Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/IQ2a2ThCQzg0XuAr4_h0BZYxz88.roa
File:                     IQ2a2ThCQzg0XuAr4_h0BZYxz88.roa (raw, json)
Hash identifier:          kg/cZA7fzS12iCurxfChco3WSkLc3w/IXtu2t+yESL8=
Subject key identifier:   21:0D:9A:D9:38:42:43:38:34:5E:E0:2B:E3:F8:74:05:96:31:CF:CF
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0199CEEF6109DC3EA10EAF383B4560481164
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/IQ2a2ThCQzg0XuAr4_h0BZYxz88.roa
Signing time:             Fri 10 Oct 2025 16:23:38 +0000
ROA not before:           Fri 10 Oct 2025 16:23:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     273208
IP address blocks:        45.89.80.0/24 maxlen: 24
                          185.229.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ce:ef:61:09:dc:3e:a1:0e:af:38:3b:45:60:48:11:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Oct 10 16:23:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=210d9ad938424338345ee02be3f874059631cfcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ca:e4:44:d5:45:2d:e7:be:88:b4:b6:cf:a7:
                    8b:2e:a9:19:04:50:7c:8d:c7:0b:85:e5:ed:42:c1:
                    7e:f5:ce:4f:71:18:89:90:0f:24:4e:70:e1:8b:84:
                    9a:d0:e1:ca:ff:47:e6:1a:73:9b:aa:4d:5b:74:dd:
                    aa:5f:e4:1c:11:dc:d4:08:de:f5:39:65:73:1f:d6:
                    a1:5e:48:56:9b:d2:07:44:97:94:b7:44:54:af:4d:
                    d7:0c:3a:da:40:cb:c7:7a:02:ae:1e:fc:74:46:96:
                    ad:b4:29:d6:00:dc:17:98:1f:30:d9:0f:a1:1f:07:
                    8a:25:11:3c:b8:25:73:cc:ce:48:fb:d2:50:e2:62:
                    ac:eb:b5:d5:52:e7:2e:45:6b:19:bb:c5:75:82:0b:
                    7a:b4:7b:dc:ac:a2:78:84:5c:e1:77:42:e3:01:f7:
                    45:6e:20:35:46:45:7e:e4:ae:e6:d1:51:0d:18:14:
                    a4:6f:68:c0:86:96:fc:1a:0c:b2:ac:17:b2:8a:9b:
                    f8:14:e4:dd:84:a2:a6:ef:42:59:ad:64:cb:18:a5:
                    e4:95:ab:89:cd:8f:97:88:27:d2:c7:7b:d7:73:21:
                    9a:0f:ab:53:c5:86:9b:c3:8d:db:85:29:5e:4e:bc:
                    68:af:d6:9d:31:3d:cd:3f:8f:15:b9:4d:bd:88:b6:
                    7e:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:0D:9A:D9:38:42:43:38:34:5E:E0:2B:E3:F8:74:05:96:31:CF:CF
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/IQ2a2ThCQzg0XuAr4_h0BZYxz88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.80.0/24
                  185.229.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:60:75:95:4b:cc:3d:a8:bd:e0:a0:67:03:bf:1a:46:a1:a6:
         ec:4b:3c:d7:2e:68:23:12:0f:f5:03:70:6a:f2:49:fe:9a:4d:
         75:1e:33:3e:96:c6:ae:41:e5:2a:db:2f:6b:04:4b:cf:d0:21:
         de:f1:dd:92:d0:e2:b7:80:e3:1d:56:49:d7:4d:9c:be:7c:36:
         25:36:d5:8f:3e:a4:6c:e4:88:ee:e6:81:cd:a5:ad:53:8f:7c:
         c9:a2:5e:bc:9a:54:c7:3f:54:b9:b7:30:95:0f:cb:ef:f7:b3:
         13:d0:7f:ab:c1:9a:ef:95:4f:14:66:5f:5b:e6:fd:b0:2f:a1:
         94:0f:f7:4d:e9:66:da:02:28:3d:3d:c6:f0:22:df:8e:89:7f:
         54:e1:b3:57:f4:a0:60:19:7d:14:25:00:15:72:78:eb:94:6c:
         37:bc:42:aa:3c:6b:a4:55:43:e4:e5:75:ed:4b:77:4e:3f:f1:
         04:07:4a:c1:77:8a:c6:2a:7e:36:36:8e:9a:b1:da:04:ac:3d:
         1e:48:34:14:2f:04:6f:e8:bd:27:7d:1a:d1:89:f5:dc:6e:ca:
         4d:78:9f:de:65:d7:c6:26:03:a1:99:f3:4c:f9:5e:c9:12:6f:
         c4:b9:77:38:d8:d0:c8:f0:d7:36:be:bb:93:89:63:c7:03:ba:
         31:01:7a:73
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnO72EJ3D6hDq84O0VgSBFkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUxMDEwMTYyMzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTBkOWFkOTM4NDI0MzM4MzQ1ZWUwMmJlM2Y4NzQwNTk2MzFjZmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMrkRNVFLee+iLS2z6eLLqkZBFB8
jccLheXtQsF+9c5PcRiJkA8kTnDhi4Sa0OHK/0fmGnObqk1bdN2qX+QcEdzUCN71
OWVzH9ahXkhWm9IHRJeUt0RUr03XDDraQMvHegKuHvx0RpattCnWANwXmB8w2Q+h
HweKJRE8uCVzzM5I+9JQ4mKs67XVUucuRWsZu8V1ggt6tHvcrKJ4hFzhd0LjAfdF
biA1RkV+5K7m0VENGBSkb2jAhpb8GgyyrBeyipv4FOTdhKKm70JZrWTLGKXklauJ
zY+XiCfSx3vXcyGaD6tTxYabw43bhSleTrxor9adMT3NP48VuU29iLZ+XwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCENmtk4QkM4NF7gK+P4dAWWMc/PMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvSVEyYTJUaENRemcwWHVBcjRfaDBCWll4ejg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVlQAwQA
ueXbMA0GCSqGSIb3DQEBCwUAA4IBAQCkYHWVS8w9qL3goGcDvxpGoabsSzzXLmgj
Eg/1A3Bq8kn+mk11HjM+lsauQeUq2y9rBEvP0CHe8d2S0OK3gOMdVknXTZy+fDYl
NtWPPqRs5Iju5oHNpa1Tj3zJol68mlTHP1S5tzCVD8vv97MT0H+rwZrvlU8UZl9b
5v2wL6GUD/dN6WbaAig9PcbwIt+OiX9U4bNX9KBgGX0UJQAVcnjrlGw3vEKqPGuk
VUPk5XXtS3dOP/EEB0rBd4rGKn42No6asdoErD0eSDQULwRv6L0nfRrRifXcbspN
eJ/eZdfGJgOhmfNM+V7JEm/EuXc42NDI8Nc2vruTiWPHA7oxAXpz
-----END CERTIFICATE-----