Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/a289eb-45ce-4618-857f-78189d015286/1/8jP_y3ejZgoctYO3RIyWsm1WwTY.roa
File:                     8jP_y3ejZgoctYO3RIyWsm1WwTY.roa (raw, json)
Hash identifier:          ecd4E/hh4r+6kZxHuFwVi+mLNAKKO0mfpn1+ByWy+90=
Subject key identifier:   F2:33:FF:CB:77:A3:66:0A:1C:B5:83:B7:44:8C:96:B2:6D:56:C1:36
Certificate issuer:       /CN=86d963844f8205d1369434531c998600c15781a1
Certificate serial:       0199F24F2C091349E0F004B45CF93A0B97FE
Authority key identifier: 86:D9:63:84:4F:82:05:D1:36:94:34:53:1C:99:86:00:C1:57:81:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htljhE-CBdE2lDRTHJmGAMFXgaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/a289eb-45ce-4618-857f-78189d015286/1/8jP_y3ejZgoctYO3RIyWsm1WwTY.roa
Signing time:             Fri 17 Oct 2025 13:14:58 +0000
ROA not before:           Fri 17 Oct 2025 13:14:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5089
IP address blocks:        188.92.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/a289eb-45ce-4618-857f-78189d015286/1/htljhE-CBdE2lDRTHJmGAMFXgaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/a289eb-45ce-4618-857f-78189d015286/1/htljhE-CBdE2lDRTHJmGAMFXgaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htljhE-CBdE2lDRTHJmGAMFXgaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f2:4f:2c:09:13:49:e0:f0:04:b4:5c:f9:3a:0b:97:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d963844f8205d1369434531c998600c15781a1
        Validity
            Not Before: Oct 17 13:14:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f233ffcb77a3660a1cb583b7448c96b26d56c136
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:df:82:6b:bb:b3:79:7f:ce:36:bd:91:bd:aa:
                    2e:26:c6:60:13:ce:d6:07:0a:54:50:d6:71:88:ec:
                    5a:c1:3c:80:d3:a1:53:f8:85:86:48:d8:81:75:bc:
                    df:1d:a0:ab:99:8b:1c:dc:24:05:e6:3d:18:14:34:
                    04:ba:d6:b5:10:e4:01:e8:5f:4d:cb:7a:37:1d:d8:
                    d8:fc:ba:be:38:dd:fa:50:63:28:4d:f2:23:1a:95:
                    f8:0a:cf:80:d7:e9:ef:20:36:18:1f:e1:e0:36:38:
                    68:be:20:2b:4d:b0:eb:9c:1c:2e:6e:e8:41:c9:02:
                    b6:ed:59:68:44:de:ee:be:1f:d5:2c:1c:f3:54:f9:
                    8d:1f:c6:61:f3:f8:0c:25:d4:cb:a9:18:9e:0a:24:
                    17:22:2c:b4:65:af:74:aa:64:62:22:e7:59:58:5a:
                    21:51:04:42:7d:2f:03:fe:9d:6c:df:3a:e6:58:04:
                    7c:3f:e1:b7:00:af:43:eb:fe:76:f2:46:ec:c1:22:
                    96:db:48:4e:c2:2b:96:2e:67:78:de:e9:d9:f6:c3:
                    6d:e4:a5:6f:2b:6d:ef:ad:54:31:7a:ad:21:04:9a:
                    d9:2b:1b:fd:80:d3:ca:cd:63:c3:cc:1c:cb:87:cc:
                    24:e8:40:54:de:76:36:8b:76:4d:ce:2f:3a:91:e6:
                    6d:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:33:FF:CB:77:A3:66:0A:1C:B5:83:B7:44:8C:96:B2:6D:56:C1:36
            X509v3 Authority Key Identifier:
                keyid:86:D9:63:84:4F:82:05:D1:36:94:34:53:1C:99:86:00:C1:57:81:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htljhE-CBdE2lDRTHJmGAMFXgaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/a289eb-45ce-4618-857f-78189d015286/1/8jP_y3ejZgoctYO3RIyWsm1WwTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/a289eb-45ce-4618-857f-78189d015286/1/htljhE-CBdE2lDRTHJmGAMFXgaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.92.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:24:ee:89:bd:f7:76:3d:ef:6c:0e:4c:a8:f2:68:39:af:08:
         82:3e:e5:99:05:9a:b8:fc:37:03:5d:8e:23:0e:b9:1a:48:68:
         ca:51:31:bd:a5:78:a7:a5:84:31:fe:57:24:f3:6d:da:a9:91:
         3e:73:b0:48:98:bd:52:41:7f:4c:b8:1c:6d:6f:b2:30:f1:a7:
         bd:97:1c:29:9e:d3:ee:48:99:ba:aa:41:c9:5f:f0:dc:44:8a:
         45:d6:80:84:3a:70:73:7b:4d:82:c7:05:76:b7:d8:1a:a4:e4:
         ca:3a:9f:11:70:f7:3d:65:04:f2:7e:c2:61:b3:e7:a0:0b:08:
         41:fe:d1:49:74:29:ed:0b:46:b4:02:0c:41:54:e8:07:c7:ec:
         db:7f:9a:a0:16:d1:1e:e7:1a:f1:a2:84:2b:c2:df:49:30:ca:
         ef:a4:e4:c3:6c:af:6d:46:c5:38:af:83:17:ea:3a:83:60:c1:
         37:bb:25:c7:a6:58:22:d7:52:6d:07:89:93:a2:eb:38:0a:c1:
         26:93:91:8d:72:64:c4:dd:92:32:ca:b2:97:41:7c:82:77:42:
         bf:a2:e9:fb:7f:08:98:79:f6:36:e2:9e:05:d9:f6:76:a3:bb:
         a1:e9:bc:b9:27:4c:4f:04:06:03:28:30:ed:94:fc:85:0a:b2:
         38:7e:01:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnyTywJE0ng8AS0XPk6C5f+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDk2Mzg0NGY4MjA1ZDEzNjk0MzQ1MzFjOTk4NjAwYzE1
NzgxYTEwHhcNMjUxMDE3MTMxNDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjMzZmZjYjc3YTM2NjBhMWNiNTgzYjc0NDhjOTZiMjZkNTZjMTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA79+Ca7uzeX/ONr2RvaouJsZgE87W
BwpUUNZxiOxawTyA06FT+IWGSNiBdbzfHaCrmYsc3CQF5j0YFDQEuta1EOQB6F9N
y3o3HdjY/Lq+ON36UGMoTfIjGpX4Cs+A1+nvIDYYH+HgNjhoviArTbDrnBwubuhB
yQK27VloRN7uvh/VLBzzVPmNH8Zh8/gMJdTLqRieCiQXIiy0Za90qmRiIudZWFoh
UQRCfS8D/p1s3zrmWAR8P+G3AK9D6/528kbswSKW20hOwiuWLmd43unZ9sNt5KVv
K23vrVQxeq0hBJrZKxv9gNPKzWPDzBzLh8wk6EBU3nY2i3ZNzi86keZtUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPIz/8t3o2YKHLWDt0SMlrJtVsE2MB8GA1UdIwQY
MBaAFIbZY4RPggXRNpQ0UxyZhgDBV4GhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRsamhFLUNCZEUybERSVEhKbUdBTUZYZ2FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9hMjg5ZWItNDVjZS00NjE4LTg1N2Yt
NzgxODlkMDE1Mjg2LzEvOGpQX3kzZWpaZ29jdFlPM1JJeVdzbTFXd1RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9hMjg5ZWItNDVjZS00NjE4LTg1N2YtNzgxODlkMDE1Mjg2
LzEvaHRsamhFLUNCZEUybERSVEhKbUdBTUZYZ2FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvFwFMA0G
CSqGSIb3DQEBCwUAA4IBAQBAJO6Jvfd2Pe9sDkyo8mg5rwiCPuWZBZq4/DcDXY4j
DrkaSGjKUTG9pXinpYQx/lck823aqZE+c7BImL1SQX9MuBxtb7Iw8ae9lxwpntPu
SJm6qkHJX/DcRIpF1oCEOnBze02CxwV2t9gapOTKOp8RcPc9ZQTyfsJhs+egCwhB
/tFJdCntC0a0AgxBVOgHx+zbf5qgFtEe5xrxooQrwt9JMMrvpOTDbK9tRsU4r4MX
6jqDYME3uyXHplgi11JtB4mTous4CsEmk5GNcmTE3ZIyyrKXQXyCd0K/oun7fwiY
efY24p4F2fZ2o7uh6by5J0xPBAYDKDDtlPyFCrI4fgHv
-----END CERTIFICATE-----