Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/uU-ifMK_qHTd5-jFyVoaIOWGfZ4.roa
File:                     uU-ifMK_qHTd5-jFyVoaIOWGfZ4.roa (raw, json)
Hash identifier:          XoeemwCq+iCHIHS4i6Vait+Nw3TFTjEj7Y5B4TZ2wwM=
Subject key identifier:   B9:4F:A2:7C:C2:BF:A8:74:DD:E7:E8:C5:C9:5A:1A:20:E5:86:7D:9E
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       01998A3D634A7764A5859EB915BCDF6B4D06
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/uU-ifMK_qHTd5-jFyVoaIOWGfZ4.roa
Signing time:             Sat 27 Sep 2025 08:15:02 +0000
ROA not before:           Sat 27 Sep 2025 08:15:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        194.116.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:8a:3d:63:4a:77:64:a5:85:9e:b9:15:bc:df:6b:4d:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: Sep 27 08:15:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b94fa27cc2bfa874dde7e8c5c95a1a20e5867d9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:4e:6c:0b:85:09:2c:73:e0:08:6d:aa:8d:30:
                    f0:a2:6c:8b:de:d7:dc:8e:fb:2d:a1:25:7d:e7:84:
                    4a:47:ab:f8:82:29:6c:1b:e5:4e:b5:0c:7a:63:be:
                    c7:ed:c2:ae:ca:e7:7a:8e:e0:fc:76:e5:f0:56:5d:
                    e2:0d:9d:21:04:b4:48:b0:29:9d:46:db:e8:64:54:
                    f4:08:5c:df:17:e8:bf:3d:56:e7:0c:a8:bf:52:b4:
                    b1:8b:dc:e1:66:ad:ea:8c:06:89:6c:0c:1e:57:05:
                    93:eb:40:3d:db:56:53:5b:e0:f0:b3:ba:4f:fd:b5:
                    5e:21:ad:45:1b:da:f1:67:ff:e0:d1:bc:5e:6a:28:
                    f8:c1:6c:b2:81:c9:2e:34:48:cc:39:43:a8:be:bd:
                    30:74:db:d8:b3:54:4d:4f:88:e4:8c:4f:45:96:c5:
                    34:9b:56:51:ba:21:9e:10:94:0e:cb:32:b5:56:cc:
                    98:3e:e6:96:9a:a3:e0:fd:74:fa:e5:90:b8:df:a7:
                    bc:2a:fd:06:82:b5:6d:0d:3b:27:07:54:bb:65:ee:
                    0c:9e:8a:e6:88:24:7a:98:71:4a:20:0d:a3:a8:f3:
                    54:3e:88:a3:0c:ae:d4:81:79:f7:d2:b1:d6:1a:d1:
                    1a:28:87:51:4b:d6:67:66:6b:4a:fd:b6:ce:38:20:
                    d0:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:4F:A2:7C:C2:BF:A8:74:DD:E7:E8:C5:C9:5A:1A:20:E5:86:7D:9E
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/uU-ifMK_qHTd5-jFyVoaIOWGfZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.116.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:33:9e:dd:7b:64:0f:74:3d:c9:6c:eb:1e:11:25:f2:42:77:
         dc:12:e9:4a:b8:5f:91:23:ca:2f:dd:52:4f:d7:3a:c9:1b:88:
         ec:79:18:fc:f1:33:1c:f5:06:95:77:ee:27:d2:e3:69:5c:c6:
         59:da:73:9a:79:fd:a9:3a:94:8f:0a:c1:0c:8d:ee:cb:d2:ea:
         27:68:32:27:91:88:ae:a1:b6:8d:bd:83:9e:30:81:b2:9f:57:
         57:3c:7b:d5:cb:fd:eb:44:79:22:c5:4c:f9:13:a6:a5:6b:90:
         7c:5f:be:33:8e:92:f3:36:ff:9d:22:35:be:dd:03:5e:ca:24:
         ba:76:e4:3a:fa:8d:21:ac:ee:83:4e:df:f6:ba:0c:83:c7:ed:
         74:12:c5:22:ec:88:7e:9f:87:c5:14:ab:21:08:ed:92:c7:c5:
         ee:3f:47:58:a5:44:3d:7b:7f:67:87:6e:e1:a7:8b:c7:c0:8e:
         33:36:42:7a:6f:ee:a2:9f:44:3d:5f:37:4d:95:fe:90:81:21:
         78:6c:3e:5c:05:e4:7f:c3:0f:fe:16:46:22:fb:ec:3e:c2:ba:
         de:1a:b6:82:dc:34:bf:7e:dc:f8:28:25:8f:6b:1e:4e:26:c7:
         6d:b1:7f:5f:95:9d:1e:9f:04:4d:0b:c5:6f:b6:5d:f8:74:c8:
         7f:9b:5f:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmKPWNKd2SlhZ65Fbzfa00GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjUwOTI3MDgxNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTRmYTI3Y2MyYmZhODc0ZGRlN2U4YzVjOTVhMWEyMGU1ODY3ZDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqE5sC4UJLHPgCG2qjTDwomyL3tfc
jvstoSV954RKR6v4gilsG+VOtQx6Y77H7cKuyud6juD8duXwVl3iDZ0hBLRIsCmd
RtvoZFT0CFzfF+i/PVbnDKi/UrSxi9zhZq3qjAaJbAweVwWT60A921ZTW+Dws7pP
/bVeIa1FG9rxZ//g0bxeaij4wWyygckuNEjMOUOovr0wdNvYs1RNT4jkjE9FlsU0
m1ZRuiGeEJQOyzK1VsyYPuaWmqPg/XT65ZC436e8Kv0GgrVtDTsnB1S7Ze4Mnorm
iCR6mHFKIA2jqPNUPoijDK7UgXn30rHWGtEaKIdRS9ZnZmtK/bbOOCDQZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLlPonzCv6h03efoxclaGiDlhn2eMB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvdVUtaWZNS19xSFRkNS1qRnlWb2FJT1dHZlo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgtYWRhNWMyMGUzZjdi
LzEvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnTrMA0G
CSqGSIb3DQEBCwUAA4IBAQAWM57de2QPdD3JbOseESXyQnfcEulKuF+RI8ov3VJP
1zrJG4jseRj88TMc9QaVd+4n0uNpXMZZ2nOaef2pOpSPCsEMje7L0uonaDInkYiu
obaNvYOeMIGyn1dXPHvVy/3rRHkixUz5E6ala5B8X74zjpLzNv+dIjW+3QNeyiS6
duQ6+o0hrO6DTt/2ugyDx+10EsUi7Ih+n4fFFKshCO2Sx8XuP0dYpUQ9e39nh27h
p4vHwI4zNkJ6b+6in0Q9XzdNlf6QgSF4bD5cBeR/ww/+FkYi++w+wrreGraC3DS/
ftz4KCWPax5OJsdtsX9flZ0enwRNC8Vvtl34dMh/m1/h
-----END CERTIFICATE-----