Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/q9IaYjcr5RObBrW7hey_hpAIvpg.roa
File:                     q9IaYjcr5RObBrW7hey_hpAIvpg.roa (raw, json)
Hash identifier:          2MfulwyVlfgKmQicfk78T3sq4tPTxMleY1Rp41M0dbI=
Subject key identifier:   AB:D2:1A:62:37:2B:E5:13:9B:06:B5:BB:85:EC:BF:86:90:08:BE:98
Certificate issuer:       /CN=b3d5ec1516ee6dc19d1e5c3998cb7e7a646f715a
Certificate serial:       0197C4AA937B7A26A3821A49AF9C9F77B8DC
Authority key identifier: B3:D5:EC:15:16:EE:6D:C1:9D:1E:5C:39:98:CB:7E:7A:64:6F:71:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s9XsFRbubcGdHlw5mMt-emRvcVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/q9IaYjcr5RObBrW7hey_hpAIvpg.roa
Signing time:             Tue 01 Jul 2025 06:26:42 +0000
ROA not before:           Tue 01 Jul 2025 06:26:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205933
IP address blocks:        185.147.64.0/24 maxlen: 24
                          185.147.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/s9XsFRbubcGdHlw5mMt-emRvcVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/s9XsFRbubcGdHlw5mMt-emRvcVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s9XsFRbubcGdHlw5mMt-emRvcVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c4:aa:93:7b:7a:26:a3:82:1a:49:af:9c:9f:77:b8:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3d5ec1516ee6dc19d1e5c3998cb7e7a646f715a
        Validity
            Not Before: Jul  1 06:26:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=abd21a62372be5139b06b5bb85ecbf869008be98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7c:11:38:11:9e:01:63:21:6e:bd:7b:8d:9a:
                    73:9f:01:e7:21:c1:96:7e:a6:7a:43:d5:e8:bd:76:
                    8d:ea:23:10:21:66:a1:df:8e:89:38:54:36:9c:92:
                    b2:f2:e8:ca:63:8c:22:0a:e4:02:26:3f:18:bc:6a:
                    cf:fb:2a:f6:69:af:87:63:e4:93:6f:72:3c:55:26:
                    36:0d:54:b2:0c:d7:94:b4:c1:7e:25:7d:37:c8:9b:
                    11:1a:9b:a4:bb:53:41:38:e0:15:fa:a4:fa:84:b5:
                    ec:a1:aa:cf:0f:0d:41:5a:b3:53:bf:93:cc:60:21:
                    75:44:38:67:98:e5:31:6f:d3:b6:18:0b:c5:4c:d5:
                    a9:31:06:06:18:82:c2:a1:e9:b0:f6:96:35:b1:ce:
                    dc:30:62:49:5c:a4:c7:d6:91:aa:f7:46:60:35:e7:
                    3a:3d:d9:d8:e3:90:53:18:32:6d:6e:2f:7c:5a:45:
                    f6:ce:01:9e:08:9a:53:db:7d:8d:55:30:40:63:66:
                    3f:ad:45:18:2d:5a:93:9b:84:01:36:f0:3e:06:9f:
                    d8:03:bf:9f:7c:42:45:41:11:28:e2:f9:8e:9b:13:
                    07:bb:45:5e:d8:c8:7d:c4:81:d3:d6:90:96:94:b1:
                    89:2a:a7:41:60:5b:90:43:ee:e8:56:8e:08:ad:42:
                    90:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:D2:1A:62:37:2B:E5:13:9B:06:B5:BB:85:EC:BF:86:90:08:BE:98
            X509v3 Authority Key Identifier:
