Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/iuwi9Mm0JPEuvNwd59CKmmxiptA.roa
File:                     iuwi9Mm0JPEuvNwd59CKmmxiptA.roa (raw, json)
Hash identifier:          sTsUWBXQgq2vqwvUeLosN+fYjvwZU+qFUu0eeLnNaW0=
Subject key identifier:   8A:EC:22:F4:C9:B4:24:F1:2E:BC:DC:1D:E7:D0:8A:9A:6C:62:A6:D0
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019980FA2DD64A5610C8C29946BB87A93231
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/iuwi9Mm0JPEuvNwd59CKmmxiptA.roa
Signing time:             Thu 25 Sep 2025 13:05:03 +0000
ROA not before:           Thu 25 Sep 2025 13:05:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214417
IP address blocks:        87.121.221.0/24 maxlen: 24
                          185.252.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:80:fa:2d:d6:4a:56:10:c8:c2:99:46:bb:87:a9:32:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep 25 13:05:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8aec22f4c9b424f12ebcdc1de7d08a9a6c62a6d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:cd:9e:f9:d8:bd:a6:9a:c4:ee:47:3b:e3:35:
                    7f:a6:b9:50:72:9c:b7:3b:d8:9d:bd:1d:c7:84:9a:
                    b7:d5:a7:ae:e3:be:62:f5:14:07:cf:fe:32:35:9b:
                    9b:35:d3:31:0c:26:68:35:85:2f:66:17:3d:66:6a:
                    b3:05:13:47:f6:e7:8e:f1:16:61:8c:96:52:37:3a:
                    f6:4d:09:ec:ad:31:7f:2c:93:5b:86:09:22:ec:98:
                    80:c7:c6:7a:26:a9:8d:89:b0:ef:47:8c:74:1a:11:
                    4c:0a:e7:70:de:ae:1e:3e:dd:01:12:75:5b:9e:3e:
                    c1:78:07:2a:75:b7:73:ab:7b:c4:ff:6e:95:49:77:
                    80:2b:97:b7:d7:d7:5b:6a:2f:69:8b:21:0d:5b:9f:
                    13:c2:93:86:32:b0:3d:a6:64:80:24:55:c3:ca:a5:
                    3b:ae:e3:91:14:8a:ce:d9:99:ac:2d:5d:8c:3a:61:
                    bd:ff:88:4e:f9:88:3c:22:53:24:54:a9:45:9e:29:
                    54:0e:e6:6a:55:d4:b8:c9:f5:70:ed:87:ec:69:98:
                    a1:11:49:a7:1f:63:41:66:c6:a7:83:74:ec:fc:34:
                    78:06:c8:96:cd:6f:1e:8f:aa:a2:8b:80:b7:db:40:
                    f0:11:82:ee:48:03:5e:03:a8:bd:58:df:7a:07:82:
                    f8:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:EC:22:F4:C9:B4:24:F1:2E:BC:DC:1D:E7:D0:8A:9A:6C:62:A6:D0
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/iuwi9Mm0JPEuvNwd59CKmmxiptA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.121.221.0/24
                  185.252.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:26:33:56:fd:ba:f5:d2:77:9b:da:1a:6e:7f:bd:a6:dc:af:
         8c:12:a2:3b:b4:b8:e7:03:f8:f2:21:30:fd:02:20:1c:17:88:
         5a:70:68:00:9e:20:b9:72:e7:9d:e1:14:35:79:e0:c4:38:95:
         99:4e:6d:6e:9b:c4:3e:9d:97:41:8f:d5:9b:e0:d5:63:ab:11:
         bf:64:e2:2f:95:c5:57:f1:f8:33:76:b9:ec:04:fd:a4:d6:54:
         88:f8:65:70:eb:00:36:df:60:84:4d:72:3a:85:a0:84:31:6e:
         73:49:01:7e:fd:a8:6d:18:1d:09:11:c9:84:ef:48:bc:ef:69:
         48:51:36:12:da:05:ec:22:87:b3:18:54:b4:96:d9:5f:23:1c:
         b9:a1:e7:6f:2e:cf:47:48:a8:d1:51:ca:0d:69:80:0e:e7:97:
         1f:92:fe:6f:b6:af:d0:65:a4:e6:0e:c4:90:6a:3c:0e:00:89:
         e2:2f:7c:c5:00:ff:79:ca:20:eb:28:da:7b:87:fa:5d:82:b0:
         91:31:ca:4f:11:72:88:30:f4:7e:53:58:11:6a:7c:48:e5:f1:
         55:0d:30:5f:6d:64:84:17:b2:38:95:85:7c:50:60:39:65:5f:
         63:cb:43:7c:51:e0:a5:87:99:0b:c9:ff:aa:aa:14:c9:4b:29:
         9b:c4:9b:e5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmA+i3WSlYQyMKZRruHqTIxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwOTI1MTMwNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWVjMjJmNGM5YjQyNGYxMmViY2RjMWRlN2QwOGE5YTZjNjJhNmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA082e+di9pprE7kc74zV/prlQcpy3
O9idvR3HhJq31aeu475i9RQHz/4yNZubNdMxDCZoNYUvZhc9ZmqzBRNH9ueO8RZh
jJZSNzr2TQnsrTF/LJNbhgki7JiAx8Z6JqmNibDvR4x0GhFMCudw3q4ePt0BEnVb
nj7BeAcqdbdzq3vE/26VSXeAK5e319dbai9piyENW58TwpOGMrA9pmSAJFXDyqU7
ruORFIrO2ZmsLV2MOmG9/4hO+Yg8IlMkVKlFnilUDuZqVdS4yfVw7YfsaZihEUmn
H2NBZsang3Ts/DR4BsiWzW8ej6qii4C320DwEYLuSANeA6i9WN96B4L4eQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIrsIvTJtCTxLrzcHefQippsYqbQMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvaXV3aTlNbTBKUEV1dk53ZDU5Q0ttbXhpcHRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV3ndAwQA
ufyxMA0GCSqGSIb3DQEBCwUAA4IBAQCaJjNW/br10neb2hpuf72m3K+MEqI7tLjn
A/jyITD9AiAcF4hacGgAniC5cued4RQ1eeDEOJWZTm1um8Q+nZdBj9Wb4NVjqxG/
ZOIvlcVX8fgzdrnsBP2k1lSI+GVw6wA232CETXI6haCEMW5zSQF+/ahtGB0JEcmE
70i872lIUTYS2gXsIoezGFS0ltlfIxy5oedvLs9HSKjRUcoNaYAO55cfkv5vtq/Q
ZaTmDsSQajwOAIniL3zFAP95yiDrKNp7h/pdgrCRMcpPEXKIMPR+U1gRanxI5fFV
DTBfbWSEF7I4lYV8UGA5ZV9jy0N8UeClh5kLyf+qqhTJSymbxJvl
-----END CERTIFICATE-----