Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/TV9MBnLCdq0YXMlS7n0N6-374eE.roa
File:                     TV9MBnLCdq0YXMlS7n0N6-374eE.roa (raw, json)
Hash identifier:          29vVPe5fMsq8wMs3CBPsJgBaxcV4vylFIV1zsoy0JlI=
Subject key identifier:   4D:5F:4C:06:72:C2:76:AD:18:5C:C9:52:EE:7D:0D:EB:ED:FB:E1:E1
Certificate issuer:       /CN=c98adafb1f31f9889aa4735792b6e3db46931bb9
Certificate serial:       0199C907D64361C6B3138DA4DB84FEFE76B0
Authority key identifier: C9:8A:DA:FB:1F:31:F9:88:9A:A4:73:57:92:B6:E3:DB:46:93:1B:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yYra-x8x-YiapHNXkrbj20aTG7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/TV9MBnLCdq0YXMlS7n0N6-374eE.roa
Signing time:             Thu 09 Oct 2025 12:52:37 +0000
ROA not before:           Thu 09 Oct 2025 12:52:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        141.138.77.0/24 maxlen: 24
                          141.138.78.0/24 maxlen: 24
                          141.138.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/yYra-x8x-YiapHNXkrbj20aTG7k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/yYra-x8x-YiapHNXkrbj20aTG7k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yYra-x8x-YiapHNXkrbj20aTG7k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c9:07:d6:43:61:c6:b3:13:8d:a4:db:84:fe:fe:76:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c98adafb1f31f9889aa4735792b6e3db46931bb9
        Validity
            Not Before: Oct  9 12:52:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d5f4c0672c276ad185cc952ee7d0debedfbe1e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:4c:a9:d4:93:a0:bc:ec:2a:e1:30:d4:6c:c5:
                    4c:d1:c3:6e:30:84:fc:0a:10:63:8a:91:1e:c8:52:
                    6e:38:41:a2:1e:c4:ca:9b:4f:c1:4b:00:74:0d:dc:
                    85:72:48:64:ec:e5:d3:84:ae:20:a0:d0:ab:a8:3e:
                    1f:2b:be:82:23:5c:a8:73:e2:84:fa:93:63:5f:91:
                    ba:f1:19:20:97:6e:f1:ac:2d:b8:bb:66:8a:61:f2:
                    29:8f:5f:85:c9:96:dd:98:56:5c:16:cd:75:1e:4f:
                    ff:ae:21:88:45:50:ec:ce:bf:1e:da:9b:8a:a1:74:
                    3c:d0:5a:09:7c:74:35:13:ef:f0:86:eb:05:c7:52:
                    12:f6:6b:75:90:75:ff:6c:ce:bc:2e:5f:b0:e3:9b:
                    d7:5e:29:8f:4c:ce:ac:5d:aa:c6:b4:7d:f3:7f:00:
                    d0:4e:ff:75:66:9e:2b:34:47:28:27:15:7a:f1:84:
                    d4:91:d2:89:9a:4e:95:74:80:3e:42:76:07:22:5e:
                    9c:84:3f:30:9f:5c:2f:b8:49:8f:41:e9:c3:87:7f:
                    67:e7:99:66:49:67:49:4d:03:77:d9:25:b2:e6:7d:
                    82:14:2a:8f:79:55:31:a0:b4:d0:50:87:29:ad:05:
                    82:56:a5:ca:95:f8:c1:5e:55:e9:c3:8d:23:b1:0a:
                    85:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:5F:4C:06:72:C2:76:AD:18:5C:C9:52:EE:7D:0D:EB:ED:FB:E1:E1
            X509v3 Authority Key Identifier:
                keyid:C9:8A:DA:FB:1F:31:F9:88:9A:A4:73:57:92:B6:E3:DB:46:93:1B:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yYra-x8x-YiapHNXkrbj20aTG7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/TV9MBnLCdq0YXMlS7n0N6-374eE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/yYra-x8x-YiapHNXkrbj20aTG7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.138.77.0-141.138.79.255

    Signature Algorithm: sha256WithRSAEncryption
         40:2f:7d:0c:b3:82:2a:d0:44:1c:5d:df:87:f6:da:f3:84:52:
         79:4b:2d:32:fd:9a:59:46:2a:aa:dd:95:8c:20:d2:f6:a6:06:
         e5:83:c6:30:62:e4:85:e6:5d:76:0d:5e:6d:3c:c1:2a:f9:0e:
         22:5f:ec:0c:4e:6b:e0:2d:25:c4:8f:99:5c:40:1a:d6:36:c1:
         c3:f5:d1:e9:fc:53:35:b9:5f:74:85:8b:96:79:d6:3d:b3:d6:
         d1:0f:ca:53:64:85:9c:d5:36:af:2a:d9:5c:db:1a:85:0d:e7:
         4e:fc:6e:f6:9c:c1:77:31:63:8a:f4:fc:0c:78:00:b1:96:4b:
         93:0e:da:ce:2b:1c:27:43:15:de:80:26:a3:5e:66:e4:c3:cb:
         1a:56:0d:95:c0:f2:b3:87:a1:46:3b:2d:97:fb:bb:7b:8b:f9:
         af:a8:6f:04:6e:aa:b7:d1:05:bc:a9:64:90:75:6d:c9:cf:9e:
         37:c1:23:a7:47:00:f3:80:39:c0:5e:b7:3c:3d:d2:76:df:79:
         9e:c3:b6:c9:8e:c8:c8:8c:ec:a3:1c:ec:fe:cd:76:67:f2:7e:
         24:7b:79:30:42:81:c1:9b:0f:61:e1:d6:93:09:88:75:d4:1d:
         8c:fa:d8:4f:7e:66:32:14:a0:21:bb:5f:9a:7b:92:50:52:98:
         80:26:4a:cb
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZnJB9ZDYcazE42k24T+/nawMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5OGFkYWZiMWYzMWY5ODg5YWE0NzM1NzkyYjZlM2RiNDY5
MzFiYjkwHhcNMjUxMDA5MTI1MjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDVmNGMwNjcyYzI3NmFkMTg1Y2M5NTJlZTdkMGRlYmVkZmJlMWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEyp1JOgvOwq4TDUbMVM0cNuMIT8
ChBjipEeyFJuOEGiHsTKm0/BSwB0DdyFckhk7OXThK4goNCrqD4fK76CI1yoc+KE
+pNjX5G68Rkgl27xrC24u2aKYfIpj1+FyZbdmFZcFs11Hk//riGIRVDszr8e2puK
oXQ80FoJfHQ1E+/whusFx1IS9mt1kHX/bM68Ll+w45vXXimPTM6sXarGtH3zfwDQ
Tv91Zp4rNEcoJxV68YTUkdKJmk6VdIA+QnYHIl6chD8wn1wvuEmPQenDh39n55lm
SWdJTQN32SWy5n2CFCqPeVUxoLTQUIcprQWCVqXKlfjBXlXpw40jsQqFFQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFE1fTAZywnatGFzJUu59Devt++HhMB8GA1UdIwQY
MBaAFMmK2vsfMfmImqRzV5K249tGkxu5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVlyYS14OHgtWWlhcEhOWGtyYmoyMGFURzdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jZDM5YmUtM2UyNS00ZGJjLTg2MGYt
M2IxMDNkNWE2OTBhLzEvVFY5TUJuTENkcTBZWE1sUzduME42LTM3NGVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jZDM5YmUtM2UyNS00ZGJjLTg2MGYtM2IxMDNkNWE2OTBh
LzEveVlyYS14OHgtWWlhcEhOWGtyYmoyMGFURzdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACNik0D
BASNikAwDQYJKoZIhvcNAQELBQADggEBAEAvfQyzgirQRBxd34f22vOEUnlLLTL9
mllGKqrdlYwg0vamBuWDxjBi5IXmXXYNXm08wSr5DiJf7AxOa+AtJcSPmVxAGtY2
wcP10en8UzW5X3SFi5Z51j2z1tEPylNkhZzVNq8q2VzbGoUN5078bvacwXcxY4r0
/Ax4ALGWS5MO2s4rHCdDFd6AJqNeZuTDyxpWDZXA8rOHoUY7LZf7u3uL+a+obwRu
qrfRBbypZJB1bcnPnjfBI6dHAPOAOcBetzw90nbfeZ7DtsmOyMiM7KMc7P7Ndmfy
fiR7eTBCgcGbD2Hh1pMJiHXUHYz62E9+ZjIUoCG7X5p7klBSmIAmSss=
-----END CERTIFICATE-----