Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/7OSbUsexneQ0Q14f6d4gS3FqwKA.roa
File:                     7OSbUsexneQ0Q14f6d4gS3FqwKA.roa (raw, json)
Hash identifier:          bTywqIASCFGsuBv+6N7v2D8L1Q+x4uOFKiuvSJi+2o4=
Subject key identifier:   EC:E4:9B:52:C7:B1:9D:E4:34:43:5E:1F:E9:DE:20:4B:71:6A:C0:A0
Certificate issuer:       /CN=ac8a0e0b1b21f093333c0748145b1628418cf2b5
Certificate serial:       019995A994AED645AE7D480214FEC7E0ADAE
Authority key identifier: AC:8A:0E:0B:1B:21:F0:93:33:3C:07:48:14:5B:16:28:41:8C:F2:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rIoOCxsh8JMzPAdIFFsWKEGM8rU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/7OSbUsexneQ0Q14f6d4gS3FqwKA.roa
Signing time:             Mon 29 Sep 2025 13:29:02 +0000
ROA not before:           Mon 29 Sep 2025 13:29:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200525
IP address blocks:        185.68.16.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/rIoOCxsh8JMzPAdIFFsWKEGM8rU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/rIoOCxsh8JMzPAdIFFsWKEGM8rU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rIoOCxsh8JMzPAdIFFsWKEGM8rU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:02:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:95:a9:94:ae:d6:45:ae:7d:48:02:14:fe:c7:e0:ad:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac8a0e0b1b21f093333c0748145b1628418cf2b5
        Validity
            Not Before: Sep 29 13:29:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ece49b52c7b19de434435e1fe9de204b716ac0a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:04:65:33:db:81:72:16:26:f9:59:77:dd:01:
                    b8:48:06:5b:be:b9:9d:ab:a6:64:0f:c2:3d:e1:32:
                    51:a2:07:e7:17:ef:0c:75:33:b0:1f:bc:05:70:4c:
                    a1:29:47:33:bd:70:f5:fb:39:8d:15:7c:da:9f:d9:
                    77:e6:fd:a8:54:c5:b5:b9:8b:9a:6c:73:1d:e7:5a:
                    a0:00:81:a7:b2:40:99:f0:6e:ac:73:a5:7f:3b:96:
                    b0:0a:89:7a:b4:fc:63:3a:a8:91:c5:14:43:1e:14:
                    c4:ae:85:55:88:8f:dc:43:23:8f:49:12:d3:5b:d8:
                    cf:1f:f7:fa:69:7c:99:c5:7f:db:0c:f1:19:83:83:
                    8b:cd:d8:16:fb:8c:be:b2:a9:4f:db:28:ea:09:fb:
                    a5:ed:ed:6d:2d:37:fc:75:63:73:b4:c2:c1:3a:dd:
                    68:4e:89:4a:78:93:40:d0:f6:08:bc:25:05:75:bd:
                    5f:83:8d:d7:b2:e6:77:cd:d7:f3:cf:32:e0:ff:0d:
                    91:37:24:1f:16:6e:c6:ef:a2:20:fc:6f:9a:59:3c:
                    88:f8:5d:18:92:6a:1d:b9:e2:a6:1e:d3:14:ca:79:
                    bc:3b:02:9e:e8:d0:54:dd:9f:87:d2:dd:84:aa:b0:
                    e9:91:4b:b9:21:fe:53:aa:fc:c6:0f:fa:33:a2:71:
                    33:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:E4:9B:52:C7:B1:9D:E4:34:43:5E:1F:E9:DE:20:4B:71:6A:C0:A0
            X509v3 Authority Key Identifier:
