Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/07eac7-4d52-46d9-ba44-8945860d5238/1/iDPMNmfuoD1e6WX9SaW-Xwj56XU.roa
File:                     iDPMNmfuoD1e6WX9SaW-Xwj56XU.roa (raw, json)
Hash identifier:          CtC3xTB/OfCgjx4fU8sisb6o/6RAWw66T6m0WLC/UYQ=
Subject key identifier:   88:33:CC:36:67:EE:A0:3D:5E:E9:65:FD:49:A5:BE:5F:08:F9:E9:75
Certificate issuer:       /CN=44ceb61e71a619f2314e9d9846ec67bc88a1244c
Certificate serial:       0199DCFE5024033CA0B6E5E5705A7D77FB2E
Authority key identifier: 44:CE:B6:1E:71:A6:19:F2:31:4E:9D:98:46:EC:67:BC:88:A1:24:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RM62HnGmGfIxTp2YRuxnvIihJEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/07eac7-4d52-46d9-ba44-8945860d5238/1/iDPMNmfuoD1e6WX9SaW-Xwj56XU.roa
Signing time:             Mon 13 Oct 2025 09:54:38 +0000
ROA not before:           Mon 13 Oct 2025 09:54:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211510
IP address blocks:        85.193.189.0/24 maxlen: 24
                          85.193.190.0/24 maxlen: 24
                          85.193.191.0/24 maxlen: 24
                          185.54.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/07eac7-4d52-46d9-ba44-8945860d5238/1/RM62HnGmGfIxTp2YRuxnvIihJEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/07eac7-4d52-46d9-ba44-8945860d5238/1/RM62HnGmGfIxTp2YRuxnvIihJEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RM62HnGmGfIxTp2YRuxnvIihJEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:dc:fe:50:24:03:3c:a0:b6:e5:e5:70:5a:7d:77:fb:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44ceb61e71a619f2314e9d9846ec67bc88a1244c
        Validity
            Not Before: Oct 13 09:54:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8833cc3667eea03d5ee965fd49a5be5f08f9e975
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d7:b9:ab:73:ae:d2:ee:a2:38:f1:6f:c0:6f:
                    28:df:81:f6:69:9a:8f:e5:a7:ae:ca:3c:17:73:03:
                    8e:69:1d:31:0d:4d:22:72:70:11:3d:60:1b:7a:df:
                    c3:98:35:03:e6:f3:fe:ee:83:c5:59:45:50:8f:17:
                    2f:62:de:64:90:5e:54:91:25:97:1b:50:71:ec:85:
                    dd:7c:45:f0:0a:04:a8:88:63:ab:59:3b:f0:a9:3f:
                    45:1a:4a:30:bd:cd:91:01:f2:ed:0f:1e:db:8f:49:
                    d3:db:b1:b9:21:3b:7c:1c:02:c6:be:ad:ae:59:a1:
                    5c:5a:e3:0a:30:32:d0:8f:ff:b2:b1:ef:c4:6d:78:
                    5d:1a:2e:ee:0f:bd:6c:46:66:8a:96:0d:b5:5a:df:
                    00:fb:2e:c1:16:af:ec:56:20:5e:61:bf:f3:f0:1d:
                    d5:88:68:e4:1b:a9:d0:9b:0e:dd:58:19:73:93:b3:
                    2b:2f:e2:a8:52:2b:ef:af:6c:cc:cc:60:75:cc:e0:
                    d0:a3:04:a7:e9:ac:36:3f:a9:a4:2d:9d:10:e1:6d:
                    4a:b0:1e:a6:6a:3a:54:77:b9:e9:35:34:c0:95:51:
                    02:63:ee:c6:e6:7f:cc:6c:68:d6:e0:5e:82:f7:28:
                    ef:4e:81:af:ae:32:ae:9b:51:60:88:92:3f:50:92:
                    d0:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:33:CC:36:67:EE:A0:3D:5E:E9:65:FD:49:A5:BE:5F:08:F9:E9:75
            X509v3 Authority Key Identifier:
                keyid:44:CE:B6:1E:71:A6:19:F2:31:4E:9D:98:46:EC:67:BC:88:A1:24:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RM62HnGmGfIxTp2YRuxnvIihJEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/07eac7-4d52-46d9-ba44-8945860d5238/1/iDPMNmfuoD1e6WX9SaW-Xwj56XU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/07eac7-4d52-46d9-ba44-8945860d5238/1/RM62HnGmGfIxTp2YRuxnvIihJEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.193.189.0-85.193.191.255
                  185.54.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:fe:3b:15:3e:0e:79:ce:a8:bd:4b:5d:a3:4a:a9:1c:8c:a6:
         46:db:ec:a3:0e:f5:cd:62:50:da:58:0d:9d:d5:de:3f:7e:87:
         ae:6c:1c:02:4b:67:d5:d2:ae:36:6b:4b:e6:86:9a:54:dc:0e:
         41:39:7a:52:0b:68:4e:75:c6:d9:4e:f5:10:1b:35:a6:78:6d:
         1e:fd:63:93:af:0b:a4:51:d0:a8:d7:0c:62:da:78:b6:35:a7:
         22:7b:0c:87:94:7a:a0:3e:f0:fc:05:1b:c0:32:55:c1:01:be:
         b3:22:d0:7b:4f:92:4a:5a:ce:9f:bc:d3:cc:52:b9:c5:14:be:
         bc:b9:5e:68:2b:f9:49:7e:b3:48:79:1e:e6:a6:0c:59:19:1e:
         a5:83:0a:d1:80:a1:3d:33:40:e3:cf:cb:11:ca:bd:7d:c4:b3:
         89:f5:59:1c:d2:5e:e9:a8:b8:4f:f1:36:0a:3c:aa:a6:b6:c6:
         8d:6e:75:e0:11:e5:ab:1a:13:da:a0:dd:92:d9:52:89:5c:d1:
         da:36:ac:ee:3d:01:fd:f8:9d:4f:ad:01:f6:9f:81:4b:7e:ce:
         87:26:84:d0:f6:78:ca:3e:43:20:2f:62:06:e2:25:1d:1d:e6:
         e5:9c:bf:9f:88:47:63:2f:d3:70:8a:4b:58:74:24:0c:31:fb:
         fa:c6:1c:94
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZnc/lAkAzygtuXlcFp9d/suMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0Y2ViNjFlNzFhNjE5ZjIzMTRlOWQ5ODQ2ZWM2N2JjODhh
MTI0NGMwHhcNMjUxMDEzMDk1NDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODMzY2MzNjY3ZWVhMDNkNWVlOTY1ZmQ0OWE1YmU1ZjA4ZjllOTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNe5q3Ou0u6iOPFvwG8o34H2aZqP
5aeuyjwXcwOOaR0xDU0icnARPWAbet/DmDUD5vP+7oPFWUVQjxcvYt5kkF5UkSWX
G1Bx7IXdfEXwCgSoiGOrWTvwqT9FGkowvc2RAfLtDx7bj0nT27G5ITt8HALGvq2u
WaFcWuMKMDLQj/+yse/EbXhdGi7uD71sRmaKlg21Wt8A+y7BFq/sViBeYb/z8B3V
iGjkG6nQmw7dWBlzk7MrL+KoUivvr2zMzGB1zODQowSn6aw2P6mkLZ0Q4W1KsB6m
ajpUd7npNTTAlVECY+7G5n/MbGjW4F6C9yjvToGvrjKum1FgiJI/UJLQZwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFIgzzDZn7qA9Xull/Umlvl8I+el1MB8GA1UdIwQY
MBaAFETOth5xphnyMU6dmEbsZ7yIoSRMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUk02MkhuR21HZkl4VHAyWVJ1eG52SWloSkV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8wN2VhYzctNGQ1Mi00NmQ5LWJhNDQt
ODk0NTg2MGQ1MjM4LzEvaURQTU5tZnVvRDFlNldYOVNhVy1Yd2o1NlhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8wN2VhYzctNGQ1Mi00NmQ5LWJhNDQtODk0NTg2MGQ1MjM4
LzEvUk02MkhuR21HZkl4VHAyWVJ1eG52SWloSkV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABVwb0D
BAZVwYADBAC5NtMwDQYJKoZIhvcNAQELBQADggEBAGH+OxU+DnnOqL1LXaNKqRyM
pkbb7KMO9c1iUNpYDZ3V3j9+h65sHAJLZ9XSrjZrS+aGmlTcDkE5elILaE51xtlO
9RAbNaZ4bR79Y5OvC6RR0KjXDGLaeLY1pyJ7DIeUeqA+8PwFG8AyVcEBvrMi0HtP
kkpazp+808xSucUUvry5Xmgr+Ul+s0h5HuamDFkZHqWDCtGAoT0zQOPPyxHKvX3E
s4n1WRzSXumouE/xNgo8qqa2xo1udeAR5asaE9qg3ZLZUolc0do2rO49Af34nU+t
AfafgUt+zocmhND2eMo+QyAvYgbiJR0d5uWcv5+IR2Mv03CKS1h0JAwx+/rGHJQ=
-----END CERTIFICATE-----