Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/a2e37d-4ba5-4165-9fd2-210d482a4b93/1/mVzSuLvWAL7m7NJsQ86d2SSGxY0.roa
File:                     mVzSuLvWAL7m7NJsQ86d2SSGxY0.roa (raw, json)
Hash identifier:          Uckvu6ObviGOPyhjC59c19/BREDAL5JfQ4YNdEuoFeA=
Subject key identifier:   99:5C:D2:B8:BB:D6:00:BE:E6:EC:D2:6C:43:CE:9D:D9:24:86:C5:8D
Certificate issuer:       /CN=61ba0be7cce380e6bb74e3c5fcea081e9799ae54
Certificate serial:       019947EB20D07D16D66B28BF0BC2BC1FC157
Authority key identifier: 61:BA:0B:E7:CC:E3:80:E6:BB:74:E3:C5:FC:EA:08:1E:97:99:AE:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YboL58zjgOa7dOPF_OoIHpeZrlQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/a2e37d-4ba5-4165-9fd2-210d482a4b93/1/mVzSuLvWAL7m7NJsQ86d2SSGxY0.roa
Signing time:             Sun 14 Sep 2025 11:10:15 +0000
ROA not before:           Sun 14 Sep 2025 11:10:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210288
IP address blocks:        185.137.24.0/24 maxlen: 24
                          185.137.25.0/24 maxlen: 24
                          185.137.26.0/24 maxlen: 24
                          185.137.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/a2e37d-4ba5-4165-9fd2-210d482a4b93/1/YboL58zjgOa7dOPF_OoIHpeZrlQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/a2e37d-4ba5-4165-9fd2-210d482a4b93/1/YboL58zjgOa7dOPF_OoIHpeZrlQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YboL58zjgOa7dOPF_OoIHpeZrlQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:47:eb:20:d0:7d:16:d6:6b:28:bf:0b:c2:bc:1f:c1:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61ba0be7cce380e6bb74e3c5fcea081e9799ae54
        Validity
            Not Before: Sep 14 11:10:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=995cd2b8bbd600bee6ecd26c43ce9dd92486c58d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e9:aa:95:89:b0:46:d3:f4:74:48:9e:7f:dc:
                    be:14:16:24:c0:87:f6:2c:ce:88:a3:67:97:4e:fb:
                    9b:39:5b:5f:4a:6e:08:8e:fc:41:03:4f:fc:15:7a:
                    1f:67:a7:5b:0b:71:05:e1:ed:fd:b8:bc:c7:df:05:
                    1a:fe:6a:df:b0:f0:a8:ff:7f:5f:51:d1:0e:77:d0:
                    64:3d:e5:11:c9:f0:82:bf:ea:6d:96:97:fb:d6:89:
                    5c:43:c7:f5:06:b3:d1:b6:ab:44:c8:42:c4:63:b1:
                    4f:64:ff:de:9d:72:81:02:01:cf:f4:6e:0e:95:90:
                    84:50:fb:83:7d:a8:ff:c3:7f:f4:c9:d8:84:a7:2f:
                    c4:20:cf:77:eb:1f:41:a3:63:cc:cc:d2:d1:e1:1d:
                    01:dd:89:42:62:23:47:38:b2:98:ef:a4:ea:45:84:
                    56:7e:bb:2e:6b:e4:41:9d:06:d8:12:c5:38:df:52:
                    0b:f8:89:4d:0c:46:17:50:b3:d3:80:8e:2f:0d:af:
                    2e:cd:39:33:b5:1a:1a:05:bb:14:cf:0f:cf:45:f8:
                    d6:ee:02:3e:d8:d4:ed:27:37:5d:27:06:a8:6e:61:
                    7b:cd:ac:23:fd:d1:50:fc:3d:6f:69:2c:80:28:1f:
                    ec:f0:89:bb:59:0e:56:ad:20:31:f6:1f:57:ec:36:
                    47:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:5C:D2:B8:BB:D6:00:BE:E6:EC:D2:6C:43:CE:9D:D9:24:86:C5:8D
