Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/_pImZxEdb-uxEuuETWSCY_AdJ4U.roa
File:                     _pImZxEdb-uxEuuETWSCY_AdJ4U.roa (raw, json)
Hash identifier:          U8mqknH3/BdXsrKKvoV4sJEmqyPPEyNl0NePL0IqXJM=
Subject key identifier:   FE:92:26:67:11:1D:6F:EB:B1:12:EB:84:4D:64:82:63:F0:1D:27:85
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       0199C7FAAD37DC3895494F8961F6183BB35F
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/_pImZxEdb-uxEuuETWSCY_AdJ4U.roa
Signing time:             Thu 09 Oct 2025 07:58:38 +0000
ROA not before:           Thu 09 Oct 2025 07:58:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8881
IP address blocks:        188.255.231.0/24 maxlen: 24
                          188.255.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 18:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c7:fa:ad:37:dc:38:95:49:4f:89:61:f6:18:3b:b3:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Oct  9 07:58:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fe922667111d6febb112eb844d648263f01d2785
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:87:ce:f5:14:b2:fb:b1:94:81:8d:23:d6:5e:
                    db:dc:6e:31:5b:cc:6a:fa:2c:f8:7a:fd:2e:b3:b6:
                    17:4c:51:de:52:df:dc:9e:09:f1:25:1e:6f:03:1c:
                    82:0f:60:31:c4:4b:88:a7:9f:28:f4:3f:f3:af:99:
                    88:24:00:3d:f0:ec:34:8b:b0:c6:d0:7c:a6:93:07:
                    0b:87:39:11:fc:7e:15:56:58:89:44:e2:24:29:bc:
                    65:19:ed:ed:d2:9f:26:a9:a3:76:1f:08:de:d1:c1:
                    f3:4d:ba:a2:1a:50:f9:f8:a1:b3:f7:69:b5:4d:8e:
                    91:15:7a:81:2b:a1:7f:63:12:f9:a5:e3:e7:4d:1b:
                    5e:3b:44:8e:0c:fe:01:bd:63:68:c5:89:cb:85:00:
                    f8:f9:bf:bc:f1:bf:52:7f:fb:ac:a2:b9:29:2d:63:
                    c6:b8:d9:d9:12:75:c7:ad:30:55:b6:96:69:b8:10:
                    c5:06:ce:11:95:20:ae:47:e7:66:0c:16:1c:95:07:
                    b1:4f:28:a6:0f:00:44:18:e7:2a:cb:cf:07:a8:b1:
                    05:33:58:32:3c:8f:51:b5:75:d5:cb:2d:a2:40:4f:
                    19:77:41:b8:4f:53:af:eb:3d:34:88:18:1c:20:88:
                    7c:04:5e:64:b0:77:e6:e0:73:e8:92:28:fa:e3:0f:
                    89:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:92:26:67:11:1D:6F:EB:B1:12:EB:84:4D:64:82:63:F0:1D:27:85
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/_pImZxEdb-uxEuuETWSCY_AdJ4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.231.0/24
                  188.255.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:8c:9d:1a:c9:8d:b3:62:ec:c0:f9:ab:76:95:9e:df:42:13:
         f9:d0:92:da:30:15:27:88:3d:fe:2b:a2:6d:aa:97:d5:fb:02:
         0e:c0:9f:2f:3a:cc:80:15:66:48:83:fb:f1:a3:4f:72:8f:ee:
         77:28:77:f3:e4:ea:c0:91:bc:96:06:84:f6:0e:50:d5:bd:82:
         7b:df:bf:6d:57:b2:e0:9d:0d:62:60:78:29:27:92:87:5a:77:
         ef:4e:09:0b:7c:e5:32:71:b1:12:64:09:53:a7:f7:cb:6a:6f:
         7b:a7:b4:64:5f:b4:0a:f8:86:f2:e0:44:4a:ac:d4:67:1e:e7:
         3c:12:dc:8e:e8:aa:f3:c2:3a:1b:86:33:5e:b2:ce:2c:2c:bb:
         f8:e8:ae:af:86:ed:f0:ef:e1:e6:ed:2d:9f:90:16:19:ce:fc:
         0e:dd:ea:e5:46:f7:a2:9d:4b:be:9c:97:a2:5b:bd:ca:40:90:
         90:dc:35:ab:88:15:c3:38:8b:8a:bd:9c:53:28:be:6d:8f:46:
         f6:ce:8f:69:b6:36:aa:93:45:a1:02:97:f6:75:40:f6:e1:eb:
         8d:41:0e:d0:3c:6f:83:13:e3:22:15:0a:4a:fd:df:4e:01:61:
         ca:6f:b3:1c:3c:60:da:75:b0:2f:2b:07:31:9b:1d:b1:d8:06:
         4d:bf:a5:8f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnH+q033DiVSU+JYfYYO7NfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUxMDA5MDc1ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTkyMjY2NzExMWQ2ZmViYjExMmViODQ0ZDY0ODI2M2YwMWQyNzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjIfO9RSy+7GUgY0j1l7b3G4xW8xq
+iz4ev0us7YXTFHeUt/cngnxJR5vAxyCD2AxxEuIp58o9D/zr5mIJAA98Ow0i7DG
0HymkwcLhzkR/H4VVliJROIkKbxlGe3t0p8mqaN2Hwje0cHzTbqiGlD5+KGz92m1
TY6RFXqBK6F/YxL5pePnTRteO0SODP4BvWNoxYnLhQD4+b+88b9Sf/usorkpLWPG
uNnZEnXHrTBVtpZpuBDFBs4RlSCuR+dmDBYclQexTyimDwBEGOcqy88HqLEFM1gy
PI9RtXXVyy2iQE8Zd0G4T1Ov6z00iBgcIIh8BF5ksHfm4HPokij64w+JlwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP6SJmcRHW/rsRLrhE1kgmPwHSeFMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvX3BJbVp4RWRiLXV4RXV1RVRXU0NZX0FkSjRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvP/nAwQA
vP/9MA0GCSqGSIb3DQEBCwUAA4IBAQAhjJ0ayY2zYuzA+at2lZ7fQhP50JLaMBUn
iD3+K6JtqpfV+wIOwJ8vOsyAFWZIg/vxo09yj+53KHfz5OrAkbyWBoT2DlDVvYJ7
379tV7LgnQ1iYHgpJ5KHWnfvTgkLfOUycbESZAlTp/fLam97p7RkX7QK+Iby4ERK
rNRnHuc8EtyO6KrzwjobhjNess4sLLv46K6vhu3w7+Hm7S2fkBYZzvwO3erlRvei
nUu+nJeiW73KQJCQ3DWriBXDOIuKvZxTKL5tj0b2zo9ptjaqk0WhApf2dUD24euN
QQ7QPG+DE+MiFQpK/d9OAWHKb7McPGDadbAvKwcxmx2x2AZNv6WP
-----END CERTIFICATE-----