Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/1813ba-506e-444e-9ca4-f093e17b27ef/1/8Fy9I-oQhMxbs3z3a1slxp3FSXo.roa
File:                     8Fy9I-oQhMxbs3z3a1slxp3FSXo.roa (raw, json)
Hash identifier:          syWqGLAGI08ya5lx0Hert03mbaxaIeNX2fCZeit4wOQ=
Subject key identifier:   F0:5C:BD:23:EA:10:84:CC:5B:B3:7C:F7:6B:5B:25:C6:9D:C5:49:7A
Certificate issuer:       /CN=9367965e2834f1893cfa8631a484071e6a2d45b7
Certificate serial:       0198850C36CA0EFB9DAA5C2F95600F3E5E73
Authority key identifier: 93:67:96:5E:28:34:F1:89:3C:FA:86:31:A4:84:07:1E:6A:2D:45:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2eWXig08Yk8-oYxpIQHHmotRbc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/1813ba-506e-444e-9ca4-f093e17b27ef/1/8Fy9I-oQhMxbs3z3a1slxp3FSXo.roa
Signing time:             Thu 07 Aug 2025 15:00:26 +0000
ROA not before:           Thu 07 Aug 2025 15:00:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62243
IP address blocks:        185.29.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/1813ba-506e-444e-9ca4-f093e17b27ef/1/k2eWXig08Yk8-oYxpIQHHmotRbc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/1813ba-506e-444e-9ca4-f093e17b27ef/1/k2eWXig08Yk8-oYxpIQHHmotRbc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2eWXig08Yk8-oYxpIQHHmotRbc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:85:0c:36:ca:0e:fb:9d:aa:5c:2f:95:60:0f:3e:5e:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9367965e2834f1893cfa8631a484071e6a2d45b7
        Validity
            Not Before: Aug  7 15:00:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f05cbd23ea1084cc5bb37cf76b5b25c69dc5497a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:2e:ac:9e:21:57:f0:d9:8d:fa:8d:21:84:ed:
                    89:24:d3:44:31:d7:8b:0d:5b:28:4f:58:de:b6:e7:
                    8d:42:a4:89:d5:09:a0:e9:df:73:03:f7:c9:09:57:
                    9f:a7:48:66:30:01:9b:a8:2d:bf:6f:50:2c:82:2d:
                    36:7b:b8:36:a1:9d:e9:31:11:10:54:7d:69:a2:f5:
                    34:99:2e:48:b1:b6:14:1b:19:70:ff:9c:6d:7f:92:
                    60:d2:ec:8b:d2:dc:ed:53:3e:1d:b1:46:05:4c:46:
                    85:71:aa:d0:08:7f:a0:74:93:4f:7d:ec:af:51:80:
                    27:ce:3d:87:39:aa:23:ca:0e:38:64:b4:7d:55:98:
                    3b:70:1f:7d:c8:d7:6a:b2:b6:bb:34:bf:db:28:41:
                    50:8f:27:8e:f9:84:c9:c7:dc:31:2d:53:70:0d:c4:
                    3a:3d:a2:13:6b:8e:de:67:a8:5e:f2:de:ee:c4:6d:
                    80:c3:e8:19:54:cb:5f:33:22:48:b1:b1:b2:c6:7e:
                    80:8c:4a:d9:57:e9:e4:80:53:cf:bb:7d:fc:08:8f:
                    92:67:af:a6:20:4b:0a:99:f0:6d:85:c1:f4:c0:c4:
                    7c:90:95:be:3c:00:21:33:90:13:bc:9f:f3:6e:0d:
                    7b:22:03:d4:46:66:f5:a2:62:80:bb:33:31:06:0f:
                    de:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:5C:BD:23:EA:10:84:CC:5B:B3:7C:F7:6B:5B:25:C6:9D:C5:49:7A
            X509v3 Authority Key Identifier:
                keyid:93:67:96:5E:28:34:F1:89:3C:FA:86:31:A4:84:07:1E:6A:2D:45:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2eWXig08Yk8-oYxpIQHHmotRbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/1813ba-506e-444e-9ca4-f093e17b27ef/1/8Fy9I-oQhMxbs3z3a1slxp3FSXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/1813ba-506e-444e-9ca4-f093e17b27ef/1/k2eWXig08Yk8-oYxpIQHHmotRbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:aa:89:38:d9:5c:0d:d2:66:a3:7a:14:ae:0e:32:7d:1f:e7:
         40:e5:b3:43:71:02:61:97:58:93:8e:67:fd:be:09:d0:55:59:
         88:ad:45:21:24:d9:30:6d:de:57:71:75:58:24:81:dc:0e:f3:
         ee:1e:1a:39:26:ae:81:1b:13:8e:e1:e9:56:f8:2f:b6:fe:77:
         bc:59:b6:b2:f9:e6:53:48:69:1b:0c:12:c2:00:98:9f:7d:f8:
         fd:16:27:5d:c9:3b:c8:b9:df:0c:85:e3:d5:5e:ec:92:40:a9:
         39:b1:3f:ab:b4:1f:2f:c2:b3:bf:fe:ad:0d:e8:00:d9:6a:ec:
         36:69:e1:70:35:54:a2:2e:d6:96:60:9b:39:5e:1e:81:11:70:
         a1:03:52:81:18:a2:fa:94:fc:30:e5:12:ab:de:bf:47:21:c2:
         be:35:79:cf:92:4f:c5:e9:f3:0e:c7:d8:1d:86:45:9d:7f:b6:
         c6:ff:53:96:ee:27:0f:15:0d:d2:45:0c:14:33:97:27:34:9e:
         54:6b:bd:06:ec:fc:42:2a:8f:02:ff:82:7d:65:13:67:07:83:
         59:1c:80:f5:4c:2d:f2:d6:a8:f9:be:54:c3:05:1c:57:13:62:
         e3:d5:c8:ef:09:95:0c:ed:b0:65:36:f9:7b:a3:a1:26:ae:a3:
         b8:79:c8:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiFDDbKDvudqlwvlWAPPl5zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc5NjVlMjgzNGYxODkzY2ZhODYzMWE0ODQwNzFlNmEy
ZDQ1YjcwHhcNMjUwODA3MTUwMDI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDVjYmQyM2VhMTA4NGNjNWJiMzdjZjc2YjViMjVjNjlkYzU0OTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwi6sniFX8NmN+o0hhO2JJNNEMdeL
DVsoT1jetueNQqSJ1Qmg6d9zA/fJCVefp0hmMAGbqC2/b1Asgi02e7g2oZ3pMREQ
VH1povU0mS5IsbYUGxlw/5xtf5Jg0uyL0tztUz4dsUYFTEaFcarQCH+gdJNPfeyv
UYAnzj2HOaojyg44ZLR9VZg7cB99yNdqsra7NL/bKEFQjyeO+YTJx9wxLVNwDcQ6
PaITa47eZ6he8t7uxG2Aw+gZVMtfMyJIsbGyxn6AjErZV+nkgFPPu338CI+SZ6+m
IEsKmfBthcH0wMR8kJW+PAAhM5ATvJ/zbg17IgPURmb1omKAuzMxBg/e1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPBcvSPqEITMW7N892tbJcadxUl6MB8GA1UdIwQY
MBaAFJNnll4oNPGJPPqGMaSEBx5qLUW3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJlV1hpZzA4WWs4LW9ZeHBJUUhIbW90UmJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8xODEzYmEtNTA2ZS00NDRlLTljYTQt
ZjA5M2UxN2IyN2VmLzEvOEZ5OUktb1FoTXhiczN6M2Exc2x4cDNGU1hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8xODEzYmEtNTA2ZS00NDRlLTljYTQtZjA5M2UxN2IyN2Vm
LzEvazJlV1hpZzA4WWs4LW9ZeHBJUUhIbW90UmJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuR2CMA0G
CSqGSIb3DQEBCwUAA4IBAQAQqok42VwN0majehSuDjJ9H+dA5bNDcQJhl1iTjmf9
vgnQVVmIrUUhJNkwbd5XcXVYJIHcDvPuHho5Jq6BGxOO4elW+C+2/ne8Wbay+eZT
SGkbDBLCAJifffj9FiddyTvIud8MhePVXuySQKk5sT+rtB8vwrO//q0N6ADZauw2
aeFwNVSiLtaWYJs5Xh6BEXChA1KBGKL6lPww5RKr3r9HIcK+NXnPkk/F6fMOx9gd
hkWdf7bG/1OW7icPFQ3SRQwUM5cnNJ5Ua70G7PxCKo8C/4J9ZRNnB4NZHID1TC3y
1qj5vlTDBRxXE2Lj1cjvCZUM7bBlNvl7o6EmrqO4ecgm
-----END CERTIFICATE-----