Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/a954bd-157f-4dbb-bba4-3463b56e372c/1/y0bJ_FWEzre7hb_ba4ehOvpzP2w.roa
File:                     y0bJ_FWEzre7hb_ba4ehOvpzP2w.roa (raw, json)
Hash identifier:          kyISy4jMnE41+WEzWQUmi6BzD5u4+OVYr1N4+oQ5Rsg=
Subject key identifier:   CB:46:C9:FC:55:84:CE:B7:BB:85:BF:DB:6B:87:A1:3A:FA:73:3F:6C
Certificate issuer:       /CN=c28973affaa9936d39146aa136fbcb051b9af99f
Certificate serial:       0199E135B8DDF2910CE885BB8F40064930A3
Authority key identifier: C2:89:73:AF:FA:A9:93:6D:39:14:6A:A1:36:FB:CB:05:1B:9A:F9:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wolzr_qpk205FGqhNvvLBRua-Z8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/a954bd-157f-4dbb-bba4-3463b56e372c/1/y0bJ_FWEzre7hb_ba4ehOvpzP2w.roa
Signing time:             Tue 14 Oct 2025 05:33:38 +0000
ROA not before:           Tue 14 Oct 2025 05:33:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5065
IP address blocks:        82.119.197.0/24 maxlen: 24
                          217.22.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/a954bd-157f-4dbb-bba4-3463b56e372c/1/wolzr_qpk205FGqhNvvLBRua-Z8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/a954bd-157f-4dbb-bba4-3463b56e372c/1/wolzr_qpk205FGqhNvvLBRua-Z8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wolzr_qpk205FGqhNvvLBRua-Z8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e1:35:b8:dd:f2:91:0c:e8:85:bb:8f:40:06:49:30:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c28973affaa9936d39146aa136fbcb051b9af99f
        Validity
            Not Before: Oct 14 05:33:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb46c9fc5584ceb7bb85bfdb6b87a13afa733f6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b1:2a:5d:ab:ef:e1:e9:a0:41:e9:ef:cc:ba:
                    f3:98:c7:7e:8e:3a:60:24:c8:84:3d:78:f2:ff:e4:
                    14:63:23:38:4b:85:71:d6:32:fa:f1:9f:6e:8d:2c:
                    da:65:f7:43:d7:8b:3d:b2:a0:13:f3:81:9b:b5:a1:
                    c5:8a:59:c4:80:f1:b0:4c:f3:3a:f0:8d:ee:49:03:
                    8a:76:c9:95:c1:07:26:6c:b1:32:5b:56:35:e8:b4:
                    7e:0d:ad:f8:39:c9:0e:d8:2b:94:77:8a:ad:33:c4:
                    e8:35:ae:7e:bf:ee:83:cb:e6:62:df:62:7a:12:a1:
                    5e:bd:19:ad:5e:31:22:07:44:fb:7b:72:1e:d8:eb:
                    2a:6c:b8:ec:77:fe:01:0e:d2:2e:8a:ee:2e:3c:7f:
                    c5:d0:c0:12:46:46:57:1e:92:77:3f:1c:8c:77:98:
                    da:94:5b:fa:a3:01:a0:28:61:83:c1:d3:3f:84:c7:
                    5b:3d:79:3a:6f:e2:73:1a:69:6d:5b:91:43:36:e7:
                    95:56:df:ac:f1:87:3d:a5:40:78:1b:5d:b5:52:cd:
                    d4:7f:aa:27:5a:72:91:19:29:10:84:b2:29:b1:c1:
                    2e:12:56:ad:da:d0:ff:62:af:af:02:5b:bd:6c:a7:
                    b2:3e:66:d2:c0:df:bc:10:34:5e:02:40:ea:32:ae:
                    85:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:46:C9:FC:55:84:CE:B7:BB:85:BF:DB:6B:87:A1:3A:FA:73:3F:6C
            X509v3 Authority Key Identifier:
                keyid:C2:89:73:AF:FA:A9:93:6D:39:14:6A:A1:36:FB:CB:05:1B:9A:F9:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wolzr_qpk205FGqhNvvLBRua-Z8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/a954bd-157f-4dbb-bba4-3463b56e372c/1/y0bJ_FWEzre7hb_ba4ehOvpzP2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/a954bd-157f-4dbb-bba4-3463b56e372c/1/wolzr_qpk205FGqhNvvLBRua-Z8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.119.197.0/24
                  217.22.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:92:96:e7:9d:8f:6a:c8:68:d3:69:cd:67:4d:f4:5b:92:11:
         6f:bf:d8:92:3e:a6:c0:30:c5:91:c2:72:e3:63:89:dd:15:05:
         c7:38:0f:65:66:c9:7c:89:d8:8c:30:e7:9e:04:d5:d7:63:9d:
         ce:4f:c4:aa:df:c5:ee:14:af:f0:9b:d2:e6:f1:3a:46:b6:10:
         6a:2b:28:94:09:91:70:c0:f1:19:23:8a:20:94:aa:44:b7:6c:
         aa:3a:a7:5d:d3:74:13:f2:9d:00:cd:bc:f6:d1:28:5f:a8:ea:
         db:8a:c1:58:d3:a6:86:5f:22:0c:75:e8:34:30:eb:ed:8e:dc:
         f7:37:2f:c1:ea:ec:2c:5d:e5:84:77:b0:90:ca:1b:f2:60:37:
         ec:7a:79:c2:93:ec:72:c8:49:19:8f:77:e5:d4:fa:bb:6f:b6:
         73:de:bb:57:04:58:4a:a4:74:dd:3e:55:3b:a7:08:8b:ed:f6:
         b4:c9:93:e0:95:40:fb:e3:b3:e9:4e:9f:4a:5f:93:7a:3a:de:
         4f:3b:df:2e:4a:ba:75:87:1d:36:76:b5:8f:07:c0:fd:1e:77:
         4d:82:d2:7e:d6:c6:10:3e:d0:44:07:d6:17:bf:cb:44:01:c8:
         87:86:5c:37:2b:f3:9c:ed:e6:53:54:4e:f5:6e:e7:b3:27:4a:
         4e:d8:cc:4d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnhNbjd8pEM6IW7j0AGSTCjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyODk3M2FmZmFhOTkzNmQzOTE0NmFhMTM2ZmJjYjA1MWI5
YWY5OWYwHhcNMjUxMDE0MDUzMzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjQ2YzlmYzU1ODRjZWI3YmI4NWJmZGI2Yjg3YTEzYWZhNzMzZjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbEqXavv4emgQenvzLrzmMd+jjpg
JMiEPXjy/+QUYyM4S4Vx1jL68Z9ujSzaZfdD14s9sqAT84GbtaHFilnEgPGwTPM6
8I3uSQOKdsmVwQcmbLEyW1Y16LR+Da34OckO2CuUd4qtM8ToNa5+v+6Dy+Zi32J6
EqFevRmtXjEiB0T7e3Ie2OsqbLjsd/4BDtIuiu4uPH/F0MASRkZXHpJ3PxyMd5ja
lFv6owGgKGGDwdM/hMdbPXk6b+JzGmltW5FDNueVVt+s8Yc9pUB4G121Us3Uf6on
WnKRGSkQhLIpscEuElat2tD/Yq+vAlu9bKeyPmbSwN+8EDReAkDqMq6FrwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMtGyfxVhM63u4W/22uHoTr6cz9sMB8GA1UdIwQY
MBaAFMKJc6/6qZNtORRqoTb7ywUbmvmfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd29senJfcXBrMjA1RkdxaE52dkxCUnVhLVo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9hOTU0YmQtMTU3Zi00ZGJiLWJiYTQt
MzQ2M2I1NmUzNzJjLzEveTBiSl9GV0V6cmU3aGJfYmE0ZWhPdnB6UDJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9hOTU0YmQtMTU3Zi00ZGJiLWJiYTQtMzQ2M2I1NmUzNzJj
LzEvd29senJfcXBrMjA1RkdxaE52dkxCUnVhLVo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUnfFAwQA
2RbhMA0GCSqGSIb3DQEBCwUAA4IBAQCkkpbnnY9qyGjTac1nTfRbkhFvv9iSPqbA
MMWRwnLjY4ndFQXHOA9lZsl8idiMMOeeBNXXY53OT8Sq38XuFK/wm9Lm8TpGthBq
KyiUCZFwwPEZI4oglKpEt2yqOqdd03QT8p0Azbz20ShfqOrbisFY06aGXyIMdeg0
MOvtjtz3Ny/B6uwsXeWEd7CQyhvyYDfsennCk+xyyEkZj3fl1Pq7b7Zz3rtXBFhK
pHTdPlU7pwiL7fa0yZPglUD747PpTp9KX5N6Ot5PO98uSrp1hx02drWPB8D9HndN
gtJ+1sYQPtBEB9YXv8tEAciHhlw3K/Oc7eZTVE71buezJ0pO2MxN
-----END CERTIFICATE-----