Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/e97563-c7e5-4036-a796-22c0ca213380/1/8QToh95n76MX0haqvJV4iXYdSiU.roa
File:                     8QToh95n76MX0haqvJV4iXYdSiU.roa (raw, json)
Hash identifier:          bccQP6DZQf854mroc1UFT6HPAcTOCvETn4EYHYUjQ3o=
Subject key identifier:   F1:04:E8:87:DE:67:EF:A3:17:D2:16:AA:BC:95:78:89:76:1D:4A:25
Certificate issuer:       /CN=08418e9690d0fb711abf3874e1c500a627693c0a
Certificate serial:       0199C500F4239F15C7CBA380A65F8F270A13
Authority key identifier: 08:41:8E:96:90:D0:FB:71:1A:BF:38:74:E1:C5:00:A6:27:69:3C:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CEGOlpDQ-3Eavzh04cUApidpPAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/e97563-c7e5-4036-a796-22c0ca213380/1/8QToh95n76MX0haqvJV4iXYdSiU.roa
Signing time:             Wed 08 Oct 2025 18:06:38 +0000
ROA not before:           Wed 08 Oct 2025 18:06:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44194
IP address blocks:        81.16.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/e97563-c7e5-4036-a796-22c0ca213380/1/CEGOlpDQ-3Eavzh04cUApidpPAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/e97563-c7e5-4036-a796-22c0ca213380/1/CEGOlpDQ-3Eavzh04cUApidpPAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CEGOlpDQ-3Eavzh04cUApidpPAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c5:00:f4:23:9f:15:c7:cb:a3:80:a6:5f:8f:27:0a:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08418e9690d0fb711abf3874e1c500a627693c0a
        Validity
            Not Before: Oct  8 18:06:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f104e887de67efa317d216aabc957889761d4a25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:9b:ed:f8:e9:cb:4e:56:0e:db:92:0d:e8:f1:
                    bf:f2:c6:78:4e:31:af:e9:b2:0b:8f:15:8a:a6:6b:
                    c3:4b:8d:79:55:7f:10:cf:59:82:4d:35:4b:ac:2b:
                    3b:b8:7e:49:bd:1a:8f:7e:49:56:2e:d4:ab:2b:e5:
                    ac:e7:b0:3a:68:4e:36:6f:5b:38:05:ba:b3:40:b1:
                    d2:27:8c:d8:74:ba:10:8b:fe:65:a4:a1:82:ba:48:
                    2f:a1:4a:ae:30:63:6a:79:e7:78:d8:9f:67:aa:a3:
                    fa:3a:53:d3:98:e2:9c:b5:ac:6b:41:1c:78:6d:a1:
                    6c:95:93:5c:95:46:20:8d:fb:08:77:13:62:2f:f3:
                    ae:80:7d:8d:e3:30:99:38:4b:e7:b6:f4:97:5a:aa:
                    b9:9b:45:21:67:d2:4a:ae:3b:48:9c:8d:c0:7b:b9:
                    5e:58:0e:34:60:d5:ab:e8:57:93:30:5e:ae:91:21:
                    39:27:8d:94:2e:83:36:16:c1:29:47:70:e7:c2:94:
                    56:94:ea:54:9c:56:4f:b2:0e:3b:14:f8:04:59:0f:
                    70:68:13:73:4c:bc:18:e4:af:e2:c2:b2:e4:6a:f2:
                    51:71:f8:a3:cb:71:d7:d9:f2:ad:15:73:e8:66:36:
                    53:40:3d:00:9d:ef:43:60:80:ff:1c:00:37:ed:02:
                    16:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:04:E8:87:DE:67:EF:A3:17:D2:16:AA:BC:95:78:89:76:1D:4A:25
            X509v3 Authority Key Identifier:
