Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/a70a84-f552-4354-a104-0e1db98ad231/1/kDFFmEHOxxsPr1PqT9Wra3pOapo.roa
File:                     kDFFmEHOxxsPr1PqT9Wra3pOapo.roa (raw, json)
Hash identifier:          PtmDDx7DD6q5hVM880BXHYOoqWKL19qOEEf16G0FZlQ=
Subject key identifier:   90:31:45:98:41:CE:C7:1B:0F:AF:53:EA:4F:D5:AB:6B:7A:4E:6A:9A
Certificate issuer:       /CN=5e1d4060fd501ebae93ed44da6b7a79e66705b2f
Certificate serial:       0199AC6BF6806E4BD396AB972AA0B2C5C55C
Authority key identifier: 5E:1D:40:60:FD:50:1E:BA:E9:3E:D4:4D:A6:B7:A7:9E:66:70:5B:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xh1AYP1QHrrpPtRNprennmZwWy8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/a70a84-f552-4354-a104-0e1db98ad231/1/kDFFmEHOxxsPr1PqT9Wra3pOapo.roa
Signing time:             Fri 03 Oct 2025 23:33:00 +0000
ROA not before:           Fri 03 Oct 2025 23:33:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204570
IP address blocks:        185.246.148.0/22 maxlen: 22
                          2a0d:8680::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/a70a84-f552-4354-a104-0e1db98ad231/1/Xh1AYP1QHrrpPtRNprennmZwWy8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/a70a84-f552-4354-a104-0e1db98ad231/1/Xh1AYP1QHrrpPtRNprennmZwWy8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xh1AYP1QHrrpPtRNprennmZwWy8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ac:6b:f6:80:6e:4b:d3:96:ab:97:2a:a0:b2:c5:c5:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e1d4060fd501ebae93ed44da6b7a79e66705b2f
        Validity
            Not Before: Oct  3 23:33:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9031459841cec71b0faf53ea4fd5ab6b7a4e6a9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:ad:0a:0a:64:6a:7d:49:7a:3b:9c:c0:ed:02:
                    80:15:5b:ff:c1:b5:ef:5d:b7:18:c9:6a:97:7b:a7:
                    75:4b:72:4d:5d:84:67:c1:fe:9c:e6:9f:9e:d4:7a:
                    b1:43:b8:b8:d8:73:3f:76:2b:44:53:f2:4c:7d:eb:
                    19:20:26:ee:0b:ac:ce:78:04:57:3c:da:59:91:0f:
                    5d:d4:ab:8a:f5:51:89:58:ab:2a:e0:6d:e3:09:11:
                    34:ed:94:e3:2f:d7:c2:73:b5:c7:f9:66:8f:78:ad:
                    84:25:8f:97:45:c7:09:1c:ca:14:1b:ba:93:db:98:
                    cf:f5:b6:22:34:50:ec:f3:98:5d:fe:ba:8c:2d:f9:
                    e2:21:b2:5a:5d:85:8f:14:fc:2c:97:7d:d6:97:a7:
                    91:8d:d7:b6:f3:f9:4d:99:da:66:02:76:78:cc:c7:
                    c1:16:83:ed:1a:5c:27:41:92:2d:d7:c0:b8:d5:60:
                    be:22:9f:34:73:6f:8e:d6:6b:9f:3d:79:d6:d4:5d:
                    29:4c:b5:88:17:be:52:ba:00:51:fc:e3:2d:f4:cc:
                    f4:19:d5:45:45:e4:a1:d2:54:95:95:0d:52:a8:62:
                    48:ab:85:da:90:80:16:e1:a6:d5:5d:fd:7a:52:b6:
                    30:04:4a:f1:4b:ae:52:b9:67:47:78:3a:f7:e4:e0:
                    98:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:31:45:98:41:CE:C7:1B:0F:AF:53:EA:4F:D5:AB:6B:7A:4E:6A:9A
            X509v3 Authority Key Identifier:
                keyid:5E:1D:40:60:FD:50:1E:BA:E9:3E:D4:4D:A6:B7:A7:9E:66:70:5B:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xh1AYP1QHrrpPtRNprennmZwWy8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/a70a84-f552-4354-a104-0e1db98ad231/1/kDFFmEHOxxsPr1PqT9Wra3pOapo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/a70a84-f552-4354-a104-0e1db98ad231/1/Xh1AYP1QHrrpPtRNprennmZwWy8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.246.148.0/22
                IPv6:
                  2a0d:8680::/32

    Signature Algorithm: sha256WithRSAEncryption
         89:78:76:80:60:5e:2a:06:d4:9f:f1:03:35:70:3d:65:1b:4b:
         92:a2:22:b2:7c:a2:6d:b3:30:94:7c:9e:6b:b2:c2:c9:49:5d:
         89:a5:d3:24:3f:9f:27:7e:0f:fa:13:45:c5:92:60:e5:6b:48:
         45:79:85:9e:09:18:91:54:7f:49:fe:0c:fb:7a:ba:db:1f:dd:
         91:5b:49:ce:ec:71:45:3e:f8:83:1b:7d:fa:67:fa:19:78:3c:
         ea:e5:a2:c8:6a:15:89:1d:08:c6:3a:56:bc:b1:eb:07:54:5f:
         67:30:0f:09:99:bb:07:f7:2f:fd:e0:b8:ad:bd:be:3c:8f:f2:
         3f:b0:f3:97:29:9e:94:9f:d2:58:c8:15:cb:41:aa:44:a3:69:
         df:ec:98:51:dd:18:8e:cd:63:a9:20:4c:8e:9c:ef:37:ae:09:
         1f:3e:46:cd:ae:3c:f9:d4:26:37:3a:ab:53:2b:91:37:63:f2:
         f6:49:99:04:f8:39:ab:a1:08:d6:c2:62:b0:30:dc:3b:21:1e:
         17:4b:2d:98:6b:e0:44:23:78:9e:aa:e9:78:43:bc:41:96:fd:
         5e:f0:f4:10:b8:07:05:1c:2a:a8:0b:92:9b:d2:6a:96:6d:44:
         21:47:97:bf:0b:e8:bd:ed:d3:de:34:88:8c:16:0a:1e:51:6c:
         0b:f6:a8:0b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZmsa/aAbkvTlquXKqCyxcVcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMWQ0MDYwZmQ1MDFlYmFlOTNlZDQ0ZGE2YjdhNzllNjY3
MDViMmYwHhcNMjUxMDAzMjMzMzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDMxNDU5ODQxY2VjNzFiMGZhZjUzZWE0ZmQ1YWI2YjdhNGU2YTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7q0KCmRqfUl6O5zA7QKAFVv/wbXv
XbcYyWqXe6d1S3JNXYRnwf6c5p+e1HqxQ7i42HM/ditEU/JMfesZICbuC6zOeARX
PNpZkQ9d1KuK9VGJWKsq4G3jCRE07ZTjL9fCc7XH+WaPeK2EJY+XRccJHMoUG7qT
25jP9bYiNFDs85hd/rqMLfniIbJaXYWPFPwsl33Wl6eRjde28/lNmdpmAnZ4zMfB
FoPtGlwnQZIt18C41WC+Ip80c2+O1mufPXnW1F0pTLWIF75SugBR/OMt9Mz0GdVF
ReSh0lSVlQ1SqGJIq4XakIAW4abVXf16UrYwBErxS65SuWdHeDr35OCYUwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJAxRZhBzscbD69T6k/Vq2t6TmqaMB8GA1UdIwQY
MBaAFF4dQGD9UB666T7UTaa3p55mcFsvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGgxQVlQMVFIcnJwUHRSTnByZW5ubVp3V3k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9hNzBhODQtZjU1Mi00MzU0LWExMDQt
MGUxZGI5OGFkMjMxLzEva0RGRm1FSE94eHNQcjFQcVQ5V3JhM3BPYXBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9hNzBhODQtZjU1Mi00MzU0LWExMDQtMGUxZGI5OGFkMjMx
LzEvWGgxQVlQMVFIcnJwUHRSTnByZW5ubVp3V3k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufaUMA0E
AgACMAcDBQAqDYaAMA0GCSqGSIb3DQEBCwUAA4IBAQCJeHaAYF4qBtSf8QM1cD1l
G0uSoiKyfKJtszCUfJ5rssLJSV2JpdMkP58nfg/6E0XFkmDla0hFeYWeCRiRVH9J
/gz7errbH92RW0nO7HFFPviDG336Z/oZeDzq5aLIahWJHQjGOla8sesHVF9nMA8J
mbsH9y/94Litvb48j/I/sPOXKZ6Un9JYyBXLQapEo2nf7JhR3RiOzWOpIEyOnO83
rgkfPkbNrjz51CY3OqtTK5E3Y/L2SZkE+DmroQjWwmKwMNw7IR4XSy2Ya+BEI3ie
qul4Q7xBlv1e8PQQuAcFHCqoC5Kb0mqWbUQhR5e/C+i97dPeNIiMFgoeUWwL9qgL
-----END CERTIFICATE-----