Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/Cu_tMI7PQ6xbwC801ON2UpFh-7U.roa
File:                     Cu_tMI7PQ6xbwC801ON2UpFh-7U.roa (raw, json)
Hash identifier:          GIgBSdweK8qeTSk0k9hGLBlRLULkx2CFmhF3qwcGbl0=
Subject key identifier:   0A:EF:ED:30:8E:CF:43:AC:5B:C0:2F:34:D4:E3:76:52:91:61:FB:B5
Certificate issuer:       /CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
Certificate serial:       0199E259C5BC36839219FF342DF38F2DFB10
Authority key identifier: 3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/Cu_tMI7PQ6xbwC801ON2UpFh-7U.roa
Signing time:             Tue 14 Oct 2025 10:52:38 +0000
ROA not before:           Tue 14 Oct 2025 10:52:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214654
IP address blocks:        86.109.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e2:59:c5:bc:36:83:92:19:ff:34:2d:f3:8f:2d:fb:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
        Validity
            Not Before: Oct 14 10:52:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0aefed308ecf43ac5bc02f34d4e376529161fbb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c7:da:97:46:63:2b:6e:99:53:09:bc:a8:dc:
                    0f:d2:64:d6:a1:c7:6f:2e:1b:2d:b4:16:40:b1:87:
                    67:07:a8:a4:53:bd:ad:4d:89:07:fb:cb:5b:b0:6b:
                    9e:c1:ec:08:b9:ac:aa:f1:4b:31:d9:b0:ec:d0:f1:
                    99:66:b1:5f:8d:1c:c2:22:1e:78:09:76:35:85:d5:
                    cb:cd:53:3e:1a:30:f7:65:d5:d2:16:74:9d:d4:7f:
                    d1:77:88:61:b3:57:d2:3e:52:ab:f9:e4:94:14:22:
                    d8:40:cc:13:72:bd:96:63:ba:e4:db:27:0f:8f:c3:
                    ce:a4:bd:a4:a6:db:85:55:c3:18:de:75:1f:f0:90:
                    ab:6d:c9:ae:2d:05:cc:09:38:71:9a:39:3d:14:42:
                    3c:71:8e:1d:93:cc:55:f4:8f:7e:8d:21:03:49:44:
                    28:c3:b6:07:ad:b0:a4:c5:4d:42:97:04:25:2f:2d:
                    c2:d7:96:f6:32:0e:1d:e9:27:d9:7e:e6:4a:6a:fc:
                    83:91:fa:f2:d2:ff:46:e1:9c:34:a3:a7:4d:6d:72:
                    09:58:b0:52:dd:13:92:54:51:1e:25:9a:49:62:b2:
                    a9:df:a6:5c:59:43:ab:62:6a:f1:2f:a7:24:d7:dc:
                    55:0b:11:ec:05:e0:67:3f:f8:a3:d5:a3:cb:2b:b6:
                    c7:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:EF:ED:30:8E:CF:43:AC:5B:C0:2F:34:D4:E3:76:52:91:61:FB:B5
            X509v3 Authority Key Identifier:
                keyid:3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/Cu_tMI7PQ6xbwC801ON2UpFh-7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.109.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:49:1e:7b:e1:86:56:52:73:02:b4:eb:34:91:4c:3d:b4:49:
         c9:b4:38:0e:c5:47:a3:3f:06:a8:40:5a:c1:62:c5:ee:5c:e0:
         89:b5:de:60:3b:d6:8c:01:22:46:01:43:63:ff:65:e4:50:f3:
         21:1d:9c:11:2d:d0:a9:63:23:dd:d0:b0:93:70:ce:95:9b:f9:
         63:b3:d7:9b:a9:fe:65:b2:3a:12:b1:ca:39:2a:ab:69:29:41:
         d4:3c:66:56:01:02:8b:5c:f0:c8:41:d5:dd:87:b1:7d:13:70:
         5a:5e:aa:d2:5c:d5:5b:a9:e8:a6:33:c6:f1:d8:d2:e7:ac:10:
         65:8d:f6:b5:1a:fb:4b:9d:55:8b:51:1d:2c:4f:f3:6b:9f:56:
         6d:4f:c4:b1:ea:3a:68:e8:e6:89:e0:19:db:e5:d1:1b:0d:3b:
         d6:d8:86:38:1a:93:c3:cb:53:ed:d1:f0:1a:0d:a2:63:06:70:
         73:3b:91:16:ed:f3:f7:c3:e3:1c:3e:af:2d:01:75:00:b3:f0:
         90:6c:61:eb:49:02:70:72:74:a3:6f:21:a4:7d:e8:44:fa:70:
         fb:37:23:c9:4f:4a:f0:c3:a5:73:a1:77:df:be:95:7b:2c:59:
         ec:91:40:36:9b:e1:6c:0b:42:71:2c:c4:b7:2f:9a:a1:a1:cf:
         d1:6a:22:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZniWcW8NoOSGf80LfOPLfsQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkN2I5ZGZmYWFlMzNlYzJjZjE5YjVhZDRlNDljMWU5ZWIx
ZDlkNjQwHhcNMjUxMDE0MTA1MjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWVmZWQzMDhlY2Y0M2FjNWJjMDJmMzRkNGUzNzY1MjkxNjFmYmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcfal0ZjK26ZUwm8qNwP0mTWocdv
LhsttBZAsYdnB6ikU72tTYkH+8tbsGuewewIuayq8Usx2bDs0PGZZrFfjRzCIh54
CXY1hdXLzVM+GjD3ZdXSFnSd1H/Rd4hhs1fSPlKr+eSUFCLYQMwTcr2WY7rk2ycP
j8POpL2kptuFVcMY3nUf8JCrbcmuLQXMCThxmjk9FEI8cY4dk8xV9I9+jSEDSUQo
w7YHrbCkxU1ClwQlLy3C15b2Mg4d6SfZfuZKavyDkfry0v9G4Zw0o6dNbXIJWLBS
3ROSVFEeJZpJYrKp36ZcWUOrYmrxL6ck19xVCxHsBeBnP/ij1aPLK7bHxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFArv7TCOz0OsW8AvNNTjdlKRYfu1MB8GA1UdIwQY
MBaAFD17nf+q4z7Czxm1rU5JwenrHZ1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2Ut
NDIyNTIzYzRlNjhiLzEvQ3VfdE1JN1BRNnhid0M4MDFPTjJVcEZoLTdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2UtNDIyNTIzYzRlNjhi
LzEvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm1KMA0G
CSqGSIb3DQEBCwUAA4IBAQA6SR574YZWUnMCtOs0kUw9tEnJtDgOxUejPwaoQFrB
YsXuXOCJtd5gO9aMASJGAUNj/2XkUPMhHZwRLdCpYyPd0LCTcM6Vm/ljs9ebqf5l
sjoSsco5KqtpKUHUPGZWAQKLXPDIQdXdh7F9E3BaXqrSXNVbqeimM8bx2NLnrBBl
jfa1GvtLnVWLUR0sT/Nrn1ZtT8Sx6jpo6OaJ4Bnb5dEbDTvW2IY4GpPDy1Pt0fAa
DaJjBnBzO5EW7fP3w+McPq8tAXUAs/CQbGHrSQJwcnSjbyGkfehE+nD7NyPJT0rw
w6VzoXffvpV7LFnskUA2m+FsC0JxLMS3L5qhoc/RaiJz
-----END CERTIFICATE-----