Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/mrUWE6wSVWlUcglSVmeRnoqdmgg.roa
File:                     mrUWE6wSVWlUcglSVmeRnoqdmgg.roa (raw, json)
Hash identifier:          t2ZZYC7Q+7IeXPheV5wq4Ys+wPvhxP9MTcuevN2EEtQ=
Subject key identifier:   9A:B5:16:13:AC:12:55:69:54:72:09:52:56:67:91:9E:8A:9D:9A:08
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0199EBD8D1512BE2277FA5A11284C7C5A3BA
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/mrUWE6wSVWlUcglSVmeRnoqdmgg.roa
Signing time:             Thu 16 Oct 2025 07:07:59 +0000
ROA not before:           Thu 16 Oct 2025 07:07:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206930
IP address blocks:        185.216.130.0/24 maxlen: 24
                          194.15.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:eb:d8:d1:51:2b:e2:27:7f:a5:a1:12:84:c7:c5:a3:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Oct 16 07:07:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ab51613ac125569547209525667919e8a9d9a08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:05:ab:3c:c1:11:2b:cb:0c:aa:dd:ea:67:7d:
                    ad:ad:0a:fc:db:9d:c7:5f:fa:7a:33:44:54:ec:b7:
                    b4:5f:9f:06:63:5b:ec:0f:db:10:94:8b:57:ad:ea:
                    f2:dc:da:2c:52:cd:7a:12:b5:cb:5a:3b:88:1a:ef:
                    af:52:f3:0f:da:94:d7:5c:a0:fe:15:c1:5d:3d:9a:
                    7a:f3:61:85:93:64:4f:69:21:e0:18:0f:e8:34:9d:
                    5f:42:d8:4d:cd:e1:83:ed:9f:f0:54:f5:02:79:3e:
                    d1:18:c5:fc:c9:dd:ab:d1:23:95:29:62:cd:43:de:
                    4b:49:c1:33:ea:a0:5d:77:fd:bd:23:71:9e:ef:1f:
                    2d:44:d9:51:48:9d:4b:ff:20:3e:40:ba:c2:75:32:
                    6d:aa:7f:74:a2:8d:28:5d:5e:8b:04:27:99:da:f8:
                    83:43:45:6e:49:59:2f:0d:f6:65:95:d0:5a:9e:32:
                    2e:f6:c3:23:a0:bb:6b:10:56:0d:75:29:9f:53:47:
                    27:73:ad:a7:b3:c2:3d:7d:29:b3:7d:8c:dd:9c:8a:
                    37:64:18:a0:85:de:2a:96:b9:53:13:65:e8:80:12:
                    77:86:63:19:be:bd:e4:7f:61:ac:19:e5:0b:94:a1:
                    2a:ad:49:66:57:32:7e:27:56:b3:7d:c7:51:6b:e6:
                    15:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:B5:16:13:AC:12:55:69:54:72:09:52:56:67:91:9E:8A:9D:9A:08
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/mrUWE6wSVWlUcglSVmeRnoqdmgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.130.0/24
                  194.15.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:b1:5a:77:c8:c7:9b:16:cb:5f:d0:7a:2e:dc:df:ce:f3:c8:
         25:d3:b7:a3:d9:14:3a:32:7a:bb:65:ac:d8:5e:fd:17:d7:6c:
         36:40:23:da:6d:e1:4e:9e:11:f1:7d:eb:31:8a:2c:13:1b:2d:
         2b:32:9c:31:92:bd:b6:14:15:38:e6:ec:bc:fe:12:75:63:53:
         c2:75:e4:14:75:a8:83:f8:25:c4:62:53:13:33:f5:ec:27:a3:
         3a:8b:e2:30:7e:7b:c9:de:ad:6b:e3:66:a3:a3:3b:41:1f:2e:
         ae:37:77:90:95:36:bd:a5:67:b7:79:29:24:37:86:fb:c8:e0:
         b6:92:38:88:86:a5:05:a1:bf:1a:40:09:14:7c:f8:ff:7e:01:
         be:9c:06:3a:70:d4:fb:9b:52:3a:f2:46:95:66:64:5c:2b:14:
         21:f1:a0:b4:f1:aa:a6:dd:10:36:05:61:8c:34:24:70:74:f7:
         f3:fa:25:1c:49:ee:f1:86:7e:30:c1:76:c9:45:10:6e:e2:93:
         d8:ea:2b:7a:f3:a1:56:bd:d3:8a:db:e8:13:b1:ae:bb:18:91:
         42:65:79:be:f1:b5:9d:7b:bd:60:dd:3e:42:16:d6:52:40:14:
         1f:c3:25:2b:49:c0:cf:2d:50:3e:96:39:cf:fb:16:87:84:26:
         fa:42:2e:85
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnr2NFRK+Inf6WhEoTHxaO6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUxMDE2MDcwNzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWI1MTYxM2FjMTI1NTY5NTQ3MjA5NTI1NjY3OTE5ZThhOWQ5YTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgWrPMERK8sMqt3qZ32trQr8253H
X/p6M0RU7Le0X58GY1vsD9sQlItXrery3NosUs16ErXLWjuIGu+vUvMP2pTXXKD+
FcFdPZp682GFk2RPaSHgGA/oNJ1fQthNzeGD7Z/wVPUCeT7RGMX8yd2r0SOVKWLN
Q95LScEz6qBdd/29I3Ge7x8tRNlRSJ1L/yA+QLrCdTJtqn90oo0oXV6LBCeZ2viD
Q0VuSVkvDfZlldBanjIu9sMjoLtrEFYNdSmfU0cnc62ns8I9fSmzfYzdnIo3ZBig
hd4qlrlTE2XogBJ3hmMZvr3kf2GsGeULlKEqrUlmVzJ+J1azfcdRa+YVqwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJq1FhOsElVpVHIJUlZnkZ6KnZoIMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvbXJVV0U2d1NWV2xVY2dsU1ZtZVJub3FkbWdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAudiCAwQA
wg+MMA0GCSqGSIb3DQEBCwUAA4IBAQAfsVp3yMebFstf0Hou3N/O88gl07ej2RQ6
Mnq7ZazYXv0X12w2QCPabeFOnhHxfesxiiwTGy0rMpwxkr22FBU45uy8/hJ1Y1PC
deQUdaiD+CXEYlMTM/XsJ6M6i+IwfnvJ3q1r42ajoztBHy6uN3eQlTa9pWe3eSkk
N4b7yOC2kjiIhqUFob8aQAkUfPj/fgG+nAY6cNT7m1I68kaVZmRcKxQh8aC08aqm
3RA2BWGMNCRwdPfz+iUcSe7xhn4wwXbJRRBu4pPY6it686FWvdOK2+gTsa67GJFC
ZXm+8bWde71g3T5CFtZSQBQfwyUrScDPLVA+ljnP+xaHhCb6Qi6F
-----END CERTIFICATE-----