Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/bcf167-b618-48d3-9a4e-d7b6063dca37/1/C9L0K7yADXrU4jDJkBoJNOO2HpA.roa
File:                     C9L0K7yADXrU4jDJkBoJNOO2HpA.roa (raw, json)
Hash identifier:          IZHkzjvb/corGaUQQ3F7DNaW6MeAZqyNKvnYJHFn6Fc=
Subject key identifier:   0B:D2:F4:2B:BC:80:0D:7A:D4:E2:30:C9:90:1A:09:34:E3:B6:1E:90
Certificate issuer:       /CN=ae52db82090b343f89f7c637cf41a94bcfd4346a
Certificate serial:       0199E409E767EB1C9B59BD35F0D991C5AD16
Authority key identifier: AE:52:DB:82:09:0B:34:3F:89:F7:C6:37:CF:41:A9:4B:CF:D4:34:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rlLbggkLND-J98Y3z0GpS8_UNGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/bcf167-b618-48d3-9a4e-d7b6063dca37/1/C9L0K7yADXrU4jDJkBoJNOO2HpA.roa
Signing time:             Tue 14 Oct 2025 18:44:38 +0000
ROA not before:           Tue 14 Oct 2025 18:44:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29687
IP address blocks:        128.140.188.0/22 maxlen: 22
                          128.140.188.0/24 maxlen: 24
                          128.140.189.0/24 maxlen: 24
                          128.140.190.0/24 maxlen: 24
                          128.140.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/bcf167-b618-48d3-9a4e-d7b6063dca37/1/rlLbggkLND-J98Y3z0GpS8_UNGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/bcf167-b618-48d3-9a4e-d7b6063dca37/1/rlLbggkLND-J98Y3z0GpS8_UNGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rlLbggkLND-J98Y3z0GpS8_UNGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e4:09:e7:67:eb:1c:9b:59:bd:35:f0:d9:91:c5:ad:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae52db82090b343f89f7c637cf41a94bcfd4346a
        Validity
            Not Before: Oct 14 18:44:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0bd2f42bbc800d7ad4e230c9901a0934e3b61e90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:35:c1:16:24:30:a6:8d:ce:63:d0:64:64:57:
                    c0:3f:47:4a:58:32:d4:85:80:5e:13:17:f1:00:33:
                    7b:c7:58:d9:3c:0e:af:c8:18:22:49:c7:49:f1:80:
                    95:a9:18:7b:e3:ae:a5:17:0e:7b:b6:fe:51:49:21:
                    8d:f9:15:54:bf:8b:61:56:48:8e:a6:65:8a:e9:b7:
                    26:ed:f0:54:1a:f1:2a:5e:17:ad:16:0f:d9:6d:ce:
                    9d:0f:bb:63:51:4d:a5:fe:22:53:66:68:5c:e0:18:
                    4d:6f:3b:43:41:9e:a3:15:ec:25:c3:cb:21:a0:73:
                    2a:03:93:92:66:84:75:3d:b1:c7:cb:3b:5e:98:23:
                    46:ab:7a:52:92:52:b1:08:b0:9e:4f:e0:ce:0c:2b:
                    5e:ff:74:48:3e:b3:d1:74:fc:6e:f6:32:92:1d:63:
                    c8:25:b2:3b:04:b5:51:1b:7e:fa:ce:87:d1:bc:5d:
                    d3:38:7a:15:b4:1d:97:e3:48:93:b1:de:66:1a:8a:
                    76:db:01:a0:1a:5e:89:ca:da:dc:68:e3:9a:68:4a:
                    84:17:1d:57:ce:ed:a5:89:92:3f:f6:52:76:d7:18:
                    12:1e:3c:bc:0d:50:47:b9:c2:ba:93:42:2a:7f:b0:
                    a8:db:57:9a:8b:ea:3e:04:56:2a:78:50:0b:42:40:
                    1e:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:D2:F4:2B:BC:80:0D:7A:D4:E2:30:C9:90:1A:09:34:E3:B6:1E:90
