Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/228efe-ff30-4328-a915-0f3b6f96990b/1/mF0VnTUC-VE7tOehsB99pmMnMp4.roa
File:                     mF0VnTUC-VE7tOehsB99pmMnMp4.roa (raw, json)
Hash identifier:          qBC6VjnyODjzw3i+7pIjQeMUTdYeihdx4axoA9L+eAk=
Subject key identifier:   98:5D:15:9D:35:02:F9:51:3B:B4:E7:A1:B0:1F:7D:A6:63:27:32:9E
Certificate issuer:       /CN=e8159b68ce41368a99fe1079ec54c36c9bb1bf94
Certificate serial:       0198A833CFE12CB65273CB263C735ABB2161
Authority key identifier: E8:15:9B:68:CE:41:36:8A:99:FE:10:79:EC:54:C3:6C:9B:B1:BF:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6BWbaM5BNoqZ_hB57FTDbJuxv5Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/228efe-ff30-4328-a915-0f3b6f96990b/1/mF0VnTUC-VE7tOehsB99pmMnMp4.roa
Signing time:             Thu 14 Aug 2025 10:50:24 +0000
ROA not before:           Thu 14 Aug 2025 10:50:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56786
IP address blocks:        185.250.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/228efe-ff30-4328-a915-0f3b6f96990b/1/6BWbaM5BNoqZ_hB57FTDbJuxv5Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/228efe-ff30-4328-a915-0f3b6f96990b/1/6BWbaM5BNoqZ_hB57FTDbJuxv5Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6BWbaM5BNoqZ_hB57FTDbJuxv5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 10:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a8:33:cf:e1:2c:b6:52:73:cb:26:3c:73:5a:bb:21:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8159b68ce41368a99fe1079ec54c36c9bb1bf94
        Validity
            Not Before: Aug 14 10:50:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=985d159d3502f9513bb4e7a1b01f7da66327329e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:f0:55:fd:37:0a:32:00:bc:10:9b:33:44:f2:
                    43:a0:28:bd:33:3b:2f:10:bd:9c:03:7a:33:51:bb:
                    7c:32:30:93:7c:0e:f1:ea:7e:3f:fd:a1:86:e1:bc:
                    65:3a:9e:21:32:a8:66:e9:e7:40:22:1f:51:68:61:
                    e0:ec:3c:9a:ed:b6:fc:69:1a:c5:b0:30:9d:95:57:
                    a6:12:13:aa:ec:b2:d2:87:7f:86:b2:1c:05:88:90:
                    de:fa:98:2d:6f:37:77:16:aa:d2:2e:ba:42:99:a0:
                    cf:87:97:bb:b9:af:1f:b9:0f:47:83:8c:76:79:30:
                    26:c6:8e:e9:c9:12:9c:6b:92:2d:2f:30:59:8f:20:
                    a6:4c:0f:d4:43:c4:34:bf:38:a7:84:95:97:84:a2:
                    93:54:69:3f:2d:b3:7b:15:9a:34:eb:16:49:33:c5:
                    49:d6:bd:64:20:3b:e4:6e:54:d3:2d:1d:29:f2:bf:
                    87:da:8f:eb:b4:10:86:76:23:c1:1a:a1:0c:57:72:
                    78:34:98:f1:3b:9c:5e:d5:28:d1:17:4a:ab:43:65:
                    06:72:6d:a4:f7:da:4f:de:24:9f:b5:c2:ee:02:39:
                    97:cb:a2:18:19:a3:f7:a2:67:dd:78:15:13:13:06:
                    38:66:60:62:2d:8c:49:54:b9:62:5b:54:c1:64:25:
                    e9:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:5D:15:9D:35:02:F9:51:3B:B4:E7:A1:B0:1F:7D:A6:63:27:32:9E
            X509v3 Authority Key Identifier:
                keyid:E8:15:9B:68:CE:41:36:8A:99:FE:10:79:EC:54:C3:6C:9B:B1:BF:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6BWbaM5BNoqZ_hB57FTDbJuxv5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/228efe-ff30-4328-a915-0f3b6f96990b/1/mF0VnTUC-VE7tOehsB99pmMnMp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/228efe-ff30-4328-a915-0f3b6f96990b/1/6BWbaM5BNoqZ_hB57FTDbJuxv5Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:89:65:1e:77:85:48:e3:aa:30:bc:82:f5:3c:57:37:42:a4:
         b8:18:b9:74:ea:37:3c:e6:1f:f3:4f:0b:ff:10:4b:31:08:a0:
         3a:85:7f:10:57:cb:0b:93:0b:69:8a:0f:bf:f6:2b:13:0d:db:
         75:02:65:ab:6a:01:4a:98:e7:05:fc:51:76:ab:57:78:5c:cd:
         ea:56:e0:3f:e6:09:bc:b5:b0:31:d4:52:a4:0d:49:12:b0:27:
         46:37:c8:dd:30:56:3e:20:3f:2c:94:89:89:38:ca:3a:6d:b5:
         47:75:0a:c8:63:31:de:a6:e1:a4:e0:af:a6:4c:ec:00:99:93:
         f9:8d:01:ed:65:ca:81:78:fd:5a:60:6c:e5:ea:3a:0a:fe:f7:
         63:f6:46:da:0d:d8:d2:28:91:16:b4:bd:3f:37:75:64:9f:46:
         dc:57:9a:d0:55:d7:6c:61:4a:e7:33:1e:5b:cf:2d:59:d6:51:
         7e:a7:3b:9a:24:93:ff:7e:06:bb:01:9f:16:7d:b6:21:c8:ec:
         5f:e3:7d:92:c4:06:b3:50:3a:d4:9f:50:86:f7:a6:64:a8:8d:
         97:ea:a0:9b:67:a5:87:9f:b4:c7:86:52:70:5f:59:3e:d6:44:
         aa:f8:7c:6f:46:33:00:86:23:7f:60:9e:23:8c:ad:80:e9:f0:
         33:fe:f3:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZioM8/hLLZSc8smPHNauyFhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MTU5YjY4Y2U0MTM2OGE5OWZlMTA3OWVjNTRjMzZjOWJi
MWJmOTQwHhcNMjUwODE0MTA1MDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODVkMTU5ZDM1MDJmOTUxM2JiNGU3YTFiMDFmN2RhNjYzMjczMjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6fBV/TcKMgC8EJszRPJDoCi9Mzsv
EL2cA3ozUbt8MjCTfA7x6n4//aGG4bxlOp4hMqhm6edAIh9RaGHg7Dya7bb8aRrF
sDCdlVemEhOq7LLSh3+GshwFiJDe+pgtbzd3FqrSLrpCmaDPh5e7ua8fuQ9Hg4x2
eTAmxo7pyRKca5ItLzBZjyCmTA/UQ8Q0vzinhJWXhKKTVGk/LbN7FZo06xZJM8VJ
1r1kIDvkblTTLR0p8r+H2o/rtBCGdiPBGqEMV3J4NJjxO5xe1SjRF0qrQ2UGcm2k
99pP3iSftcLuAjmXy6IYGaP3omfdeBUTEwY4ZmBiLYxJVLliW1TBZCXpEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJhdFZ01AvlRO7TnobAffaZjJzKeMB8GA1UdIwQY
MBaAFOgVm2jOQTaKmf4QeexUw2ybsb+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkJXYmFNNUJOb3FaX2hCNTdGVERiSnV4djVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8yMjhlZmUtZmYzMC00MzI4LWE5MTUt
MGYzYjZmOTY5OTBiLzEvbUYwVm5UVUMtVkU3dE9laHNCOTlwbU1uTXA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8yMjhlZmUtZmYzMC00MzI4LWE5MTUtMGYzYjZmOTY5OTBi
LzEvNkJXYmFNNUJOb3FaX2hCNTdGVERiSnV4djVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufpAMA0G
CSqGSIb3DQEBCwUAA4IBAQCtiWUed4VI46owvIL1PFc3QqS4GLl06jc85h/zTwv/
EEsxCKA6hX8QV8sLkwtpig+/9isTDdt1AmWragFKmOcF/FF2q1d4XM3qVuA/5gm8
tbAx1FKkDUkSsCdGN8jdMFY+ID8slImJOMo6bbVHdQrIYzHepuGk4K+mTOwAmZP5
jQHtZcqBeP1aYGzl6joK/vdj9kbaDdjSKJEWtL0/N3Vkn0bcV5rQVddsYUrnMx5b
zy1Z1lF+pzuaJJP/fga7AZ8WfbYhyOxf432SxAazUDrUn1CG96ZkqI2X6qCbZ6WH
n7THhlJwX1k+1kSq+HxvRjMAhiN/YJ4jjK2A6fAz/vMV
-----END CERTIFICATE-----