Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/f95969-67ef-408e-a743-e1eb79899242/1/O3UwipOzhbcra36OR7wqsPRc0eI.roa
File:                     O3UwipOzhbcra36OR7wqsPRc0eI.roa (raw, json)
Hash identifier:          r6js7pxWhUJ5O0hB/bSR9JVoNUKTp5yLnXbbvCl45RM=
Subject key identifier:   3B:75:30:8A:93:B3:85:B7:2B:6B:7E:8E:47:BC:2A:B0:F4:5C:D1:E2
Certificate issuer:       /CN=385206ac08d840c28bf4ac56899f2a28f8fdccc5
Certificate serial:       019994FAB656BE3E5781F7FBECF4AECD307C
Authority key identifier: 38:52:06:AC:08:D8:40:C2:8B:F4:AC:56:89:9F:2A:28:F8:FD:CC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OFIGrAjYQMKL9KxWiZ8qKPj9zMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/f95969-67ef-408e-a743-e1eb79899242/1/O3UwipOzhbcra36OR7wqsPRc0eI.roa
Signing time:             Mon 29 Sep 2025 10:18:02 +0000
ROA not before:           Mon 29 Sep 2025 10:18:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199878
IP address blocks:        185.42.140.0/23 maxlen: 23
                          185.42.140.0/24 maxlen: 24
                          185.42.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/f95969-67ef-408e-a743-e1eb79899242/1/OFIGrAjYQMKL9KxWiZ8qKPj9zMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/f95969-67ef-408e-a743-e1eb79899242/1/OFIGrAjYQMKL9KxWiZ8qKPj9zMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OFIGrAjYQMKL9KxWiZ8qKPj9zMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:94:fa:b6:56:be:3e:57:81:f7:fb:ec:f4:ae:cd:30:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=385206ac08d840c28bf4ac56899f2a28f8fdccc5
        Validity
            Not Before: Sep 29 10:18:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b75308a93b385b72b6b7e8e47bc2ab0f45cd1e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b8:2e:cc:91:c4:50:c1:fa:a3:99:39:dd:ee:
                    c4:f2:9a:73:3f:31:ba:29:f4:07:18:a6:f9:42:f7:
                    a9:c1:98:fc:21:fc:fd:84:bb:4f:a5:b7:bb:f5:14:
                    f2:e8:cc:f2:15:d5:79:46:15:e4:be:65:61:c2:27:
                    11:0b:b8:da:6f:bd:3b:f1:0b:44:17:be:26:72:c1:
                    dd:fe:ed:4e:31:77:a7:a2:36:e3:34:cb:16:38:2d:
                    27:c5:25:a5:50:92:bb:b7:eb:86:5d:78:d8:15:6e:
                    0c:22:c6:1c:65:32:07:eb:b6:67:0e:97:68:96:67:
                    4e:6b:12:cc:9c:48:98:e9:03:59:0d:61:81:59:19:
                    dc:e3:da:ab:e3:4f:d7:2a:88:35:85:1c:a6:06:5c:
                    6c:e2:cd:0e:dd:e2:74:7a:fd:4d:a7:5c:07:c9:52:
                    dd:35:5d:8c:33:39:73:c9:c4:34:96:e8:0c:b9:00:
                    fd:e0:78:12:d8:e6:19:2f:5d:e1:c0:88:0c:e7:8e:
                    f1:31:e4:e1:01:7a:2a:93:d7:3f:31:56:0c:24:d8:
                    5b:39:ea:b0:23:78:a2:30:38:75:da:a6:76:6a:4b:
                    10:13:b6:dc:a0:d6:c6:ac:a2:b7:08:9c:ac:c5:fa:
                    7a:0b:92:cf:26:09:e1:93:c7:8e:73:85:94:c5:88:
                    47:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:75:30:8A:93:B3:85:B7:2B:6B:7E:8E:47:BC:2A:B0:F4:5C:D1:E2
            X509v3 Authority Key Identifier:
                keyid:38:52:06:AC:08:D8:40:C2:8B:F4:AC:56:89:9F:2A:28:F8:FD:CC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OFIGrAjYQMKL9KxWiZ8qKPj9zMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/f95969-67ef-408e-a743-e1eb79899242/1/O3UwipOzhbcra36OR7wqsPRc0eI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/f95969-67ef-408e-a743-e1eb79899242/1/OFIGrAjYQMKL9KxWiZ8qKPj9zMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.42.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:7b:39:11:56:ae:4f:10:7a:30:7e:7d:01:ac:9b:9e:23:43:
         d7:c8:79:69:e3:7d:de:ce:8e:f5:5d:e2:d2:68:af:66:8b:25:
         4a:6e:c7:6e:88:59:3a:77:05:68:b8:83:d1:56:b1:f1:2e:6d:
         11:5c:20:35:77:ed:81:23:32:66:5a:71:04:df:a4:26:49:cc:
         5e:2e:76:b6:6d:c3:3a:b9:8b:b2:c9:7d:24:df:2a:7b:aa:17:
         7f:4c:e9:00:c7:5c:44:a7:d8:f3:57:a4:21:13:d8:aa:17:c2:
         45:bb:37:d3:a3:27:a7:76:12:8e:8a:87:1e:03:91:1b:8a:59:
         22:3f:17:17:c3:bc:11:fe:20:6b:2f:98:90:03:e2:f1:3c:1e:
         26:c8:e2:10:a7:91:ba:2b:f5:d7:49:b0:16:ce:af:81:c2:27:
         57:d6:d3:a7:cb:5c:e3:8b:b1:4a:ea:ac:6e:1a:e6:63:5d:f3:
         7c:69:52:36:f4:6b:6d:6e:79:2a:f5:8f:c0:17:60:8b:e4:42:
         d9:71:b4:40:bd:32:4e:8a:17:18:cf:b3:7c:d4:2e:94:d8:75:
         c0:c7:67:ad:64:42:97:3f:b6:d1:40:7d:c3:e0:65:17:76:f6:
         32:50:57:6e:ae:7e:43:6d:7f:41:b8:ce:59:57:c6:4e:ae:ac:
         90:ad:be:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmU+rZWvj5Xgff77PSuzTB8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4NTIwNmFjMDhkODQwYzI4YmY0YWM1Njg5OWYyYTI4Zjhm
ZGNjYzUwHhcNMjUwOTI5MTAxODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjc1MzA4YTkzYjM4NWI3MmI2YjdlOGU0N2JjMmFiMGY0NWNkMWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7guzJHEUMH6o5k53e7E8ppzPzG6
KfQHGKb5QvepwZj8Ifz9hLtPpbe79RTy6MzyFdV5RhXkvmVhwicRC7jab7078QtE
F74mcsHd/u1OMXenojbjNMsWOC0nxSWlUJK7t+uGXXjYFW4MIsYcZTIH67ZnDpdo
lmdOaxLMnEiY6QNZDWGBWRnc49qr40/XKog1hRymBlxs4s0O3eJ0ev1Np1wHyVLd
NV2MMzlzycQ0lugMuQD94HgS2OYZL13hwIgM547xMeThAXoqk9c/MVYMJNhbOeqw
I3iiMDh12qZ2aksQE7bcoNbGrKK3CJysxfp6C5LPJgnhk8eOc4WUxYhHQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDt1MIqTs4W3K2t+jke8KrD0XNHiMB8GA1UdIwQY
MBaAFDhSBqwI2EDCi/SsVomfKij4/czFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0ZJR3JBallRTUtMOUt4V2laOHFLUGo5ek1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS9mOTU5NjktNjdlZi00MDhlLWE3NDMt
ZTFlYjc5ODk5MjQyLzEvTzNVd2lwT3poYmNyYTM2T1I3d3FzUFJjMGVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS9mOTU5NjktNjdlZi00MDhlLWE3NDMtZTFlYjc5ODk5MjQy
LzEvT0ZJR3JBallRTUtMOUt4V2laOHFLUGo5ek1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSqMMA0G
CSqGSIb3DQEBCwUAA4IBAQB1ezkRVq5PEHowfn0BrJueI0PXyHlp433ezo71XeLS
aK9miyVKbsduiFk6dwVouIPRVrHxLm0RXCA1d+2BIzJmWnEE36QmScxeLna2bcM6
uYuyyX0k3yp7qhd/TOkAx1xEp9jzV6QhE9iqF8JFuzfToyendhKOioceA5Ebilki
PxcXw7wR/iBrL5iQA+LxPB4myOIQp5G6K/XXSbAWzq+BwidX1tOny1zji7FK6qxu
GuZjXfN8aVI29Gttbnkq9Y/AF2CL5ELZcbRAvTJOihcYz7N81C6U2HXAx2etZEKX
P7bRQH3D4GUXdvYyUFdurn5DbX9BuM5ZV8ZOrqyQrb7d
-----END CERTIFICATE-----