:a8:2a:d8:82:
                    bc:08:78:10:7c:27:36:a6:6d:a3:57:31:f2:d5:9c:
                    23:78:d6:66:e9:bb:ed:75:00:5e:d5:66:47:3e:16:
                    77:9e:f3:10:32:c7:b8:f7:e0:68:f3:29:0e:6b:45:
                    ea:6e:bb:f5:e7:bd:55:e7:e4:09:b2:ca:2e:a8:8e:
                    4d:2c:e8:f0:be:d7:43:ad:08:22:94:30:01:31:e9:
                    df:1b:a9:b1:e5:73:c8:10:eb:df:37:e3:b4:36:f5:
                    6a:e6:0a:63:d3:67:b6:8b:62:e4:03:40:5b:0c:bc:
                    29:7b:74:5e:09:a5:62:5a:94:19:c5:1a:0e:4e:19:
                    3a:47:d8:5f:a9:0b:85:9d:82:18:d4:6a:31:0f:20:
                    cf:87:bc:3a:89:25:15:69:b7:41:68:29:4a:41:08:
                    0c:6f:e9:e1:39:c2:bc:73:ea:35:0e:4c:8e:55:35:
                    3b:a5:c6:ab:a1:58:71:db:b6:b9:b7:c2:d4:7f:bb:
                    7f:32:02:6a:af:3e:23:98:77:f1:a0:ab:e4:98:81:
                    26:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:0A:14:3A:FD:05:23:76:C9:39:63:41:D3:7A:3E:7E:A6:A0:DF:A8
            X509v3 Authority Key Identifier:
                keyid:29:39:0E:C0:AD:CA:5F:07:43:D1:81:14:5C:78:99:F9:91:FB:65:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/4AoUOv0FI3bJOWNB03o-fqag36g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.176.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:7f:fd:a2:c6:8d:a8:9a:33:41:bd:db:ac:85:43:71:b5:6f:
         b7:30:12:2f:22:ab:52:c1:41:4a:ce:28:62:06:ce:70:9e:8c:
         fc:7c:14:7f:76:bc:2c:ac:5f:05:15:ac:fa:da:4f:e3:7f:d1:
         72:2e:44:13:17:4d:dd:c8:5a:78:67:e2:fc:70:18:fc:9a:33:
         cc:44:5a:1b:8a:cc:ce:ac:0a:d0:96:77:8d:f9:25:4d:65:d2:
         96:16:5a:4e:3b:38:7b:4d:43:84:d1:e2:4a:af:bf:17:d5:4f:
         9e:a8:38:17:1b:00:fc:61:ec:44:a1:5a:98:2f:a8:4a:35:de:
         44:c7:71:16:39:06:29:86:f0:ec:02:2b:f0:95:0d:c8:7b:8a:
         e7:b2:97:26:45:fa:55:03:7e:4b:f1:48:ba:54:87:5a:36:ed:
         7c:63:d0:71:f9:93:7b:91:50:84:6b:9a:e1:6b:e6:42:52:68:
         d7:01:6e:96:5b:a1:16:e0:2e:02:4c:69:38:f2:84:3d:2e:7e:
         6a:04:d6:d0:52:24:00:d7:23:32:64:c0:3b:28:6d:c1:42:84:
         f0:46:e8:34:f1:de:23:b4:e0:73:2d:21:69:74:c0:5f:75:e0:
         f9:ba:f5:2f:22:51:c8:4d:eb:51:7f:82:51:7e:c3:65:1d:78:
         99:8d:24:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmkdDMTeBoTVQlncPkq+ThFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MzkwZWMwYWRjYTVmMDc0M2QxODExNDVjNzg5OWY5OTFm
YjY1ZTAwHhcNMjUxMDAyMTAyNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDBhMTQzYWZkMDUyMzc2YzkzOTYzNDFkMzdhM2U3ZWE2YTBkZmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+5ImDf/VFFjCgP9lANJ/Ngrw6S9
VvuRBGx2nhi7wnXB2EFc3j7NHzCxFDhuujcGx1eDZJlzCqgq2IK8CHgQfCc2pm2j
VzHy1ZwjeNZm6bvtdQBe1WZHPhZ3nvMQMse49+Bo8ykOa0Xqbrv1571V5+QJssou
qI5NLOjwvtdDrQgilDABMenfG6mx5XPIEOvfN+O0NvVq5gpj02e2i2LkA0BbDLwp
e3ReCaViWpQZxRoOThk6R9hfqQuFnYIY1GoxDyDPh7w6iSUVabdBaClKQQgMb+nh
OcK8c+o1DkyOVTU7pcaroVhx27a5t8LUf7t/MgJqrz4jmHfxoKvkmIEm2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOAKFDr9BSN2yTljQdN6Pn6moN+oMB8GA1UdIwQY
MBaAFCk5DsCtyl8HQ9GBFFx4mfmR+2XgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1RrT3dLM0tYd2REMFlFVVhIaVotWkg3WmVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9iMzEzOTItMmQxYy00OTM0LWE1OWUt
ZWQ0MzNhYWM3ODI4LzEvNEFvVU92MEZJM2JKT1dOQjAzby1mcWFnMzZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9iMzEzOTItMmQxYy00OTM0LWE1OWUtZWQ0MzNhYWM3ODI4
LzEvS1RrT3dLM0tYd2REMFlFVVhIaVotWkg3WmVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1LBeMA0G
CSqGSIb3DQEBCwUAA4IBAQAif/2ixo2omjNBvdushUNxtW+3MBIvIqtSwUFKzihi
Bs5wnoz8fBR/drwsrF8FFaz62k/jf9FyLkQTF03dyFp4Z+L8cBj8mjPMRFobiszO
rArQlneN+SVNZdKWFlpOOzh7TUOE0eJKr78X1U+eqDgXGwD8YexEoVqYL6hKNd5E
x3EWOQYphvDsAivwlQ3Ie4rnspcmRfpVA35L8Ui6VIdaNu18Y9Bx+ZN7kVCEa5rh
a+ZCUmjXAW6WW6EW4C4CTGk48oQ9Ln5qBNbQUiQA1yMyZMA7KG3BQoTwRug08d4j
tOBzLSFpdMBfdeD5uvUvIlHITetRf4JRfsNlHXiZjSTr
-----END CERTIFICATE-----