            X509v3 Authority Key Identifier:
                keyid:61:BA:0B:E7:CC:E3:80:E6:BB:74:E3:C5:FC:EA:08:1E:97:99:AE:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YboL58zjgOa7dOPF_OoIHpeZrlQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a2e37d-4ba5-4165-9fd2-210d482a4b93/1/mVzSuLvWAL7m7NJsQ86d2SSGxY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a2e37d-4ba5-4165-9fd2-210d482a4b93/1/YboL58zjgOa7dOPF_OoIHpeZrlQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:fa:97:6a:cf:b2:75:2c:f4:e5:5e:f3:e2:ce:da:39:37:73:
         60:9d:89:02:ac:06:c3:92:bd:ad:f1:a0:b3:4f:45:fc:f4:2a:
         82:df:0f:fc:46:1f:ac:55:56:e2:cb:f2:a8:6d:8f:5a:41:2f:
         b7:41:f0:fe:82:b6:50:a5:d6:5f:98:e0:8b:a1:aa:bf:38:da:
         c2:9a:c3:3c:03:dd:6f:b8:3b:2f:11:b9:11:63:e9:37:e1:6c:
         4a:a5:73:8b:0e:c7:ef:bd:9c:63:4a:d6:a2:40:a4:7a:48:21:
         2d:cd:ab:65:4b:57:9e:2d:eb:ed:0d:94:4b:57:51:ec:4c:99:
         9c:8a:0c:6a:6f:4d:5d:9e:a3:5b:9c:04:b0:9e:08:0e:86:93:
         e9:a5:5b:a1:dd:a1:21:6d:36:a0:b3:47:19:39:ae:83:f9:05:
         90:16:b5:e3:b6:47:7c:31:9e:98:c1:1b:62:7d:50:fb:1a:d9:
         33:5e:b9:04:da:90:95:e7:59:4e:e3:1a:68:a7:05:00:0c:4e:
         62:09:de:4d:f5:44:90:94:1a:cb:ec:82:14:7a:c9:fc:0d:18:
         a9:d4:20:14:d4:51:3c:56:5d:f7:f4:e8:d2:d3:86:49:00:5a:
         03:45:9f:34:cc:7e:d1:df:55:6d:f6:d5:4d:6b:2d:4f:af:83:
         37:82:e1:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlH6yDQfRbWayi/C8K8H8FXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYmEwYmU3Y2NlMzgwZTZiYjc0ZTNjNWZjZWEwODFlOTc5
OWFlNTQwHhcNMjUwOTE0MTExMDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTVjZDJiOGJiZDYwMGJlZTZlY2QyNmM0M2NlOWRkOTI0ODZjNThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOmqlYmwRtP0dEief9y+FBYkwIf2
LM6Io2eXTvubOVtfSm4IjvxBA0/8FXofZ6dbC3EF4e39uLzH3wUa/mrfsPCo/39f
UdEOd9BkPeURyfCCv+ptlpf71olcQ8f1BrPRtqtEyELEY7FPZP/enXKBAgHP9G4O
lZCEUPuDfaj/w3/0ydiEpy/EIM936x9Bo2PMzNLR4R0B3YlCYiNHOLKY76TqRYRW
frsua+RBnQbYEsU431IL+IlNDEYXULPTgI4vDa8uzTkztRoaBbsUzw/PRfjW7gI+
2NTtJzddJwaobmF7zawj/dFQ/D1vaSyAKB/s8Im7WQ5WrSAx9h9X7DZHiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJlc0ri71gC+5uzSbEPOndkkhsWNMB8GA1UdIwQY
MBaAFGG6C+fM44Dmu3TjxfzqCB6Xma5UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJvTDU4empnT2E3ZE9QRl9Pb0lIcGVacmxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9hMmUzN2QtNGJhNS00MTY1LTlmZDIt
MjEwZDQ4MmE0YjkzLzEvbVZ6U3VMdldBTDdtN05Kc1E4NmQyU1NHeFkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9hMmUzN2QtNGJhNS00MTY1LTlmZDItMjEwZDQ4MmE0Yjkz
LzEvWWJvTDU4empnT2E3ZE9QRl9Pb0lIcGVacmxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYkYMA0G
CSqGSIb3DQEBCwUAA4IBAQA2+pdqz7J1LPTlXvPizto5N3NgnYkCrAbDkr2t8aCz
T0X89CqC3w/8Rh+sVVbiy/KobY9aQS+3QfD+grZQpdZfmOCLoaq/ONrCmsM8A91v
uDsvEbkRY+k34WxKpXOLDsfvvZxjStaiQKR6SCEtzatlS1eeLevtDZRLV1HsTJmc
igxqb01dnqNbnASwnggOhpPppVuh3aEhbTags0cZOa6D+QWQFrXjtkd8MZ6YwRti
fVD7GtkzXrkE2pCV51lO4xpopwUADE5iCd5N9USQlBrL7IIUesn8DRip1CAU1FE8
Vl339OjS04ZJAFoDRZ80zH7R31Vt9tVNay1Pr4M3guEf
-----END CERTIFICATE-----