Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/Cv8Q_peVRf64Y1ffl4Mm-dEwtA4.roa
File:                     Cv8Q_peVRf64Y1ffl4Mm-dEwtA4.roa (raw, json)
Hash identifier:          JMed3eKfX/IuEsmyZ1/hdxmL+TW6bqbpaU7++Ek9hC8=
Subject key identifier:   0A:FF:10:FE:97:95:45:FE:B8:63:57:DF:97:83:26:F9:D1:30:B4:0E
Certificate issuer:       /CN=e1cadc8a421c1f22f1e2904ccfdbbcec5dbe1b11
Certificate serial:       0199763EFDC6446FA732701FE7D3D0A88830
Authority key identifier: E1:CA:DC:8A:42:1C:1F:22:F1:E2:90:4C:CF:DB:BC:EC:5D:BE:1B:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4crcikIcHyLx4pBMz9u87F2-GxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/Cv8Q_peVRf64Y1ffl4Mm-dEwtA4.roa
Signing time:             Tue 23 Sep 2025 11:04:23 +0000
ROA not before:           Tue 23 Sep 2025 11:04:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24682
IP address blocks:        212.40.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/4crcikIcHyLx4pBMz9u87F2-GxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/4crcikIcHyLx4pBMz9u87F2-GxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4crcikIcHyLx4pBMz9u87F2-GxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 18:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:76:3e:fd:c6:44:6f:a7:32:70:1f:e7:d3:d0:a8:88:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1cadc8a421c1f22f1e2904ccfdbbcec5dbe1b11
        Validity
            Not Before: Sep 23 11:04:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0aff10fe979545feb86357df978326f9d130b40e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a4:f5:88:b3:15:61:df:59:fe:b8:d2:bc:6d:
                    36:32:1e:6f:50:15:f1:13:6f:3c:9f:a0:2f:ab:9c:
                    c9:c5:1a:d4:67:0b:06:67:12:de:e3:58:ec:57:ac:
                    3e:30:8a:e0:f8:b6:b8:03:cd:22:51:e7:b1:c6:d5:
                    ea:23:9e:35:a3:42:92:6d:59:ab:c3:e5:2a:d7:43:
                    ba:67:76:17:95:8e:9a:22:7d:d1:7f:af:87:10:e5:
                    59:66:ef:b6:f7:be:2c:d2:a7:a7:f8:b8:85:db:b8:
                    98:97:ac:b9:35:58:b3:0b:d2:e9:60:79:2f:ff:91:
                    90:40:3b:4d:1a:d9:a5:89:72:d5:94:ba:21:8c:0f:
                    e4:cd:9f:1e:81:fc:0f:03:44:45:1f:5d:d3:05:89:
                    d2:da:53:46:9a:a0:db:f5:2a:6f:7c:a0:4b:43:fa:
                    ec:6b:81:61:b0:22:28:25:87:00:10:2f:93:71:07:
                    82:f5:73:b4:16:ad:f3:04:b2:d2:39:bd:71:08:cf:
                    cb:7d:49:d4:0d:45:ca:f3:a7:36:22:b0:40:b0:a0:
                    8b:36:54:31:6b:ab:9a:fe:75:4d:4a:9b:1f:33:61:
                    19:46:dd:7c:7c:3c:67:5e:bc:53:51:10:b9:d1:0d:
                    87:42:d5:34:03:5a:15:b1:61:de:6c:56:30:db:33:
                    97:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:FF:10:FE:97:95:45:FE:B8:63:57:DF:97:83:26:F9:D1:30:B4:0E
            X509v3 Authority Key Identifier:
                keyid:E1:CA:DC:8A:42:1C:1F:22:F1:E2:90:4C:CF:DB:BC:EC:5D:BE:1B:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4crcikIcHyLx4pBMz9u87F2-GxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/Cv8Q_peVRf64Y1ffl4Mm-dEwtA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/4crcikIcHyLx4pBMz9u87F2-GxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.40.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:d2:6a:fc:74:39:c0:8f:c6:8e:95:73:1e:7e:90:5b:dc:bc:
         6d:4b:c4:64:f0:a6:89:e2:42:d8:1a:e5:ae:fe:b7:70:6a:ce:
         d8:f9:1e:a0:69:09:ca:31:a1:8f:cb:be:0f:4a:8d:39:4c:3a:
         6b:82:c4:aa:9f:75:63:f8:37:ed:94:b9:95:5e:92:dd:8e:b4:
         2b:90:50:8f:4f:99:76:46:a0:ce:7c:a8:81:54:6c:27:f9:e8:
         97:3a:80:25:b0:e9:75:19:c7:7e:2b:ae:b9:33:b2:f0:14:4a:
         ab:1f:3f:e4:8f:c7:b5:24:02:95:1b:52:18:83:5a:e8:d2:54:
         b9:81:2d:85:83:da:4f:9c:ef:7a:e3:96:a0:66:2d:57:c3:67:
         0d:3b:ea:7f:6f:5f:5d:1f:27:3b:dc:9a:57:59:a6:71:61:24:
         1d:2d:06:0a:cd:84:e5:00:16:1e:66:cc:45:f2:e2:79:38:df:
         33:3f:97:3b:ce:2a:ce:b2:8f:39:69:50:b2:17:f9:31:22:39:
         f2:eb:e5:58:84:6b:c1:19:94:f5:37:09:ba:74:90:2c:bf:ed:
         3a:95:a0:90:af:47:80:11:3d:bd:4b:1b:11:33:fb:5e:cd:5f:
         e5:1f:1c:d5:a8:f4:e1:64:3a:95:71:b9:89:ec:9a:0a:ea:cf:
         56:04:2a:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl2Pv3GRG+nMnAf59PQqIgwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxY2FkYzhhNDIxYzFmMjJmMWUyOTA0Y2NmZGJiY2VjNWRi
ZTFiMTEwHhcNMjUwOTIzMTEwNDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWZmMTBmZTk3OTU0NWZlYjg2MzU3ZGY5NzgzMjZmOWQxMzBiNDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6T1iLMVYd9Z/rjSvG02Mh5vUBXx
E288n6Avq5zJxRrUZwsGZxLe41jsV6w+MIrg+La4A80iUeexxtXqI541o0KSbVmr
w+Uq10O6Z3YXlY6aIn3Rf6+HEOVZZu+2974s0qen+LiF27iYl6y5NVizC9LpYHkv
/5GQQDtNGtmliXLVlLohjA/kzZ8egfwPA0RFH13TBYnS2lNGmqDb9SpvfKBLQ/rs
a4FhsCIoJYcAEC+TcQeC9XO0Fq3zBLLSOb1xCM/LfUnUDUXK86c2IrBAsKCLNlQx
a6ua/nVNSpsfM2EZRt18fDxnXrxTURC50Q2HQtU0A1oVsWHebFYw2zOXpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAr/EP6XlUX+uGNX35eDJvnRMLQOMB8GA1UdIwQY
MBaAFOHK3IpCHB8i8eKQTM/bvOxdvhsRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGNyY2lrSWNIeUx4NHBCTXo5dTg3RjItR3hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8xMWFmNDItZDNlZC00M2NkLTgyNzQt
NzQyZGMwYzk3MGMwLzEvQ3Y4UV9wZVZSZjY0WTFmZmw0TW0tZEV3dEE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8xMWFmNDItZDNlZC00M2NkLTgyNzQtNzQyZGMwYzk3MGMw
LzEvNGNyY2lrSWNIeUx4NHBCTXo5dTg3RjItR3hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1CgvMA0G
CSqGSIb3DQEBCwUAA4IBAQCq0mr8dDnAj8aOlXMefpBb3LxtS8Rk8KaJ4kLYGuWu
/rdwas7Y+R6gaQnKMaGPy74PSo05TDprgsSqn3Vj+DftlLmVXpLdjrQrkFCPT5l2
RqDOfKiBVGwn+eiXOoAlsOl1Gcd+K665M7LwFEqrHz/kj8e1JAKVG1IYg1ro0lS5
gS2Fg9pPnO9645agZi1Xw2cNO+p/b19dHyc73JpXWaZxYSQdLQYKzYTlABYeZsxF
8uJ5ON8zP5c7zirOso85aVCyF/kxIjny6+VYhGvBGZT1Nwm6dJAsv+06laCQr0eA
ET29SxsRM/tezV/lHxzVqPThZDqVcbmJ7JoK6s9WBCoW
-----END CERTIFICATE-----