Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/bd8cf6-1db8-4ac0-8dd6-17be417e94dc/1/SrK-vjiDl0xs99Gd2cCyjeQdDic.roa
File:                     SrK-vjiDl0xs99Gd2cCyjeQdDic.roa (raw, json)
Hash identifier:          9BoGna4mMc990bImuJR3rw32j27JfV1QUyOoXmJi2O8=
Subject key identifier:   4A:B2:BE:BE:38:83:97:4C:6C:F7:D1:9D:D9:C0:B2:8D:E4:1D:0E:27
Certificate issuer:       /CN=32bca329cd4e2565ff0d13e8355a6ec4cc1794e1
Certificate serial:       0199852A401D167E4D237931BBE57370C0D3
Authority key identifier: 32:BC:A3:29:CD:4E:25:65:FF:0D:13:E8:35:5A:6E:C4:CC:17:94:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MryjKc1OJWX_DRPoNVpuxMwXlOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/bd8cf6-1db8-4ac0-8dd6-17be417e94dc/1/SrK-vjiDl0xs99Gd2cCyjeQdDic.roa
Signing time:             Fri 26 Sep 2025 08:36:02 +0000
ROA not before:           Fri 26 Sep 2025 08:36:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211669
IP address blocks:        185.251.15.0/24 maxlen: 24
                          2a10:a840::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/bd8cf6-1db8-4ac0-8dd6-17be417e94dc/1/MryjKc1OJWX_DRPoNVpuxMwXlOE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/bd8cf6-1db8-4ac0-8dd6-17be417e94dc/1/MryjKc1OJWX_DRPoNVpuxMwXlOE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MryjKc1OJWX_DRPoNVpuxMwXlOE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 14:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:85:2a:40:1d:16:7e:4d:23:79:31:bb:e5:73:70:c0:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32bca329cd4e2565ff0d13e8355a6ec4cc1794e1
        Validity
            Not Before: Sep 26 08:36:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ab2bebe3883974c6cf7d19dd9c0b28de41d0e27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:7d:35:36:00:4e:ed:1d:34:19:a6:78:90:fe:
                    8a:c5:ac:ce:5b:5e:6a:4d:f3:97:8d:4c:b9:8e:05:
                    e4:5f:4c:0a:b3:e2:07:8f:d0:c5:79:9a:16:05:0e:
                    11:b4:1d:7d:ab:d1:30:af:88:2f:3a:ae:13:26:29:
                    6c:34:33:bc:69:78:3d:50:b7:2d:43:1b:9c:c3:69:
                    dd:52:79:f6:38:a7:31:5c:56:4f:08:0c:b4:8a:5a:
                    22:2c:c5:8f:09:af:7f:be:2e:91:75:b8:4f:66:7a:
                    79:4d:95:7a:f0:4d:96:37:5e:8c:73:76:2f:7a:6b:
                    d7:f4:68:d4:ba:2e:42:4e:73:90:6e:ec:44:3f:b5:
                    87:69:e3:37:44:6b:9f:44:44:7c:f7:eb:48:89:f4:
                    1d:19:d1:82:93:64:87:c0:67:60:7c:c4:5f:a3:32:
                    84:78:29:8b:7a:d2:29:c7:89:2e:15:31:38:70:92:
                    29:09:40:4b:93:5a:d2:54:f8:d8:33:46:de:f1:32:
                    4c:77:4a:a4:d4:41:9b:62:93:a2:9f:33:ea:81:bd:
                    ef:49:09:5f:03:d5:a6:f2:56:1a:97:11:13:30:cd:
                    0e:9b:d4:38:b2:c1:46:94:a7:58:76:2f:b2:be:1c:
                    ee:3e:36:8f:45:ff:56:10:7e:aa:d0:70:c7:88:28:
                    63:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:B2:BE:BE:38:83:97:4C:6C:F7:D1:9D:D9:C0:B2:8D:E4:1D:0E:27
            X509v3 Authority Key Identifier:
                keyid:32:BC:A3:29:CD:4E:25:65:FF:0D:13:E8:35:5A:6E:C4:CC:17:94:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MryjKc1OJWX_DRPoNVpuxMwXlOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/bd8cf6-1db8-4ac0-8dd6-17be417e94dc/1/SrK-vjiDl0xs99Gd2cCyjeQdDic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/bd8cf6-1db8-4ac0-8dd6-17be417e94dc/1/MryjKc1OJWX_DRPoNVpuxMwXlOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.15.0/24
                IPv6:
                  2a10:a840::/29

    Signature Algorithm: sha256WithRSAEncryption
         57:01:1c:3d:6d:b8:7d:8d:09:a8:23:d0:2c:25:d0:71:39:ff:
         97:48:aa:6a:dd:cc:43:6f:b5:a6:7c:4c:87:d4:0b:75:68:77:
         73:88:05:27:86:50:bf:15:93:60:a2:3f:5b:a9:2b:1c:c3:1b:
         44:61:24:9b:3b:20:3b:30:32:6a:73:38:a3:37:79:1f:95:71:
         59:51:6b:ce:56:ab:bc:0c:2a:9b:98:e4:18:6a:24:ea:29:e9:
         8f:7c:30:4a:d4:ae:88:ce:30:89:ed:24:a8:46:b3:8d:c7:65:
         70:f9:ce:0f:38:4c:1b:32:eb:7a:04:29:3f:51:a0:ea:2f:f1:
         35:37:5a:09:1b:2f:1c:85:f6:a6:2a:e4:fd:9b:c3:cd:b6:9e:
         9e:6f:c4:01:d2:ca:19:7d:1e:e2:f4:bb:c8:27:f7:d3:f5:14:
         29:92:7a:77:e7:08:98:70:6b:d0:7e:db:4f:7d:ba:0d:53:fb:
         f5:4a:c8:da:61:e2:05:5f:f3:88:3a:73:2a:d2:a0:e8:04:38:
         05:7b:7e:f3:63:1a:34:62:c2:cb:08:43:7c:1e:8f:2d:94:4e:
         88:b2:0d:49:07:5c:2a:68:bc:2b:75:95:6a:00:ac:39:ae:88:
         6b:70:be:9d:a7:57:cc:84:a0:99:38:8c:96:70:fc:d8:98:4d:
         3e:3e:8f:88
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZmFKkAdFn5NI3kxu+VzcMDTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYmNhMzI5Y2Q0ZTI1NjVmZjBkMTNlODM1NWE2ZWM0Y2Mx
Nzk0ZTEwHhcNMjUwOTI2MDgzNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWIyYmViZTM4ODM5NzRjNmNmN2QxOWRkOWMwYjI4ZGU0MWQwZTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr301NgBO7R00GaZ4kP6KxazOW15q
TfOXjUy5jgXkX0wKs+IHj9DFeZoWBQ4RtB19q9Ewr4gvOq4TJilsNDO8aXg9ULct
Qxucw2ndUnn2OKcxXFZPCAy0iloiLMWPCa9/vi6RdbhPZnp5TZV68E2WN16Mc3Yv
emvX9GjUui5CTnOQbuxEP7WHaeM3RGufRER89+tIifQdGdGCk2SHwGdgfMRfozKE
eCmLetIpx4kuFTE4cJIpCUBLk1rSVPjYM0be8TJMd0qk1EGbYpOinzPqgb3vSQlf
A9Wm8lYalxETMM0Om9Q4ssFGlKdYdi+yvhzuPjaPRf9WEH6q0HDHiChjhwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEqyvr44g5dMbPfRndnAso3kHQ4nMB8GA1UdIwQY
MBaAFDK8oynNTiVl/w0T6DVabsTMF5ThMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXJ5aktjMU9KV1hfRFJQb05WcHV4TXdYbE9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9iZDhjZjYtMWRiOC00YWMwLThkZDYt
MTdiZTQxN2U5NGRjLzEvU3JLLXZqaURsMHhzOTlHZDJjQ3lqZVFkRGljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9iZDhjZjYtMWRiOC00YWMwLThkZDYtMTdiZTQxN2U5NGRj
LzEvTXJ5aktjMU9KV1hfRFJQb05WcHV4TXdYbE9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAufsPMA0E
AgACMAcDBQMqEKhAMA0GCSqGSIb3DQEBCwUAA4IBAQBXARw9bbh9jQmoI9AsJdBx
Of+XSKpq3cxDb7WmfEyH1At1aHdziAUnhlC/FZNgoj9bqSscwxtEYSSbOyA7MDJq
czijN3kflXFZUWvOVqu8DCqbmOQYaiTqKemPfDBK1K6IzjCJ7SSoRrONx2Vw+c4P
OEwbMut6BCk/UaDqL/E1N1oJGy8chfamKuT9m8PNtp6eb8QB0soZfR7i9LvIJ/fT
9RQpknp35wiYcGvQfttPfboNU/v1SsjaYeIFX/OIOnMq0qDoBDgFe37zYxo0YsLL
CEN8Ho8tlE6Isg1JB1wqaLwrdZVqAKw5rohrcL6dp1fMhKCZOIyWcPzYmE0+Po+I
-----END CERTIFICATE-----