                keyid:B3:D5:EC:15:16:EE:6D:C1:9D:1E:5C:39:98:CB:7E:7A:64:6F:71:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s9XsFRbubcGdHlw5mMt-emRvcVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/q9IaYjcr5RObBrW7hey_hpAIvpg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/s9XsFRbubcGdHlw5mMt-emRvcVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.64.0/24
                  185.147.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:a5:56:5a:4f:4e:17:07:14:45:69:fb:36:0b:d6:de:83:0f:
         ff:40:00:00:ea:54:f8:1e:d9:58:50:c8:ce:2d:67:b1:46:66:
         1c:ee:34:9c:f6:94:79:e6:29:dc:6e:1f:63:1a:c3:bc:36:09:
         0b:b0:07:ec:6d:f4:e1:95:cc:2b:6a:c6:30:c6:09:a4:eb:40:
         e9:7d:a9:81:8d:e2:78:5d:e8:70:5a:71:13:a2:25:dd:f8:fd:
         02:4d:74:da:62:80:b0:1e:2f:5a:96:36:44:bb:69:ea:7a:eb:
         a9:ad:72:f6:c7:30:72:d2:56:ba:3e:78:53:a3:e7:b4:70:57:
         4f:43:b3:47:cd:ab:ee:3c:dc:9a:a3:6e:ed:0d:f6:30:58:26:
         41:d7:09:ec:d4:ce:f3:e3:00:e2:97:02:d3:61:5f:a5:51:29:
         a7:cb:4f:01:57:02:4d:f6:f4:9c:2b:01:69:0e:6f:c2:d0:09:
         36:61:27:74:4c:22:19:e0:57:af:6c:9b:71:21:e2:05:05:3d:
         d6:c3:48:f0:ed:cd:c3:95:a5:79:0c:42:0d:01:f6:9d:d0:b0:
         ae:60:ad:81:e5:44:e5:c3:a4:6b:a3:65:31:23:af:db:58:c0:
         f3:da:92:07:58:db:1c:40:cb:18:0c:f1:18:0b:59:63:bc:e5:
         ef:5c:56:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfEqpN7eiajghpJr5yfd7jcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZDVlYzE1MTZlZTZkYzE5ZDFlNWMzOTk4Y2I3ZTdhNjQ2
ZjcxNWEwHhcNMjUwNzAxMDYyNjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmQyMWE2MjM3MmJlNTEzOWIwNmI1YmI4NWVjYmY4NjkwMDhiZTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXwROBGeAWMhbr17jZpznwHnIcGW
fqZ6Q9XovXaN6iMQIWah346JOFQ2nJKy8ujKY4wiCuQCJj8YvGrP+yr2aa+HY+ST
b3I8VSY2DVSyDNeUtMF+JX03yJsRGpuku1NBOOAV+qT6hLXsoarPDw1BWrNTv5PM
YCF1RDhnmOUxb9O2GAvFTNWpMQYGGILCoemw9pY1sc7cMGJJXKTH1pGq90ZgNec6
PdnY45BTGDJtbi98WkX2zgGeCJpT232NVTBAY2Y/rUUYLVqTm4QBNvA+Bp/YA7+f
fEJFQREo4vmOmxMHu0Ve2Mh9xIHT1pCWlLGJKqdBYFuQQ+7oVo4IrUKQYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKvSGmI3K+UTmwa1u4Xsv4aQCL6YMB8GA1UdIwQY
MBaAFLPV7BUW7m3BnR5cOZjLfnpkb3FaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczlYc0ZSYnViY0dkSGx3NW1NdC1lbVJ2Y1ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8zYWQ3Y2MtM2MwOC00YjcyLTg3MGEt
NmMzMDVhNmRiYWI5LzEvcTlJYVlqY3I1Uk9iQnJXN2hleV9ocEFJdnBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8zYWQ3Y2MtM2MwOC00YjcyLTg3MGEtNmMzMDVhNmRiYWI5
LzEvczlYc0ZSYnViY0dkSGx3NW1NdC1lbVJ2Y1ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuZNAAwQA
uZNCMA0GCSqGSIb3DQEBCwUAA4IBAQBOpVZaT04XBxRFafs2C9begw//QAAA6lT4
HtlYUMjOLWexRmYc7jSc9pR55incbh9jGsO8NgkLsAfsbfThlcwrasYwxgmk60Dp
famBjeJ4XehwWnEToiXd+P0CTXTaYoCwHi9aljZEu2nqeuuprXL2xzBy0la6PnhT
o+e0cFdPQ7NHzavuPNyao27tDfYwWCZB1wns1M7z4wDilwLTYV+lUSmny08BVwJN
9vScKwFpDm/C0Ak2YSd0TCIZ4FevbJtxIeIFBT3Ww0jw7c3DlaV5DEINAfad0LCu
YK2B5UTlw6Rro2UxI6/bWMDz2pIHWNscQMsYDPEYC1ljvOXvXFZH
-----END CERTIFICATE-----