Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/tW9IFrprtjHgSmO1yq_ovXKLygM.roa
File:                     tW9IFrprtjHgSmO1yq_ovXKLygM.roa (raw, json)
Hash identifier:          cUYJx2WeqQgX3iPrT/0TOqbvPPoUtMmCsb4eRH/r/A0=
Subject key identifier:   B5:6F:48:16:BA:6B:B6:31:E0:4A:63:B5:CA:AF:E8:BD:72:8B:CA:03
Certificate issuer:       /CN=ed30a131718560a34ab3493884e858ec431f6ad1
Certificate serial:       019977F0094FF2F407C53FA140D85DBC47F6
Authority key identifier: ED:30:A1:31:71:85:60:A3:4A:B3:49:38:84:E8:58:EC:43:1F:6A:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/tW9IFrprtjHgSmO1yq_ovXKLygM.roa
Signing time:             Tue 23 Sep 2025 18:57:23 +0000
ROA not before:           Tue 23 Sep 2025 18:57:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     141718
IP address blocks:        185.217.39.0/24 maxlen: 24
                          194.147.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 16:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:77:f0:09:4f:f2:f4:07:c5:3f:a1:40:d8:5d:bc:47:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed30a131718560a34ab3493884e858ec431f6ad1
        Validity
            Not Before: Sep 23 18:57:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b56f4816ba6bb631e04a63b5caafe8bd728bca03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d3:2f:a0:e7:81:4b:cb:f6:5a:08:95:b9:ad:
                    fb:f8:00:88:be:e0:69:64:f7:0e:95:c2:97:30:99:
                    2c:47:d2:65:39:58:35:8f:3f:02:c9:78:45:f1:cf:
                    fd:80:2c:d0:cb:ab:02:e5:aa:86:1e:54:21:bb:42:
                    c9:a0:6d:fa:bb:10:a1:ed:e8:f7:c9:d2:51:67:21:
                    dc:c4:ab:9b:e6:c7:0e:bc:6b:09:b3:ce:cc:c6:5a:
                    c3:5b:28:75:ea:86:6f:bf:8c:1f:c1:7c:96:b6:3f:
                    cd:d7:df:db:33:1b:fc:87:b5:6d:48:33:f3:ce:04:
                    e2:39:1e:33:16:e3:5f:c0:c4:6e:c8:e1:08:24:49:
                    96:76:dc:56:a1:cc:2b:dd:90:bc:f7:79:b5:3b:3f:
                    ef:e6:be:32:df:6e:1b:a4:35:0e:be:dd:24:02:ec:
                    60:cc:87:3a:2f:39:81:62:26:71:56:0d:25:85:82:
                    88:bc:d5:bd:e2:df:56:04:a5:22:07:23:c4:33:9d:
                    70:2e:c4:28:c9:49:79:c5:54:5c:49:28:57:eb:01:
                    30:84:fa:5d:29:88:19:c8:94:8a:b0:b5:7f:28:6f:
                    3b:7b:0c:4a:0b:e4:49:af:e1:c9:b0:e9:a9:7b:b4:
                    d6:3d:f9:84:a1:d0:a4:30:ef:24:8e:25:78:93:82:
                    d8:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:6F:48:16:BA:6B:B6:31:E0:4A:63:B5:CA:AF:E8:BD:72:8B:CA:03
            X509v3 Authority Key Identifier:
                keyid:ED:30:A1:31:71:85:60:A3:4A:B3:49:38:84:E8:58:EC:43:1F:6A:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/tW9IFrprtjHgSmO1yq_ovXKLygM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.39.0/24
