Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/8936da-f20b-45e7-9948-4fadcb182c5a/1/5GYWrzRu65AjS73_-IgwDSj8n-Q.roa
File:                     5GYWrzRu65AjS73_-IgwDSj8n-Q.roa (raw, json)
Hash identifier:          YdE2CXn8HuPLnZ5nEOMoIyiMWMH03XMYxsoKuzVp7Lc=
Subject key identifier:   E4:66:16:AF:34:6E:EB:90:23:4B:BD:FF:F8:88:30:0D:28:FC:9F:E4
Certificate issuer:       /CN=b86585d08b97e679f0828bf102beab51dcdafa87
Certificate serial:       0198D1E02F0BC305AAC2D14EB948CB0241D1
Authority key identifier: B8:65:85:D0:8B:97:E6:79:F0:82:8B:F1:02:BE:AB:51:DC:DA:FA:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uGWF0IuX5nnwgovxAr6rUdza-oc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/8936da-f20b-45e7-9948-4fadcb182c5a/1/5GYWrzRu65AjS73_-IgwDSj8n-Q.roa
Signing time:             Fri 22 Aug 2025 13:03:06 +0000
ROA not before:           Fri 22 Aug 2025 13:03:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31742
IP address blocks:        185.180.156.0/22 maxlen: 22
                          2a0a:a980::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/8936da-f20b-45e7-9948-4fadcb182c5a/1/uGWF0IuX5nnwgovxAr6rUdza-oc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/8936da-f20b-45e7-9948-4fadcb182c5a/1/uGWF0IuX5nnwgovxAr6rUdza-oc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uGWF0IuX5nnwgovxAr6rUdza-oc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d1:e0:2f:0b:c3:05:aa:c2:d1:4e:b9:48:cb:02:41:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b86585d08b97e679f0828bf102beab51dcdafa87
        Validity
            Not Before: Aug 22 13:03:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e46616af346eeb90234bbdfff888300d28fc9fe4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:14:b9:f6:9a:dd:c2:b7:ee:06:99:18:f5:d0:
                    62:ad:ee:7f:b5:79:62:f3:4e:93:08:49:b1:36:3a:
                    56:17:7e:be:eb:58:05:05:c7:b2:25:df:24:6a:79:
                    b9:28:1d:99:b3:ac:e7:e6:8f:36:a1:a3:62:48:76:
                    01:5c:7f:d9:f1:d8:41:40:d5:4b:d6:a7:b0:f4:b5:
                    6f:46:74:fb:4e:87:5a:b1:77:04:d8:c4:6f:c1:9b:
                    55:9b:8a:a1:59:31:6a:20:c3:f7:af:13:89:1b:a8:
                    92:e4:0e:57:0c:4a:83:4b:ff:22:1f:71:75:63:93:
                    be:82:29:79:90:22:2f:5c:1d:20:7c:be:fd:92:b5:
                    16:48:fa:f5:61:f4:cc:e4:77:d0:1a:6f:af:19:08:
                    10:82:07:75:96:59:c1:19:8d:78:71:ca:87:47:b7:
                    f8:46:1d:09:77:ce:f5:df:8a:26:29:0b:9d:db:4c:
                    ea:66:3f:23:67:21:c7:ec:d6:6a:82:1b:63:a0:6d:
                    d6:06:a3:00:31:98:22:83:c4:5b:fa:45:fd:d6:59:
                    bb:6e:ab:ec:fa:8b:78:97:6a:f8:cb:18:4b:ed:f2:
                    f3:68:0f:e8:e5:3a:ee:ca:c2:34:e1:1c:8f:5b:4b:
                    83:03:dc:94:e3:1f:74:10:b4:0c:33:88:cc:d4:0b:
                    7a:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:66:16:AF:34:6E:EB:90:23:4B:BD:FF:F8:88:30:0D:28:FC:9F:E4
            X509v3 Authority Key Identifier:
                keyid:B8:65:85:D0:8B:97:E6:79:F0:82:8B:F1:02:BE:AB:51:DC:DA:FA:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uGWF0IuX5nnwgovxAr6rUdza-oc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/8936da-f20b-45e7-9948-4fadcb182c5a/1/5GYWrzRu65AjS73_-IgwDSj8n-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/8936da-f20b-45e7-9948-4fadcb182c5a/1/uGWF0IuX5nnwgovxAr6rUdza-oc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.156.0/22
                IPv6:
                  2a0a:a980::/29

    Signature Algorithm: sha256WithRSAEncryption
         0b:2a:38:87:e6:9e:03:4e:39:1c:3c:1f:4e:2e:28:2e:42:1c:
         70:53:e6:6a:e5:f3:0a:12:69:85:c5:28:9f:35:39:15:4d:59:
         cd:69:c9:83:8f:75:55:24:1d:2b:8b:d6:13:47:dc:39:c2:81:
         74:08:64:ea:a3:b3:21:6f:70:35:96:0f:f2:8c:27:fe:af:36:
         95:cb:cc:41:b0:d1:82:a2:cf:e1:ae:9e:d8:b5:ae:ff:a5:1b:
         f9:88:40:94:9c:aa:c9:b2:c5:0a:83:54:c1:0c:cd:dc:02:e1:
         25:e6:65:44:09:31:d1:5e:8c:8f:29:8a:88:06:00:46:c2:fd:
         1f:3c:e7:de:29:45:54:54:2a:4b:4e:c4:60:1c:26:9c:f5:c4:
         c3:c1:b3:55:dc:5a:a8:d4:94:41:ff:20:38:5c:bf:b1:e0:40:
         7e:5f:7a:c1:3c:8e:e4:8f:7e:1b:07:6c:8e:03:f1:d8:e4:e5:
         ba:da:6a:e6:49:95:43:63:3b:96:13:ba:12:ab:8a:59:21:ae:
         32:6e:6b:78:af:32:3f:52:90:ad:85:90:5c:d6:f7:4d:08:06:
         be:de:69:42:50:8c:a8:77:5b:c5:f5:3f:2c:97:19:a6:3b:15:
         b4:37:87:08:c2:8c:d9:6a:80:4f:1e:ff:a9:a0:67:14:f5:f8:
         7f:ae:e4:2b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZjR4C8LwwWqwtFOuUjLAkHRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NjU4NWQwOGI5N2U2NzlmMDgyOGJmMTAyYmVhYjUxZGNk
YWZhODcwHhcNMjUwODIyMTMwMzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDY2MTZhZjM0NmVlYjkwMjM0YmJkZmZmODg4MzAwZDI4ZmM5ZmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBS59prdwrfuBpkY9dBire5/tXli
806TCEmxNjpWF36+61gFBceyJd8kanm5KB2Zs6zn5o82oaNiSHYBXH/Z8dhBQNVL
1qew9LVvRnT7TodasXcE2MRvwZtVm4qhWTFqIMP3rxOJG6iS5A5XDEqDS/8iH3F1
Y5O+gil5kCIvXB0gfL79krUWSPr1YfTM5HfQGm+vGQgQggd1llnBGY14ccqHR7f4
Rh0Jd87134omKQud20zqZj8jZyHH7NZqghtjoG3WBqMAMZgig8Rb+kX91lm7bqvs
+ot4l2r4yxhL7fLzaA/o5TruysI04RyPW0uDA9yU4x90ELQMM4jM1At6DwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFORmFq80buuQI0u9//iIMA0o/J/kMB8GA1UdIwQY
MBaAFLhlhdCLl+Z58IKL8QK+q1Hc2vqHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUdXRjBJdVg1bm53Z292eEFyNnJVZHphLW9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC84OTM2ZGEtZjIwYi00NWU3LTk5NDgt
NGZhZGNiMTgyYzVhLzEvNUdZV3J6UnU2NUFqUzczXy1JZ3dEU2o4bi1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC84OTM2ZGEtZjIwYi00NWU3LTk5NDgtNGZhZGNiMTgyYzVh
LzEvdUdXRjBJdVg1bm53Z292eEFyNnJVZHphLW9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubScMA0E
AgACMAcDBQMqCqmAMA0GCSqGSIb3DQEBCwUAA4IBAQALKjiH5p4DTjkcPB9OLigu
QhxwU+Zq5fMKEmmFxSifNTkVTVnNacmDj3VVJB0ri9YTR9w5woF0CGTqo7Mhb3A1
lg/yjCf+rzaVy8xBsNGCos/hrp7Yta7/pRv5iECUnKrJssUKg1TBDM3cAuEl5mVE
CTHRXoyPKYqIBgBGwv0fPOfeKUVUVCpLTsRgHCac9cTDwbNV3Fqo1JRB/yA4XL+x
4EB+X3rBPI7kj34bB2yOA/HY5OW62mrmSZVDYzuWE7oSq4pZIa4ybmt4rzI/UpCt
hZBc1vdNCAa+3mlCUIyod1vF9T8slxmmOxW0N4cIwozZaoBPHv+poGcU9fh/ruQr
-----END CERTIFICATE-----