Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/yA3UMDG2NorD0yXtnnE6FrjVIhg.roa
File:                     yA3UMDG2NorD0yXtnnE6FrjVIhg.roa (raw, json)
Hash identifier:          JySOvmeafpb1h5Z9vGr3Dw7i3K7yP3Q/urfaVB0miMw=
Subject key identifier:   C8:0D:D4:30:31:B6:36:8A:C3:D3:25:ED:9E:71:3A:16:B8:D5:22:18
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       0199BFB07B143862AA890375EED5ACB1A15F
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/yA3UMDG2NorD0yXtnnE6FrjVIhg.roa
Signing time:             Tue 07 Oct 2025 17:20:38 +0000
ROA not before:           Tue 07 Oct 2025 17:20:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42831
IP address blocks:        185.83.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:bf:b0:7b:14:38:62:aa:89:03:75:ee:d5:ac:b1:a1:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Oct  7 17:20:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c80dd43031b6368ac3d325ed9e713a16b8d52218
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ab:53:63:eb:04:24:09:6e:ef:e9:f5:35:80:
                    2c:19:51:9e:7e:08:97:3a:2c:ff:76:20:57:04:87:
                    bb:e8:e8:cb:48:9c:3e:2d:a2:bd:df:f3:39:9a:55:
                    38:e7:82:90:b1:08:30:4f:e0:e9:32:32:56:23:09:
                    f9:9a:ac:4c:75:25:69:55:06:08:15:16:f0:b9:d0:
                    f7:05:05:5e:58:2b:b6:9e:42:22:85:95:7d:8a:63:
                    a2:4c:5c:db:44:cf:fa:b9:67:74:9d:00:27:7a:fc:
                    a0:f6:e7:71:c0:53:b3:bf:d5:0c:d3:01:84:fd:27:
                    fa:1a:c7:dc:d1:75:1e:37:52:05:37:ae:e0:e4:98:
                    65:36:c0:ce:d8:96:d6:da:cb:38:4d:78:55:c5:5b:
                    6b:60:54:8c:f1:c9:b5:9a:d7:3f:40:b9:46:f6:b9:
                    e6:4e:76:92:82:19:86:ff:32:1f:99:b7:7b:c7:26:
                    d2:b7:96:05:94:ae:56:da:0a:f6:29:2a:f3:a0:47:
                    88:9e:cc:8a:e7:7a:7f:60:99:6e:70:ce:e0:54:ce:
                    ae:1a:ff:f9:c0:5c:22:dd:c0:64:8c:47:d4:b7:74:
                    9c:3c:c7:c6:bf:1e:a2:a1:89:ee:1c:d5:84:ea:fa:
                    57:31:e0:1d:ac:74:26:e7:4f:54:80:b9:20:b4:fe:
                    dd:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:0D:D4:30:31:B6:36:8A:C3:D3:25:ED:9E:71:3A:16:B8:D5:22:18
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/yA3UMDG2NorD0yXtnnE6FrjVIhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:35:02:c7:a9:da:95:10:2b:7d:32:e8:37:0b:17:2f:0f:2d:
         ff:b5:04:18:81:cf:7f:04:ce:d6:72:90:4c:13:af:a0:70:c5:
         20:b3:e0:e0:f1:e6:ce:bd:6a:98:92:aa:37:4e:ad:c3:5d:69:
         77:5c:84:54:ee:09:09:5d:ba:a1:99:0b:84:be:1b:4a:85:bf:
         a7:30:c4:b4:a8:5c:40:5b:98:3d:7a:81:93:f9:47:26:a9:34:
         8c:25:ec:a2:4a:33:89:af:b0:9b:a7:5b:cf:fb:11:00:48:ae:
         19:d0:4e:ff:d6:bd:12:b1:04:2e:40:67:00:25:ea:20:a6:41:
         db:e2:5c:c8:85:0c:cf:32:16:e4:e1:1c:21:16:72:b5:a2:c6:
         ef:23:e9:1a:fe:f3:45:c5:fc:5d:71:2c:a0:a4:07:06:ca:fe:
         09:d9:c8:a4:73:a8:35:d9:a5:a0:a3:a6:18:f7:4f:b0:9a:8e:
         ff:02:1b:54:9a:32:90:5d:36:84:5a:15:4f:58:83:75:09:b7:
         76:0b:45:04:b8:39:00:33:53:50:b5:e2:9c:f2:a0:ef:1f:b5:
         62:f5:de:e5:6d:b0:9a:a2:7e:ca:aa:6c:b5:f2:ad:63:84:8e:
         e3:00:7a:39:9e:de:ae:6b:34:c0:b5:77:64:48:f9:67:ca:8a:
         c8:ed:0b:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm/sHsUOGKqiQN17tWssaFfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUxMDA3MTcyMDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODBkZDQzMDMxYjYzNjhhYzNkMzI1ZWQ5ZTcxM2ExNmI4ZDUyMjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwatTY+sEJAlu7+n1NYAsGVGefgiX
Oiz/diBXBIe76OjLSJw+LaK93/M5mlU454KQsQgwT+DpMjJWIwn5mqxMdSVpVQYI
FRbwudD3BQVeWCu2nkIihZV9imOiTFzbRM/6uWd0nQAnevyg9udxwFOzv9UM0wGE
/Sf6Gsfc0XUeN1IFN67g5JhlNsDO2JbW2ss4TXhVxVtrYFSM8cm1mtc/QLlG9rnm
TnaSghmG/zIfmbd7xybSt5YFlK5W2gr2KSrzoEeInsyK53p/YJlucM7gVM6uGv/5
wFwi3cBkjEfUt3ScPMfGvx6ioYnuHNWE6vpXMeAdrHQm509UgLkgtP7dBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMgN1DAxtjaKw9Ml7Z5xOha41SIYMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEveUEzVU1ERzJOb3JEMHlYdG5uRTZGcmpWSWhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVPLMA0G
CSqGSIb3DQEBCwUAA4IBAQATNQLHqdqVECt9Mug3CxcvDy3/tQQYgc9/BM7WcpBM
E6+gcMUgs+Dg8ebOvWqYkqo3Tq3DXWl3XIRU7gkJXbqhmQuEvhtKhb+nMMS0qFxA
W5g9eoGT+UcmqTSMJeyiSjOJr7Cbp1vP+xEASK4Z0E7/1r0SsQQuQGcAJeogpkHb
4lzIhQzPMhbk4RwhFnK1osbvI+ka/vNFxfxdcSygpAcGyv4J2cikc6g12aWgo6YY
90+wmo7/AhtUmjKQXTaEWhVPWIN1Cbd2C0UEuDkAM1NQteKc8qDvH7Vi9d7lbbCa
on7Kqmy18q1jhI7jAHo5nt6uazTAtXdkSPlnyorI7Qud
-----END CERTIFICATE-----