                keyid:08:41:8E:96:90:D0:FB:71:1A:BF:38:74:E1:C5:00:A6:27:69:3C:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CEGOlpDQ-3Eavzh04cUApidpPAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/e97563-c7e5-4036-a796-22c0ca213380/1/8QToh95n76MX0haqvJV4iXYdSiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/e97563-c7e5-4036-a796-22c0ca213380/1/CEGOlpDQ-3Eavzh04cUApidpPAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.16.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:3d:5b:2f:9c:46:09:f2:0a:89:50:e9:fb:ef:fd:cd:f9:f5:
         02:ac:d6:07:46:ed:a3:23:f6:62:7f:57:58:99:b9:50:10:94:
         84:69:f9:04:52:9d:d8:a2:aa:b0:24:d3:10:3f:e2:9c:79:24:
         87:2d:cf:e3:ab:58:d3:a7:15:ca:f8:c3:de:5a:91:7d:3d:51:
         63:da:31:ac:a9:93:90:a9:18:2a:a2:db:df:f2:32:3d:b1:55:
         2b:43:aa:ad:dc:fb:f1:e0:e8:f7:1d:df:9b:17:ca:43:d1:c7:
         88:4d:35:02:f5:74:f3:23:80:4c:2b:b5:81:f7:6b:6b:23:cc:
         ee:a1:a7:e7:f7:91:48:fb:79:dd:e9:df:dd:42:6e:5d:a5:6c:
         78:18:89:a7:f6:f9:c8:49:d5:09:c8:94:3d:67:44:89:b3:a8:
         68:f5:65:f2:1c:9c:bd:09:1d:65:99:0b:2a:2c:7b:75:3f:ed:
         b9:c9:a9:1a:99:f2:3e:f8:39:e1:10:bc:43:bd:8a:b9:df:45:
         10:31:08:b8:9b:30:f7:1f:b8:a2:e0:77:cd:67:03:1f:bc:d4:
         f2:f6:f5:74:17:eb:98:bc:54:c0:4c:13:42:b1:dc:64:24:32:
         26:b4:12:c5:35:bb:4c:0e:6b:d6:e0:94:3e:f7:d1:a6:0b:b6:
         a3:6f:51:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnFAPQjnxXHy6OApl+PJwoTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NDE4ZTk2OTBkMGZiNzExYWJmMzg3NGUxYzUwMGE2Mjc2
OTNjMGEwHhcNMjUxMDA4MTgwNjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTA0ZTg4N2RlNjdlZmEzMTdkMjE2YWFiYzk1Nzg4OTc2MWQ0YTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5vt+OnLTlYO25IN6PG/8sZ4TjGv
6bILjxWKpmvDS415VX8Qz1mCTTVLrCs7uH5JvRqPfklWLtSrK+Ws57A6aE42b1s4
BbqzQLHSJ4zYdLoQi/5lpKGCukgvoUquMGNqeed42J9nqqP6OlPTmOKctaxrQRx4
baFslZNclUYgjfsIdxNiL/OugH2N4zCZOEvntvSXWqq5m0UhZ9JKrjtInI3Ae7le
WA40YNWr6FeTMF6ukSE5J42ULoM2FsEpR3DnwpRWlOpUnFZPsg47FPgEWQ9waBNz
TLwY5K/iwrLkavJRcfijy3HX2fKtFXPoZjZTQD0Ane9DYID/HAA37QIWHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPEE6IfeZ++jF9IWqryVeIl2HUolMB8GA1UdIwQY
MBaAFAhBjpaQ0PtxGr84dOHFAKYnaTwKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0VHT2xwRFEtM0VhdnpoMDRjVUFwaWRwUEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9lOTc1NjMtYzdlNS00MDM2LWE3OTYt
MjJjMGNhMjEzMzgwLzEvOFFUb2g5NW43Nk1YMGhhcXZKVjRpWFlkU2lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9lOTc1NjMtYzdlNS00MDM2LWE3OTYtMjJjMGNhMjEzMzgw
LzEvQ0VHT2xwRFEtM0VhdnpoMDRjVUFwaWRwUEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURC0MA0G
CSqGSIb3DQEBCwUAA4IBAQBgPVsvnEYJ8gqJUOn77/3N+fUCrNYHRu2jI/Zif1dY
mblQEJSEafkEUp3YoqqwJNMQP+KceSSHLc/jq1jTpxXK+MPeWpF9PVFj2jGsqZOQ
qRgqotvf8jI9sVUrQ6qt3Pvx4Oj3Hd+bF8pD0ceITTUC9XTzI4BMK7WB92trI8zu
oafn95FI+3nd6d/dQm5dpWx4GImn9vnISdUJyJQ9Z0SJs6ho9WXyHJy9CR1lmQsq
LHt1P+25yakamfI++DnhELxDvYq530UQMQi4mzD3H7ii4HfNZwMfvNTy9vV0F+uY
vFTATBNCsdxkJDImtBLFNbtMDmvW4JQ+99GmC7ajb1EZ
-----END CERTIFICATE-----