            X509v3 Authority Key Identifier:
                keyid:AE:52:DB:82:09:0B:34:3F:89:F7:C6:37:CF:41:A9:4B:CF:D4:34:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rlLbggkLND-J98Y3z0GpS8_UNGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/bcf167-b618-48d3-9a4e-d7b6063dca37/1/C9L0K7yADXrU4jDJkBoJNOO2HpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/bcf167-b618-48d3-9a4e-d7b6063dca37/1/rlLbggkLND-J98Y3z0GpS8_UNGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.140.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         72:8d:58:78:b7:b0:11:eb:a9:38:6e:04:a2:41:78:19:b9:12:
         b4:e5:80:ed:b2:21:df:42:3f:06:9d:42:30:96:7d:57:05:d0:
         2e:84:79:25:47:78:34:f9:72:cf:6d:1d:59:49:c6:30:71:aa:
         a5:2b:00:ff:cc:f9:e3:5f:3c:db:30:d0:67:6f:9f:1d:b4:fa:
         ea:35:d3:33:78:88:7e:88:fd:9e:5b:72:69:97:2e:56:28:01:
         5d:dc:f6:9a:6e:33:2e:ab:cd:fd:0e:9d:43:63:ce:5a:f5:53:
         fc:0f:85:ab:ab:57:8e:11:56:74:ea:9e:03:ac:9b:21:bb:62:
         95:f1:39:96:79:ad:0d:8c:a8:6e:3c:a0:52:1d:52:41:d5:31:
         f4:5e:65:c2:c0:bd:d2:ec:0e:72:44:38:d5:78:8a:93:74:f7:
         49:43:9e:de:24:7c:40:e8:ef:73:c9:17:9a:ba:f9:af:f6:3e:
         06:2b:9e:c1:ad:38:12:8e:c0:ca:78:9f:5f:01:5c:87:0e:6b:
         78:32:fd:24:17:54:c4:dc:6b:d9:71:2a:55:7b:50:b3:29:8c:
         bc:8f:8b:09:72:8c:59:0f:ca:f7:ed:10:cc:17:6e:61:1e:9d:
         fb:94:71:05:b0:a5:bf:34:a3:b9:4b:ab:ad:50:2e:b9:41:46:
         9d:23:2f:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnkCedn6xybWb018NmRxa0WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlNTJkYjgyMDkwYjM0M2Y4OWY3YzYzN2NmNDFhOTRiY2Zk
NDM0NmEwHhcNMjUxMDE0MTg0NDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmQyZjQyYmJjODAwZDdhZDRlMjMwYzk5MDFhMDkzNGUzYjYxZTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjXBFiQwpo3OY9BkZFfAP0dKWDLU
hYBeExfxADN7x1jZPA6vyBgiScdJ8YCVqRh7466lFw57tv5RSSGN+RVUv4thVkiO
pmWK6bcm7fBUGvEqXhetFg/Zbc6dD7tjUU2l/iJTZmhc4BhNbztDQZ6jFewlw8sh
oHMqA5OSZoR1PbHHyztemCNGq3pSklKxCLCeT+DODCte/3RIPrPRdPxu9jKSHWPI
JbI7BLVRG376zofRvF3TOHoVtB2X40iTsd5mGop22wGgGl6JytrcaOOaaEqEFx1X
zu2liZI/9lJ21xgSHjy8DVBHucK6k0Iqf7Co21eai+o+BFYqeFALQkAeowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvS9Cu8gA161OIwyZAaCTTjth6QMB8GA1UdIwQY
MBaAFK5S24IJCzQ/iffGN89BqUvP1DRqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmxMYmdna0xORC1KOThZM3owR3BTOF9VTkdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9iY2YxNjctYjYxOC00OGQzLTlhNGUt
ZDdiNjA2M2RjYTM3LzEvQzlMMEs3eUFEWHJVNGpESmtCb0pOT08ySHBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9iY2YxNjctYjYxOC00OGQzLTlhNGUtZDdiNjA2M2RjYTM3
LzEvcmxMYmdna0xORC1KOThZM3owR3BTOF9VTkdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCgIy8MA0G
CSqGSIb3DQEBCwUAA4IBAQByjVh4t7AR66k4bgSiQXgZuRK05YDtsiHfQj8GnUIw
ln1XBdAuhHklR3g0+XLPbR1ZScYwcaqlKwD/zPnjXzzbMNBnb58dtPrqNdMzeIh+
iP2eW3Jply5WKAFd3PaabjMuq839Dp1DY85a9VP8D4Wrq1eOEVZ06p4DrJshu2KV
8TmWea0NjKhuPKBSHVJB1TH0XmXCwL3S7A5yRDjVeIqTdPdJQ57eJHxA6O9zyRea
uvmv9j4GK57BrTgSjsDKeJ9fAVyHDmt4Mv0kF1TE3GvZcSpVe1CzKYy8j4sJcoxZ
D8r37RDMF25hHp37lHEFsKW/NKO5S6utUC65QUadIy+p
-----END CERTIFICATE-----