Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/04a3c4-0d88-48e7-84de-54c2c0cab7c3/1/iLByoUx0bSCHlK7naUf7Pjeg10s.roa
File:                     iLByoUx0bSCHlK7naUf7Pjeg10s.roa (raw, json)
Hash identifier:          p3s+AOmmmdMwW9p+y2A48IFtADeAkvA1dJFhumD2cdE=
Subject key identifier:   88:B0:72:A1:4C:74:6D:20:87:94:AE:E7:69:47:FB:3E:37:A0:D7:4B
Certificate issuer:       /CN=a5541609cd947bedfc99125840030108a3f141c1
Certificate serial:       0199578EB9601FD5E8E26801F5C87B0D2726
Authority key identifier: A5:54:16:09:CD:94:7B:ED:FC:99:12:58:40:03:01:08:A3:F1:41:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pVQWCc2Ue-38mRJYQAMBCKPxQcE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/04a3c4-0d88-48e7-84de-54c2c0cab7c3/1/iLByoUx0bSCHlK7naUf7Pjeg10s.roa
Signing time:             Wed 17 Sep 2025 12:03:15 +0000
ROA not before:           Wed 17 Sep 2025 12:03:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13274
IP address blocks:        185.210.158.0/24 maxlen: 24
                          195.42.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/04a3c4-0d88-48e7-84de-54c2c0cab7c3/1/pVQWCc2Ue-38mRJYQAMBCKPxQcE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/04a3c4-0d88-48e7-84de-54c2c0cab7c3/1/pVQWCc2Ue-38mRJYQAMBCKPxQcE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pVQWCc2Ue-38mRJYQAMBCKPxQcE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:57:8e:b9:60:1f:d5:e8:e2:68:01:f5:c8:7b:0d:27:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5541609cd947bedfc99125840030108a3f141c1
        Validity
            Not Before: Sep 17 12:03:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88b072a14c746d208794aee76947fb3e37a0d74b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:4e:14:17:7f:e8:7c:36:6a:50:5d:99:91:b5:
                    7d:94:c9:21:d9:a4:4a:09:09:1d:3e:71:81:2c:73:
                    5e:fc:05:24:54:f3:3e:3f:1f:b9:4f:61:91:1d:4d:
                    e1:28:74:b7:a4:f4:99:f8:45:a5:41:8b:b9:87:52:
                    eb:96:03:fe:ad:30:fb:9f:ce:8a:8d:b1:0b:12:66:
                    5e:a7:2d:8e:8f:2f:b4:16:cc:46:f0:96:98:a8:10:
                    2f:21:7e:d6:2a:46:75:aa:09:01:68:d6:fc:79:85:
                    b5:79:1a:31:3b:c4:f1:3f:1b:74:c8:4e:01:99:b2:
                    d5:af:79:f8:ad:95:bf:f4:66:b1:c9:2e:50:18:40:
                    12:07:31:50:10:d1:6a:9b:ea:a1:d9:93:d2:d6:d5:
                    93:5d:d8:d6:00:09:20:20:52:64:06:63:b1:8b:d5:
                    94:14:b3:3e:23:7a:56:b7:cb:eb:5f:f9:e2:77:29:
                    84:ff:5d:61:bf:a5:6f:9f:e4:12:b8:ca:ea:59:23:
                    a7:15:e7:53:bf:50:f3:1f:e1:7d:d3:de:38:4c:77:
                    e7:43:ab:65:15:fe:23:3f:22:e7:7c:b9:36:e8:cb:
                    f0:78:b3:43:b7:28:22:2c:46:76:c6:49:2b:21:f9:
                    de:62:8a:ed:d1:9c:2d:c0:6c:68:6c:80:75:7b:4e:
                    77:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:B0:72:A1:4C:74:6D:20:87:94:AE:E7:69:47:FB:3E:37:A0:D7:4B
            X509v3 Authority Key Identifier:
