Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/N2s6KqnnW9qGglbgsxkDhGmT3aQ.roa
File:                     N2s6KqnnW9qGglbgsxkDhGmT3aQ.roa (raw, json)
Hash identifier:          1ZleteROqD8Qub7BlNQREKgEscTZbJHqZvsJY5lTHPU=
Subject key identifier:   37:6B:3A:2A:A9:E7:5B:DA:86:82:56:E0:B3:19:03:84:69:93:DD:A4
Certificate issuer:       /CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
Certificate serial:       0199C8CE28CD0EC514F3268F3E5A529DE266
Authority key identifier: 6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/N2s6KqnnW9qGglbgsxkDhGmT3aQ.roa
Signing time:             Thu 09 Oct 2025 11:49:37 +0000
ROA not before:           Thu 09 Oct 2025 11:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8881
IP address blocks:        45.140.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c8:ce:28:cd:0e:c5:14:f3:26:8f:3e:5a:52:9d:e2:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
        Validity
            Not Before: Oct  9 11:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=376b3a2aa9e75bda868256e0b31903846993dda4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:4b:9d:a7:86:3c:a8:91:72:f0:f8:85:b8:5b:
                    13:39:e4:87:f7:ec:69:58:64:36:ce:8b:78:e6:24:
                    cb:3d:d9:04:54:f4:47:97:81:14:c7:09:74:6a:60:
                    1f:5a:c3:00:7d:23:3c:88:41:07:d0:88:28:65:4d:
                    5b:77:00:c6:62:cd:b0:79:9b:93:e1:e3:21:7d:7e:
                    42:f7:e9:af:30:5b:33:b9:a6:07:cf:58:f6:44:e7:
                    8f:aa:c8:30:82:66:be:a3:94:83:05:ce:dd:a5:62:
                    5c:3c:0d:b9:32:81:9d:80:a4:1c:88:71:5b:ac:95:
                    39:f2:8a:c7:21:c2:54:3e:af:f3:d2:80:c6:ea:cf:
                    48:7c:37:ac:90:1e:34:e3:de:f9:39:9a:8d:e0:b8:
                    a8:f2:2b:47:fa:a1:54:ba:88:ef:1f:8b:8f:f5:de:
                    44:f5:5e:19:f5:fe:ab:99:61:36:27:8e:8e:cd:f8:
                    e2:87:1f:42:cd:64:a4:79:5a:30:c6:13:e6:eb:cb:
                    e2:30:63:34:dc:b3:ea:c4:dd:21:75:43:fb:66:82:
                    ec:87:24:71:fa:37:28:aa:6d:62:f8:16:b6:71:8e:
                    53:8f:6d:27:00:1c:e5:c7:77:4c:5c:e2:12:04:f2:
                    40:cb:60:1c:72:91:17:e7:1a:3b:0c:89:04:37:b5:
                    5c:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:6B:3A:2A:A9:E7:5B:DA:86:82:56:E0:B3:19:03:84:69:93:DD:A4
            X509v3 Authority Key Identifier:
                keyid:6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/N2s6KqnnW9qGglbgsxkDhGmT3aQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:a1:0a:53:5c:6b:47:18:74:c8:a0:f3:b6:f4:3e:6c:e0:a4:
         b9:5d:cd:ef:a4:b0:4c:26:22:11:e1:ab:22:27:b6:b6:97:96:
         03:b4:fe:72:ec:92:68:da:41:73:8a:11:b5:5b:b5:37:a5:a4:
         12:54:83:20:1d:45:76:9f:a6:1f:24:64:ea:4c:62:51:45:7c:
         a4:7b:4a:bd:84:b2:e7:11:98:f0:32:3f:e3:5e:30:8d:0e:02:
         63:61:09:51:14:a2:ee:b3:73:aa:8c:19:a0:47:6e:4c:fb:cf:
         07:bc:3d:27:70:04:d7:ea:ee:f3:d5:db:09:a9:97:32:77:74:
         d3:99:b6:23:28:03:fe:30:da:e7:df:02:ab:7e:2e:8b:7f:fe:
         b9:46:0e:83:af:47:72:5c:60:85:52:49:4e:c4:eb:31:74:e3:
         9e:d1:39:52:38:2b:c8:3b:01:15:c9:8c:ae:ef:b0:69:87:67:
         b8:77:38:52:e4:2f:4c:a7:36:e3:b4:e0:26:00:bf:63:af:0f:
         6a:58:df:77:8b:86:6b:4c:db:8a:7c:9e:00:2a:10:23:a4:0f:
         7e:cd:23:e9:3e:71:d0:f9:b6:2d:ca:d2:f4:7e:0c:e9:a1:7a:
         f8:53:f6:7d:96:22:34:07:8a:1d:2a:f6:4a:ab:18:c0:17:b2:
         9d:9f:24:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnIzijNDsUU8yaPPlpSneJmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZDk4YzJjNTRiMGNiZWExMzRlMjdhOTgxY2ZkZGU3MzIz
NmUwNTUwHhcNMjUxMDA5MTE0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzZiM2EyYWE5ZTc1YmRhODY4MjU2ZTBiMzE5MDM4NDY5OTNkZGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA80udp4Y8qJFy8PiFuFsTOeSH9+xp
WGQ2zot45iTLPdkEVPRHl4EUxwl0amAfWsMAfSM8iEEH0IgoZU1bdwDGYs2weZuT
4eMhfX5C9+mvMFszuaYHz1j2ROePqsgwgma+o5SDBc7dpWJcPA25MoGdgKQciHFb
rJU58orHIcJUPq/z0oDG6s9IfDeskB404975OZqN4Lio8itH+qFUuojvH4uP9d5E
9V4Z9f6rmWE2J46Ozfjihx9CzWSkeVowxhPm68viMGM03LPqxN0hdUP7ZoLshyRx
+jcoqm1i+Ba2cY5Tj20nABzlx3dMXOISBPJAy2AccpEX5xo7DIkEN7VciwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDdrOiqp51vahoJW4LMZA4Rpk92kMB8GA1UdIwQY
MBaAFGzZjCxUsMvqE04nqYHP3ecyNuBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWIt
ZDM3ZGY2MzRhOTI5LzEvTjJzNktxbm5XOXFHZ2xiZ3N4a0RoR21UM2FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWItZDM3ZGY2MzRhOTI5
LzEvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYzCMA0G
CSqGSIb3DQEBCwUAA4IBAQCJoQpTXGtHGHTIoPO29D5s4KS5Xc3vpLBMJiIR4asi
J7a2l5YDtP5y7JJo2kFzihG1W7U3paQSVIMgHUV2n6YfJGTqTGJRRXyke0q9hLLn
EZjwMj/jXjCNDgJjYQlRFKLus3OqjBmgR25M+88HvD0ncATX6u7z1dsJqZcyd3TT
mbYjKAP+MNrn3wKrfi6Lf/65Rg6Dr0dyXGCFUklOxOsxdOOe0TlSOCvIOwEVyYyu
77Bph2e4dzhS5C9MpzbjtOAmAL9jrw9qWN93i4ZrTNuKfJ4AKhAjpA9+zSPpPnHQ
+bYtytL0fgzpoXr4U/Z9liI0B4odKvZKqxjAF7KdnyQL
-----END CERTIFICATE-----