Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/Z0HFTEB-y-xMkY874DNYvhokt7o.roa
File:                     Z0HFTEB-y-xMkY874DNYvhokt7o.roa (raw, json)
Hash identifier:          fMTVowfbwy2vdbwi3DPoTLMlTmRBQt2PrhpbkbjG32k=
Subject key identifier:   67:41:C5:4C:40:7E:CB:EC:4C:91:8F:3B:E0:33:58:BE:1A:24:B7:BA
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       0198A333E7CEBA4BA8F1ED55290099BDE34D
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/Z0HFTEB-y-xMkY874DNYvhokt7o.roa
Signing time:             Wed 13 Aug 2025 11:32:24 +0000
ROA not before:           Wed 13 Aug 2025 11:32:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.81.28.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a3:33:e7:ce:ba:4b:a8:f1:ed:55:29:00:99:bd:e3:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Aug 13 11:32:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6741c54c407ecbec4c918f3be03358be1a24b7ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f7:8f:4a:da:bc:23:c9:39:9f:e2:81:ad:bf:
                    12:fa:46:89:5c:5d:b9:99:f5:a4:36:e1:aa:a1:89:
                    b6:89:6e:64:7a:7b:9e:3e:b5:ab:09:08:94:ef:37:
                    b3:05:8d:60:b5:c0:55:53:e3:33:97:7d:89:9a:a4:
                    07:2c:ba:4a:62:9a:8b:5a:0b:54:82:02:db:59:0c:
                    9d:6e:45:d7:b7:c9:30:3f:68:86:09:62:84:0f:6f:
                    81:e8:3f:6e:59:70:9e:61:2b:39:2c:e3:10:b1:74:
                    24:2b:a1:8f:57:0a:86:f0:29:c0:63:a9:9f:64:0f:
                    2f:ce:b8:71:b6:c4:6f:79:0c:74:c7:0e:81:d5:4c:
                    dc:af:38:2c:38:8f:d8:92:03:d8:8d:d3:ba:b6:cb:
                    52:b8:f5:8f:a9:51:17:59:cd:86:58:d7:8d:7e:fe:
                    c2:2a:17:19:bd:45:fe:06:96:8a:f8:77:fc:c2:03:
                    cb:47:29:c2:f2:bb:70:4f:8c:df:b3:c0:f4:93:2f:
                    8c:13:1d:35:cb:db:5c:8d:5f:64:6e:46:50:d0:66:
                    35:44:e4:ed:6c:00:19:30:b8:34:f0:11:70:c0:ad:
                    4a:fd:dc:e1:99:86:99:be:bf:93:61:70:8e:3e:88:
                    9a:6b:25:39:56:1b:dc:a2:97:81:03:37:ea:bc:f2:
                    88:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:41:C5:4C:40:7E:CB:EC:4C:91:8F:3B:E0:33:58:BE:1A:24:B7:BA
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/Z0HFTEB-y-xMkY874DNYvhokt7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:8e:3a:30:2c:92:26:ea:3f:39:3a:6a:e0:77:2d:a5:4d:5b:
         6d:5f:0f:ad:79:ef:4a:00:04:fc:70:e2:ef:bb:80:14:75:f8:
         bc:4f:d2:89:ce:4a:fe:18:26:f1:d8:cb:87:8e:04:25:23:dc:
         26:f8:d0:83:41:14:fb:dc:c4:a6:30:fc:27:88:48:22:75:a4:
         82:95:fd:60:4b:7f:6d:40:06:6b:3d:69:06:fd:1f:2f:46:52:
         7c:fe:47:79:45:01:75:c7:60:e2:c8:be:c8:57:3d:88:c1:08:
         b2:46:c7:ba:92:0d:11:b3:c7:39:b7:cd:e5:df:fa:eb:1f:3e:
         a9:b9:87:98:b7:a2:d5:a6:15:0d:33:7c:a7:79:b4:dc:e4:73:
         f3:e3:b4:9e:b3:fb:50:81:18:7d:4c:15:24:e0:bc:ea:7d:49:
         68:fe:a5:af:37:89:8a:33:46:0f:3d:15:bd:2b:c9:d4:4b:c3:
         56:71:77:18:1b:8e:04:1d:bd:a5:10:fd:74:8f:38:30:32:e0:
         4b:0e:fa:6d:33:2b:1d:c2:8d:fe:b1:27:3d:f0:f8:79:d5:b4:
         82:05:c5:f5:4f:6f:b4:d8:86:b5:2f:71:e2:56:32:15:a4:ba:
         a5:9e:5d:15:c4:d2:e6:76:d0:86:e1:e2:ef:06:67:a8:ba:7c:
         5c:8d:fd:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZijM+fOukuo8e1VKQCZveNNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjUwODEzMTEzMjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzQxYzU0YzQwN2VjYmVjNGM5MThmM2JlMDMzNThiZTFhMjRiN2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/ePStq8I8k5n+KBrb8S+kaJXF25
mfWkNuGqoYm2iW5kenuePrWrCQiU7zezBY1gtcBVU+Mzl32JmqQHLLpKYpqLWgtU
ggLbWQydbkXXt8kwP2iGCWKED2+B6D9uWXCeYSs5LOMQsXQkK6GPVwqG8CnAY6mf
ZA8vzrhxtsRveQx0xw6B1UzcrzgsOI/YkgPYjdO6tstSuPWPqVEXWc2GWNeNfv7C
KhcZvUX+BpaK+Hf8wgPLRynC8rtwT4zfs8D0ky+MEx01y9tcjV9kbkZQ0GY1ROTt
bAAZMLg08BFwwK1K/dzhmYaZvr+TYXCOPoiaayU5VhvcopeBAzfqvPKIzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGdBxUxAfsvsTJGPO+AzWL4aJLe6MB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvWjBIRlRFQi15LXhNa1k4NzRETll2aG9rdDdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVEcMA0G
CSqGSIb3DQEBCwUAA4IBAQArjjowLJIm6j85Omrgdy2lTVttXw+tee9KAAT8cOLv
u4AUdfi8T9KJzkr+GCbx2MuHjgQlI9wm+NCDQRT73MSmMPwniEgidaSClf1gS39t
QAZrPWkG/R8vRlJ8/kd5RQF1x2DiyL7IVz2IwQiyRse6kg0Rs8c5t83l3/rrHz6p
uYeYt6LVphUNM3ynebTc5HPz47Ses/tQgRh9TBUk4LzqfUlo/qWvN4mKM0YPPRW9
K8nUS8NWcXcYG44EHb2lEP10jzgwMuBLDvptMysdwo3+sSc98Ph51bSCBcX1T2+0
2Ia1L3HiVjIVpLqlnl0VxNLmdtCG4eLvBmeounxcjf2C
-----END CERTIFICATE-----