Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/4dca34-745c-4180-b0f0-01dda374d67f/1/ov5u8bzup09FFyJJ_zHJCgGMVo4.roa
File:                     ov5u8bzup09FFyJJ_zHJCgGMVo4.roa (raw, json)
Hash identifier:          GVSdHUWKmtUWdG3OcU4oGcJpHS1FbNcqX/5fpB1Tat4=
Subject key identifier:   A2:FE:6E:F1:BC:EE:A7:4F:45:17:22:49:FF:31:C9:0A:01:8C:56:8E
Certificate issuer:       /CN=d5b021b1e84126593cef6d98803413aa72d001e0
Certificate serial:       0199E4B9AE4878A0CEED566A9B167B2BD279
Authority key identifier: D5:B0:21:B1:E8:41:26:59:3C:EF:6D:98:80:34:13:AA:72:D0:01:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1bAhsehBJlk8722YgDQTqnLQAeA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/4dca34-745c-4180-b0f0-01dda374d67f/1/ov5u8bzup09FFyJJ_zHJCgGMVo4.roa
Signing time:             Tue 14 Oct 2025 21:56:37 +0000
ROA not before:           Tue 14 Oct 2025 21:56:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209934
IP address blocks:        213.163.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/4dca34-745c-4180-b0f0-01dda374d67f/1/1bAhsehBJlk8722YgDQTqnLQAeA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/4dca34-745c-4180-b0f0-01dda374d67f/1/1bAhsehBJlk8722YgDQTqnLQAeA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1bAhsehBJlk8722YgDQTqnLQAeA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e4:b9:ae:48:78:a0:ce:ed:56:6a:9b:16:7b:2b:d2:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5b021b1e84126593cef6d98803413aa72d001e0
        Validity
            Not Before: Oct 14 21:56:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a2fe6ef1bceea74f45172249ff31c90a018c568e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:70:f9:2d:c5:4b:ea:a1:8b:a7:3b:67:be:53:
                    ca:93:91:cc:4d:88:65:ad:28:a0:08:c6:f2:16:1c:
                    a4:33:0e:f2:db:dd:1c:eb:74:af:7f:7f:6b:a4:f7:
                    45:da:7f:5d:c8:06:87:fc:fc:a0:51:47:8b:75:43:
                    f2:eb:c5:5b:00:65:81:a3:8a:92:e2:21:0a:8f:ac:
                    9d:e7:a8:32:b6:81:dd:b8:50:4c:2c:f2:b9:7d:be:
                    af:de:a2:9d:73:55:27:e3:fe:3f:fc:eb:f5:a1:ce:
                    06:4c:91:5d:48:09:28:f7:29:5b:fb:0f:b3:6e:eb:
                    fc:9a:b2:27:8d:2a:a6:c3:f1:3d:32:e2:d5:03:70:
                    bd:dc:ea:cf:21:b6:b6:f4:03:d7:fa:5a:ac:ba:db:
                    25:5c:90:9c:3b:27:d4:d7:da:97:5a:61:08:fb:a8:
                    f7:71:b8:0f:ae:9f:ff:02:37:8e:42:56:11:1a:3d:
                    1a:ec:b7:3d:ce:d2:9a:fe:d5:35:7d:73:97:a0:14:
                    d6:c3:7b:16:d5:4f:f0:74:48:15:64:b5:6e:f2:bc:
                    03:6e:f1:94:ac:00:b4:23:d6:1d:fc:80:ff:45:a2:
                    68:4e:e6:c3:db:67:f4:99:6f:00:f7:cf:1e:30:43:
                    58:e2:ae:31:7e:fb:3b:df:41:ab:88:91:5e:94:76:
                    ee:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:FE:6E:F1:BC:EE:A7:4F:45:17:22:49:FF:31:C9:0A:01:8C:56:8E
            X509v3 Authority Key Identifier:
                keyid:D5:B0:21:B1:E8:41:26:59:3C:EF:6D:98:80:34:13:AA:72:D0:01:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1bAhsehBJlk8722YgDQTqnLQAeA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4dca34-745c-4180-b0f0-01dda374d67f/1/ov5u8bzup09FFyJJ_zHJCgGMVo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4dca34-745c-4180-b0f0-01dda374d67f/1/1bAhsehBJlk8722YgDQTqnLQAeA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.163.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:05:fe:bb:5e:be:53:da:7e:11:81:37:5a:0f:76:d3:7b:c4:
         b4:25:4d:f3:84:de:07:ac:45:f0:d3:38:1d:29:cb:c8:0a:79:
         fe:7a:b2:a0:46:3c:d3:67:d8:b1:29:e5:06:18:fc:35:a5:c8:
         0c:56:eb:bf:54:f2:7c:b9:6d:94:33:01:9d:64:d7:3b:8f:6a:
         03:61:12:f6:ec:9f:74:9a:ae:86:61:57:8b:8e:b8:83:68:cd:
         31:b4:d8:c8:06:37:78:2e:ba:5b:b2:12:71:45:47:d3:74:ad:
         82:e0:65:39:33:a2:d3:84:00:97:6d:55:be:97:92:28:fb:06:
         46:56:a6:f3:90:78:b0:c6:75:bc:54:54:82:71:31:75:27:71:
         b3:f8:d6:12:67:70:a1:34:9b:ae:2d:bd:12:0a:e4:79:97:ba:
         4f:57:d3:2a:b9:bf:65:43:f5:09:a5:1d:91:d7:1f:9f:15:dd:
         d0:2e:61:53:7c:3c:2c:f1:15:ad:44:96:53:70:ad:c0:86:53:
         ab:e6:5a:09:c3:d5:09:25:18:0c:bf:12:94:0b:4d:f5:43:87:
         b1:12:05:7f:30:31:10:15:0f:e5:42:ae:3c:0d:c7:7a:61:fb:
         ba:32:8c:cc:95:52:fa:a4:c1:cd:b5:a4:39:0a:69:6f:e4:36:
         ce:19:79:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnkua5IeKDO7VZqmxZ7K9J5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1YjAyMWIxZTg0MTI2NTkzY2VmNmQ5ODgwMzQxM2FhNzJk
MDAxZTAwHhcNMjUxMDE0MjE1NjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmZlNmVmMWJjZWVhNzRmNDUxNzIyNDlmZjMxYzkwYTAxOGM1NjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunD5LcVL6qGLpztnvlPKk5HMTYhl
rSigCMbyFhykMw7y290c63Svf39rpPdF2n9dyAaH/PygUUeLdUPy68VbAGWBo4qS
4iEKj6yd56gytoHduFBMLPK5fb6v3qKdc1Un4/4//Ov1oc4GTJFdSAko9ylb+w+z
buv8mrInjSqmw/E9MuLVA3C93OrPIba29APX+lqsutslXJCcOyfU19qXWmEI+6j3
cbgPrp//AjeOQlYRGj0a7Lc9ztKa/tU1fXOXoBTWw3sW1U/wdEgVZLVu8rwDbvGU
rAC0I9Yd/ID/RaJoTubD22f0mW8A988eMENY4q4xfvs730GriJFelHbuBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKL+bvG87qdPRRciSf8xyQoBjFaOMB8GA1UdIwQY
MBaAFNWwIbHoQSZZPO9tmIA0E6py0AHgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWJBaHNlaEJKbGs4NzIyWWdEUVRxbkxRQWVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80ZGNhMzQtNzQ1Yy00MTgwLWIwZjAt
MDFkZGEzNzRkNjdmLzEvb3Y1dThienVwMDlGRnlKSl96SEpDZ0dNVm80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80ZGNhMzQtNzQ1Yy00MTgwLWIwZjAtMDFkZGEzNzRkNjdm
LzEvMWJBaHNlaEJKbGs4NzIyWWdEUVRxbkxRQWVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1aP4MA0G
CSqGSIb3DQEBCwUAA4IBAQCOBf67Xr5T2n4RgTdaD3bTe8S0JU3zhN4HrEXw0zgd
KcvICnn+erKgRjzTZ9ixKeUGGPw1pcgMVuu/VPJ8uW2UMwGdZNc7j2oDYRL27J90
mq6GYVeLjriDaM0xtNjIBjd4LrpbshJxRUfTdK2C4GU5M6LThACXbVW+l5Io+wZG
VqbzkHiwxnW8VFSCcTF1J3Gz+NYSZ3ChNJuuLb0SCuR5l7pPV9Mqub9lQ/UJpR2R
1x+fFd3QLmFTfDws8RWtRJZTcK3AhlOr5loJw9UJJRgMvxKUC031Q4exEgV/MDEQ
FQ/lQq48Dcd6Yfu6MozMlVL6pMHNtaQ5Cmlv5DbOGXkR
-----END CERTIFICATE-----