Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/ms0ysNI3gJcJxrW1zAcwZAwf030.roa
File:                     ms0ysNI3gJcJxrW1zAcwZAwf030.roa (raw, json)
Hash identifier:          oy5QemuB6ayym1WN1/P0ykwuzjgXG9YHvWNj+gCOMSc=
Subject key identifier:   9A:CD:32:B0:D2:37:80:97:09:C6:B5:B5:CC:07:30:64:0C:1F:D3:7D
Certificate issuer:       /CN=ffb2627672877d0f6de9bc4e7e186eedd1356110
Certificate serial:       019934C0D0516239E2405F46D7A856F3A292
Authority key identifier: FF:B2:62:76:72:87:7D:0F:6D:E9:BC:4E:7E:18:6E:ED:D1:35:61:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/ms0ysNI3gJcJxrW1zAcwZAwf030.roa
Signing time:             Wed 10 Sep 2025 17:51:15 +0000
ROA not before:           Wed 10 Sep 2025 17:51:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50612
IP address blocks:        185.147.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:34:c0:d0:51:62:39:e2:40:5f:46:d7:a8:56:f3:a2:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffb2627672877d0f6de9bc4e7e186eedd1356110
        Validity
            Not Before: Sep 10 17:51:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9acd32b0d237809709c6b5b5cc0730640c1fd37d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:03:80:54:6f:cb:40:c6:30:1c:a9:91:33:0c:
                    cc:40:d2:e7:52:10:b3:af:02:8a:9a:79:43:e0:b5:
                    21:8c:61:38:bb:0e:57:19:d8:ec:42:ec:23:d2:a5:
                    c6:04:cf:59:ef:e4:c8:50:83:f1:b1:80:90:53:89:
                    2e:ca:13:f3:b9:65:3a:9d:f9:32:c3:9d:a2:7d:fb:
                    8d:55:4b:03:4c:75:bc:61:21:84:c3:6d:9e:09:a4:
                    57:84:4e:85:df:32:16:ab:b4:7d:85:6f:f4:06:4d:
                    21:fd:d1:fa:ef:ed:86:08:f7:68:d9:73:64:3c:b4:
                    86:16:13:10:7e:08:e4:c9:e0:87:81:e7:68:e2:70:
                    df:a7:d3:de:b1:f1:47:dc:51:bc:a1:f2:b0:ed:31:
                    55:45:4e:bd:be:92:e4:ab:67:e0:e4:65:21:b1:b4:
                    06:30:75:91:12:14:d8:46:40:1f:71:27:7b:52:ca:
                    3a:e0:b4:18:54:87:f0:39:be:b5:aa:23:cf:03:42:
                    12:c6:1b:16:1a:ce:a3:39:57:28:12:d5:60:c3:27:
                    a5:10:ce:74:4c:c2:0f:c7:a7:e5:c2:bb:06:11:23:
                    ab:15:38:27:7c:bc:f9:e9:bb:57:56:88:10:81:a5:
                    82:d8:6c:fa:46:a1:18:0b:ae:ff:2c:26:9b:40:94:
                    4a:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:CD:32:B0:D2:37:80:97:09:C6:B5:B5:CC:07:30:64:0C:1F:D3:7D
            X509v3 Authority Key Identifier:
                keyid:FF:B2:62:76:72:87:7D:0F:6D:E9:BC:4E:7E:18:6E:ED:D1:35:61:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/ms0ysNI3gJcJxrW1zAcwZAwf030.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:1f:45:8c:4f:4f:d5:3f:de:c8:3e:2b:29:43:ad:78:54:3f:
         b4:99:4c:6d:c0:9c:40:5d:69:e3:1e:ed:81:4f:88:14:0e:e2:
         18:82:c4:63:ca:d4:05:25:ce:7a:42:ff:94:59:e0:d0:ba:00:
         da:eb:af:6c:b0:61:cb:5d:65:4a:9d:d2:d8:7b:1c:3d:ad:60:
         de:a7:2d:6e:71:98:52:6b:06:4d:ea:3e:a1:fc:4c:ee:41:e9:
         93:e2:ad:9e:fa:2f:95:f6:da:87:96:12:8c:96:75:97:8b:70:
         d8:5a:b2:21:96:e6:93:d4:26:e5:3e:ec:2b:97:fb:16:99:49:
         ea:9d:25:f0:8f:70:e6:bb:d3:82:27:ac:9d:0a:1b:fb:3b:ed:
         b4:5d:8b:91:91:eb:5f:92:87:85:11:37:ab:43:93:62:bb:e0:
         f9:95:bf:05:9b:5c:8f:6a:74:b7:21:90:b5:11:08:0b:0e:01:
         91:a9:ed:63:8b:8c:aa:9d:1e:5a:fb:38:88:e1:f5:27:a2:42:
         a6:b6:4d:3f:5e:5c:bb:41:59:00:5e:06:a4:ab:78:a4:ea:24:
         9b:58:bb:51:01:cf:4e:d3:ea:34:98:43:8b:0e:e0:27:e8:d9:
         b0:7e:f0:d8:fb:fc:58:48:af:4b:87:ae:94:33:b9:a7:fc:8a:
         a7:1a:f6:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk0wNBRYjniQF9G16hW86KSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYjI2Mjc2NzI4NzdkMGY2ZGU5YmM0ZTdlMTg2ZWVkZDEz
NTYxMTAwHhcNMjUwOTEwMTc1MTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWNkMzJiMGQyMzc4MDk3MDljNmI1YjVjYzA3MzA2NDBjMWZkMzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgOAVG/LQMYwHKmRMwzMQNLnUhCz
rwKKmnlD4LUhjGE4uw5XGdjsQuwj0qXGBM9Z7+TIUIPxsYCQU4kuyhPzuWU6nfky
w52iffuNVUsDTHW8YSGEw22eCaRXhE6F3zIWq7R9hW/0Bk0h/dH67+2GCPdo2XNk
PLSGFhMQfgjkyeCHgedo4nDfp9PesfFH3FG8ofKw7TFVRU69vpLkq2fg5GUhsbQG
MHWREhTYRkAfcSd7Uso64LQYVIfwOb61qiPPA0ISxhsWGs6jOVcoEtVgwyelEM50
TMIPx6flwrsGESOrFTgnfLz56btXVogQgaWC2Gz6RqEYC67/LCabQJRK9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJrNMrDSN4CXCca1tcwHMGQMH9N9MB8GA1UdIwQY
MBaAFP+yYnZyh30Pbem8Tn4Ybu3RNWEQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzdKaWRuS0hmUTl0NmJ4T2ZoaHU3ZEUxWVJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8yMmM1MTAtMzQ4MC00Y2UxLThkZDgt
MTk3NDY5NDc1NThkLzEvbXMweXNOSTNnSmNKeHJXMXpBY3daQXdmMDMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8yMmM1MTAtMzQ4MC00Y2UxLThkZDgtMTk3NDY5NDc1NThk
LzEvXzdKaWRuS0hmUTl0NmJ4T2ZoaHU3ZEUxWVJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZN+MA0G
CSqGSIb3DQEBCwUAA4IBAQB1H0WMT0/VP97IPispQ614VD+0mUxtwJxAXWnjHu2B
T4gUDuIYgsRjytQFJc56Qv+UWeDQugDa669ssGHLXWVKndLYexw9rWDepy1ucZhS
awZN6j6h/EzuQemT4q2e+i+V9tqHlhKMlnWXi3DYWrIhluaT1CblPuwrl/sWmUnq
nSXwj3Dmu9OCJ6ydChv7O+20XYuRketfkoeFETerQ5Niu+D5lb8Fm1yPanS3IZC1
EQgLDgGRqe1ji4yqnR5a+ziI4fUnokKmtk0/Xly7QVkAXgakq3ik6iSbWLtRAc9O
0+o0mEOLDuAn6NmwfvDY+/xYSK9Lh66UM7mn/IqnGvbN
-----END CERTIFICATE-----