                  194.147.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:e3:b6:10:d2:da:f4:04:98:bb:ac:29:91:53:a2:d8:cf:76:
         f5:ea:e8:3f:f6:47:ad:a4:b5:66:8b:b5:ab:fa:99:c4:47:c5:
         07:11:6b:92:40:a7:0d:e2:13:13:2d:7f:e7:9f:9b:c0:06:36:
         84:63:7a:42:3a:f5:b6:52:b0:2e:d7:0f:b1:cc:b7:7e:d2:80:
         e5:c8:c4:71:77:c2:b0:c5:d2:04:c8:59:6a:f4:b6:97:75:76:
         70:72:95:d9:a7:2b:0b:d1:00:79:ce:40:9e:f7:46:d7:ba:e0:
         3a:ce:62:dc:97:92:60:45:ab:e2:1c:7b:5f:f5:d6:f4:e9:56:
         56:b5:ce:99:ab:07:43:74:4f:29:a2:69:e0:1f:96:a9:35:32:
         73:81:0b:6f:fd:6b:da:eb:be:39:33:e6:64:d3:fd:d4:36:90:
         6a:b5:3c:1f:b9:69:0e:78:e1:c0:e6:d1:1b:fe:7c:10:b9:d9:
         4b:53:64:8b:47:81:d0:aa:d1:5f:83:79:45:74:e4:b3:73:b8:
         d3:2f:92:3c:11:a1:67:18:c2:34:fd:1a:1e:b0:75:46:96:6f:
         90:78:68:50:22:27:52:7d:1a:6a:f5:f1:fd:83:70:6a:a1:42:
         82:df:96:92:da:ee:64:b3:64:08:7c:e4:15:bc:3e:32:79:60:
         98:56:40:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZl38AlP8vQHxT+hQNhdvEf2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkMzBhMTMxNzE4NTYwYTM0YWIzNDkzODg0ZTg1OGVjNDMx
ZjZhZDEwHhcNMjUwOTIzMTg1NzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTZmNDgxNmJhNmJiNjMxZTA0YTYzYjVjYWFmZThiZDcyOGJjYTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNMvoOeBS8v2WgiVua37+ACIvuBp
ZPcOlcKXMJksR9JlOVg1jz8CyXhF8c/9gCzQy6sC5aqGHlQhu0LJoG36uxCh7ej3
ydJRZyHcxKub5scOvGsJs87MxlrDWyh16oZvv4wfwXyWtj/N19/bMxv8h7VtSDPz
zgTiOR4zFuNfwMRuyOEIJEmWdtxWocwr3ZC893m1Oz/v5r4y324bpDUOvt0kAuxg
zIc6LzmBYiZxVg0lhYKIvNW94t9WBKUiByPEM51wLsQoyUl5xVRcSShX6wEwhPpd
KYgZyJSKsLV/KG87ewxKC+RJr+HJsOmpe7TWPfmEodCkMO8kjiV4k4LY6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLVvSBa6a7Yx4Epjtcqv6L1yi8oDMB8GA1UdIwQY
MBaAFO0woTFxhWCjSrNJOIToWOxDH2rRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1RDaE1YR0ZZS05LczBrNGhPaFk3RU1mYXRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi81YjA3MDItMTZlNy00NjI3LWFlMTkt
NGIzYjFiNjNiNmFiLzEvdFc5SUZycHJ0akhnU21PMXlxX292WEtMeWdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi81YjA3MDItMTZlNy00NjI3LWFlMTktNGIzYjFiNjNiNmFi
LzEvN1RDaE1YR0ZZS05LczBrNGhPaFk3RU1mYXRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAudknAwQA
wpOWMA0GCSqGSIb3DQEBCwUAA4IBAQAr47YQ0tr0BJi7rCmRU6LYz3b16ug/9ket
pLVmi7Wr+pnER8UHEWuSQKcN4hMTLX/nn5vABjaEY3pCOvW2UrAu1w+xzLd+0oDl
yMRxd8KwxdIEyFlq9LaXdXZwcpXZpysL0QB5zkCe90bXuuA6zmLcl5JgRaviHHtf
9db06VZWtc6ZqwdDdE8pomngH5apNTJzgQtv/Wva6745M+Zk0/3UNpBqtTwfuWkO
eOHA5tEb/nwQudlLU2SLR4HQqtFfg3lFdOSzc7jTL5I8EaFnGMI0/RoesHVGlm+Q
eGhQIidSfRpq9fH9g3BqoUKC35aS2u5ks2QIfOQVvD4yeWCYVkDL
-----END CERTIFICATE-----