Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/ZvwtxuslzfQmqhln4NrT0EB6by0.roa
File:                     ZvwtxuslzfQmqhln4NrT0EB6by0.roa (raw, json)
Hash identifier:          /zi0GX6AY/hjXoyJfHeafiIns7K/28qT/TjfHjhKvFY=
Subject key identifier:   66:FC:2D:C6:EB:25:CD:F4:26:AA:19:67:E0:DA:D3:D0:40:7A:6F:2D
Certificate issuer:       /CN=2719412918a6627f99cce55c7aca139057b8574e
Certificate serial:       0199D19BB6438C3456B4B99A935C96BE0A73
Authority key identifier: 27:19:41:29:18:A6:62:7F:99:CC:E5:5C:7A:CA:13:90:57:B8:57:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/ZvwtxuslzfQmqhln4NrT0EB6by0.roa
Signing time:             Sat 11 Oct 2025 04:51:06 +0000
ROA not before:           Sat 11 Oct 2025 04:51:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54252
IP address blocks:        194.50.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:d1:9b:b6:43:8c:34:56:b4:b9:9a:93:5c:96:be:0a:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2719412918a6627f99cce55c7aca139057b8574e
        Validity
            Not Before: Oct 11 04:51:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66fc2dc6eb25cdf426aa1967e0dad3d0407a6f2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:22:d7:f5:12:e8:9c:a1:d0:7c:45:ef:b0:c8:
                    13:8d:b1:a0:ba:69:c2:4a:75:d2:4c:84:fe:c1:39:
                    7e:3e:96:05:da:45:4a:29:79:31:da:8e:2c:38:1f:
                    5b:96:b4:61:4f:48:b8:19:8f:af:c0:a5:c3:c6:91:
                    d5:24:af:37:93:88:f2:5d:c8:49:e9:8b:e1:0c:cf:
                    d1:8d:cc:43:18:58:18:9d:af:20:28:46:91:ef:d9:
                    a8:be:55:26:1d:d1:6a:34:1f:2f:3d:c0:ee:73:c4:
                    02:a7:49:f4:0f:8e:f6:ba:46:40:bb:38:a2:62:71:
                    e8:b6:98:48:7f:1c:1a:43:19:82:34:06:78:ca:64:
                    b9:39:00:b2:55:ba:6b:fc:88:df:f0:7d:d0:3d:7d:
                    1c:6e:4d:2e:0f:fa:72:f0:7c:1f:50:b4:19:81:49:
                    85:a4:99:67:26:55:28:b7:3d:76:a3:5d:71:07:e8:
                    22:b3:20:af:49:c2:04:62:28:75:a5:af:3c:e1:c9:
                    fb:00:e4:f5:db:c1:e0:41:12:b1:5f:b3:ac:91:7a:
                    dc:a0:d7:69:0b:d8:5a:4f:21:72:34:72:3d:62:a5:
                    3d:e8:18:88:ff:1a:ac:03:4c:f6:9a:44:e2:28:59:
                    87:02:5f:f4:91:87:77:39:7f:f0:f4:e4:85:3b:29:
                    fd:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:FC:2D:C6:EB:25:CD:F4:26:AA:19:67:E0:DA:D3:D0:40:7A:6F:2D
            X509v3 Authority Key Identifier:
                keyid:27:19:41:29:18:A6:62:7F:99:CC:E5:5C:7A:CA:13:90:57:B8:57:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/ZvwtxuslzfQmqhln4NrT0EB6by0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:23:0a:ba:64:26:67:ee:28:44:6f:67:8e:59:27:13:5e:d2:
         9d:a6:30:43:53:d4:ca:cb:1f:2e:f7:0d:d9:1d:70:25:42:c5:
         1f:b4:57:2b:29:c8:a8:75:36:b6:4d:45:f8:f4:55:69:9d:87:
         79:b0:0b:f8:7a:80:55:16:9b:c0:55:8a:7a:ca:c2:b8:a7:c8:
         c3:cb:80:43:48:19:88:e5:eb:c6:67:30:1e:ad:f6:2b:1c:84:
         3b:7f:e2:91:dd:f0:52:0f:3e:7a:4b:75:1a:89:eb:e0:76:0f:
         87:93:17:e1:62:ef:ba:2c:ca:7d:62:3b:0b:3a:75:e9:80:f0:
         13:66:ab:b9:ca:6c:f4:2d:81:b3:46:dd:90:de:50:00:d7:4d:
         44:af:84:f6:e6:d4:5a:13:e8:33:0a:d8:89:3e:b2:de:7c:d8:
         50:e2:de:e6:0a:29:2d:dd:8b:ea:cc:1a:95:b6:2e:19:62:89:
         dd:e2:1a:5f:cd:e4:30:c8:ea:26:8b:4e:ad:3e:e0:67:d7:8a:
         91:30:cf:71:6d:94:0c:4b:40:82:4d:15:51:c1:e9:25:6d:ab:
         7e:0b:28:8c:4d:f7:85:59:1f:e7:4a:67:7d:65:67:8a:43:66:
         77:11:c6:dc:9f:6c:c5:31:3b:e4:ce:62:fc:f4:b8:9b:7a:41:
         22:24:6c:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnRm7ZDjDRWtLmak1yWvgpzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MTk0MTI5MThhNjYyN2Y5OWNjZTU1YzdhY2ExMzkwNTdi
ODU3NGUwHhcNMjUxMDExMDQ1MTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmZjMmRjNmViMjVjZGY0MjZhYTE5NjdlMGRhZDNkMDQwN2E2ZjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCLX9RLonKHQfEXvsMgTjbGgumnC
SnXSTIT+wTl+PpYF2kVKKXkx2o4sOB9blrRhT0i4GY+vwKXDxpHVJK83k4jyXchJ
6YvhDM/RjcxDGFgYna8gKEaR79movlUmHdFqNB8vPcDuc8QCp0n0D472ukZAuzii
YnHotphIfxwaQxmCNAZ4ymS5OQCyVbpr/Ijf8H3QPX0cbk0uD/py8HwfULQZgUmF
pJlnJlUotz12o11xB+gisyCvScIEYih1pa884cn7AOT128HgQRKxX7OskXrcoNdp
C9haTyFyNHI9YqU96BiI/xqsA0z2mkTiKFmHAl/0kYd3OX/w9OSFOyn95wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGb8LcbrJc30JqoZZ+Da09BAem8tMB8GA1UdIwQY
MBaAFCcZQSkYpmJ/mczlXHrKE5BXuFdOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnhsQktSaW1Zbi1aek9WY2Vzb1RrRmU0VjA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9lOTJjNDktYmQ0YS00ZThkLWJiZjYt
NGUyMjM5MTdiODYwLzEvWnZ3dHh1c2x6ZlFtcWhsbjROclQwRUI2YnkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9lOTJjNDktYmQ0YS00ZThkLWJiZjYtNGUyMjM5MTdiODYw
LzEvSnhsQktSaW1Zbi1aek9WY2Vzb1RrRmU0VjA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjIBMA0G
CSqGSIb3DQEBCwUAA4IBAQBqIwq6ZCZn7ihEb2eOWScTXtKdpjBDU9TKyx8u9w3Z
HXAlQsUftFcrKciodTa2TUX49FVpnYd5sAv4eoBVFpvAVYp6ysK4p8jDy4BDSBmI
5evGZzAerfYrHIQ7f+KR3fBSDz56S3Uaievgdg+HkxfhYu+6LMp9YjsLOnXpgPAT
Zqu5ymz0LYGzRt2Q3lAA101Er4T25tRaE+gzCtiJPrLefNhQ4t7mCikt3YvqzBqV
ti4ZYond4hpfzeQwyOomi06tPuBn14qRMM9xbZQMS0CCTRVRweklbat+CyiMTfeF
WR/nSmd9ZWeKQ2Z3Ecbcn2zFMTvkzmL89LibekEiJGxf
-----END CERTIFICATE-----