Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/f4tVuHbbEEExw1FgkYA_xiEVeZI.roa
File:                     f4tVuHbbEEExw1FgkYA_xiEVeZI.roa (raw, json)
Hash identifier:          Ra6FxwbKM9pTj1QpToOpemmcz8OHYU34i9ladkCeWIs=
Subject key identifier:   7F:8B:55:B8:76:DB:10:41:31:C3:51:60:91:80:3F:C6:21:15:79:92
Certificate issuer:       /CN=0c90c356e2864f43894857443555d8b5c0352819
Certificate serial:       019898C8F957C1B6B9EF7B949341891E4528
Authority key identifier: 0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/f4tVuHbbEEExw1FgkYA_xiEVeZI.roa
Signing time:             Mon 11 Aug 2025 10:59:24 +0000
ROA not before:           Mon 11 Aug 2025 10:59:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205605
IP address blocks:        82.199.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:c8:f9:57:c1:b6:b9:ef:7b:94:93:41:89:1e:45:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c90c356e2864f43894857443555d8b5c0352819
        Validity
            Not Before: Aug 11 10:59:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f8b55b876db104131c3516091803fc621157992
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:1e:78:bd:05:60:93:b3:10:09:12:27:f4:ee:
                    33:42:e9:ae:cb:c6:26:23:49:67:1f:8d:d3:28:14:
                    0b:bf:8a:ed:b6:cb:be:81:df:5c:31:b3:f1:ea:cf:
                    41:7b:5d:af:de:81:db:cc:93:70:8d:3c:8c:5c:22:
                    8c:82:8b:f8:75:6e:68:fc:8d:e9:88:6e:e1:5c:e5:
                    45:86:57:91:a7:30:cb:3e:8d:fe:83:06:30:b0:8d:
                    2d:df:e6:f7:6d:fa:7a:b3:42:5f:b3:a8:0a:40:b3:
                    f8:68:eb:56:1b:23:9a:71:6a:f0:06:d0:d5:fc:bc:
                    03:57:db:54:5e:10:84:8d:95:dd:c5:bf:5a:a5:45:
                    d6:e5:f3:0e:bf:a6:e3:52:1c:54:df:6b:23:b7:f9:
                    06:9a:b3:57:c0:ff:df:4f:ad:88:ea:53:03:03:81:
                    d1:d3:9d:13:0a:89:42:76:8f:7e:a2:fc:f3:68:14:
                    c3:d2:5c:48:5c:5d:0f:7a:a1:ec:e0:e1:f0:53:4c:
                    4d:ea:00:2a:3d:2d:7a:1b:ef:50:40:40:08:10:f9:
                    2d:8d:a6:48:83:1e:22:72:cd:e7:f1:a9:45:0c:fd:
                    b5:2c:55:60:c1:70:df:dc:83:5b:22:52:db:89:3e:
                    15:e6:68:6b:28:1b:c4:9d:f4:c6:37:98:5c:74:e9:
                    6d:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:8B:55:B8:76:DB:10:41:31:C3:51:60:91:80:3F:C6:21:15:79:92
            X509v3 Authority Key Identifier:
                keyid:0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/f4tVuHbbEEExw1FgkYA_xiEVeZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.199.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:60:37:dc:fb:0a:2e:f1:a0:55:98:2d:2e:a0:57:ef:f0:92:
         77:e1:b1:72:40:3d:89:8e:64:ae:8b:0e:6a:83:82:63:51:c2:
         7e:a4:5a:ae:13:23:45:ce:be:6c:0a:0e:3f:83:1f:bc:96:06:
         3f:8a:df:d1:47:3f:0b:41:21:45:4d:41:c7:e0:b6:7e:fb:84:
         52:6b:8b:cc:b2:1c:fb:e6:58:de:e9:8c:97:41:3f:90:33:22:
         94:74:57:7e:c8:a6:41:d8:55:de:d2:bc:cd:e3:7e:2c:6d:bc:
         2e:90:08:dc:9f:3d:b6:a8:8e:52:29:c4:c9:bb:2f:f7:8a:00:
         ab:44:14:06:bc:c9:77:97:39:70:b0:a0:78:46:b0:0b:ad:fe:
         31:4a:8e:ec:d9:8b:3e:d5:56:c6:b4:ec:d3:f3:73:40:71:dd:
         4a:0c:09:58:97:c5:ff:59:94:cd:41:26:f9:d5:f0:3b:89:d3:
         53:25:d3:e1:e9:0f:5d:30:6e:bd:db:4d:1a:ea:03:4d:52:b1:
         a9:32:29:5f:7f:81:ac:3d:83:f6:e5:f1:cc:27:c3:52:21:61:
         8c:83:12:b2:1e:f5:95:61:46:83:1e:34:02:4e:41:cd:5c:42:
         4f:67:14:85:e2:ab:1a:7e:9d:8c:df:aa:e3:9e:a8:e6:96:33:
         78:e1:06:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiYyPlXwba573uUk0GJHkUoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjOTBjMzU2ZTI4NjRmNDM4OTQ4NTc0NDM1NTVkOGI1YzAz
NTI4MTkwHhcNMjUwODExMTA1OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjhiNTViODc2ZGIxMDQxMzFjMzUxNjA5MTgwM2ZjNjIxMTU3OTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkR54vQVgk7MQCRIn9O4zQumuy8Ym
I0lnH43TKBQLv4rttsu+gd9cMbPx6s9Be12v3oHbzJNwjTyMXCKMgov4dW5o/I3p
iG7hXOVFhleRpzDLPo3+gwYwsI0t3+b3bfp6s0Jfs6gKQLP4aOtWGyOacWrwBtDV
/LwDV9tUXhCEjZXdxb9apUXW5fMOv6bjUhxU32sjt/kGmrNXwP/fT62I6lMDA4HR
050TColCdo9+ovzzaBTD0lxIXF0PeqHs4OHwU0xN6gAqPS16G+9QQEAIEPktjaZI
gx4ics3n8alFDP21LFVgwXDf3INbIlLbiT4V5mhrKBvEnfTGN5hcdOltPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH+LVbh22xBBMcNRYJGAP8YhFXmSMB8GA1UdIwQY
MBaAFAyQw1bihk9DiUhXRDVV2LXANSgZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDct
ZTM3OTlhZGU5ZGZlLzEvZjR0VnVIYmJFRUV4dzFGZ2tZQV94aUVWZVpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDctZTM3OTlhZGU5ZGZl
LzEvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUsfJMA0G
CSqGSIb3DQEBCwUAA4IBAQAjYDfc+wou8aBVmC0uoFfv8JJ34bFyQD2JjmSuiw5q
g4JjUcJ+pFquEyNFzr5sCg4/gx+8lgY/it/RRz8LQSFFTUHH4LZ++4RSa4vMshz7
5lje6YyXQT+QMyKUdFd+yKZB2FXe0rzN434sbbwukAjcnz22qI5SKcTJuy/3igCr
RBQGvMl3lzlwsKB4RrALrf4xSo7s2Ys+1VbGtOzT83NAcd1KDAlYl8X/WZTNQSb5
1fA7idNTJdPh6Q9dMG69200a6gNNUrGpMilff4GsPYP25fHMJ8NSIWGMgxKyHvWV
YUaDHjQCTkHNXEJPZxSF4qsafp2M36rjnqjmljN44QYF
-----END CERTIFICATE-----