Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/1ca47c-b087-46ef-a051-ab0bc52a1883/1/mXZNCAaShrlimSsEo_YH_UI8tzI.roa
File:                     mXZNCAaShrlimSsEo_YH_UI8tzI.roa (raw, json)
Hash identifier:          wxRNwEaBB0xI2itx3IM16zmFJHf/VPdbXQUT5Ylcg2o=
Subject key identifier:   99:76:4D:08:06:92:86:B9:62:99:2B:04:A3:F6:07:FD:42:3C:B7:32
Certificate issuer:       /CN=8f38f859e5e67662ae09990f384fa86c932710ab
Certificate serial:       0199C38159E2E3844C18AD002799F404C970
Authority key identifier: 8F:38:F8:59:E5:E6:76:62:AE:09:99:0F:38:4F:A8:6C:93:27:10:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzj4WeXmdmKuCZkPOE-obJMnEKs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/1ca47c-b087-46ef-a051-ab0bc52a1883/1/mXZNCAaShrlimSsEo_YH_UI8tzI.roa
Signing time:             Wed 08 Oct 2025 11:07:38 +0000
ROA not before:           Wed 08 Oct 2025 11:07:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204907
IP address blocks:        185.33.156.0/24 maxlen: 24
                          185.33.158.0/24 maxlen: 24
                          194.246.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/1ca47c-b087-46ef-a051-ab0bc52a1883/1/jzj4WeXmdmKuCZkPOE-obJMnEKs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/1ca47c-b087-46ef-a051-ab0bc52a1883/1/jzj4WeXmdmKuCZkPOE-obJMnEKs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jzj4WeXmdmKuCZkPOE-obJMnEKs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c3:81:59:e2:e3:84:4c:18:ad:00:27:99:f4:04:c9:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f38f859e5e67662ae09990f384fa86c932710ab
        Validity
            Not Before: Oct  8 11:07:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=99764d08069286b962992b04a3f607fd423cb732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b6:2d:d1:3d:ed:c0:0e:94:6a:84:3a:d8:b7:
                    a5:0d:86:de:66:08:b0:15:21:da:b3:f2:2f:b8:1a:
                    68:92:55:3c:5e:a8:97:e6:e6:d7:86:96:75:8f:ba:
                    b0:57:81:ce:34:09:3e:9a:7f:70:2a:70:3c:07:b2:
                    6d:87:ff:5e:3a:73:23:cd:f8:f6:bb:1c:f3:00:bb:
                    11:e7:0e:98:2d:2f:32:df:b2:50:c0:9b:03:f6:13:
                    05:be:96:cd:69:0d:0a:92:1c:26:36:41:90:a5:3f:
                    de:4c:43:84:18:93:0e:39:e9:9e:d9:f0:38:61:bc:
                    84:e4:bd:3e:c6:21:af:93:00:97:8e:94:b6:6c:79:
                    4a:21:8d:d7:7d:a0:49:b8:4b:9f:d8:e9:87:9e:c5:
                    59:ea:45:50:4c:29:d0:80:d1:65:43:a1:5b:1a:5b:
                    27:ed:92:ef:6d:df:19:64:1b:5f:5a:3a:10:2a:f6:
                    97:cb:67:8a:a7:2f:74:c8:54:99:8b:54:05:eb:f3:
                    ed:bd:d8:55:ae:a5:79:83:c4:b9:65:c0:3c:71:99:
                    ae:2d:88:c1:88:1f:3c:4f:19:69:bd:2f:da:82:17:
                    26:1f:2e:49:db:37:ee:48:ea:1e:6a:b5:f6:e3:51:
                    c4:30:9c:e6:0b:3f:cf:c4:8f:c3:c3:be:5a:dd:68:
                    62:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:76:4D:08:06:92:86:B9:62:99:2B:04:A3:F6:07:FD:42:3C:B7:32
            X509v3 Authority Key Identifier:
