Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/RDVOZW0UxeOOo7Unbh2MipHSdPM.roa
File:                     RDVOZW0UxeOOo7Unbh2MipHSdPM.roa (raw, json)
Hash identifier:          94K2Vc3NoNRsb9y/z9il9oZ+KJqogAaFq7eP5p6Zgzo=
Subject key identifier:   44:35:4E:65:6D:14:C5:E3:8E:A3:B5:27:6E:1D:8C:8A:91:D2:74:F3
Certificate issuer:       /CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
Certificate serial:       0198943086FFF0B1BE298C0E10DB23081DC6
Authority key identifier: 42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/RDVOZW0UxeOOo7Unbh2MipHSdPM.roa
Signing time:             Sun 10 Aug 2025 13:34:24 +0000
ROA not before:           Sun 10 Aug 2025 13:34:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51517
IP address blocks:        185.219.6.0/24 maxlen: 24
                          2a10:e300::/32 maxlen: 32
                          2a10:e300:8411::/48 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:94:30:86:ff:f0:b1:be:29:8c:0e:10:db:23:08:1d:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
        Validity
            Not Before: Aug 10 13:34:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44354e656d14c5e38ea3b5276e1d8c8a91d274f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d3:ae:eb:bf:f7:b4:43:98:94:de:e5:79:0e:
                    06:bc:e2:aa:7d:08:67:53:2f:ad:77:c5:90:5d:a9:
                    bf:af:0d:85:3a:ea:e6:4d:30:20:39:ff:5b:fe:f9:
                    44:c5:f2:88:a3:a5:29:71:a2:be:ec:18:98:06:2a:
                    69:bd:7d:a0:5c:fb:22:02:6f:fe:c2:3f:d6:29:c4:
                    03:3d:94:8d:a0:03:38:75:06:d6:fd:e9:b2:0b:f5:
                    ce:d1:05:30:d7:04:44:ac:6e:9d:09:1a:60:51:d3:
                    ad:76:35:12:c9:eb:1c:db:39:b7:68:df:18:7c:d3:
                    56:1c:62:cd:83:cd:90:04:7c:30:e3:b8:65:8a:a9:
                    2e:95:e0:30:aa:4e:d7:0f:6a:40:38:75:25:18:c4:
                    7f:b8:4d:9b:c1:cc:27:00:99:3c:c5:4c:a8:ca:cc:
                    f6:61:59:4e:d6:ec:2e:d7:d8:99:85:17:25:58:a5:
                    78:4f:14:4b:65:db:07:1e:68:a1:a1:a3:b6:1d:6b:
                    15:65:3f:ec:98:44:7b:04:51:f0:4c:a0:57:68:9d:
                    63:fb:dd:6b:60:7f:59:f7:50:03:9d:35:e2:c2:79:
                    7d:99:ff:9e:a7:89:0e:20:8a:5a:13:da:79:39:79:
                    64:15:30:a5:66:15:f9:73:93:a1:c7:70:bd:9e:cf:
                    3b:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:35:4E:65:6D:14:C5:E3:8E:A3:B5:27:6E:1D:8C:8A:91:D2:74:F3
            X509v3 Authority Key Identifier:
                keyid:42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/RDVOZW0UxeOOo7Unbh2MipHSdPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.6.0/24
                IPv6:
                  2a10:e300::/32

    Signature Algorithm: sha256WithRSAEncryption
         24:10:81:39:fc:ff:ee:4d:47:cf:b5:c5:1d:90:c0:aa:87:dc:
         99:35:d7:ad:e3:92:cf:87:52:96:0b:46:e5:f4:71:69:af:29:
         2b:0d:28:a3:a0:d0:92:3a:0e:8f:c9:60:c7:ba:49:4b:ed:81:
         8d:a1:93:2b:d1:95:e6:54:fe:45:ac:ee:98:48:3c:5f:99:15:
         9b:7a:88:f1:64:08:6b:32:f3:b9:ee:26:e1:01:74:d2:54:69:
         c0:88:cd:83:c0:59:54:3a:d9:76:63:b6:75:5d:59:95:4c:e0:
         d2:35:12:35:a2:ac:6f:d4:6f:87:80:b8:ac:9f:d6:03:03:40:
         3f:4b:c1:51:d4:75:9e:ad:50:b0:eb:95:10:89:9a:c9:8d:02:
         37:5a:1e:94:c4:eb:ec:0c:70:21:29:64:00:25:65:4c:63:c8:
         17:5f:24:70:d1:eb:48:51:6a:eb:bb:1b:75:83:41:11:82:89:
         48:51:fe:f4:55:fd:54:6a:31:24:bd:7a:cd:9d:d6:b2:05:ab:
         22:71:4e:da:87:01:57:83:fc:b4:47:8d:5a:80:12:63:85:75:
         68:4e:53:8d:44:1c:18:f7:db:83:ac:cd:72:54:02:19:9f:8e:
         02:24:7c:61:d0:50:cd:15:6b:a3:dc:e4:1d:01:4c:ed:1e:80:
         33:74:99:d4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZiUMIb/8LG+KYwOENsjCB3GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTJiNWRhNGI0ZmZlYWY3MjA2NDk1MThmYmFhYTEwYzVj
YjI4MTEwHhcNMjUwODEwMTMzNDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDM1NGU2NTZkMTRjNWUzOGVhM2I1Mjc2ZTFkOGM4YTkxZDI3NGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtOu67/3tEOYlN7leQ4GvOKqfQhn
Uy+td8WQXam/rw2FOurmTTAgOf9b/vlExfKIo6UpcaK+7BiYBippvX2gXPsiAm/+
wj/WKcQDPZSNoAM4dQbW/emyC/XO0QUw1wRErG6dCRpgUdOtdjUSyesc2zm3aN8Y
fNNWHGLNg82QBHww47hliqkuleAwqk7XD2pAOHUlGMR/uE2bwcwnAJk8xUyoysz2
YVlO1uwu19iZhRclWKV4TxRLZdsHHmihoaO2HWsVZT/smER7BFHwTKBXaJ1j+91r
YH9Z91ADnTXiwnl9mf+ep4kOIIpaE9p5OXlkFTClZhX5c5Ohx3C9ns87/wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEQ1TmVtFMXjjqO1J24djIqR0nTzMB8GA1UdIwQY
MBaAFEKStdpLT/6vcgZJUY+6qhDFyygRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3Yzct
YTA0M2UxYjY3Yjk0LzEvUkRWT1pXMFV4ZU9PbzdVbmJoMk1pcEhTZFBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3YzctYTA0M2UxYjY3Yjk0
LzEvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAudsGMA0E
AgACMAcDBQAqEOMAMA0GCSqGSIb3DQEBCwUAA4IBAQAkEIE5/P/uTUfPtcUdkMCq
h9yZNdet45LPh1KWC0bl9HFprykrDSijoNCSOg6PyWDHuklL7YGNoZMr0ZXmVP5F
rO6YSDxfmRWbeojxZAhrMvO57ibhAXTSVGnAiM2DwFlUOtl2Y7Z1XVmVTODSNRI1
oqxv1G+HgLisn9YDA0A/S8FR1HWerVCw65UQiZrJjQI3Wh6UxOvsDHAhKWQAJWVM
Y8gXXyRw0etIUWrruxt1g0ERgolIUf70Vf1UajEkvXrNndayBasicU7ahwFXg/y0
R41agBJjhXVoTlONRBwY99uDrM1yVAIZn44CJHxh0FDNFWuj3OQdAUztHoAzdJnU
-----END CERTIFICATE-----