Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BhJHjeexayzuxYvXFzXtzhexn5w.roa
File:                     BhJHjeexayzuxYvXFzXtzhexn5w.roa (raw, json)
Hash identifier:          uauFcIlq8HdGyQ85jT+GFSPC3/O2zwLGwjUie82bLcY=
Subject key identifier:   06:12:47:8D:E7:B1:6B:2C:EE:C5:8B:D7:17:35:ED:CE:17:B1:9F:9C
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0199E67C2007CE03BA71DA6AEB7439CAE0E8
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BhJHjeexayzuxYvXFzXtzhexn5w.roa
Signing time:             Wed 15 Oct 2025 06:08:38 +0000
ROA not before:           Wed 15 Oct 2025 06:08:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25369
IP address blocks:        85.217.166.0/24 maxlen: 24
                          85.217.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e6:7c:20:07:ce:03:ba:71:da:6a:eb:74:39:ca:e0:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Oct 15 06:08:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0612478de7b16b2ceec58bd71735edce17b19f9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:42:6a:43:10:41:49:8a:e4:26:70:75:0f:bd:
                    d1:c8:c5:a2:18:62:4c:9d:b8:0a:6b:bc:9b:b0:bc:
                    dc:8c:54:a2:a3:20:89:c7:6e:4c:fe:36:00:53:11:
                    ce:34:2b:66:72:86:03:01:74:74:50:6e:80:01:df:
                    4e:12:ab:c4:70:ca:71:89:aa:68:65:00:7c:69:ff:
                    93:7b:56:2c:1c:47:f6:d2:8f:c4:d3:b2:db:fc:ec:
                    d1:c2:e8:45:36:54:96:c2:d2:b4:9c:cf:1c:29:f3:
                    49:88:3a:a2:b6:50:7a:f6:f7:48:e2:16:f3:19:80:
                    56:bb:db:16:46:1d:b3:32:ea:9c:51:40:ef:f0:76:
                    14:fe:b0:bd:1a:b2:46:10:dc:32:d3:87:58:67:42:
                    d3:89:cf:97:84:f2:20:a6:f9:ab:d0:4e:be:ca:0a:
                    0e:8e:b5:d3:57:32:ab:71:9a:d7:06:5d:8b:06:12:
                    71:e9:4f:27:c1:79:64:39:5b:29:0d:2b:7d:8f:46:
                    eb:69:6c:29:f2:af:b6:84:e8:7b:91:63:06:8b:5b:
                    dd:92:35:4a:db:e1:fa:82:a8:a6:5f:90:7f:51:b3:
                    76:c5:da:aa:db:ec:29:fd:a1:c5:91:e6:e6:36:bc:
                    5c:65:3e:df:df:44:84:9b:c0:fd:40:78:51:5b:d0:
                    67:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:12:47:8D:E7:B1:6B:2C:EE:C5:8B:D7:17:35:ED:CE:17:B1:9F:9C
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BhJHjeexayzuxYvXFzXtzhexn5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.217.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8e:da:9f:75:36:0b:a4:13:d6:e3:88:61:bc:57:5e:12:2e:65:
         fd:5d:8c:c8:26:1c:2f:02:b3:8a:a3:15:d8:6c:27:2b:a4:1f:
         63:4a:55:32:8b:5c:7e:62:bf:93:87:e6:21:40:7c:01:7d:e7:
         d3:b7:aa:d0:e9:98:2e:99:4f:14:ec:16:ad:91:36:7e:d9:ae:
         bd:97:b0:d6:ab:43:e3:f3:08:64:e5:b7:cb:90:60:32:93:55:
         6f:3c:55:5d:4a:80:0f:06:82:1f:ac:e7:6e:85:08:33:c3:d0:
         f0:b9:bb:87:87:3d:11:3e:c0:3a:76:db:0e:96:41:10:ab:ea:
         2c:3e:36:60:dd:45:6a:01:b2:00:e3:34:44:06:3f:47:9f:53:
         6d:8f:cb:37:65:a4:0f:ba:e4:7a:eb:6e:40:a9:f3:e9:bd:4a:
         c4:6d:b4:5d:c6:94:5a:f4:9a:c8:3a:7b:1c:54:fd:ae:af:ad:
         ac:72:eb:c2:7b:3b:df:17:bd:57:e1:75:6f:9a:d4:18:37:c3:
         7c:83:55:37:70:8f:38:1a:1a:e2:83:ea:53:fa:a2:f2:c1:c8:
         b0:6a:b0:fa:84:9d:cd:45:ee:14:22:97:bf:17:ca:cc:8f:a2:
         db:5b:7b:bb:db:0c:17:bf:ce:f2:89:d6:51:3b:0d:56:9e:45:
         15:e6:8f:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnmfCAHzgO6cdpq63Q5yuDoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUxMDE1MDYwODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjEyNDc4ZGU3YjE2YjJjZWVjNThiZDcxNzM1ZWRjZTE3YjE5ZjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0JqQxBBSYrkJnB1D73RyMWiGGJM
nbgKa7ybsLzcjFSioyCJx25M/jYAUxHONCtmcoYDAXR0UG6AAd9OEqvEcMpxiapo
ZQB8af+Te1YsHEf20o/E07Lb/OzRwuhFNlSWwtK0nM8cKfNJiDqitlB69vdI4hbz
GYBWu9sWRh2zMuqcUUDv8HYU/rC9GrJGENwy04dYZ0LTic+XhPIgpvmr0E6+ygoO
jrXTVzKrcZrXBl2LBhJx6U8nwXlkOVspDSt9j0braWwp8q+2hOh7kWMGi1vdkjVK
2+H6gqimX5B/UbN2xdqq2+wp/aHFkebmNrxcZT7f30SEm8D9QHhRW9BnrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAYSR43nsWss7sWL1xc17c4XsZ+cMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQmhKSGplZXhheXp1eFl2WEZ6WHR6aGV4bjV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVdmmMA0G
CSqGSIb3DQEBCwUAA4IBAQCO2p91NgukE9bjiGG8V14SLmX9XYzIJhwvArOKoxXY
bCcrpB9jSlUyi1x+Yr+Th+YhQHwBfefTt6rQ6ZgumU8U7BatkTZ+2a69l7DWq0Pj
8whk5bfLkGAyk1VvPFVdSoAPBoIfrOduhQgzw9DwubuHhz0RPsA6dtsOlkEQq+os
PjZg3UVqAbIA4zREBj9Hn1Ntj8s3ZaQPuuR6625AqfPpvUrEbbRdxpRa9JrIOnsc
VP2ur62scuvCezvfF71X4XVvmtQYN8N8g1U3cI84Ghrig+pT+qLywciwarD6hJ3N
Re4UIpe/F8rMj6LbW3u72wwXv87yidZROw1WnkUV5o/1
-----END CERTIFICATE-----