Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/wqA8s5FaVsEu75KJ16vUmh5lVIY.roa
File:                     wqA8s5FaVsEu75KJ16vUmh5lVIY.roa (raw, json)
Hash identifier:          bTi24pHBT2mcdfNQXGRRmSMYGfySkCQJDX6/So2k1Yo=
Subject key identifier:   C2:A0:3C:B3:91:5A:56:C1:2E:EF:92:89:D7:AB:D4:9A:1E:65:54:86
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       0199F17C9A18CFED49FFEB070764811386CE
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/wqA8s5FaVsEu75KJ16vUmh5lVIY.roa
Signing time:             Fri 17 Oct 2025 09:24:58 +0000
ROA not before:           Fri 17 Oct 2025 09:24:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        185.124.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 05:02:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f1:7c:9a:18:cf:ed:49:ff:eb:07:07:64:81:13:86:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Oct 17 09:24:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c2a03cb3915a56c12eef9289d7abd49a1e655486
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:e7:ae:da:71:07:37:cf:6a:b7:f1:b5:83:0d:
                    bf:c6:6c:30:33:47:04:12:54:b1:b8:66:66:6b:16:
                    91:0b:ab:94:db:2b:37:58:18:26:bc:b1:3a:59:35:
                    da:58:87:bc:9f:47:6c:f2:f9:7e:fb:47:f8:fa:33:
                    49:98:d4:64:08:54:fc:9f:5f:15:10:4e:10:ce:a6:
                    fd:77:b6:53:8f:4e:25:34:82:12:52:0f:ef:5e:fe:
                    ba:a9:f7:97:7f:45:d5:70:7c:1a:49:83:1a:3f:d4:
                    14:ef:69:ea:10:1a:4c:1c:0b:6f:39:0a:03:d2:91:
                    11:de:d4:ce:7f:06:b7:bd:df:f2:20:cb:c6:0f:20:
                    5f:bb:1f:a6:0b:93:40:a8:03:1d:69:79:20:ee:c4:
                    d6:09:fc:8b:ad:b3:8f:3b:83:04:6d:1b:c0:5f:32:
                    1e:ef:2b:2b:d9:cf:5b:50:5a:c5:59:be:9f:34:74:
                    ea:34:cf:3d:2f:f9:12:07:59:18:dc:64:9a:80:78:
                    75:66:78:14:53:f5:53:ca:f8:69:83:d9:cd:52:2c:
                    d5:a3:a7:8e:53:81:36:62:fa:6e:9a:c4:dc:cc:1e:
                    b5:81:28:e1:9e:a4:a8:3e:d6:b3:c8:47:e1:ae:55:
                    3c:39:c8:c3:4f:9d:7a:69:19:de:d0:8c:44:e4:cc:
                    a9:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:A0:3C:B3:91:5A:56:C1:2E:EF:92:89:D7:AB:D4:9A:1E:65:54:86
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/wqA8s5FaVsEu75KJ16vUmh5lVIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:09:1b:80:0a:e4:f0:d7:0b:e9:b7:65:91:43:b9:d2:2f:82:
         24:8e:bb:b3:ad:79:30:26:eb:53:22:72:6b:25:9f:2d:ad:17:
         db:6c:9d:4e:99:42:80:ee:0c:f5:a0:81:cf:bc:f6:45:e6:e7:
         f2:58:f5:36:32:11:0c:cb:d8:df:51:64:b6:46:67:94:dc:db:
         d0:f0:1a:d8:45:e6:6e:8f:6f:cd:ca:f9:2a:0d:6b:b1:1d:c1:
         95:92:33:9d:d6:33:ee:b6:02:27:9d:e5:92:aa:48:a7:8a:8c:
         e8:0b:5d:6f:50:c8:0e:a8:9a:ec:0b:49:3e:31:61:92:7a:a8:
         d2:9f:21:6e:06:73:ec:47:16:d2:6c:f0:10:ff:f3:07:fd:89:
         da:5c:87:60:5c:f1:64:7d:0d:7d:95:b7:b2:e6:6a:39:55:09:
         8c:fc:62:5c:0d:e6:32:b0:53:52:05:8f:56:de:7b:41:1d:b8:
         e0:6f:93:28:50:ba:b0:c7:5c:c9:31:bb:4c:f5:e1:83:32:cc:
         d3:0b:81:43:60:50:5d:f2:2b:dc:a1:62:d2:70:96:5c:69:09:
         1e:68:27:ff:62:99:c8:35:eb:82:ef:2a:16:02:60:2e:a0:98:
         f3:d4:66:64:ed:e5:a2:69:b7:0b:ab:2c:93:ce:52:25:98:b4:
         2b:ca:d7:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnxfJoYz+1J/+sHB2SBE4bOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUxMDE3MDkyNDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmEwM2NiMzkxNWE1NmMxMmVlZjkyODlkN2FiZDQ5YTFlNjU1NDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ueu2nEHN89qt/G1gw2/xmwwM0cE
ElSxuGZmaxaRC6uU2ys3WBgmvLE6WTXaWIe8n0ds8vl++0f4+jNJmNRkCFT8n18V
EE4Qzqb9d7ZTj04lNIISUg/vXv66qfeXf0XVcHwaSYMaP9QU72nqEBpMHAtvOQoD
0pER3tTOfwa3vd/yIMvGDyBfux+mC5NAqAMdaXkg7sTWCfyLrbOPO4MEbRvAXzIe
7ysr2c9bUFrFWb6fNHTqNM89L/kSB1kY3GSagHh1ZngUU/VTyvhpg9nNUizVo6eO
U4E2YvpumsTczB61gSjhnqSoPtazyEfhrlU8OcjDT516aRne0IxE5MypSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMKgPLORWlbBLu+Sider1JoeZVSGMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvd3FBOHM1RmFWc0V1NzVLSjE2dlVtaDVsVklZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXyuMA0G
CSqGSIb3DQEBCwUAA4IBAQAhCRuACuTw1wvpt2WRQ7nSL4IkjruzrXkwJutTInJr
JZ8trRfbbJ1OmUKA7gz1oIHPvPZF5ufyWPU2MhEMy9jfUWS2RmeU3NvQ8BrYReZu
j2/NyvkqDWuxHcGVkjOd1jPutgInneWSqkiniozoC11vUMgOqJrsC0k+MWGSeqjS
nyFuBnPsRxbSbPAQ//MH/YnaXIdgXPFkfQ19lbey5mo5VQmM/GJcDeYysFNSBY9W
3ntBHbjgb5MoULqwx1zJMbtM9eGDMszTC4FDYFBd8ivcoWLScJZcaQkeaCf/YpnI
NeuC7yoWAmAuoJjz1GZk7eWiabcLqyyTzlIlmLQrytcg
-----END CERTIFICATE-----