Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/9ddafd-0346-49a1-ac3d-f1002f548615/1/A4nvWxPWlzAQ5MyQBKFam5tqK2Y.roa
File:                     A4nvWxPWlzAQ5MyQBKFam5tqK2Y.roa (raw, json)
Hash identifier:          uB+mrGBEprFri2JMpN/r8bicbt8/Y9Un0gqpGX/41SY=
Subject key identifier:   03:89:EF:5B:13:D6:97:30:10:E4:CC:90:04:A1:5A:9B:9B:6A:2B:66
Certificate issuer:       /CN=8d5ab1424c412b3fbf4efae9ae1e68e36c2bee81
Certificate serial:       0199738F6DFD40164FFC5F4B7A492D1921A1
Authority key identifier: 8D:5A:B1:42:4C:41:2B:3F:BF:4E:FA:E9:AE:1E:68:E3:6C:2B:EE:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVqxQkxBKz-_Tvrprh5o42wr7oE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/9ddafd-0346-49a1-ac3d-f1002f548615/1/A4nvWxPWlzAQ5MyQBKFam5tqK2Y.roa
Signing time:             Mon 22 Sep 2025 22:33:23 +0000
ROA not before:           Mon 22 Sep 2025 22:33:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198533
IP address blocks:        185.164.84.0/22 maxlen: 24
                          2a0a:fc00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/9ddafd-0346-49a1-ac3d-f1002f548615/1/jVqxQkxBKz-_Tvrprh5o42wr7oE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/9ddafd-0346-49a1-ac3d-f1002f548615/1/jVqxQkxBKz-_Tvrprh5o42wr7oE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVqxQkxBKz-_Tvrprh5o42wr7oE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:73:8f:6d:fd:40:16:4f:fc:5f:4b:7a:49:2d:19:21:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d5ab1424c412b3fbf4efae9ae1e68e36c2bee81
        Validity
            Not Before: Sep 22 22:33:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0389ef5b13d6973010e4cc9004a15a9b9b6a2b66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:9d:a1:38:5f:76:ce:cf:94:2d:57:41:9f:75:
                    46:4b:af:1d:33:e3:9c:8b:33:80:c3:d8:83:37:2d:
                    dc:90:dc:ac:9b:4b:a3:eb:14:0a:6d:e9:82:dc:74:
                    4f:44:6a:e1:e4:c6:fb:69:77:9f:0c:60:53:f2:16:
                    da:a6:da:dc:dc:70:1f:60:ae:71:2a:92:08:f8:d5:
                    30:67:13:4f:00:ed:cb:92:99:a3:b9:bd:9e:4d:6c:
                    9e:36:9a:dc:97:43:9f:0c:ed:23:92:c1:f8:1d:37:
                    aa:3a:28:6d:05:d4:79:ad:cc:aa:30:61:d1:c1:01:
                    00:ad:e3:9f:73:c6:23:f7:af:bb:d0:62:30:a2:6f:
                    04:29:c8:27:1a:d4:e6:17:ac:58:fe:bd:e0:c3:94:
                    f1:d7:c9:3c:ab:08:39:f0:56:fc:20:c0:63:e5:64:
                    c5:d1:2e:12:53:0f:ec:76:42:57:d6:c8:af:3b:9a:
                    93:0a:b8:84:2c:26:3a:69:b0:86:c0:62:f4:ce:8c:
                    e7:5f:08:99:e1:61:77:a4:64:c7:2c:53:3e:80:61:
                    67:35:44:37:2a:6b:e2:49:6b:cd:4f:b1:76:ee:65:
                    79:39:41:ff:f5:ab:88:94:04:48:82:3c:f8:f0:94:
                    98:3b:19:ea:57:72:0c:ab:1b:63:c0:24:95:9a:a0:
                    49:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:89:EF:5B:13:D6:97:30:10:E4:CC:90:04:A1:5A:9B:9B:6A:2B:66
            X509v3 Authority Key Identifier:
                keyid:8D:5A:B1:42:4C:41:2B:3F:BF:4E:FA:E9:AE:1E:68:E3:6C:2B:EE:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVqxQkxBKz-_Tvrprh5o42wr7oE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/9ddafd-0346-49a1-ac3d-f1002f548615/1/A4nvWxPWlzAQ5MyQBKFam5tqK2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/9ddafd-0346-49a1-ac3d-f1002f548615/1/jVqxQkxBKz-_Tvrprh5o42wr7oE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.84.0/22
                IPv6:
                  2a0a:fc00::/29

    Signature Algorithm: sha256WithRSAEncryption
         1d:88:87:ca:a3:b4:aa:6c:f7:f0:39:95:e4:cf:5b:6f:b9:8a:
         60:80:9b:2d:70:da:b9:08:68:16:20:6a:e0:e8:17:f9:9f:8b:
         e2:60:fc:05:6c:db:37:56:7f:4a:8e:ac:3b:83:9b:f1:86:44:
         4f:7f:41:dd:c9:34:16:d7:70:7d:ec:e5:60:a1:38:a8:85:8d:
         da:6f:56:e4:c5:a5:d0:ed:8e:f8:1b:e7:e5:85:9d:0a:e0:a4:
         e9:55:14:1c:cd:87:80:0e:e0:af:83:5c:d9:53:0f:87:0e:4c:
         7f:7a:21:f6:54:20:cc:6b:ea:27:89:d4:0f:07:32:f3:f2:3f:
         62:fc:38:21:e0:74:52:7b:28:92:03:b4:2d:be:69:70:e6:22:
         46:55:97:63:64:51:ac:d9:00:2e:54:87:53:db:44:f6:52:b5:
         66:8c:eb:cb:b3:84:6e:ff:c0:42:ab:05:44:0e:10:49:7c:2d:
         73:36:22:f1:73:a2:ab:e3:39:15:17:b4:fa:4f:87:a0:c8:d3:
         e8:b4:9d:bf:a1:52:8e:3c:c9:17:2c:1a:2a:56:64:94:7e:45:
         53:d1:3e:bd:92:2a:1e:ec:5a:2b:5c:af:38:4a:2b:d6:09:62:
         24:51:32:9f:72:7f:0b:b0:79:e4:b6:e3:67:92:44:5e:4d:9b:
         1f:9a:ec:b8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZlzj239QBZP/F9LekktGSGhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNWFiMTQyNGM0MTJiM2ZiZjRlZmFlOWFlMWU2OGUzNmMy
YmVlODEwHhcNMjUwOTIyMjIzMzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzg5ZWY1YjEzZDY5NzMwMTBlNGNjOTAwNGExNWE5YjliNmEyYjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAop2hOF92zs+ULVdBn3VGS68dM+Oc
izOAw9iDNy3ckNysm0uj6xQKbemC3HRPRGrh5Mb7aXefDGBT8hbaptrc3HAfYK5x
KpII+NUwZxNPAO3Lkpmjub2eTWyeNprcl0OfDO0jksH4HTeqOihtBdR5rcyqMGHR
wQEAreOfc8Yj96+70GIwom8EKcgnGtTmF6xY/r3gw5Tx18k8qwg58Fb8IMBj5WTF
0S4SUw/sdkJX1sivO5qTCriELCY6abCGwGL0zoznXwiZ4WF3pGTHLFM+gGFnNUQ3
KmviSWvNT7F27mV5OUH/9auIlARIgjz48JSYOxnqV3IMqxtjwCSVmqBJCQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAOJ71sT1pcwEOTMkAShWpubaitmMB8GA1UdIwQY
MBaAFI1asUJMQSs/v0766a4eaONsK+6BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZxeFFreEJLei1fVHZycHJoNW80MndyN29FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC85ZGRhZmQtMDM0Ni00OWExLWFjM2Qt
ZjEwMDJmNTQ4NjE1LzEvQTRudld4UFdsekFRNU15UUJLRmFtNXRxSzJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC85ZGRhZmQtMDM0Ni00OWExLWFjM2QtZjEwMDJmNTQ4NjE1
LzEvalZxeFFreEJLei1fVHZycHJoNW80MndyN29FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuaRUMA0E
AgACMAcDBQMqCvwAMA0GCSqGSIb3DQEBCwUAA4IBAQAdiIfKo7SqbPfwOZXkz1tv
uYpggJstcNq5CGgWIGrg6Bf5n4viYPwFbNs3Vn9Kjqw7g5vxhkRPf0HdyTQW13B9
7OVgoTiohY3ab1bkxaXQ7Y74G+flhZ0K4KTpVRQczYeADuCvg1zZUw+HDkx/eiH2
VCDMa+onidQPBzLz8j9i/Dgh4HRSeyiSA7Qtvmlw5iJGVZdjZFGs2QAuVIdT20T2
UrVmjOvLs4Ru/8BCqwVEDhBJfC1zNiLxc6Kr4zkVF7T6T4egyNPotJ2/oVKOPMkX
LBoqVmSUfkVT0T69kioe7ForXK84SivWCWIkUTKfcn8LsHnktuNnkkReTZsfmuy4
-----END CERTIFICATE-----