Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/f57ef9-9815-4f95-a0bd-f98da546abd3/1/D6hQsVypLugL4mxvUWDjpj8fUTE.roa
File:                     D6hQsVypLugL4mxvUWDjpj8fUTE.roa (raw, json)
Hash identifier:          a5DmBELXphgI1XIJoBpStB1qvP3OXRM4NJd2RT/9RAA=
Subject key identifier:   0F:A8:50:B1:5C:A9:2E:E8:0B:E2:6C:6F:51:60:E3:A6:3F:1F:51:31
Certificate issuer:       /CN=98e5320f856be82ea874e92d6d80bc6f9978300e
Certificate serial:       01992891BE8D1E5847F2BEDE8018DD81F9C5
Authority key identifier: 98:E5:32:0F:85:6B:E8:2E:A8:74:E9:2D:6D:80:BC:6F:99:78:30:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mOUyD4Vr6C6odOktbYC8b5l4MA4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/f57ef9-9815-4f95-a0bd-f98da546abd3/1/D6hQsVypLugL4mxvUWDjpj8fUTE.roa
Signing time:             Mon 08 Sep 2025 09:04:23 +0000
ROA not before:           Mon 08 Sep 2025 09:04:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2110
IP address blocks:        185.215.108.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/f57ef9-9815-4f95-a0bd-f98da546abd3/1/mOUyD4Vr6C6odOktbYC8b5l4MA4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/f57ef9-9815-4f95-a0bd-f98da546abd3/1/mOUyD4Vr6C6odOktbYC8b5l4MA4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mOUyD4Vr6C6odOktbYC8b5l4MA4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:28:91:be:8d:1e:58:47:f2:be:de:80:18:dd:81:f9:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98e5320f856be82ea874e92d6d80bc6f9978300e
        Validity
            Not Before: Sep  8 09:04:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0fa850b15ca92ee80be26c6f5160e3a63f1f5131
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ba:9e:13:ae:f2:2a:7e:b0:d6:74:86:ff:7d:
                    05:b4:00:38:79:7a:87:ea:4a:d7:e4:58:8d:d9:60:
                    16:cd:73:d1:f1:8f:3a:ee:11:47:62:4a:48:e0:79:
                    cb:84:2f:dd:b7:27:31:48:7b:ef:aa:27:f8:3b:1a:
                    1a:05:fd:5a:67:67:36:44:f0:ca:00:67:0c:f5:24:
                    2b:dd:f3:de:e5:3f:0a:f3:62:a3:67:36:53:bf:26:
                    88:fd:e1:b0:97:65:87:15:fd:7d:ac:4e:49:4b:8f:
                    29:4f:3a:12:ea:bf:e6:df:5f:3c:7d:9d:8c:64:dd:
                    8f:25:aa:ab:9e:22:dd:2a:67:46:5e:ee:25:f2:d7:
                    c5:9c:7a:bb:8e:17:cc:22:8b:a0:39:d5:5e:46:45:
                    f1:97:40:f0:68:25:38:50:2b:51:47:d3:4e:58:db:
                    6f:23:26:63:86:5c:be:6e:73:2c:1d:a0:18:f3:d7:
                    a9:2e:1d:71:a3:4c:b7:9a:dd:ff:f3:de:d3:0b:c2:
                    da:5b:b2:83:96:d3:c2:2f:d3:34:52:69:7e:a1:bf:
                    b1:b5:4c:b6:e9:ea:b6:fe:a2:b1:b2:0a:16:84:87:
                    0c:92:10:8d:e3:ce:18:be:df:c8:09:78:dc:2b:f7:
                    0d:7a:d2:57:26:8f:80:12:00:05:4b:c4:e8:7c:d5:
                    c2:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:A8:50:B1:5C:A9:2E:E8:0B:E2:6C:6F:51:60:E3:A6:3F:1F:51:31
            X509v3 Authority Key Identifier:
                keyid:98:E5:32:0F:85:6B:E8:2E:A8:74:E9:2D:6D:80:BC:6F:99:78:30:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mOUyD4Vr6C6odOktbYC8b5l4MA4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/f57ef9-9815-4f95-a0bd-f98da546abd3/1/D6hQsVypLugL4mxvUWDjpj8fUTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/f57ef9-9815-4f95-a0bd-f98da546abd3/1/mOUyD4Vr6C6odOktbYC8b5l4MA4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.215.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:4c:33:7e:d8:e5:6d:7c:4a:cb:5f:87:1c:bb:13:89:31:16:
         b4:26:93:a1:94:91:64:36:b8:cb:d2:90:ca:3c:d3:b5:d5:7c:
         18:af:c4:77:95:d0:0a:27:ab:7d:a4:8c:f0:1f:c4:32:8f:18:
         11:11:6a:5b:b5:24:ab:e0:ff:50:f0:22:cf:5d:59:3c:25:cb:
         22:0d:6b:07:fa:d7:db:29:f1:f4:14:ab:b1:9b:23:12:de:98:
         10:7c:77:98:dc:bf:41:13:38:f0:b0:e3:82:fa:2f:15:93:c0:
         3f:ff:a5:c5:c6:72:76:6a:54:a3:66:a4:11:0d:23:a8:6a:51:
         cf:e0:8e:63:91:33:5a:01:0e:9b:72:74:f0:c6:df:2e:86:08:
         41:51:d4:d3:93:aa:8c:31:b7:a8:94:e3:95:5e:30:47:24:d5:
         28:69:a5:1d:91:be:57:ac:30:04:e2:d1:fe:d2:ce:26:69:2a:
         03:57:1a:6c:14:96:c2:3f:1e:36:52:1f:03:4f:30:88:97:bd:
         97:24:aa:56:3c:25:ee:ea:bc:42:5a:16:89:44:4b:ee:8f:ff:
         fa:b9:49:5c:00:a9:54:26:ea:be:f0:c3:10:14:ec:c7:d0:14:
         72:cc:ec:1c:14:e1:27:9f:25:3f:ad:fc:6a:22:98:22:f4:d7:
         c9:5b:58:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkokb6NHlhH8r7egBjdgfnFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4ZTUzMjBmODU2YmU4MmVhODc0ZTkyZDZkODBiYzZmOTk3
ODMwMGUwHhcNMjUwOTA4MDkwNDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmE4NTBiMTVjYTkyZWU4MGJlMjZjNmY1MTYwZTNhNjNmMWY1MTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7qeE67yKn6w1nSG/30FtAA4eXqH
6krX5FiN2WAWzXPR8Y867hFHYkpI4HnLhC/dtycxSHvvqif4OxoaBf1aZ2c2RPDK
AGcM9SQr3fPe5T8K82KjZzZTvyaI/eGwl2WHFf19rE5JS48pTzoS6r/m3188fZ2M
ZN2PJaqrniLdKmdGXu4l8tfFnHq7jhfMIougOdVeRkXxl0DwaCU4UCtRR9NOWNtv
IyZjhly+bnMsHaAY89epLh1xo0y3mt3/897TC8LaW7KDltPCL9M0Uml+ob+xtUy2
6eq2/qKxsgoWhIcMkhCN484Yvt/ICXjcK/cNetJXJo+AEgAFS8TofNXClwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+oULFcqS7oC+Jsb1Fg46Y/H1ExMB8GA1UdIwQY
MBaAFJjlMg+Fa+guqHTpLW2AvG+ZeDAOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbU9VeUQ0VnI2QzZvZE9rdGJZQzhiNWw0TUE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mNTdlZjktOTgxNS00Zjk1LWEwYmQt
Zjk4ZGE1NDZhYmQzLzEvRDZoUXNWeXBMdWdMNG14dlVXRGpwajhmVVRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mNTdlZjktOTgxNS00Zjk1LWEwYmQtZjk4ZGE1NDZhYmQz
LzEvbU9VeUQ0VnI2QzZvZE9rdGJZQzhiNWw0TUE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuddsMA0G
CSqGSIb3DQEBCwUAA4IBAQAtTDN+2OVtfErLX4ccuxOJMRa0JpOhlJFkNrjL0pDK
PNO11XwYr8R3ldAKJ6t9pIzwH8QyjxgREWpbtSSr4P9Q8CLPXVk8JcsiDWsH+tfb
KfH0FKuxmyMS3pgQfHeY3L9BEzjwsOOC+i8Vk8A//6XFxnJ2alSjZqQRDSOoalHP
4I5jkTNaAQ6bcnTwxt8uhghBUdTTk6qMMbeolOOVXjBHJNUoaaUdkb5XrDAE4tH+
0s4maSoDVxpsFJbCPx42Uh8DTzCIl72XJKpWPCXu6rxCWhaJREvuj//6uUlcAKlU
Juq+8MMQFOzH0BRyzOwcFOEnnyU/rfxqIpgi9NfJW1jN
-----END CERTIFICATE-----