Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/5417f4-4d66-4de9-935d-97ad2374a597/1/apIk3T0uW96QniURNfkrJpo6bx0.roa
File:                     apIk3T0uW96QniURNfkrJpo6bx0.roa (raw, json)
Hash identifier:          lnybSVbj9b/iDsuE6W4oGYnfxclTTGDOOhv6E7X00Yg=
Subject key identifier:   6A:92:24:DD:3D:2E:5B:DE:90:9E:25:11:35:F9:2B:26:9A:3A:6F:1D
Certificate issuer:       /CN=2112899e3b08c17f5c335b5cbc78da5adfef9b1f
Certificate serial:       0199C77E292F828D224411EEF3EB5632DD69
Authority key identifier: 21:12:89:9E:3B:08:C1:7F:5C:33:5B:5C:BC:78:DA:5A:DF:EF:9B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IRKJnjsIwX9cM1tcvHjaWt_vmx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/5417f4-4d66-4de9-935d-97ad2374a597/1/apIk3T0uW96QniURNfkrJpo6bx0.roa
Signing time:             Thu 09 Oct 2025 05:42:38 +0000
ROA not before:           Thu 09 Oct 2025 05:42:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200765
IP address blocks:        185.92.229.0/24 maxlen: 24
                          185.96.248.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/5417f4-4d66-4de9-935d-97ad2374a597/1/IRKJnjsIwX9cM1tcvHjaWt_vmx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/5417f4-4d66-4de9-935d-97ad2374a597/1/IRKJnjsIwX9cM1tcvHjaWt_vmx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IRKJnjsIwX9cM1tcvHjaWt_vmx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c7:7e:29:2f:82:8d:22:44:11:ee:f3:eb:56:32:dd:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2112899e3b08c17f5c335b5cbc78da5adfef9b1f
        Validity
            Not Before: Oct  9 05:42:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a9224dd3d2e5bde909e251135f92b269a3a6f1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:51:d3:aa:15:49:d7:a3:1e:76:61:b8:47:6c:
                    3f:ca:00:5b:00:42:19:a3:03:5c:31:b2:e5:c2:b7:
                    7d:65:34:ce:bf:15:f9:23:2d:7a:ab:72:d6:e4:e4:
                    8a:ea:f3:f8:42:50:05:5f:b0:33:58:81:b5:1e:6b:
                    71:58:3f:59:4a:22:b7:52:92:a5:ea:af:ea:89:80:
                    d9:3f:99:2f:ed:fd:1c:99:03:93:fb:06:a1:ac:5f:
                    8c:3c:92:ea:f6:b6:ac:26:0e:22:b7:13:d4:fb:40:
                    08:6b:dc:eb:41:25:ec:c4:ce:5d:07:06:75:71:a1:
                    5f:b2:a6:83:da:6e:31:f6:18:97:aa:c4:24:0f:5d:
                    a1:f3:6b:0e:71:29:b9:07:8c:9c:06:12:75:c2:f2:
                    d6:72:f7:bf:d8:ca:90:70:93:93:ea:b5:6c:85:39:
                    07:dd:2f:07:e5:8a:e9:11:5a:66:cb:16:e0:49:54:
                    4c:d9:59:a9:da:75:82:33:75:30:58:7a:24:90:04:
                    ca:07:3c:00:67:d7:8b:c5:62:87:1e:f7:63:54:ba:
                    40:ed:69:f1:08:88:9e:01:dc:a9:ea:39:37:c5:7b:
                    48:e7:f3:f6:4d:c4:cb:39:ae:ae:8b:60:7e:73:78:
                    8b:cb:da:7d:63:ec:c6:c5:28:d0:04:82:23:d2:e1:
                    2e:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:92:24:DD:3D:2E:5B:DE:90:9E:25:11:35:F9:2B:26:9A:3A:6F:1D
            X509v3 Authority Key Identifier:
                keyid:21:12:89:9E:3B:08:C1:7F:5C:33:5B:5C:BC:78:DA:5A:DF:EF:9B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IRKJnjsIwX9cM1tcvHjaWt_vmx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/5417f4-4d66-4de9-935d-97ad2374a597/1/apIk3T0uW96QniURNfkrJpo6bx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/5417f4-4d66-4de9-935d-97ad2374a597/1/IRKJnjsIwX9cM1tcvHjaWt_vmx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.229.0/24
                  185.96.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:ca:9d:f0:de:04:61:fb:68:3f:11:01:2b:17:b0:8e:ab:e4:
         69:f4:fc:1a:72:6e:2c:f2:12:e4:64:eb:65:8e:af:8b:fa:86:
         e4:62:eb:85:8a:4e:72:1d:15:cd:d4:e4:8f:3d:fa:44:78:55:
         34:7e:14:d0:96:98:c0:9a:27:a6:04:13:06:e8:6e:04:f0:92:
         79:e3:f5:c7:88:ba:ab:a9:ce:e6:14:f3:d0:37:17:5b:74:6d:
         32:7d:66:8c:9f:89:95:10:2b:53:ad:5b:77:fb:09:bf:40:95:
         28:99:75:93:30:5f:62:44:ec:5f:ae:3b:8b:d2:98:7a:14:c7:
         0c:22:c8:f1:a0:73:d5:52:59:6e:06:74:21:72:ba:6b:e0:28:
         71:71:5d:83:7c:53:28:a7:f9:e4:8e:6c:ec:ae:08:18:72:a1:
         53:1e:0c:21:5d:82:bc:ae:f4:9f:ba:fc:b2:73:3c:ef:3b:2d:
         ad:14:0c:2a:f8:82:92:c3:88:34:21:05:9b:e2:f4:d1:74:95:
         25:0c:84:f6:8c:35:3d:c9:13:1c:3a:89:74:1a:16:9b:02:e2:
         14:15:98:e6:ee:c7:26:d6:34:76:79:5d:fd:09:c4:c4:73:8c:
         ac:fc:07:37:28:75:45:3b:de:49:3e:32:d2:82:2f:fa:2b:d2:
         ee:50:af:5a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnHfikvgo0iRBHu8+tWMt1pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMTI4OTllM2IwOGMxN2Y1YzMzNWI1Y2JjNzhkYTVhZGZl
ZjliMWYwHhcNMjUxMDA5MDU0MjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTkyMjRkZDNkMmU1YmRlOTA5ZTI1MTEzNWY5MmIyNjlhM2E2ZjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmlHTqhVJ16MedmG4R2w/ygBbAEIZ
owNcMbLlwrd9ZTTOvxX5Iy16q3LW5OSK6vP4QlAFX7AzWIG1HmtxWD9ZSiK3UpKl
6q/qiYDZP5kv7f0cmQOT+wahrF+MPJLq9rasJg4itxPU+0AIa9zrQSXsxM5dBwZ1
caFfsqaD2m4x9hiXqsQkD12h82sOcSm5B4ycBhJ1wvLWcve/2MqQcJOT6rVshTkH
3S8H5YrpEVpmyxbgSVRM2Vmp2nWCM3UwWHokkATKBzwAZ9eLxWKHHvdjVLpA7Wnx
CIieAdyp6jk3xXtI5/P2TcTLOa6ui2B+c3iLy9p9Y+zGxSjQBIIj0uEukQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGqSJN09LlvekJ4lETX5KyaaOm8dMB8GA1UdIwQY
MBaAFCESiZ47CMF/XDNbXLx42lrf75sfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVJLSm5qc0l3WDljTTF0Y3ZIamFXdF92bXg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni81NDE3ZjQtNGQ2Ni00ZGU5LTkzNWQt
OTdhZDIzNzRhNTk3LzEvYXBJazNUMHVXOTZRbmlVUk5ma3JKcG82YngwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni81NDE3ZjQtNGQ2Ni00ZGU5LTkzNWQtOTdhZDIzNzRhNTk3
LzEvSVJLSm5qc0l3WDljTTF0Y3ZIamFXdF92bXg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuVzlAwQC
uWD4MA0GCSqGSIb3DQEBCwUAA4IBAQAIyp3w3gRh+2g/EQErF7COq+Rp9Pwacm4s
8hLkZOtljq+L+obkYuuFik5yHRXN1OSPPfpEeFU0fhTQlpjAmiemBBMG6G4E8JJ5
4/XHiLqrqc7mFPPQNxdbdG0yfWaMn4mVECtTrVt3+wm/QJUomXWTMF9iROxfrjuL
0ph6FMcMIsjxoHPVUlluBnQhcrpr4ChxcV2DfFMop/nkjmzsrggYcqFTHgwhXYK8
rvSfuvyyczzvOy2tFAwq+IKSw4g0IQWb4vTRdJUlDIT2jDU9yRMcOol0GhabAuIU
FZjm7scm1jR2eV39CcTEc4ys/Ac3KHVFO95JPjLSgi/6K9LuUK9a
-----END CERTIFICATE-----