                keyid:8F:38:F8:59:E5:E6:76:62:AE:09:99:0F:38:4F:A8:6C:93:27:10:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzj4WeXmdmKuCZkPOE-obJMnEKs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/1ca47c-b087-46ef-a051-ab0bc52a1883/1/mXZNCAaShrlimSsEo_YH_UI8tzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/1ca47c-b087-46ef-a051-ab0bc52a1883/1/jzj4WeXmdmKuCZkPOE-obJMnEKs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.156.0/24
                  185.33.158.0/24
                  194.246.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:31:f8:3d:3f:d9:84:25:cb:90:0b:89:50:25:21:36:09:bd:
         34:e9:c6:bc:0d:20:92:37:d7:f3:d0:66:0b:16:71:25:33:55:
         5f:13:bf:4d:05:a8:78:78:f9:5c:65:e5:3e:fa:38:cc:a5:f9:
         f7:27:fe:3a:30:b9:b5:6f:7c:f6:93:f8:c8:fe:ed:b7:37:6b:
         d0:ea:da:69:c2:8f:5e:db:26:37:18:6a:5a:5d:0b:23:03:84:
         40:f1:b3:42:ae:05:51:fb:41:cd:5f:9d:ad:6f:4e:0d:ef:c1:
         05:b9:96:23:c5:03:29:73:47:6b:b7:8e:6f:98:ce:b2:e9:c3:
         e1:e0:88:0e:2f:90:10:2e:b9:47:eb:64:1b:b2:4e:dd:83:6f:
         75:03:10:29:c1:6d:ef:2d:32:20:74:a4:bb:a7:0c:5b:97:1e:
         cb:34:73:bc:3c:97:35:de:4b:74:e5:09:f2:5c:cb:68:f1:ab:
         b0:f7:93:82:73:19:d5:71:de:66:a6:38:29:06:64:e8:92:a3:
         fe:4a:03:64:72:47:bd:fc:25:82:eb:fc:74:e5:10:19:9c:7c:
         19:c4:e0:f1:2e:35:02:0c:1a:ed:00:62:71:b8:39:4c:6d:e5:
         91:75:d7:fe:b8:83:07:f0:95:17:bb:4e:5f:4d:90:e9:ab:32:
         1c:2e:3b:d1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZnDgVni44RMGK0AJ5n0BMlwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzhmODU5ZTVlNjc2NjJhZTA5OTkwZjM4NGZhODZjOTMy
NzEwYWIwHhcNMjUxMDA4MTEwNzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTc2NGQwODA2OTI4NmI5NjI5OTJiMDRhM2Y2MDdmZDQyM2NiNzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrYt0T3twA6UaoQ62LelDYbeZgiw
FSHas/IvuBpoklU8XqiX5ubXhpZ1j7qwV4HONAk+mn9wKnA8B7Jth/9eOnMjzfj2
uxzzALsR5w6YLS8y37JQwJsD9hMFvpbNaQ0KkhwmNkGQpT/eTEOEGJMOOeme2fA4
YbyE5L0+xiGvkwCXjpS2bHlKIY3XfaBJuEuf2OmHnsVZ6kVQTCnQgNFlQ6FbGlsn
7ZLvbd8ZZBtfWjoQKvaXy2eKpy90yFSZi1QF6/PtvdhVrqV5g8S5ZcA8cZmuLYjB
iB88TxlpvS/aghcmHy5J2zfuSOoearX241HEMJzmCz/PxI/Dw75a3WhiswIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJl2TQgGkoa5YpkrBKP2B/1CPLcyMB8GA1UdIwQY
MBaAFI84+Fnl5nZirgmZDzhPqGyTJxCrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanpqNFdlWG1kbUt1Q1prUE9FLW9iSk1uRUtzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8xY2E0N2MtYjA4Ny00NmVmLWEwNTEt
YWIwYmM1MmExODgzLzEvbVhaTkNBYVNocmxpbVNzRW9fWUhfVUk4dHpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8xY2E0N2MtYjA4Ny00NmVmLWEwNTEtYWIwYmM1MmExODgz
LzEvanpqNFdlWG1kbUt1Q1prUE9FLW9iSk1uRUtzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuSGcAwQA
uSGeAwQAwvYhMA0GCSqGSIb3DQEBCwUAA4IBAQBDMfg9P9mEJcuQC4lQJSE2Cb00
6ca8DSCSN9fz0GYLFnElM1VfE79NBah4ePlcZeU++jjMpfn3J/46MLm1b3z2k/jI
/u23N2vQ6tppwo9e2yY3GGpaXQsjA4RA8bNCrgVR+0HNX52tb04N78EFuZYjxQMp
c0drt45vmM6y6cPh4IgOL5AQLrlH62Qbsk7dg291AxApwW3vLTIgdKS7pwxblx7L
NHO8PJc13kt05QnyXMto8auw95OCcxnVcd5mpjgpBmTokqP+SgNkcke9/CWC6/x0
5RAZnHwZxODxLjUCDBrtAGJxuDlMbeWRddf+uIMH8JUXu05fTZDpqzIcLjvR
-----END CERTIFICATE-----