Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/ijWfv5FDZoOJVxEIffezGQJrhR0.roa
File:                     ijWfv5FDZoOJVxEIffezGQJrhR0.roa (raw, json)
Hash identifier:          zEEQyBwCgCA9r+zAOqpHAUGqUtdbLfczPPM/Bv/7v6A=
Subject key identifier:   8A:35:9F:BF:91:43:66:83:89:57:11:08:7D:F7:B3:19:02:6B:85:1D
Certificate issuer:       /CN=ed30a131718560a34ab3493884e858ec431f6ad1
Certificate serial:       019977F008DD0531B8B53E34DC211120D10C
Authority key identifier: ED:30:A1:31:71:85:60:A3:4A:B3:49:38:84:E8:58:EC:43:1F:6A:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/ijWfv5FDZoOJVxEIffezGQJrhR0.roa
Signing time:             Tue 23 Sep 2025 18:57:23 +0000
ROA not before:           Tue 23 Sep 2025 18:57:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62257
IP address blocks:        194.36.172.0/24 maxlen: 24
                          194.180.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:77:f0:08:dd:05:31:b8:b5:3e:34:dc:21:11:20:d1:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed30a131718560a34ab3493884e858ec431f6ad1
        Validity
            Not Before: Sep 23 18:57:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a359fbf91436683895711087df7b319026b851d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:27:18:34:d8:f2:2c:64:ce:f8:e9:8f:26:97:
                    c8:f6:f4:f2:e7:60:a1:6a:bb:d5:90:00:ba:8c:c9:
                    b8:ba:da:d1:e4:40:f3:b7:8f:ec:4a:10:b0:0b:b0:
                    21:f9:1f:c6:ed:c4:c3:cc:a1:07:40:fe:5c:55:00:
                    82:bc:5f:06:a2:6d:cb:34:30:6a:bb:8d:ab:4c:55:
                    c7:bf:99:1a:b6:3c:e2:5e:d3:8d:ab:8e:cb:f0:e7:
                    e6:db:72:62:e1:0e:5c:21:c4:15:7b:82:d7:28:ba:
                    5f:39:cb:cd:be:00:78:57:70:fd:52:90:33:93:1d:
                    4a:b9:5e:37:7e:e8:a5:7c:5d:45:3a:8e:fb:23:d4:
                    3c:56:2b:6b:f9:8d:04:3c:85:18:3e:ad:47:ef:f9:
                    4b:e4:72:f3:fa:ae:c1:f6:c3:5e:ca:aa:79:df:a8:
                    20:51:d1:4d:ed:ac:ca:86:f1:fd:89:6b:dc:a7:15:
                    62:fc:ef:1b:55:34:33:44:ca:15:7f:43:cd:96:00:
                    13:00:a4:90:a2:b2:b3:c1:62:71:3b:93:49:79:15:
                    cc:b9:17:20:31:eb:70:7e:32:5b:af:e0:8d:9a:a2:
                    fc:7c:bf:ad:07:61:63:5e:a3:bb:eb:b1:bd:fd:d1:
                    28:eb:ba:29:84:1a:db:43:d1:d8:ac:24:97:48:60:
                    29:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:35:9F:BF:91:43:66:83:89:57:11:08:7D:F7:B3:19:02:6B:85:1D
            X509v3 Authority Key Identifier:
                keyid:ED:30:A1:31:71:85:60:A3:4A:B3:49:38:84:E8:58:EC:43:1F:6A:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/ijWfv5FDZoOJVxEIffezGQJrhR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.172.0/24
