Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/rWlJNfDhDdxgfHGx7t_JjfHjRSg.roa
File:                     rWlJNfDhDdxgfHGx7t_JjfHjRSg.roa (raw, json)
Hash identifier:          S2udjNoK9BqfzImhm+l48JneVljmKqxSz26uM+dREmM=
Subject key identifier:   AD:69:49:35:F0:E1:0D:DC:60:7C:71:B1:EE:DF:C9:8D:F1:E3:45:28
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0199ED2C7AC6BA768F063D60546FE86FD4FA
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/rWlJNfDhDdxgfHGx7t_JjfHjRSg.roa
Signing time:             Thu 16 Oct 2025 13:18:59 +0000
ROA not before:           Thu 16 Oct 2025 13:18:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204855
IP address blocks:        193.8.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ed:2c:7a:c6:ba:76:8f:06:3d:60:54:6f:e8:6f:d4:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Oct 16 13:18:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad694935f0e10ddc607c71b1eedfc98df1e34528
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:55:ad:16:a3:81:f0:13:58:0c:cd:1d:e1:7f:
                    0d:d6:8d:2e:60:b9:44:03:a7:a7:44:b2:d4:2a:a4:
                    f0:82:07:c9:4f:6b:a7:75:df:e3:19:f6:5f:e5:f7:
                    c6:c4:8c:7e:50:46:df:f3:76:2c:28:f7:0b:84:73:
                    ae:c2:05:78:38:11:16:f2:a6:90:1a:8d:3e:38:c8:
                    25:6b:df:3a:19:a6:bf:4c:35:18:b5:1d:37:1e:b6:
                    17:cc:66:18:2a:a5:be:fd:90:f8:de:5e:39:d9:e9:
                    ef:92:fb:fc:8e:d0:01:79:69:8d:7d:95:e7:20:63:
                    e2:60:56:25:40:ea:54:26:28:d3:d8:63:d3:6a:33:
                    10:c2:e2:45:25:6b:df:85:1c:f3:a2:54:74:7b:72:
                    56:11:7c:f8:99:89:fb:30:ea:e7:db:df:c9:f9:0c:
                    36:17:2b:36:e1:20:d4:38:93:d9:ac:89:ed:90:3f:
                    0d:c6:8a:e7:f3:03:23:d3:64:e3:83:83:53:c2:a0:
                    39:68:97:ec:63:92:26:9c:aa:01:46:50:dd:ed:de:
                    70:fc:bd:f4:e5:28:4d:f8:3d:b1:85:d9:6f:61:fd:
                    e3:57:3c:9f:52:79:3e:73:97:8b:1e:7b:ac:97:4d:
                    43:2f:f0:6e:b7:1a:cb:77:bd:60:15:98:4b:cf:90:
                    1c:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:69:49:35:F0:E1:0D:DC:60:7C:71:B1:EE:DF:C9:8D:F1:E3:45:28
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/rWlJNfDhDdxgfHGx7t_JjfHjRSg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:61:93:08:e4:c7:f9:ef:88:21:02:37:84:7a:f3:27:75:5c:
         bd:57:6b:f4:8a:b2:c1:0b:f5:f2:85:10:1b:3b:ba:2f:f7:a9:
         87:36:16:4a:b6:b5:69:d7:17:a1:a8:b2:21:9b:07:98:01:c8:
         ed:0e:05:a9:08:cd:f7:b1:60:25:79:6f:8f:95:09:c6:5b:e2:
         f9:0e:aa:fa:73:c5:69:4f:4a:3f:54:55:ce:8d:3d:e8:46:6c:
         e7:73:e8:f5:62:d8:9f:77:c5:cd:ec:c7:36:ab:c7:6b:a1:96:
         79:67:25:de:2c:33:9a:15:eb:37:8e:28:e3:28:6d:bf:54:6b:
         8b:d1:3f:5e:90:89:e5:52:9c:c0:8d:fc:6e:94:0c:ef:02:8f:
         4a:d1:98:99:02:47:4b:9e:49:a3:fa:84:72:c2:0e:a3:fc:32:
         87:3a:52:c0:2e:87:ea:2a:bc:76:7c:57:b4:5a:0c:f5:c1:d9:
         57:ae:44:28:36:4a:3d:8b:da:4f:cf:88:05:d8:81:aa:6f:b4:
         32:f8:d6:88:97:c3:4c:f5:69:1f:e6:b2:7f:9e:36:76:81:49:
         3d:7c:0a:bc:f0:da:47:15:db:a3:02:cd:f4:01:d1:ae:b9:2b:
         52:a0:0f:ca:2b:1a:8f:6a:9a:bc:57:6e:d7:b2:cb:b0:57:76:
         66:42:07:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZntLHrGunaPBj1gVG/ob9T6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUxMDE2MTMxODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDY5NDkzNWYwZTEwZGRjNjA3YzcxYjFlZWRmYzk4ZGYxZTM0NTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFWtFqOB8BNYDM0d4X8N1o0uYLlE
A6enRLLUKqTwggfJT2undd/jGfZf5ffGxIx+UEbf83YsKPcLhHOuwgV4OBEW8qaQ
Go0+OMgla986Gaa/TDUYtR03HrYXzGYYKqW+/ZD43l452envkvv8jtABeWmNfZXn
IGPiYFYlQOpUJijT2GPTajMQwuJFJWvfhRzzolR0e3JWEXz4mYn7MOrn29/J+Qw2
Fys24SDUOJPZrIntkD8Nxorn8wMj02Tjg4NTwqA5aJfsY5ImnKoBRlDd7d5w/L30
5ShN+D2xhdlvYf3jVzyfUnk+c5eLHnusl01DL/ButxrLd71gFZhLz5Ac3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK1pSTXw4Q3cYHxxse7fyY3x40UoMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvcldsSk5mRGhEZHhnZkhHeDd0X0pqZkhqUlNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQi5MA0G
CSqGSIb3DQEBCwUAA4IBAQBpYZMI5Mf574ghAjeEevMndVy9V2v0irLBC/XyhRAb
O7ov96mHNhZKtrVp1xehqLIhmweYAcjtDgWpCM33sWAleW+PlQnGW+L5Dqr6c8Vp
T0o/VFXOjT3oRmznc+j1Ytifd8XN7Mc2q8droZZ5ZyXeLDOaFes3jijjKG2/VGuL
0T9ekInlUpzAjfxulAzvAo9K0ZiZAkdLnkmj+oRywg6j/DKHOlLALofqKrx2fFe0
Wgz1wdlXrkQoNko9i9pPz4gF2IGqb7Qy+NaIl8NM9Wkf5rJ/njZ2gUk9fAq88NpH
FdujAs30AdGuuStSoA/KKxqPapq8V27XssuwV3ZmQgdq
-----END CERTIFICATE-----