Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/Y202gT9Jqy8iAdNt-19QysSVvqg.roa
File:                     Y202gT9Jqy8iAdNt-19QysSVvqg.roa (raw, json)
Hash identifier:          xiLKkaHcZefVoBcsFuyXKuKiRKZdYLgydHNRy1Epp28=
Subject key identifier:   63:6D:36:81:3F:49:AB:2F:22:01:D3:6D:FB:5F:50:CA:C4:95:BE:A8
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0198ADD91F1B61DFDA28E68B2A2E64436151
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/Y202gT9Jqy8iAdNt-19QysSVvqg.roa
Signing time:             Fri 15 Aug 2025 13:09:04 +0000
ROA not before:           Fri 15 Aug 2025 13:09:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205475
IP address blocks:        89.251.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 11:02:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ad:d9:1f:1b:61:df:da:28:e6:8b:2a:2e:64:43:61:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Aug 15 13:09:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=636d36813f49ab2f2201d36dfb5f50cac495bea8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:46:9e:85:d5:05:13:a1:41:9f:e1:7f:31:80:
                    70:ef:ac:30:7b:d4:1f:62:15:bb:9e:e2:b5:29:e0:
                    14:ec:92:1c:f5:f7:3f:e6:dd:68:31:08:1a:34:04:
                    c4:47:37:fc:d1:1b:98:a9:c2:90:e0:be:67:66:57:
                    07:9e:be:70:1a:13:ea:38:f1:51:b4:04:01:23:ee:
                    3b:f1:76:8e:3a:06:e5:18:2b:01:7b:e0:9f:06:3b:
                    aa:0a:6f:70:8d:08:b3:a0:02:c8:e7:aa:dd:72:be:
                    e2:ac:72:cc:28:63:b5:0f:5a:78:bb:63:d6:0b:b3:
                    7b:26:82:62:ef:9b:d4:ba:ae:09:a3:ee:9d:4c:4a:
                    df:da:ea:f3:08:86:4b:1c:99:b6:d2:e0:85:08:78:
                    bc:0e:90:b6:e3:e1:67:91:b8:2e:33:64:bd:74:e8:
                    0e:cc:05:57:ee:0e:06:6f:bc:39:b4:ef:45:27:30:
                    77:db:f7:8b:2e:27:85:a9:57:29:2b:03:ac:11:73:
                    7d:f7:df:5c:19:ff:eb:d5:1e:a0:30:2f:f3:e4:71:
                    b9:c5:5d:d1:7e:c8:6f:96:ac:95:ad:fd:46:31:56:
                    0d:6b:a3:f1:c0:40:68:ec:59:a5:80:6b:3d:35:75:
                    80:dd:96:52:11:bb:20:08:8f:b3:cd:f1:1e:4a:82:
                    cb:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:6D:36:81:3F:49:AB:2F:22:01:D3:6D:FB:5F:50:CA:C4:95:BE:A8
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/Y202gT9Jqy8iAdNt-19QysSVvqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:ad:ab:da:b8:02:e4:f1:07:c7:96:93:82:b9:6d:a3:2f:51:
         48:3c:fd:a6:77:50:84:57:f8:ba:7c:42:40:48:ce:7e:23:d6:
         46:f6:4e:17:aa:6d:1c:7f:65:58:e9:06:bf:e5:32:64:e2:cf:
         97:42:3c:64:7c:25:d8:62:0f:98:c1:d2:e0:a8:ab:9a:96:8a:
         12:f2:c6:64:3e:94:13:65:9b:94:cb:c8:f6:77:6d:45:b8:ec:
         b8:77:ca:62:7e:e8:22:64:08:63:78:46:3d:c5:ca:29:d0:27:
         8d:06:b3:3a:4b:9f:b9:2f:7f:f5:7d:0b:cc:08:85:b4:59:e8:
         5a:96:ff:90:5d:ab:cc:87:b6:74:d9:5c:ff:cd:f3:fe:72:5d:
         c2:22:3e:f6:0b:bc:6f:a8:05:c3:85:ef:23:11:f6:ae:24:18:
         b2:fa:97:09:7d:f4:64:69:b9:9d:5b:48:2c:bc:0c:b6:5e:e1:
         1c:bd:51:bd:3f:de:ca:bf:80:54:7b:0e:83:a5:07:27:28:58:
         43:e0:56:3a:2e:f7:96:0b:11:91:5a:25:50:c5:a6:b8:2b:76:
         e0:85:8e:95:fc:6b:4a:45:95:1e:80:b3:c2:34:1e:54:5a:63:
         7e:61:a5:13:62:23:96:b7:7a:42:82:ce:c3:53:e6:3d:c9:85:
         b7:52:3c:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZit2R8bYd/aKOaLKi5kQ2FRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwODE1MTMwOTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzZkMzY4MTNmNDlhYjJmMjIwMWQzNmRmYjVmNTBjYWM0OTViZWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4UaehdUFE6FBn+F/MYBw76wwe9Qf
YhW7nuK1KeAU7JIc9fc/5t1oMQgaNATERzf80RuYqcKQ4L5nZlcHnr5wGhPqOPFR
tAQBI+478XaOOgblGCsBe+CfBjuqCm9wjQizoALI56rdcr7irHLMKGO1D1p4u2PW
C7N7JoJi75vUuq4Jo+6dTErf2urzCIZLHJm20uCFCHi8DpC24+FnkbguM2S9dOgO
zAVX7g4Gb7w5tO9FJzB32/eLLieFqVcpKwOsEXN9999cGf/r1R6gMC/z5HG5xV3R
fshvlqyVrf1GMVYNa6PxwEBo7FmlgGs9NXWA3ZZSEbsgCI+zzfEeSoLLVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGNtNoE/SasvIgHTbftfUMrElb6oMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvWTIwMmdUOUpxeThpQWROdC0xOVF5c1NWdnFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfsSMA0G
CSqGSIb3DQEBCwUAA4IBAQAyravauALk8QfHlpOCuW2jL1FIPP2md1CEV/i6fEJA
SM5+I9ZG9k4Xqm0cf2VY6Qa/5TJk4s+XQjxkfCXYYg+YwdLgqKualooS8sZkPpQT
ZZuUy8j2d21FuOy4d8pifugiZAhjeEY9xcop0CeNBrM6S5+5L3/1fQvMCIW0Weha
lv+QXavMh7Z02Vz/zfP+cl3CIj72C7xvqAXDhe8jEfauJBiy+pcJffRkabmdW0gs
vAy2XuEcvVG9P97Kv4BUew6DpQcnKFhD4FY6LveWCxGRWiVQxaa4K3bghY6V/GtK
RZUegLPCNB5UWmN+YaUTYiOWt3pCgs7DU+Y9yYW3Ujyn
-----END CERTIFICATE-----