Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/X3u94ZhOZoA5dIpiTFfRHTlUXz8.roa
File:                     X3u94ZhOZoA5dIpiTFfRHTlUXz8.roa (raw, json)
Hash identifier:          D+34uSmSIVe37vBbkbdrgmetspmAMB587SxWGB7MVpE=
Subject key identifier:   5F:7B:BD:E1:98:4E:66:80:39:74:8A:62:4C:57:D1:1D:39:54:5F:3F
Certificate issuer:       /CN=6f0b15193816fd15dcfd047db4eeca672912bb60
Certificate serial:       0198BC14EB7D153A56972D1E0F7297D46A18
Authority key identifier: 6F:0B:15:19:38:16:FD:15:DC:FD:04:7D:B4:EE:CA:67:29:12:BB:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/X3u94ZhOZoA5dIpiTFfRHTlUXz8.roa
Signing time:             Mon 18 Aug 2025 07:29:04 +0000
ROA not before:           Mon 18 Aug 2025 07:29:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        185.167.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 13:02:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:bc:14:eb:7d:15:3a:56:97:2d:1e:0f:72:97:d4:6a:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f0b15193816fd15dcfd047db4eeca672912bb60
        Validity
            Not Before: Aug 18 07:29:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f7bbde1984e668039748a624c57d11d39545f3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:d6:63:61:41:06:24:b8:b9:28:9a:79:b9:c2:
                    5a:e9:5f:9d:aa:ef:fe:95:8e:aa:35:2f:44:6f:84:
                    2c:66:c8:df:4c:d1:93:9e:90:1a:dd:75:c3:8b:ca:
                    55:14:dc:e7:47:e6:14:e3:37:3d:53:2a:fd:2b:37:
                    01:dc:70:ee:37:30:96:32:8a:07:df:fb:d9:9f:21:
                    67:6e:9d:b4:ab:5d:4b:87:00:f8:31:90:7b:66:d4:
                    e9:ad:da:14:a6:ec:70:d6:b3:f2:9b:48:93:b8:04:
                    40:8b:4d:31:86:e3:73:95:02:7a:a2:ab:8f:83:46:
                    85:34:0b:f6:82:cc:92:e5:44:dd:29:ed:aa:6b:83:
                    8a:c3:1e:ea:4e:11:a7:66:55:30:27:0d:2a:8d:89:
                    95:01:df:bc:80:fb:22:cf:97:c4:03:ab:74:a4:e9:
                    a5:c6:59:2c:ea:29:f3:bf:08:c6:db:c2:e3:34:81:
                    16:dc:d2:03:04:ab:7c:d9:3e:02:f1:ac:80:94:04:
                    7b:41:60:3a:3c:15:13:da:b3:3f:64:cf:32:f1:fe:
                    4f:01:dd:11:d1:6b:cf:ad:1c:6b:c8:96:ae:e9:6d:
                    57:ed:32:61:55:57:ca:9c:d0:20:8c:bd:0f:c0:39:
                    a2:cc:8e:f6:db:48:32:2a:ee:5c:ee:ab:d0:fb:44:
                    0b:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:7B:BD:E1:98:4E:66:80:39:74:8A:62:4C:57:D1:1D:39:54:5F:3F
            X509v3 Authority Key Identifier:
                keyid:6F:0B:15:19:38:16:FD:15:DC:FD:04:7D:B4:EE:CA:67:29:12:BB:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/X3u94ZhOZoA5dIpiTFfRHTlUXz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:cf:c6:ec:61:aa:c5:0f:b1:1a:ad:51:f4:4a:cf:19:58:78:
         fe:5c:75:79:da:ff:b4:eb:a2:b8:82:8b:e0:a3:e5:e7:eb:ae:
         61:e9:fd:dd:ad:bf:84:59:89:65:25:38:46:77:38:ea:ea:a4:
         6c:1b:87:ec:c0:ab:82:b9:a1:cc:6d:92:e7:84:52:4f:2d:6e:
         58:dd:05:37:1a:34:61:9c:8b:e6:6c:72:cc:81:31:3f:f0:e2:
         86:fb:0d:b0:f8:96:f3:77:fd:49:2f:65:88:44:56:8f:3c:92:
         3a:b2:48:d9:87:9a:00:a6:66:ff:ae:b9:ca:ca:4b:39:9a:e9:
         d4:f1:30:80:c4:c3:f3:f9:87:bf:d2:f6:3e:72:d0:e2:0a:75:
         33:30:09:32:aa:cc:27:0a:d2:e1:ca:a2:59:9d:3e:d5:93:b6:
         30:a4:b4:8f:58:0c:6d:40:9a:30:6e:a2:c8:16:a8:29:61:5d:
         9e:99:44:ba:1b:d9:22:cf:00:80:34:09:cd:c2:b9:d1:30:30:
         e9:44:a2:25:de:a3:65:da:4f:1a:8a:19:5b:21:9d:31:32:03:
         24:92:f4:cf:06:17:f8:c1:98:bb:eb:3a:e8:93:19:5f:a5:f1:
         b5:19:4a:9b:27:ce:af:42:37:99:fd:ec:47:68:83:b3:82:c5:
         d8:50:6b:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZi8FOt9FTpWly0eD3KX1GoYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMGIxNTE5MzgxNmZkMTVkY2ZkMDQ3ZGI0ZWVjYTY3Mjkx
MmJiNjAwHhcNMjUwODE4MDcyOTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjdiYmRlMTk4NGU2NjgwMzk3NDhhNjI0YzU3ZDExZDM5NTQ1ZjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9ZjYUEGJLi5KJp5ucJa6V+dqu/+
lY6qNS9Eb4QsZsjfTNGTnpAa3XXDi8pVFNznR+YU4zc9Uyr9KzcB3HDuNzCWMooH
3/vZnyFnbp20q11LhwD4MZB7ZtTprdoUpuxw1rPym0iTuARAi00xhuNzlQJ6oquP
g0aFNAv2gsyS5UTdKe2qa4OKwx7qThGnZlUwJw0qjYmVAd+8gPsiz5fEA6t0pOml
xlks6inzvwjG28LjNIEW3NIDBKt82T4C8ayAlAR7QWA6PBUT2rM/ZM8y8f5PAd0R
0WvPrRxryJau6W1X7TJhVVfKnNAgjL0PwDmizI7220gyKu5c7qvQ+0QLfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF97veGYTmaAOXSKYkxX0R05VF8/MB8GA1UdIwQY
MBaAFG8LFRk4Fv0V3P0EfbTuymcpErtgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYndzVkdUZ1dfUlhjX1FSOXRPN0taeWtTdTJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS85NTg4NDEtZjZiMC00MjQ5LTgwNDYt
OWNmODQzZjA1NjcwLzEvWDN1OTRaaE9ab0E1ZElwaVRGZlJIVGxVWHo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS85NTg4NDEtZjZiMC00MjQ5LTgwNDYtOWNmODQzZjA1Njcw
LzEvYndzVkdUZ1dfUlhjX1FSOXRPN0taeWtTdTJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuafoMA0G
CSqGSIb3DQEBCwUAA4IBAQBkz8bsYarFD7EarVH0Ss8ZWHj+XHV52v+066K4govg
o+Xn665h6f3drb+EWYllJThGdzjq6qRsG4fswKuCuaHMbZLnhFJPLW5Y3QU3GjRh
nIvmbHLMgTE/8OKG+w2w+Jbzd/1JL2WIRFaPPJI6skjZh5oApmb/rrnKyks5munU
8TCAxMPz+Ye/0vY+ctDiCnUzMAkyqswnCtLhyqJZnT7Vk7YwpLSPWAxtQJowbqLI
FqgpYV2emUS6G9kizwCANAnNwrnRMDDpRKIl3qNl2k8aihlbIZ0xMgMkkvTPBhf4
wZi76zrokxlfpfG1GUqbJ86vQjeZ/exHaIOzgsXYUGu5
-----END CERTIFICATE-----