                  194.180.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:a1:de:e1:15:be:70:a5:be:e8:03:1f:d7:17:dd:70:11:2d:
         3f:e4:7b:97:41:d0:90:53:e9:c7:d7:0b:40:6e:5c:c0:6a:de:
         66:95:cd:94:83:2e:e4:f7:a5:e7:a3:1a:43:58:97:bd:3f:c2:
         eb:e1:d5:dc:72:7f:bf:85:b3:a1:22:bc:8d:e3:07:8b:3f:a4:
         9d:b9:54:a6:b7:b1:06:fd:70:a6:d0:b1:0b:88:c9:f3:7c:a8:
         08:87:ef:c4:e9:0a:8f:b2:00:3f:9b:b7:61:02:c4:c6:5d:c3:
         49:6c:74:4d:b6:fe:8c:08:fe:f3:39:9e:f5:b9:9c:55:bf:f6:
         56:3a:3e:81:b8:5b:82:1e:7f:25:cb:f1:af:88:2f:d5:1a:b3:
         70:c3:2c:49:00:ab:f4:0b:b3:d3:e9:e3:db:29:2c:ae:b4:78:
         8d:74:80:1e:6f:0a:67:50:dc:09:67:f7:96:aa:e4:14:56:4c:
         62:29:da:96:d1:34:8f:76:1a:13:1e:74:3f:a0:42:2d:25:df:
         42:63:97:bc:98:30:5f:9e:87:86:b2:b0:b3:c5:17:4d:21:6a:
         55:68:05:84:28:79:00:b5:9e:b9:89:21:76:62:28:c1:cc:e4:
         64:ed:68:c1:68:0b:e5:c3:22:7e:d0:c5:b4:eb:c1:c2:b6:35:
         00:e0:99:03
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZl38AjdBTG4tT403CERINEMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkMzBhMTMxNzE4NTYwYTM0YWIzNDkzODg0ZTg1OGVjNDMx
ZjZhZDEwHhcNMjUwOTIzMTg1NzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTM1OWZiZjkxNDM2NjgzODk1NzExMDg3ZGY3YjMxOTAyNmI4NTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ycYNNjyLGTO+OmPJpfI9vTy52Ch
arvVkAC6jMm4utrR5EDzt4/sShCwC7Ah+R/G7cTDzKEHQP5cVQCCvF8Gom3LNDBq
u42rTFXHv5katjziXtONq47L8Ofm23Ji4Q5cIcQVe4LXKLpfOcvNvgB4V3D9UpAz
kx1KuV43fuilfF1FOo77I9Q8Vitr+Y0EPIUYPq1H7/lL5HLz+q7B9sNeyqp536gg
UdFN7azKhvH9iWvcpxVi/O8bVTQzRMoVf0PNlgATAKSQorKzwWJxO5NJeRXMuRcg
MetwfjJbr+CNmqL8fL+tB2FjXqO767G9/dEo67ophBrbQ9HYrCSXSGApbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIo1n7+RQ2aDiVcRCH33sxkCa4UdMB8GA1UdIwQY
MBaAFO0woTFxhWCjSrNJOIToWOxDH2rRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1RDaE1YR0ZZS05LczBrNGhPaFk3RU1mYXRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi81YjA3MDItMTZlNy00NjI3LWFlMTkt
NGIzYjFiNjNiNmFiLzEvaWpXZnY1RkRab09KVnhFSWZmZXpHUUpyaFIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi81YjA3MDItMTZlNy00NjI3LWFlMTktNGIzYjFiNjNiNmFi
LzEvN1RDaE1YR0ZZS05LczBrNGhPaFk3RU1mYXRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwiSsAwQA
wrTQMA0GCSqGSIb3DQEBCwUAA4IBAQABod7hFb5wpb7oAx/XF91wES0/5HuXQdCQ
U+nH1wtAblzAat5mlc2Ugy7k96XnoxpDWJe9P8Lr4dXccn+/hbOhIryN4weLP6Sd
uVSmt7EG/XCm0LELiMnzfKgIh+/E6QqPsgA/m7dhAsTGXcNJbHRNtv6MCP7zOZ71
uZxVv/ZWOj6BuFuCHn8ly/GviC/VGrNwwyxJAKv0C7PT6ePbKSyutHiNdIAebwpn
UNwJZ/eWquQUVkxiKdqW0TSPdhoTHnQ/oEItJd9CY5e8mDBfnoeGsrCzxRdNIWpV
aAWEKHkAtZ65iSF2YijBzORk7WjBaAvlwyJ+0MW068HCtjUA4JkD
-----END CERTIFICATE-----