                keyid:A5:54:16:09:CD:94:7B:ED:FC:99:12:58:40:03:01:08:A3:F1:41:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pVQWCc2Ue-38mRJYQAMBCKPxQcE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/04a3c4-0d88-48e7-84de-54c2c0cab7c3/1/iLByoUx0bSCHlK7naUf7Pjeg10s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/04a3c4-0d88-48e7-84de-54c2c0cab7c3/1/pVQWCc2Ue-38mRJYQAMBCKPxQcE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.158.0/24
                  195.42.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:ca:e9:60:c2:27:d9:cc:1f:45:49:1c:c5:2a:b1:43:86:78:
         4d:9d:45:7d:9e:19:85:be:76:ef:ec:c6:f4:b8:85:a4:5f:81:
         7c:ca:b2:66:40:5e:9d:68:90:6f:5e:f9:dc:3b:a4:93:1c:eb:
         d1:ab:28:1e:b6:bd:3b:39:7e:01:77:77:db:e2:ee:5c:a8:9e:
         ad:d7:aa:bf:fc:94:d0:67:fe:82:6f:88:e6:e1:b5:c2:47:3a:
         0e:ec:48:9c:e3:97:33:39:ba:f0:2d:46:9b:19:77:90:10:b9:
         db:c9:e8:2c:ed:be:4c:72:6f:8f:a4:8d:59:98:66:32:54:ef:
         c4:94:7c:1b:a8:19:7d:94:1f:aa:fa:4e:ba:8b:31:74:43:0b:
         f6:3c:ae:b2:bb:b9:ce:78:4b:84:fc:b3:0a:89:41:11:cd:54:
         c5:3c:6c:e1:7e:c2:7f:42:46:d0:8d:39:92:d5:71:68:ae:fc:
         32:0f:ee:35:42:e1:ea:41:b8:18:9b:d1:9c:fe:85:02:0c:2b:
         d5:2b:a6:4c:a0:a6:5f:1c:1f:a7:4e:01:36:c8:6d:97:fa:6f:
         74:f2:92:ce:a2:d3:74:3c:b6:7b:a3:6e:12:63:52:32:1a:27:
         e4:f8:e9:59:8e:84:fb:cc:d8:16:de:6d:e0:cd:23:62:fa:38:
         c9:69:bf:5e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlXjrlgH9Xo4mgB9ch7DScmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NTQxNjA5Y2Q5NDdiZWRmYzk5MTI1ODQwMDMwMTA4YTNm
MTQxYzEwHhcNMjUwOTE3MTIwMzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGIwNzJhMTRjNzQ2ZDIwODc5NGFlZTc2OTQ3ZmIzZTM3YTBkNzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv04UF3/ofDZqUF2ZkbV9lMkh2aRK
CQkdPnGBLHNe/AUkVPM+Px+5T2GRHU3hKHS3pPSZ+EWlQYu5h1LrlgP+rTD7n86K
jbELEmZepy2Ojy+0FsxG8JaYqBAvIX7WKkZ1qgkBaNb8eYW1eRoxO8TxPxt0yE4B
mbLVr3n4rZW/9GaxyS5QGEASBzFQENFqm+qh2ZPS1tWTXdjWAAkgIFJkBmOxi9WU
FLM+I3pWt8vrX/nidymE/11hv6Vvn+QSuMrqWSOnFedTv1DzH+F90944THfnQ6tl
Ff4jPyLnfLk26MvweLNDtygiLEZ2xkkrIfneYort0ZwtwGxobIB1e053LQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIiwcqFMdG0gh5Su52lH+z43oNdLMB8GA1UdIwQY
MBaAFKVUFgnNlHvt/JkSWEADAQij8UHBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFZRV0NjMlVlLTM4bVJKWVFBTUJDS1B4UWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8wNGEzYzQtMGQ4OC00OGU3LTg0ZGUt
NTRjMmMwY2FiN2MzLzEvaUxCeW9VeDBiU0NIbEs3bmFVZjdQamVnMTBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8wNGEzYzQtMGQ4OC00OGU3LTg0ZGUtNTRjMmMwY2FiN2Mz
LzEvcFZRV0NjMlVlLTM4bVJKWVFBTUJDS1B4UWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAudKeAwQA
wyr5MA0GCSqGSIb3DQEBCwUAA4IBAQCUyulgwifZzB9FSRzFKrFDhnhNnUV9nhmF
vnbv7Mb0uIWkX4F8yrJmQF6daJBvXvncO6STHOvRqygetr07OX4Bd3fb4u5cqJ6t
16q//JTQZ/6Cb4jm4bXCRzoO7Eic45czObrwLUabGXeQELnbyegs7b5Mcm+PpI1Z
mGYyVO/ElHwbqBl9lB+q+k66izF0Qwv2PK6yu7nOeEuE/LMKiUERzVTFPGzhfsJ/
QkbQjTmS1XForvwyD+41QuHqQbgYm9Gc/oUCDCvVK6ZMoKZfHB+nTgE2yG2X+m90
8pLOotN0PLZ7o24SY1IyGifk+OlZjoT7zNgW3m3gzSNi+jjJab9e
-----END CERTIFICATE-----