Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/uZfvttHeYCpTmwGtvthls2GR6Mk.roa
File:                     uZfvttHeYCpTmwGtvthls2GR6Mk.roa (raw, json)
Hash identifier:          +oUNgtgeFHW/Ao/Yv6Zmwz+f8VUM2x/qnI4Y2b/e5es=
Subject key identifier:   B9:97:EF:B6:D1:DE:60:2A:53:9B:01:AD:BE:D8:65:B3:61:91:E8:C9
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       0199D4472C91FBC3392481B9258C8A0FE402
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/uZfvttHeYCpTmwGtvthls2GR6Mk.roa
Signing time:             Sat 11 Oct 2025 17:17:38 +0000
ROA not before:           Sat 11 Oct 2025 17:17:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        192.145.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 10:02:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:d4:47:2c:91:fb:c3:39:24:81:b9:25:8c:8a:0f:e4:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Oct 11 17:17:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b997efb6d1de602a539b01adbed865b36191e8c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:e2:c3:d6:5b:ca:1d:c2:4c:04:43:33:42:71:
                    9d:a2:5a:c0:e2:3d:1e:7d:98:a9:d3:59:b4:47:2b:
                    32:bc:70:f0:ee:ac:2b:0e:f6:47:3b:59:a1:a0:a4:
                    0e:f0:7c:7a:2d:37:b4:cc:64:77:a1:4f:b2:3c:f6:
                    e4:95:d4:d2:2a:51:d2:e5:d7:bc:0e:93:19:dc:1c:
                    e9:14:16:8e:58:04:8b:dc:80:eb:f8:34:c1:5b:65:
                    ea:4b:78:5d:d8:d0:67:04:ac:11:86:b0:fe:4c:a4:
                    fc:5e:5d:62:e8:28:9a:76:44:1a:c2:3b:42:c5:4b:
                    8e:e8:64:b4:41:7c:5a:c5:c1:5a:20:6a:01:d1:b0:
                    7d:fc:6f:f5:31:43:51:d9:c8:4a:03:0b:c5:d6:47:
                    7f:24:b3:dc:94:60:28:f6:73:6a:c4:7d:6f:b3:c7:
                    ce:44:e2:7e:40:06:ef:49:29:29:91:f3:be:4a:67:
                    bd:ea:bb:74:6a:b3:c4:39:ea:54:5e:84:b1:e6:d7:
                    eb:74:08:d6:74:31:25:50:19:5f:2f:98:a8:c1:76:
                    fe:f3:2a:ec:d7:ab:a1:10:94:d1:ef:9e:33:7e:5a:
                    8d:9d:29:75:2c:ca:6e:5c:43:6b:cc:a4:a8:1b:e3:
                    94:ab:d3:4a:57:9f:0d:f2:2c:ca:c9:ee:37:19:81:
                    64:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:97:EF:B6:D1:DE:60:2A:53:9B:01:AD:BE:D8:65:B3:61:91:E8:C9
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/uZfvttHeYCpTmwGtvthls2GR6Mk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.145.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:68:91:c4:31:55:39:6a:64:10:2a:75:36:42:39:44:da:0a:
         94:31:79:76:11:94:28:14:69:d0:dd:84:df:0f:ce:50:e5:ae:
         68:47:de:ec:ac:2b:3b:bd:56:73:00:22:48:61:e9:df:d7:c0:
         e1:de:75:f7:3d:ca:06:49:11:20:f5:e3:58:bf:8d:bd:6d:ad:
         e0:49:2b:78:8c:bf:8c:5d:66:ce:dd:66:ea:a4:f4:4d:5a:7b:
         30:37:48:cc:24:e3:32:f2:f8:b1:16:2f:ca:49:fd:6b:63:57:
         c8:47:01:17:e8:6f:c3:4f:dd:0c:e3:04:91:8b:54:11:e2:f5:
         d4:02:25:89:60:94:41:32:54:1f:a7:61:09:97:14:85:59:00:
         0a:86:7d:72:5c:99:25:bb:de:5f:67:79:6c:bb:97:3c:55:64:
         27:39:f5:8c:c9:b6:4e:10:9b:ee:8f:90:c2:13:26:2f:2c:c3:
         ca:14:d7:7a:e3:b7:bd:6b:4c:3f:58:26:ec:bb:6e:86:e2:bb:
         1b:19:21:2b:af:26:87:0e:a8:22:85:92:b6:35:31:b0:31:e4:
         a5:4f:20:7c:90:d0:23:8b:3d:ed:55:94:eb:2a:af:53:85:0b:
         63:9f:5a:f4:10:7e:6b:66:4c:bd:ce:41:de:f4:1a:7d:7b:e8:
         4e:e1:b0:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnURyyR+8M5JIG5JYyKD+QCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjUxMDExMTcxNzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTk3ZWZiNmQxZGU2MDJhNTM5YjAxYWRiZWQ4NjViMzYxOTFlOGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9+LD1lvKHcJMBEMzQnGdolrA4j0e
fZip01m0RysyvHDw7qwrDvZHO1mhoKQO8Hx6LTe0zGR3oU+yPPbkldTSKlHS5de8
DpMZ3BzpFBaOWASL3IDr+DTBW2XqS3hd2NBnBKwRhrD+TKT8Xl1i6CiadkQawjtC
xUuO6GS0QXxaxcFaIGoB0bB9/G/1MUNR2chKAwvF1kd/JLPclGAo9nNqxH1vs8fO
ROJ+QAbvSSkpkfO+Sme96rt0arPEOepUXoSx5tfrdAjWdDElUBlfL5iowXb+8yrs
16uhEJTR754zflqNnSl1LMpuXENrzKSoG+OUq9NKV58N8izKye43GYFk7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLmX77bR3mAqU5sBrb7YZbNhkejJMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvdVpmdnR0SGVZQ3BUbXdHdHZ0aGxzMkdSNk1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwJFFMA0G
CSqGSIb3DQEBCwUAA4IBAQCHaJHEMVU5amQQKnU2QjlE2gqUMXl2EZQoFGnQ3YTf
D85Q5a5oR97srCs7vVZzACJIYenf18Dh3nX3PcoGSREg9eNYv429ba3gSSt4jL+M
XWbO3WbqpPRNWnswN0jMJOMy8vixFi/KSf1rY1fIRwEX6G/DT90M4wSRi1QR4vXU
AiWJYJRBMlQfp2EJlxSFWQAKhn1yXJklu95fZ3lsu5c8VWQnOfWMybZOEJvuj5DC
EyYvLMPKFNd647e9a0w/WCbsu26G4rsbGSErryaHDqgihZK2NTGwMeSlTyB8kNAj
iz3tVZTrKq9ThQtjn1r0EH5rZky9zkHe9Bp9e+hO4bDq
-----END CERTIFICATE-----