Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/FimbbsHn2jc8IcRxIxxINlHusDo.roa
File:                     FimbbsHn2jc8IcRxIxxINlHusDo.roa (raw, json)
Hash identifier:          mRuLXz8In/TStacwqh2TnQ+1/4mCcS9qP3qUXv5e8ZU=
Subject key identifier:   16:29:9B:6E:C1:E7:DA:37:3C:21:C4:71:23:1C:48:36:51:EE:B0:3A
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       0199FB3D3F7E2BA381D4532BE4B900F0FBAD
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/FimbbsHn2jc8IcRxIxxINlHusDo.roa
Signing time:             Sun 19 Oct 2025 06:51:59 +0000
ROA not before:           Sun 19 Oct 2025 06:51:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        5.102.116.0/22 maxlen: 24
                          5.102.120.0/22 maxlen: 24
                          185.86.140.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fb:3d:3f:7e:2b:a3:81:d4:53:2b:e4:b9:00:f0:fb:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Oct 19 06:51:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16299b6ec1e7da373c21c471231c483651eeb03a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:bd:ac:45:52:5a:b3:37:96:5c:23:42:07:73:
                    b9:66:70:93:0d:f9:a0:b3:a7:fa:d3:dd:8e:60:6e:
                    22:c9:c2:22:4f:7e:2a:aa:5d:19:b2:3e:b7:a7:8d:
                    76:df:cf:9f:54:98:30:8c:0e:00:3e:29:59:29:ca:
                    a1:76:a4:5e:60:48:80:5d:f7:43:51:3f:05:30:dc:
                    38:c6:e5:08:98:b9:cc:dd:c7:93:bf:e0:64:68:a9:
                    6a:ef:a4:3d:0a:df:cd:ab:45:e0:e9:bc:08:08:94:
                    3b:62:de:b4:3b:d3:95:aa:05:4b:b6:2d:39:c9:a2:
                    11:5e:63:41:1b:46:a9:49:5d:a1:0e:99:ee:12:bb:
                    e0:8d:4b:9e:55:e6:5c:98:c5:26:32:b6:b5:f2:93:
                    2e:97:26:c0:fc:5f:b6:c1:c9:70:14:10:ea:42:66:
                    93:55:e3:38:1b:bd:54:76:ef:10:3e:e4:42:3f:28:
                    6f:af:6f:13:ee:72:f3:a8:ce:d3:9c:aa:80:38:b9:
                    16:23:25:de:82:af:8e:77:9d:13:6c:74:6f:da:6f:
                    48:00:d0:b4:88:c3:1f:64:a3:03:e2:4c:0a:b8:91:
                    df:c9:94:80:e0:e0:23:9c:36:12:31:8c:36:fa:2e:
                    a9:3d:2c:6c:e9:54:65:80:61:e4:de:6f:a4:ed:6a:
                    65:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:29:9B:6E:C1:E7:DA:37:3C:21:C4:71:23:1C:48:36:51:EE:B0:3A
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/FimbbsHn2jc8IcRxIxxINlHusDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.116.0-5.102.123.255
                  185.86.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:76:01:b6:0b:e6:01:68:c3:5d:a3:d4:39:34:ba:7c:4c:7b:
         27:52:d0:1d:2a:3d:70:7e:d1:12:44:9c:d8:fd:99:60:87:07:
         fb:82:2b:b1:bb:ef:97:15:f7:64:af:f4:11:c3:a5:3d:48:f8:
         ec:7f:0f:2a:ca:0f:5f:f7:a3:bc:88:1c:26:db:9b:6e:52:de:
         ca:8f:bb:8f:23:37:f1:16:6f:24:3b:70:11:18:a7:89:cb:09:
         be:28:c4:6f:d1:e5:88:78:01:62:8d:f3:e3:6e:78:b2:ef:d8:
         00:1e:56:a3:9b:aa:3e:2f:88:03:ae:db:22:9d:70:ab:5a:5c:
         27:d9:7c:0d:a0:ef:5e:38:47:a3:57:5b:cf:48:6d:25:b4:b7:
         01:9f:d9:2a:06:8b:7f:74:4e:cc:55:2f:aa:8f:cb:c8:88:fe:
         a9:68:f5:99:f8:85:7c:cb:ae:c7:b7:21:ac:15:28:7a:6d:53:
         d5:2f:67:9d:45:ca:60:13:49:4b:90:37:38:d7:5d:3a:11:8b:
         eb:69:3b:f5:13:19:6f:7d:83:da:f3:89:f4:61:b8:8b:47:35:
         2a:9a:66:4d:a8:ee:96:c4:73:c8:cb:a1:de:8c:1a:f9:4f:85:
         84:2e:62:97:f9:51:52:57:00:08:31:e7:01:ad:ee:54:57:25:
         0a:ed:aa:03
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZn7PT9+K6OB1FMr5LkA8PutMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUxMDE5MDY1MTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjI5OWI2ZWMxZTdkYTM3M2MyMWM0NzEyMzFjNDgzNjUxZWViMDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArL2sRVJaszeWXCNCB3O5ZnCTDfmg
s6f6092OYG4iycIiT34qql0Zsj63p41238+fVJgwjA4APilZKcqhdqReYEiAXfdD
UT8FMNw4xuUImLnM3ceTv+BkaKlq76Q9Ct/Nq0Xg6bwICJQ7Yt60O9OVqgVLti05
yaIRXmNBG0apSV2hDpnuErvgjUueVeZcmMUmMra18pMulybA/F+2wclwFBDqQmaT
VeM4G71Udu8QPuRCPyhvr28T7nLzqM7TnKqAOLkWIyXegq+Od50TbHRv2m9IANC0
iMMfZKMD4kwKuJHfyZSA4OAjnDYSMYw2+i6pPSxs6VRlgGHk3m+k7WplaQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFBYpm27B59o3PCHEcSMcSDZR7rA6MB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvRmltYmJzSG4yamM4SWNSeEl4eElObEh1c0RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAIFZnQD
BAIFZngDBAG5VowwDQYJKoZIhvcNAQELBQADggEBAJB2AbYL5gFow12j1Dk0unxM
eydS0B0qPXB+0RJEnNj9mWCHB/uCK7G775cV92Sv9BHDpT1I+Ox/DyrKD1/3o7yI
HCbbm25S3sqPu48jN/EWbyQ7cBEYp4nLCb4oxG/R5Yh4AWKN8+NueLLv2AAeVqOb
qj4viAOu2yKdcKtaXCfZfA2g7144R6NXW89IbSW0twGf2SoGi390TsxVL6qPy8iI
/qlo9Zn4hXzLrse3IawVKHptU9UvZ51FymATSUuQNzjXXToRi+tpO/UTGW99g9rz
ifRhuItHNSqaZk2o7pbEc8jLod6MGvlPhYQuYpf5UVJXAAgx5wGt7lRXJQrtqgM=
-----END CERTIFICATE-----