                keyid:AC:8A:0E:0B:1B:21:F0:93:33:3C:07:48:14:5B:16:28:41:8C:F2:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rIoOCxsh8JMzPAdIFFsWKEGM8rU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/7OSbUsexneQ0Q14f6d4gS3FqwKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/rIoOCxsh8JMzPAdIFFsWKEGM8rU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.68.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a0:5f:f6:31:8d:c3:45:4e:0b:15:ad:ad:ba:6b:dc:dc:4d:f1:
         c2:0e:86:24:7d:9b:0d:70:f1:c3:00:cc:44:77:da:a8:2c:ff:
         d5:d0:f1:a1:51:bd:95:34:8c:ba:3d:0f:af:58:34:f2:bd:09:
         69:77:1c:e7:5a:3a:63:1f:db:9d:c6:30:97:65:38:35:82:24:
         f7:50:ad:57:dd:b5:eb:9b:2f:7e:9a:53:94:cd:08:36:6e:17:
         0a:16:00:75:f6:fa:a2:ae:9f:df:ae:fc:3b:67:0c:86:56:6b:
         f3:8a:b7:ab:b6:8c:4b:0a:75:79:ae:e5:aa:95:a4:2d:ed:02:
         51:b3:93:61:10:2a:7f:ab:c5:9f:e1:41:10:40:3a:fd:d2:58:
         05:e5:12:ce:ef:24:7b:3d:ae:95:53:30:2f:57:06:ef:da:7c:
         f1:af:26:5d:bf:9c:28:c9:28:13:4f:19:37:9a:6a:4d:bc:da:
         81:31:a0:f1:34:e5:c2:96:34:ca:a3:27:29:28:17:b7:dd:aa:
         5b:8f:72:3c:5f:8f:f7:45:b1:c9:ca:ff:02:ae:d7:3a:e5:6a:
         63:47:1e:10:5c:d9:fc:9b:19:8c:d2:77:75:64:09:37:45:fd:
         e5:4b:5b:93:25:74:88:5f:57:3b:eb:54:3b:5b:0d:b0:1a:4c:
         f1:e4:d6:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmVqZSu1kWufUgCFP7H4K2uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjOGEwZTBiMWIyMWYwOTMzMzNjMDc0ODE0NWIxNjI4NDE4
Y2YyYjUwHhcNMjUwOTI5MTMyOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2U0OWI1MmM3YjE5ZGU0MzQ0MzVlMWZlOWRlMjA0YjcxNmFjMGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2gRlM9uBchYm+Vl33QG4SAZbvrmd
q6ZkD8I94TJRogfnF+8MdTOwH7wFcEyhKUczvXD1+zmNFXzan9l35v2oVMW1uYua
bHMd51qgAIGnskCZ8G6sc6V/O5awCol6tPxjOqiRxRRDHhTEroVViI/cQyOPSRLT
W9jPH/f6aXyZxX/bDPEZg4OLzdgW+4y+sqlP2yjqCful7e1tLTf8dWNztMLBOt1o
TolKeJNA0PYIvCUFdb1fg43XsuZ3zdfzzzLg/w2RNyQfFm7G76Ig/G+aWTyI+F0Y
kmodueKmHtMUynm8OwKe6NBU3Z+H0t2EqrDpkUu5If5TqvzGD/ozonEzewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOzkm1LHsZ3kNENeH+neIEtxasCgMB8GA1UdIwQY
MBaAFKyKDgsbIfCTMzwHSBRbFihBjPK1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcklvT0N4c2g4Sk16UEFkSUZGc1dLRUdNOHJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84Y2U2YTEtMTMwYy00ODBlLWE5MDMt
ZGI4ZWZmMWIxMWEwLzEvN09TYlVzZXhuZVEwUTE0ZjZkNGdTM0Zxd0tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84Y2U2YTEtMTMwYy00ODBlLWE5MDMtZGI4ZWZmMWIxMWEw
LzEvcklvT0N4c2g4Sk16UEFkSUZGc1dLRUdNOHJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUQQMA0G
CSqGSIb3DQEBCwUAA4IBAQCgX/YxjcNFTgsVra26a9zcTfHCDoYkfZsNcPHDAMxE
d9qoLP/V0PGhUb2VNIy6PQ+vWDTyvQlpdxznWjpjH9udxjCXZTg1giT3UK1X3bXr
my9+mlOUzQg2bhcKFgB19vqirp/frvw7ZwyGVmvzirertoxLCnV5ruWqlaQt7QJR
s5NhECp/q8Wf4UEQQDr90lgF5RLO7yR7Pa6VUzAvVwbv2nzxryZdv5woySgTTxk3
mmpNvNqBMaDxNOXCljTKoycpKBe33apbj3I8X4/3RbHJyv8Crtc65WpjRx4QXNn8
mxmM0nd1ZAk3Rf3lS1uTJXSIX1c761Q7Ww2wGkzx5Nb9
-----END CERTIFICATE-----