Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/1bda7c-9858-43f5-8659-69fc056b2625/1/18UiEkWgqpaCUiY-OhtgSebxhOw.roa
File:                     18UiEkWgqpaCUiY-OhtgSebxhOw.roa (raw, json)
Hash identifier:          6gZVGHDsK6q4GdqiE+ksKEH6UAMcpQLDmBdSndAkah4=
Subject key identifier:   D7:C5:22:12:45:A0:AA:96:82:52:26:3E:3A:1B:60:49:E6:F1:84:EC
Certificate issuer:       /CN=2c94d70cfb7e69019a2e01c87d0a5d545a599b52
Certificate serial:       01990C736D43123CEA6F63D87DF7E2A11D3A
Authority key identifier: 2C:94:D7:0C:FB:7E:69:01:9A:2E:01:C8:7D:0A:5D:54:5A:59:9B:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LJTXDPt-aQGaLgHIfQpdVFpZm1I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/1bda7c-9858-43f5-8659-69fc056b2625/1/18UiEkWgqpaCUiY-OhtgSebxhOw.roa
Signing time:             Tue 02 Sep 2025 22:01:55 +0000
ROA not before:           Tue 02 Sep 2025 22:01:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43013
IP address blocks:        185.88.56.0/22 maxlen: 22
                          188.65.96.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/1bda7c-9858-43f5-8659-69fc056b2625/1/LJTXDPt-aQGaLgHIfQpdVFpZm1I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/1bda7c-9858-43f5-8659-69fc056b2625/1/LJTXDPt-aQGaLgHIfQpdVFpZm1I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LJTXDPt-aQGaLgHIfQpdVFpZm1I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0c:73:6d:43:12:3c:ea:6f:63:d8:7d:f7:e2:a1:1d:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c94d70cfb7e69019a2e01c87d0a5d545a599b52
        Validity
            Not Before: Sep  2 22:01:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7c5221245a0aa968252263e3a1b6049e6f184ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fd:b4:d3:38:ab:af:12:53:f4:a0:67:5b:24:3e:
                    8e:be:62:ea:60:7c:17:26:aa:7c:a3:db:5a:18:cb:
                    94:45:ad:01:81:92:80:07:95:22:bd:8a:75:d3:61:
                    14:d9:99:00:b4:d4:1d:a0:21:4c:82:b1:01:3f:3a:
                    55:55:c1:9e:c3:7e:73:67:7d:35:f9:bd:67:a8:2d:
                    31:68:ae:c3:1c:c7:b2:0e:92:07:08:4a:fd:40:a4:
                    06:cd:49:70:47:8c:75:2b:7c:24:b5:d0:c7:0f:cd:
                    cc:de:7c:1b:e3:fb:9f:b7:6c:8e:c8:2f:1a:fc:d6:
                    cf:9e:ad:53:ac:3c:51:9a:65:0d:74:46:58:a1:3c:
                    2f:f6:fc:ab:8d:5a:18:da:aa:6d:4a:30:de:84:33:
                    b2:be:85:5a:71:95:95:55:a9:eb:79:ae:94:06:27:
                    43:4b:40:2c:31:7f:d3:dd:89:b4:8c:3b:d3:3c:0f:
                    c5:96:ac:34:03:26:03:99:51:15:48:83:42:66:a8:
                    b9:67:e0:b7:c8:66:87:c0:ac:00:76:9a:90:a1:cc:
                    9f:35:e7:92:d2:79:e5:41:4d:1e:34:d9:75:3f:35:
                    4e:81:41:07:6c:c9:69:37:b1:b1:85:8f:fc:4c:bf:
                    07:f3:a2:46:49:6b:1f:77:4c:bf:8a:7a:c9:ad:d5:
                    d8:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:C5:22:12:45:A0:AA:96:82:52:26:3E:3A:1B:60:49:E6:F1:84:EC
            X509v3 Authority Key Identifier:
                keyid:2C:94:D7:0C:FB:7E:69:01:9A:2E:01:C8:7D:0A:5D:54:5A:59:9B:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LJTXDPt-aQGaLgHIfQpdVFpZm1I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/1bda7c-9858-43f5-8659-69fc056b2625/1/18UiEkWgqpaCUiY-OhtgSebxhOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/1bda7c-9858-43f5-8659-69fc056b2625/1/LJTXDPt-aQGaLgHIfQpdVFpZm1I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.56.0/22
                  188.65.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         51:dc:4b:ff:7c:eb:b4:c2:b4:c0:58:1b:53:bc:6f:bc:be:1c:
         d7:fe:3b:d6:d0:d5:8e:c9:36:3e:c2:e0:f8:d1:5f:a7:d3:b2:
         31:4c:6e:0d:ed:87:29:0d:e6:4c:83:02:71:ff:24:c0:46:82:
         f5:b9:10:06:c6:a1:a3:ce:2a:6f:26:d3:84:3f:20:ee:b0:52:
         d5:ac:cd:33:87:3f:de:2c:69:b1:d8:d4:c2:c4:76:9b:0f:ca:
         ca:82:e2:82:75:18:51:fa:cb:1c:66:64:bf:c8:0d:b6:e3:4c:
         96:b5:99:95:bf:17:d1:f3:2f:88:46:7d:33:53:a6:00:88:ce:
         59:bb:53:3b:de:19:dc:e8:be:a8:b1:56:8b:5a:97:a6:36:66:
         dd:66:48:f8:72:bb:2e:e2:f1:f1:80:1f:0e:53:c1:30:ff:aa:
         db:e5:85:3b:aa:83:ee:97:da:a2:18:89:92:e9:d3:98:0c:e5:
         0d:92:88:47:c9:65:f3:09:b2:24:2f:71:30:40:20:65:a1:24:
         47:13:6a:20:d7:1a:82:27:6e:7f:4e:02:d3:a3:a3:4e:ad:c8:
         c7:df:fc:57:99:50:5c:b4:52:89:34:9c:08:e5:b9:9b:a7:ff:
         a2:86:ae:cb:7e:0f:13:a9:2f:94:f4:9c:8b:0d:12:13:c9:bc:
         a4:62:14:85
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkMc21DEjzqb2PYfffioR06MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjOTRkNzBjZmI3ZTY5MDE5YTJlMDFjODdkMGE1ZDU0NWE1
OTliNTIwHhcNMjUwOTAyMjIwMTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2M1MjIxMjQ1YTBhYTk2ODI1MjI2M2UzYTFiNjA0OWU2ZjE4NGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/bTTOKuvElP0oGdbJD6OvmLqYHwX
Jqp8o9taGMuURa0BgZKAB5UivYp102EU2ZkAtNQdoCFMgrEBPzpVVcGew35zZ301
+b1nqC0xaK7DHMeyDpIHCEr9QKQGzUlwR4x1K3wktdDHD83M3nwb4/uft2yOyC8a
/NbPnq1TrDxRmmUNdEZYoTwv9vyrjVoY2qptSjDehDOyvoVacZWVVanrea6UBidD
S0AsMX/T3Ym0jDvTPA/Flqw0AyYDmVEVSINCZqi5Z+C3yGaHwKwAdpqQocyfNeeS
0nnlQU0eNNl1PzVOgUEHbMlpN7GxhY/8TL8H86JGSWsfd0y/inrJrdXYYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNfFIhJFoKqWglImPjobYEnm8YTsMB8GA1UdIwQY
MBaAFCyU1wz7fmkBmi4ByH0KXVRaWZtSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEpUWERQdC1hUUdhTGdISWZRcGRWRnBabTFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi8xYmRhN2MtOTg1OC00M2Y1LTg2NTkt
NjlmYzA1NmIyNjI1LzEvMThVaUVrV2dxcGFDVWlZLU9odGdTZWJ4aE93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi8xYmRhN2MtOTg1OC00M2Y1LTg2NTktNjlmYzA1NmIyNjI1
LzEvTEpUWERQdC1hUUdhTGdISWZRcGRWRnBabTFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuVg4AwQD
vEFgMA0GCSqGSIb3DQEBCwUAA4IBAQBR3Ev/fOu0wrTAWBtTvG+8vhzX/jvW0NWO
yTY+wuD40V+n07IxTG4N7YcpDeZMgwJx/yTARoL1uRAGxqGjzipvJtOEPyDusFLV
rM0zhz/eLGmx2NTCxHabD8rKguKCdRhR+sscZmS/yA2240yWtZmVvxfR8y+IRn0z
U6YAiM5Zu1M73hnc6L6osVaLWpemNmbdZkj4crsu4vHxgB8OU8Ew/6rb5YU7qoPu
l9qiGImS6dOYDOUNkohHyWXzCbIkL3EwQCBloSRHE2og1xqCJ25/TgLTo6NOrcjH
3/xXmVBctFKJNJwI5bmbp/+ihq7Lfg8TqS+U9JyLDRITybykYhSF
-----END CERTIFICATE-----