Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/b47t3hsy2CftrhVLenOUHq6-nsQ.roa
File:                     b47t3hsy2CftrhVLenOUHq6-nsQ.roa (raw, json)
Hash identifier:          Eou6qSRq0rXQ5yHHocbkgMIMmQ6vcrsml3veQfmuzcA=
Subject key identifier:   6F:8E:ED:DE:1B:32:D8:27:ED:AE:15:4B:7A:73:94:1E:AE:BE:9E:C4
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       01999A91B033AF16018A5712FBE671BBB2CF
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/b47t3hsy2CftrhVLenOUHq6-nsQ.roa
Signing time:             Tue 30 Sep 2025 12:21:03 +0000
ROA not before:           Tue 30 Sep 2025 12:21:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209837
IP address blocks:        194.132.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9a:91:b0:33:af:16:01:8a:57:12:fb:e6:71:bb:b2:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Sep 30 12:21:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f8eedde1b32d827edae154b7a73941eaebe9ec4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:3a:05:7c:56:b2:c2:15:34:d3:09:6d:72:22:
                    f3:1f:95:08:6f:47:16:ca:5e:89:63:8b:33:17:0a:
                    bf:b4:22:35:39:b7:90:8d:31:6b:79:88:59:66:ec:
                    a0:1e:52:4b:c4:04:6d:3a:59:17:5f:4b:8b:b9:8b:
                    dd:d9:cd:b6:76:24:bc:a4:17:98:23:75:22:f1:71:
                    d0:17:f1:c7:8a:9d:77:f5:8f:8e:c2:0b:22:47:0a:
                    5e:77:3d:ac:4f:01:96:f5:e6:bd:9d:d9:f9:b9:2b:
                    c4:4c:05:3f:b6:cb:c1:22:d6:bf:3b:73:1e:28:2a:
                    b2:75:88:f0:75:eb:c8:24:09:ae:a2:d1:4e:a6:c1:
                    f7:9c:e5:3f:4c:ae:b7:73:8e:5b:d7:cb:c1:b6:c4:
                    5a:db:35:d3:e3:33:71:f8:ac:0b:3e:ba:b3:b2:6c:
                    e4:41:a6:f3:08:57:51:47:cd:02:92:ea:eb:ea:86:
                    49:4d:f3:f6:a5:29:c4:23:31:d0:94:56:fb:8b:15:
                    73:97:ea:a4:4b:79:29:93:46:53:aa:57:99:3a:9c:
                    13:7e:1f:92:70:ca:71:8f:19:a7:92:c7:2e:f6:74:
                    98:04:dd:1e:59:9e:1d:b4:97:11:61:99:54:10:44:
                    9b:1a:49:34:eb:11:c9:cd:a9:ee:07:5b:f9:78:ef:
                    99:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:8E:ED:DE:1B:32:D8:27:ED:AE:15:4B:7A:73:94:1E:AE:BE:9E:C4
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/b47t3hsy2CftrhVLenOUHq6-nsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.132.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:14:e6:99:85:28:f5:c8:19:48:49:30:91:ae:5e:52:2d:8b:
         86:84:86:57:0b:dd:9d:0e:df:e0:50:d0:c3:62:4e:09:ea:37:
         d7:13:dc:03:5a:68:83:4a:50:93:a4:3c:96:a7:60:13:e4:77:
         c7:45:83:39:c9:43:b9:6c:62:3e:87:65:bf:e7:5b:9d:e3:97:
         be:f3:c3:5d:72:5f:a6:ac:fa:74:71:48:e9:de:1f:4d:99:eb:
         fa:80:d9:d8:8d:ca:89:0c:ae:37:68:ba:1b:78:5e:b5:12:dc:
         3b:e5:e8:16:19:56:94:48:2d:75:c3:b6:32:ae:fa:dc:cd:62:
         c8:d0:76:98:5d:aa:39:ef:45:a0:c9:70:48:1d:aa:d4:a4:1d:
         4f:a0:89:1a:5d:37:5b:53:f8:dc:ea:f0:e5:18:6e:62:54:45:
         25:cb:49:5b:16:58:79:f7:c1:4c:2f:f6:b6:24:d8:ba:3b:b0:
         ee:46:f5:bc:13:78:30:71:2d:37:be:2b:24:c1:96:5f:62:84:
         f8:ea:73:9f:72:50:ee:fd:fc:92:64:42:ac:e4:18:b9:48:6e:
         af:b0:d2:d1:69:e5:92:57:b1:ea:6f:46:87:4d:0f:02:18:89:
         39:36:fc:52:41:29:58:f3:8d:d3:bc:92:dc:03:e7:46:6a:3e:
         34:1b:56:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmakbAzrxYBilcS++Zxu7LPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwOTMwMTIyMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjhlZWRkZTFiMzJkODI3ZWRhZTE1NGI3YTczOTQxZWFlYmU5ZWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjoFfFaywhU00wltciLzH5UIb0cW
yl6JY4szFwq/tCI1ObeQjTFreYhZZuygHlJLxARtOlkXX0uLuYvd2c22diS8pBeY
I3Ui8XHQF/HHip139Y+OwgsiRwpedz2sTwGW9ea9ndn5uSvETAU/tsvBIta/O3Me
KCqydYjwdevIJAmuotFOpsH3nOU/TK63c45b18vBtsRa2zXT4zNx+KwLPrqzsmzk
QabzCFdRR80Ckurr6oZJTfP2pSnEIzHQlFb7ixVzl+qkS3kpk0ZTqleZOpwTfh+S
cMpxjxmnkscu9nSYBN0eWZ4dtJcRYZlUEESbGkk06xHJzanuB1v5eO+ZfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG+O7d4bMtgn7a4VS3pzlB6uvp7EMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvYjQ3dDNoc3kyQ2Z0cmhWTGVuT1VIcTYtbnNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwoTXMA0G
CSqGSIb3DQEBCwUAA4IBAQB2FOaZhSj1yBlISTCRrl5SLYuGhIZXC92dDt/gUNDD
Yk4J6jfXE9wDWmiDSlCTpDyWp2AT5HfHRYM5yUO5bGI+h2W/51ud45e+88Ndcl+m
rPp0cUjp3h9Nmev6gNnYjcqJDK43aLobeF61Etw75egWGVaUSC11w7YyrvrczWLI
0HaYXao570WgyXBIHarUpB1PoIkaXTdbU/jc6vDlGG5iVEUly0lbFlh598FML/a2
JNi6O7DuRvW8E3gwcS03viskwZZfYoT46nOfclDu/fySZEKs5Bi5SG6vsNLRaeWS
V7Hqb0aHTQ8CGIk5NvxSQSlY843TvJLcA+dGaj40G1Yl
-----END CERTIFICATE-----