Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/zeZ61iX-XErVVOagrLymRhqtVs4.roa
File:                     zeZ61iX-XErVVOagrLymRhqtVs4.roa (raw, json)
Hash identifier:          /TVn1IqCr3rkgm7hee64o/NjLqoDVeiwVYa0FN7+DSI=
Subject key identifier:   CD:E6:7A:D6:25:FE:5C:4A:D5:54:E6:A0:AC:BC:A6:46:1A:AD:56:CE
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       0199B91E15C4F1ED7EBDFC3F4F49B09C94ED
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/zeZ61iX-XErVVOagrLymRhqtVs4.roa
Signing time:             Mon 06 Oct 2025 10:43:00 +0000
ROA not before:           Mon 06 Oct 2025 10:43:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34820
IP address blocks:        185.225.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b9:1e:15:c4:f1:ed:7e:bd:fc:3f:4f:49:b0:9c:94:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Oct  6 10:43:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cde67ad625fe5c4ad554e6a0acbca6461aad56ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:bd:57:8b:49:d4:61:f1:51:d7:31:68:50:53:
                    9d:62:78:ed:80:4e:7c:fb:ad:70:c4:5b:03:1a:58:
                    2a:ea:f8:c2:76:6e:82:49:c3:80:47:a9:86:28:41:
                    04:d7:45:3f:00:01:8a:90:5c:fb:a8:8e:17:69:3d:
                    2a:21:22:14:2a:85:be:97:47:c7:a0:ae:ce:2b:cb:
                    ad:a6:8d:d4:fd:fa:a2:7f:f3:fb:7b:9c:35:90:6d:
                    df:32:fa:26:56:d8:ff:fc:56:a5:da:2c:25:f9:e2:
                    8d:86:c5:36:13:f6:df:ac:b9:19:89:07:28:e1:51:
                    dd:bc:c5:f3:bc:09:9a:14:c5:24:8e:d3:47:2c:b6:
                    95:b8:8c:4a:9d:c9:2c:1a:19:18:4e:c9:08:29:68:
                    5a:29:e0:2e:02:75:34:53:2e:00:07:46:74:18:1a:
                    09:3a:06:7f:59:6d:db:0a:a0:ac:a7:f3:cf:e9:f0:
                    05:15:97:08:39:38:54:6f:33:11:ab:29:df:8a:a5:
                    dc:52:d4:3c:77:84:8c:bb:e7:e1:f2:93:da:f4:cc:
                    5a:e5:44:16:ab:e7:80:87:4c:b5:3d:0c:31:ef:8b:
                    cf:77:34:55:f5:90:27:d7:dd:07:5b:9a:7a:ab:35:
                    fa:ea:93:7e:5a:75:08:f8:f9:99:1c:34:0a:2d:3c:
                    25:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:E6:7A:D6:25:FE:5C:4A:D5:54:E6:A0:AC:BC:A6:46:1A:AD:56:CE
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/zeZ61iX-XErVVOagrLymRhqtVs4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:91:a5:4e:47:ed:96:b0:75:12:92:3f:aa:b6:d8:6b:dd:08:
         df:d3:be:10:90:0d:eb:5c:5a:27:a3:12:e0:a9:61:c9:25:0c:
         54:6b:7c:f5:d9:b9:70:4d:4d:f6:69:08:e6:23:12:18:07:94:
         d8:f9:43:63:41:10:c4:2f:b3:83:a8:9b:02:e5:84:79:b0:f5:
         5e:15:43:97:0f:95:6d:a5:3f:d3:43:31:80:b2:05:00:28:9d:
         44:4b:d5:24:de:02:43:c0:89:ce:79:97:f8:75:18:a5:4a:80:
         db:f0:71:41:74:da:a3:3a:e9:84:fc:58:21:32:3c:4b:83:7e:
         5d:1d:f9:f0:f9:68:aa:fd:b7:18:3b:3c:d1:e1:af:25:2c:0d:
         13:0f:e9:a6:cc:a6:a1:23:e2:c2:b9:74:92:0c:df:95:85:1e:
         47:da:94:34:19:86:e0:50:1c:6d:13:cf:f6:25:c7:12:d3:2c:
         de:35:d2:3e:07:50:ef:ad:74:9a:14:69:d5:ab:43:8a:a4:48:
         35:a6:26:f6:94:81:47:81:75:97:64:51:f4:7d:6f:67:61:91:
         ee:75:49:6d:b7:f8:a1:36:49:02:23:31:05:8d:05:37:7b:ac:
         ec:26:99:39:6c:6c:bc:2b:a3:22:1a:9e:26:db:59:04:ca:3f:
         9d:16:7d:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm5HhXE8e1+vfw/T0mwnJTtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjUxMDA2MTA0MzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGU2N2FkNjI1ZmU1YzRhZDU1NGU2YTBhY2JjYTY0NjFhYWQ1NmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0b1Xi0nUYfFR1zFoUFOdYnjtgE58
+61wxFsDGlgq6vjCdm6CScOAR6mGKEEE10U/AAGKkFz7qI4XaT0qISIUKoW+l0fH
oK7OK8utpo3U/fqif/P7e5w1kG3fMvomVtj//Fal2iwl+eKNhsU2E/bfrLkZiQco
4VHdvMXzvAmaFMUkjtNHLLaVuIxKncksGhkYTskIKWhaKeAuAnU0Uy4AB0Z0GBoJ
OgZ/WW3bCqCsp/PP6fAFFZcIOThUbzMRqynfiqXcUtQ8d4SMu+fh8pPa9Mxa5UQW
q+eAh0y1PQwx74vPdzRV9ZAn190HW5p6qzX66pN+WnUI+PmZHDQKLTwl7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM3metYl/lxK1VTmoKy8pkYarVbOMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvemVaNjFpWC1YRXJWVk9hZ3JMeW1SaHF0VnM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueHMMA0G
CSqGSIb3DQEBCwUAA4IBAQBFkaVOR+2WsHUSkj+qtthr3Qjf074QkA3rXFonoxLg
qWHJJQxUa3z12blwTU32aQjmIxIYB5TY+UNjQRDEL7ODqJsC5YR5sPVeFUOXD5Vt
pT/TQzGAsgUAKJ1ES9Uk3gJDwInOeZf4dRilSoDb8HFBdNqjOumE/FghMjxLg35d
Hfnw+Wiq/bcYOzzR4a8lLA0TD+mmzKahI+LCuXSSDN+VhR5H2pQ0GYbgUBxtE8/2
JccS0yzeNdI+B1DvrXSaFGnVq0OKpEg1pib2lIFHgXWXZFH0fW9nYZHudUltt/ih
NkkCIzEFjQU3e6zsJpk5bGy8K6MiGp4m21kEyj+dFn2H
-----END CERTIFICATE-----