Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/dNmEpnLjp-lO8gmW3k6P1Inx2O4.roa
File:                     dNmEpnLjp-lO8gmW3k6P1Inx2O4.roa (raw, json)
Hash identifier:          lJLSDkihxscSK2n9w3BUV6TQD0rnHs7+lDruW36I8YM=
Subject key identifier:   74:D9:84:A6:72:E3:A7:E9:4E:F2:09:96:DE:4E:8F:D4:89:F1:D8:EE
Certificate issuer:       /CN=dee623e2aff7b03afeb94260348c1633b54d9056
Certificate serial:       01995437A000694F87AE209F34FCDF1890D4
Authority key identifier: DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/dNmEpnLjp-lO8gmW3k6P1Inx2O4.roa
Signing time:             Tue 16 Sep 2025 20:29:15 +0000
ROA not before:           Tue 16 Sep 2025 20:29:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210413
IP address blocks:        194.127.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:54:37:a0:00:69:4f:87:ae:20:9f:34:fc:df:18:90:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dee623e2aff7b03afeb94260348c1633b54d9056
        Validity
            Not Before: Sep 16 20:29:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74d984a672e3a7e94ef20996de4e8fd489f1d8ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:4e:80:8e:cc:7f:a0:a0:c4:1b:11:bb:74:76:
                    1a:bb:10:99:d9:97:07:c4:fe:ef:60:47:80:18:f0:
                    3c:3b:a9:4d:b7:11:33:b7:46:27:dd:eb:7d:8c:b8:
                    42:bc:65:f1:e6:70:e2:83:c5:a4:c9:40:d6:fd:f1:
                    e7:b6:69:09:cc:b7:b3:12:9d:88:71:73:4c:6e:c5:
                    df:7b:73:be:75:50:29:83:ed:e9:ba:50:d4:82:9b:
                    c3:68:b4:f1:c2:e2:97:c2:bc:0b:d0:09:02:3a:4d:
                    b3:4a:3c:20:54:52:59:42:a3:bd:c0:47:e2:64:65:
                    3c:86:00:d9:22:47:8d:a5:0a:d9:aa:96:d6:96:d1:
                    56:b0:58:13:04:c4:b0:17:b7:d4:bd:9b:26:c2:67:
                    91:0a:f6:8c:d6:37:e9:35:1e:c0:11:00:43:66:7f:
                    cc:5c:43:20:49:dd:fb:da:f3:ab:a6:65:fd:64:f2:
                    a0:5e:76:b9:7a:d1:2f:b8:a6:a2:05:f6:d3:37:35:
                    4d:dc:3b:ca:9b:a5:85:cb:bf:ad:e2:61:49:2a:bf:
                    2a:17:3a:da:82:d7:97:b9:1d:b7:13:17:77:5b:96:
                    09:13:51:89:64:43:34:74:54:54:c4:11:a9:04:6e:
                    5f:52:34:1f:50:60:ae:33:7d:bb:fd:78:e6:f5:ba:
                    bb:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:D9:84:A6:72:E3:A7:E9:4E:F2:09:96:DE:4E:8F:D4:89:F1:D8:EE
            X509v3 Authority Key Identifier:
                keyid:DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/dNmEpnLjp-lO8gmW3k6P1Inx2O4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:dc:03:68:38:dd:e9:4e:c6:1e:8f:a2:1a:b6:d6:ab:05:f4:
         e3:a0:46:8d:88:35:37:7e:e8:59:42:4a:9f:fd:0f:16:16:5a:
         03:c3:27:c5:8d:40:73:2c:cd:5f:99:7c:da:12:4f:49:d7:dd:
         33:c6:e4:33:71:30:50:74:3a:b2:dd:62:e0:97:cd:4a:38:6e:
         e8:78:d4:88:6a:7a:f9:fe:b2:d2:96:4e:5d:6b:85:56:1b:5e:
         9b:71:d6:bd:ea:3e:26:ea:57:a5:29:23:e9:36:e8:83:1e:c1:
         b2:d2:79:c2:67:6b:51:57:a1:ee:88:f6:9a:0e:9d:69:80:b3:
         ca:68:14:a9:2e:d5:ef:8b:b5:ac:e8:34:e6:f2:87:60:cc:5e:
         33:b0:d1:7c:cf:62:20:a6:d2:cf:21:39:7f:64:d6:85:de:61:
         68:c0:e6:47:a5:74:49:c3:4e:f6:82:5c:70:79:ea:86:fb:76:
         5a:7b:3e:f8:de:0a:92:ee:4e:9a:df:75:9f:24:fa:20:0b:d4:
         15:35:a6:0a:b1:5b:69:3c:48:53:ba:3e:2e:ed:2a:a9:58:49:
         f2:63:16:5f:3b:33:db:8b:93:36:70:e2:55:be:85:84:65:bc:
         96:dd:38:e9:4f:87:38:84:59:b2:9b:27:3e:96:e2:da:47:ac:
         5f:e8:17:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlUN6AAaU+HriCfNPzfGJDUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZTYyM2UyYWZmN2IwM2FmZWI5NDI2MDM0OGMxNjMzYjU0
ZDkwNTYwHhcNMjUwOTE2MjAyOTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGQ5ODRhNjcyZTNhN2U5NGVmMjA5OTZkZTRlOGZkNDg5ZjFkOGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtE6Ajsx/oKDEGxG7dHYauxCZ2ZcH
xP7vYEeAGPA8O6lNtxEzt0Yn3et9jLhCvGXx5nDig8WkyUDW/fHntmkJzLezEp2I
cXNMbsXfe3O+dVApg+3pulDUgpvDaLTxwuKXwrwL0AkCOk2zSjwgVFJZQqO9wEfi
ZGU8hgDZIkeNpQrZqpbWltFWsFgTBMSwF7fUvZsmwmeRCvaM1jfpNR7AEQBDZn/M
XEMgSd372vOrpmX9ZPKgXna5etEvuKaiBfbTNzVN3DvKm6WFy7+t4mFJKr8qFzra
gteXuR23Exd3W5YJE1GJZEM0dFRUxBGpBG5fUjQfUGCuM327/Xjm9bq7+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHTZhKZy46fpTvIJlt5Oj9SJ8djuMB8GA1UdIwQY
MBaAFN7mI+Kv97A6/rlCYDSMFjO1TZBWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQt
NmNjMWQzZWE4MzJlLzEvZE5tRXBuTGpwLWxPOGdtVzNrNlAxSW54Mk80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQtNmNjMWQzZWE4MzJl
LzEvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn9tMA0G
CSqGSIb3DQEBCwUAA4IBAQA+3ANoON3pTsYej6IattarBfTjoEaNiDU3fuhZQkqf
/Q8WFloDwyfFjUBzLM1fmXzaEk9J190zxuQzcTBQdDqy3WLgl81KOG7oeNSIanr5
/rLSlk5da4VWG16bcda96j4m6lelKSPpNuiDHsGy0nnCZ2tRV6HuiPaaDp1pgLPK
aBSpLtXvi7Ws6DTm8odgzF4zsNF8z2IgptLPITl/ZNaF3mFowOZHpXRJw072glxw
eeqG+3Zaez743gqS7k6a33WfJPogC9QVNaYKsVtpPEhTuj4u7SqpWEnyYxZfOzPb
i5M2cOJVvoWEZbyW3TjpT4c4hFmymyc+luLaR6xf6Bev
-----END CERTIFICATE-----