Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/zNsd-lTTLr2kdaE4xQa-InvHXiw.roa
File:                     zNsd-lTTLr2kdaE4xQa-InvHXiw.roa (raw, json)
Hash identifier:          vZZD6TNZNFIpY+o13bqZsvjkYwAN2YmkHFbWF7Tq9oE=
Subject key identifier:   CC:DB:1D:FA:54:D3:2E:BD:A4:75:A1:38:C5:06:BE:22:7B:C7:5E:2C
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       01999AE6D68DC04B48BD2C4E80445465EBB1
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/zNsd-lTTLr2kdaE4xQa-InvHXiw.roa
Signing time:             Tue 30 Sep 2025 13:54:03 +0000
ROA not before:           Tue 30 Sep 2025 13:54:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51019
IP address blocks:        194.68.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9a:e6:d6:8d:c0:4b:48:bd:2c:4e:80:44:54:65:eb:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Sep 30 13:54:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ccdb1dfa54d32ebda475a138c506be227bc75e2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:ce:37:9f:9b:39:b6:f0:56:f5:c9:e9:68:bf:
                    0f:c1:13:02:33:43:27:6c:94:88:bc:d1:cf:94:78:
                    d4:29:78:4c:4d:5d:a9:36:8a:83:47:ca:56:b0:fd:
                    1e:89:4f:92:4f:3d:ef:2b:4e:e2:e4:c3:c0:52:19:
                    3d:38:19:1e:47:20:1c:24:e7:24:92:b7:43:44:1a:
                    ff:c2:0a:ba:7d:62:c6:bf:a5:a2:7e:e6:39:4d:69:
                    29:96:5a:53:b8:d6:0f:4e:80:ed:4f:0b:e9:a6:4a:
                    f3:f3:87:64:76:b1:70:1b:fc:c9:b8:aa:83:b6:42:
                    cb:3a:32:e0:61:e0:75:1a:c6:1e:95:2d:fc:8d:c9:
                    98:7c:be:52:ed:f6:f2:22:e5:f5:90:31:ad:0f:a3:
                    bb:22:52:cb:5f:fb:53:8d:1c:55:1c:4f:c6:9e:56:
                    1f:57:85:10:0a:fd:00:f8:b5:7e:f9:0f:0d:46:da:
                    94:8c:12:7e:2d:16:fb:f7:8a:e7:a1:85:6f:6c:32:
                    ee:3c:4a:1f:4b:8a:34:2e:0b:3f:ad:94:2f:09:95:
                    85:c9:aa:2e:35:c7:4e:42:b5:b4:87:17:5a:2d:cf:
                    df:e6:17:03:e6:4d:e4:70:3b:cb:fd:5f:e8:dc:97:
                    4a:db:d0:a7:d3:ea:69:7f:39:1b:69:2b:5d:c9:7e:
                    81:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:DB:1D:FA:54:D3:2E:BD:A4:75:A1:38:C5:06:BE:22:7B:C7:5E:2C
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/zNsd-lTTLr2kdaE4xQa-InvHXiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.68.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:d7:37:21:fd:20:52:d0:cc:73:c3:73:10:7d:71:a8:fb:76:
         77:bc:45:98:99:92:fe:43:cd:2f:0a:27:09:25:26:c0:da:38:
         4c:48:21:b4:3d:0a:5b:cd:18:54:68:37:c9:a1:fd:f8:cd:6c:
         62:72:52:3a:fa:3a:5e:71:5d:79:c2:ea:38:14:27:22:75:c3:
         8e:40:c5:14:cc:0f:8c:f9:d6:49:d1:8a:2d:3a:b3:30:8b:20:
         8e:66:df:49:21:10:f5:da:ec:3d:73:98:5f:71:0e:5f:f7:b6:
         56:77:12:c1:4a:ef:3c:43:4b:27:14:3d:be:77:65:54:fb:64:
         5f:96:01:29:57:b4:5b:87:09:50:db:a6:e0:81:71:d2:2b:08:
         c7:6a:e3:4f:4c:38:9f:40:32:77:43:b4:5c:46:2d:a1:39:e0:
         6f:37:63:96:f2:e5:2f:34:50:b1:27:82:2d:1e:1b:ce:de:7b:
         71:50:ef:2f:8c:5a:0a:4a:e6:f3:a7:77:1a:87:35:80:a0:9f:
         15:66:93:0a:46:26:27:40:54:cd:c5:d9:3a:b9:a7:a6:fa:d6:
         42:af:95:ae:9c:f3:fa:c6:a2:5d:42:79:2a:29:8d:4a:2b:99:
         8a:04:8d:af:c7:9e:f0:84:48:9e:e1:a9:60:33:11:d8:6a:2c:
         6d:d0:71:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZma5taNwEtIvSxOgERUZeuxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwOTMwMTM1NDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2RiMWRmYTU0ZDMyZWJkYTQ3NWExMzhjNTA2YmUyMjdiYzc1ZTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgM43n5s5tvBW9cnpaL8PwRMCM0Mn
bJSIvNHPlHjUKXhMTV2pNoqDR8pWsP0eiU+STz3vK07i5MPAUhk9OBkeRyAcJOck
krdDRBr/wgq6fWLGv6WifuY5TWkpllpTuNYPToDtTwvppkrz84dkdrFwG/zJuKqD
tkLLOjLgYeB1GsYelS38jcmYfL5S7fbyIuX1kDGtD6O7IlLLX/tTjRxVHE/GnlYf
V4UQCv0A+LV++Q8NRtqUjBJ+LRb794rnoYVvbDLuPEofS4o0Lgs/rZQvCZWFyaou
NcdOQrW0hxdaLc/f5hcD5k3kcDvL/V/o3JdK29Cn0+ppfzkbaStdyX6B8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMzbHfpU0y69pHWhOMUGviJ7x14sMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvek5zZC1sVFRMcjJrZGFFNHhRYS1JbnZIWGl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkQOMA0G
CSqGSIb3DQEBCwUAA4IBAQAP1zch/SBS0Mxzw3MQfXGo+3Z3vEWYmZL+Q80vCicJ
JSbA2jhMSCG0PQpbzRhUaDfJof34zWxiclI6+jpecV15wuo4FCcidcOOQMUUzA+M
+dZJ0YotOrMwiyCOZt9JIRD12uw9c5hfcQ5f97ZWdxLBSu88Q0snFD2+d2VU+2Rf
lgEpV7RbhwlQ26bggXHSKwjHauNPTDifQDJ3Q7RcRi2hOeBvN2OW8uUvNFCxJ4It
HhvO3ntxUO8vjFoKSubzp3cahzWAoJ8VZpMKRiYnQFTNxdk6uaem+tZCr5WunPP6
xqJdQnkqKY1KK5mKBI2vx57whEie4algMxHYaixt0HHO
-----END CERTIFICATE-----