Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/l7wmDiQ2CP6z8Rbic5rUgmloROs.roa
File:                     l7wmDiQ2CP6z8Rbic5rUgmloROs.roa (raw, json)
Hash identifier:          uviKdv+F+U3PzfJCNJsRELC1qdmpX8f0j07QkVDua3I=
Subject key identifier:   97:BC:26:0E:24:36:08:FE:B3:F1:16:E2:73:9A:D4:82:69:68:44:EB
Certificate issuer:       /CN=5813e26d71ac5b6a601156d90ce0dccec5986243
Certificate serial:       0199EE6A299FF419C14AFD4D8A731DECA74C
Authority key identifier: 58:13:E2:6D:71:AC:5B:6A:60:11:56:D9:0C:E0:DC:CE:C5:98:62:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WBPibXGsW2pgEVbZDODczsWYYkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/l7wmDiQ2CP6z8Rbic5rUgmloROs.roa
Signing time:             Thu 16 Oct 2025 19:05:58 +0000
ROA not before:           Thu 16 Oct 2025 19:05:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        185.224.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/WBPibXGsW2pgEVbZDODczsWYYkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/WBPibXGsW2pgEVbZDODczsWYYkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WBPibXGsW2pgEVbZDODczsWYYkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ee:6a:29:9f:f4:19:c1:4a:fd:4d:8a:73:1d:ec:a7:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5813e26d71ac5b6a601156d90ce0dccec5986243
        Validity
            Not Before: Oct 16 19:05:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97bc260e243608feb3f116e2739ad482696844eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:05:ee:99:2a:0e:95:d7:81:15:a9:f6:9e:e9:
                    c6:b0:df:fb:bc:7c:0e:e5:60:08:a3:a9:4e:80:36:
                    0c:e2:a7:9b:e1:2a:6c:ac:75:3e:25:8d:bb:d6:7e:
                    1c:7f:80:52:da:2a:b9:21:44:3c:3b:7a:90:02:08:
                    a6:2d:38:a2:19:ff:c9:75:61:91:41:d4:69:13:b3:
                    0e:76:05:06:88:65:54:f0:49:d8:5a:b4:75:6e:2e:
                    fa:18:ba:42:ba:13:78:fb:c7:03:64:b4:f4:fa:7e:
                    b6:36:a8:c9:21:d2:2d:e6:7b:6b:01:fe:d5:6a:24:
                    cf:15:c1:27:ad:b2:a9:b4:a6:a0:3f:ab:3b:ef:e1:
                    b6:20:cf:ba:5d:22:1e:68:0f:19:cd:cf:d6:55:c1:
                    9e:3b:a0:99:e3:21:6b:94:fa:ae:67:16:ad:0a:58:
                    bf:4b:76:a8:af:b6:bf:eb:a3:96:9e:23:31:59:65:
                    bc:da:34:02:73:cb:ac:62:d1:3e:6f:63:ab:20:3f:
                    e9:f9:e1:de:4c:4a:e3:05:eb:ad:10:ef:1d:61:81:
                    9d:1b:13:17:db:e5:89:d3:27:6b:87:d4:d4:7c:0e:
                    f8:19:0b:ee:98:d1:73:b3:4e:35:a6:a9:35:74:51:
                    45:bc:13:94:3b:12:9e:0b:57:8a:d5:7b:b2:f3:31:
                    b9:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:BC:26:0E:24:36:08:FE:B3:F1:16:E2:73:9A:D4:82:69:68:44:EB
            X509v3 Authority Key Identifier:
                keyid:58:13:E2:6D:71:AC:5B:6A:60:11:56:D9:0C:E0:DC:CE:C5:98:62:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WBPibXGsW2pgEVbZDODczsWYYkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/l7wmDiQ2CP6z8Rbic5rUgmloROs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/WBPibXGsW2pgEVbZDODczsWYYkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:2b:43:5d:e4:47:5e:62:07:7c:93:39:64:4f:88:e3:8e:3d:
         10:51:4e:56:56:25:99:76:f1:f2:c9:f8:9e:ad:db:88:34:b8:
         44:70:aa:32:cc:7c:49:7c:b9:e4:25:4d:b7:49:07:9c:96:83:
         70:8d:04:36:d8:53:e5:af:97:c7:d7:8d:7d:e7:8d:c7:eb:a7:
         b4:98:dc:1c:7d:ad:2e:06:7c:69:d1:fb:46:01:d2:4a:95:0e:
         46:9e:00:cd:fd:b4:19:c9:f3:97:d7:78:c1:2e:23:15:ee:af:
         2c:ad:6f:2a:7d:30:91:ec:4e:71:8b:2f:28:54:f9:a9:c1:b6:
         d6:58:2c:67:1d:5e:cb:3d:d2:ba:fd:78:6e:dd:68:06:c7:96:
         9f:fe:12:55:eb:ed:e1:6d:13:0f:5d:30:46:83:fd:2e:08:ce:
         a8:41:de:c3:93:c0:ea:cf:9d:df:96:7a:62:72:9d:69:1f:70:
         6f:9c:e3:d4:1e:53:65:a9:d3:37:b8:82:8f:99:63:8a:46:c8:
         e5:e2:da:2f:27:a2:ca:36:44:7d:a1:ec:54:7f:03:22:52:5f:
         66:0b:e0:b3:a4:c9:72:5d:88:e4:a1:43:8a:3c:b2:56:de:dd:
         50:47:68:02:e7:9d:9e:79:dc:49:d6:05:d8:2b:4f:36:1b:a2:
         01:f4:1c:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnuaimf9BnBSv1NinMd7KdMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MTNlMjZkNzFhYzViNmE2MDExNTZkOTBjZTBkY2NlYzU5
ODYyNDMwHhcNMjUxMDE2MTkwNTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2JjMjYwZTI0MzYwOGZlYjNmMTE2ZTI3MzlhZDQ4MjY5Njg0NGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAXumSoOldeBFan2nunGsN/7vHwO
5WAIo6lOgDYM4qeb4SpsrHU+JY271n4cf4BS2iq5IUQ8O3qQAgimLTiiGf/JdWGR
QdRpE7MOdgUGiGVU8EnYWrR1bi76GLpCuhN4+8cDZLT0+n62NqjJIdIt5ntrAf7V
aiTPFcEnrbKptKagP6s77+G2IM+6XSIeaA8Zzc/WVcGeO6CZ4yFrlPquZxatCli/
S3aor7a/66OWniMxWWW82jQCc8usYtE+b2OrID/p+eHeTErjBeutEO8dYYGdGxMX
2+WJ0ydrh9TUfA74GQvumNFzs041pqk1dFFFvBOUOxKeC1eK1Xuy8zG5RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJe8Jg4kNgj+s/EW4nOa1IJpaETrMB8GA1UdIwQY
MBaAFFgT4m1xrFtqYBFW2Qzg3M7FmGJDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0JQaWJYR3NXMnBnRVZiWkRPRGN6c1dZWWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi82NGFlMzEtZDFjOC00MDA0LWE3Nzgt
MDZkZjFkYzAzMzY3LzEvbDd3bURpUTJDUDZ6OFJiaWM1clVnbWxvUk9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi82NGFlMzEtZDFjOC00MDA0LWE3NzgtMDZkZjFkYzAzMzY3
LzEvV0JQaWJYR3NXMnBnRVZiWkRPRGN6c1dZWWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueACMA0G
CSqGSIb3DQEBCwUAA4IBAQDGK0Nd5EdeYgd8kzlkT4jjjj0QUU5WViWZdvHyyfie
rduINLhEcKoyzHxJfLnkJU23SQecloNwjQQ22FPlr5fH1419543H66e0mNwcfa0u
Bnxp0ftGAdJKlQ5GngDN/bQZyfOX13jBLiMV7q8srW8qfTCR7E5xiy8oVPmpwbbW
WCxnHV7LPdK6/Xhu3WgGx5af/hJV6+3hbRMPXTBGg/0uCM6oQd7Dk8Dqz53flnpi
cp1pH3BvnOPUHlNlqdM3uIKPmWOKRsjl4tovJ6LKNkR9oexUfwMiUl9mC+CzpMly
XYjkoUOKPLJW3t1QR2gC552eedxJ1gXYK082G6IB9BzB
-----END CERTIFICATE-----