Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/f668e0-fb36-45a0-971f-6b2f9d151519/1/jr0RBSPTUaBgSpWvcYrsuz04Sl4.roa
File:                     jr0RBSPTUaBgSpWvcYrsuz04Sl4.roa (raw, json)
Hash identifier:          e3OTBQIY/Ada+fXq3XpOy4yH3jmNIsJ/kNlwBeX9MM0=
Subject key identifier:   8E:BD:11:05:23:D3:51:A0:60:4A:95:AF:71:8A:EC:BB:3D:38:4A:5E
Certificate issuer:       /CN=3cfee2ea3cde0873a191bdd795227399b56a43ba
Certificate serial:       0199F2B31C81E524648831B05B5159E3E419
Authority key identifier: 3C:FE:E2:EA:3C:DE:08:73:A1:91:BD:D7:95:22:73:99:B5:6A:43:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PP7i6jzeCHOhkb3XlSJzmbVqQ7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/f668e0-fb36-45a0-971f-6b2f9d151519/1/jr0RBSPTUaBgSpWvcYrsuz04Sl4.roa
Signing time:             Fri 17 Oct 2025 15:04:08 +0000
ROA not before:           Fri 17 Oct 2025 15:04:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56380
IP address blocks:        185.153.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/f668e0-fb36-45a0-971f-6b2f9d151519/1/PP7i6jzeCHOhkb3XlSJzmbVqQ7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/f668e0-fb36-45a0-971f-6b2f9d151519/1/PP7i6jzeCHOhkb3XlSJzmbVqQ7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PP7i6jzeCHOhkb3XlSJzmbVqQ7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f2:b3:1c:81:e5:24:64:88:31:b0:5b:51:59:e3:e4:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cfee2ea3cde0873a191bdd795227399b56a43ba
        Validity
            Not Before: Oct 17 15:04:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ebd110523d351a0604a95af718aecbb3d384a5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:bd:be:4a:3a:c1:f2:27:da:a4:37:c8:38:c5:
                    d2:d8:8a:14:b8:5e:b2:8b:d2:cd:ee:e5:01:06:3d:
                    05:78:48:eb:e9:3a:bc:1e:7f:fa:3e:2f:73:63:23:
                    60:b5:67:d2:b5:07:d4:21:9b:da:01:17:78:5f:a7:
                    d8:d6:fb:67:a4:a4:91:e8:14:65:20:ce:30:7a:aa:
                    97:d5:2d:d8:b2:73:b3:97:77:ce:5a:99:65:83:b3:
                    f4:17:74:fa:77:c2:ed:b9:d7:a3:38:53:fd:e1:bf:
                    ba:2f:d3:20:c0:dc:43:9b:53:6c:9f:ca:21:e9:b5:
                    9f:f1:3a:76:35:85:b9:fe:b1:7a:83:ba:c7:9d:c6:
                    10:ae:92:7b:46:4c:f3:09:25:2d:b8:1e:c4:a1:6a:
                    5e:66:eb:03:57:2a:7e:a7:fe:44:4e:6d:8d:6e:7f:
                    34:6b:72:48:71:ed:d5:90:32:0c:b3:5a:ce:21:34:
                    a0:ea:4e:75:1f:f1:11:e4:c2:8d:ac:b9:eb:59:dc:
                    ac:cf:31:4b:5c:88:bd:b2:fc:a8:9d:5f:13:27:e9:
                    a3:b5:64:54:8b:dc:af:18:3f:d0:f3:dc:55:ad:81:
                    41:1b:80:65:9e:e1:b0:3a:e1:6d:1d:3d:07:f7:a8:
                    dd:4b:63:14:39:86:8d:82:0b:de:ce:ad:0b:9e:4f:
                    82:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:BD:11:05:23:D3:51:A0:60:4A:95:AF:71:8A:EC:BB:3D:38:4A:5E
            X509v3 Authority Key Identifier:
                keyid:3C:FE:E2:EA:3C:DE:08:73:A1:91:BD:D7:95:22:73:99:B5:6A:43:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PP7i6jzeCHOhkb3XlSJzmbVqQ7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/f668e0-fb36-45a0-971f-6b2f9d151519/1/jr0RBSPTUaBgSpWvcYrsuz04Sl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/f668e0-fb36-45a0-971f-6b2f9d151519/1/PP7i6jzeCHOhkb3XlSJzmbVqQ7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.153.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:15:17:ca:4a:d5:41:6a:00:77:bc:39:1f:9d:b0:6a:76:13:
         fc:6e:4f:c2:6a:3e:84:26:78:f4:07:a5:29:48:e4:67:c5:60:
         91:2d:d4:00:2b:de:bf:31:a1:08:f9:27:d2:63:26:66:62:a2:
         a8:c9:b2:e1:75:25:23:5d:51:20:fc:24:ed:f1:5f:a7:b8:c8:
         0c:c6:b3:f7:c1:80:98:e3:72:85:bb:0f:4d:da:e1:a7:5d:f9:
         64:84:9d:2f:4e:74:39:21:0a:2f:d1:b7:b3:10:5d:b7:c3:06:
         11:ae:9e:b1:cb:00:f4:36:a9:bc:76:ba:00:fe:97:da:42:c0:
         94:bf:9b:10:9c:f3:03:eb:4b:c3:75:9e:cf:e0:29:9e:06:21:
         74:2a:21:9f:3b:9c:6b:9f:b5:2c:dd:fe:07:b8:0e:d1:c0:99:
         ab:de:e9:a4:d3:cd:2c:c0:41:b0:71:d9:ce:77:d9:a2:ab:a8:
         b5:e8:03:f3:52:11:82:29:db:dc:be:ec:63:e8:72:3b:06:84:
         18:ae:49:69:86:23:aa:d0:ab:37:bc:5d:73:ee:63:fc:4d:82:
         3b:a9:1c:ad:e5:84:2b:41:cc:2d:fd:49:0b:7a:f8:2a:91:35:
         38:3b:1f:25:3e:d8:55:72:93:97:e1:ff:67:50:5a:c2:78:a1:
         66:80:48:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnysxyB5SRkiDGwW1FZ4+QZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZmVlMmVhM2NkZTA4NzNhMTkxYmRkNzk1MjI3Mzk5YjU2
YTQzYmEwHhcNMjUxMDE3MTUwNDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWJkMTEwNTIzZDM1MWEwNjA0YTk1YWY3MThhZWNiYjNkMzg0YTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr2+SjrB8ifapDfIOMXS2IoUuF6y
i9LN7uUBBj0FeEjr6Tq8Hn/6Pi9zYyNgtWfStQfUIZvaARd4X6fY1vtnpKSR6BRl
IM4weqqX1S3YsnOzl3fOWpllg7P0F3T6d8LtudejOFP94b+6L9MgwNxDm1Nsn8oh
6bWf8Tp2NYW5/rF6g7rHncYQrpJ7RkzzCSUtuB7EoWpeZusDVyp+p/5ETm2Nbn80
a3JIce3VkDIMs1rOITSg6k51H/ER5MKNrLnrWdyszzFLXIi9svyonV8TJ+mjtWRU
i9yvGD/Q89xVrYFBG4BlnuGwOuFtHT0H96jdS2MUOYaNggvezq0Lnk+CIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI69EQUj01GgYEqVr3GK7Ls9OEpeMB8GA1UdIwQY
MBaAFDz+4uo83ghzoZG915Uic5m1akO6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFA3aTZqemVDSE9oa2IzWGxTSnptYlZxUTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9mNjY4ZTAtZmIzNi00NWEwLTk3MWYt
NmIyZjlkMTUxNTE5LzEvanIwUkJTUFRVYUJnU3BXdmNZcnN1ejA0U2w0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9mNjY4ZTAtZmIzNi00NWEwLTk3MWYtNmIyZjlkMTUxNTE5
LzEvUFA3aTZqemVDSE9oa2IzWGxTSnptYlZxUTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZnEMA0G
CSqGSIb3DQEBCwUAA4IBAQB2FRfKStVBagB3vDkfnbBqdhP8bk/Caj6EJnj0B6Up
SORnxWCRLdQAK96/MaEI+SfSYyZmYqKoybLhdSUjXVEg/CTt8V+nuMgMxrP3wYCY
43KFuw9N2uGnXflkhJ0vTnQ5IQov0bezEF23wwYRrp6xywD0Nqm8droA/pfaQsCU
v5sQnPMD60vDdZ7P4CmeBiF0KiGfO5xrn7Us3f4HuA7RwJmr3umk080swEGwcdnO
d9miq6i16APzUhGCKdvcvuxj6HI7BoQYrklphiOq0Ks3vF1z7mP8TYI7qRyt5YQr
Qcwt/UkLevgqkTU4Ox8lPthVcpOX4f9nUFrCeKFmgEgz
-----END CERTIFICATE-----