Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/Q8a1d3JDYnlpHCeBJ-ilEaaN7uI.roa
File:                     Q8a1d3JDYnlpHCeBJ-ilEaaN7uI.roa (raw, json)
Hash identifier:          Ott4lu7y1mmRSijCCygPfZ0PWm281dG6wYxdj7K5J+Q=
Subject key identifier:   43:C6:B5:77:72:43:62:79:69:1C:27:81:27:E8:A5:11:A6:8D:EE:E2
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       0199994F6BB82271E570C13D593DF9534AB1
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/Q8a1d3JDYnlpHCeBJ-ilEaaN7uI.roa
Signing time:             Tue 30 Sep 2025 06:29:02 +0000
ROA not before:           Tue 30 Sep 2025 06:29:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        81.22.142.0/23 maxlen: 24
                          89.185.0.0/22 maxlen: 22
                          109.72.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:99:4f:6b:b8:22:71:e5:70:c1:3d:59:3d:f9:53:4a:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Sep 30 06:29:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43c6b57772436279691c278127e8a511a68deee2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:69:e1:6a:1c:2a:6b:a0:e5:03:28:2c:f4:5b:
                    d0:ab:c4:ad:6f:ab:b0:63:9e:0f:7f:67:2e:64:3c:
                    1a:9e:6e:28:24:fd:38:9d:1f:58:30:4b:76:95:07:
                    bd:bd:bb:fc:66:73:e9:3f:ab:76:79:31:e1:0c:95:
                    7c:cc:93:46:a9:15:5c:b0:95:3e:be:2a:a1:dc:23:
                    45:5d:f8:09:c3:9b:9c:60:ae:bb:16:0f:05:7c:82:
                    8c:6c:f0:8a:33:b9:6f:b9:54:f6:ad:45:4e:c0:0a:
                    f0:a2:3b:f3:67:37:06:59:e2:7c:d5:86:2b:85:66:
                    4c:73:7a:9d:1e:b5:5b:9f:6f:d9:f5:81:fb:2e:96:
                    53:e5:05:dc:e1:36:b1:70:cb:cf:08:10:c3:ca:d2:
                    d8:c7:88:4b:14:16:98:f6:b9:7a:36:a4:da:36:32:
                    ce:35:bf:bb:48:a5:1f:ce:b4:71:04:6a:9f:bc:95:
                    fb:e5:cb:e6:f1:71:df:4f:81:e4:27:ea:31:cb:52:
                    bd:5e:cd:1f:af:cc:93:33:7f:e7:88:64:bc:9b:f4:
                    87:20:50:8d:07:46:1b:9b:97:de:24:85:ee:db:0b:
                    d5:fd:81:d2:32:77:9a:94:43:a4:8d:9f:b1:80:cd:
                    12:da:c6:a4:52:56:7c:22:9d:b2:0b:f5:f7:c3:c3:
                    64:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:C6:B5:77:72:43:62:79:69:1C:27:81:27:E8:A5:11:A6:8D:EE:E2
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/Q8a1d3JDYnlpHCeBJ-ilEaaN7uI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.142.0/23
                  89.185.0.0/22
                  109.72.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         72:1f:64:48:e2:d8:4e:cd:5f:95:ba:16:95:b2:c8:96:e3:d0:
         7f:b9:15:db:c5:09:8e:bf:9c:20:cd:47:62:bf:40:08:1a:1f:
         99:0c:d1:73:74:b5:c8:56:02:92:e7:38:ce:6f:68:09:d7:0b:
         dd:cf:71:09:83:3c:f2:94:14:28:59:fd:5b:82:26:1e:af:d4:
         4e:f5:9d:14:c8:b5:ea:1e:8e:04:23:ad:79:63:e1:d0:bf:25:
         83:d2:01:b8:26:2d:3a:24:1f:0e:15:1d:eb:56:92:e9:b5:5b:
         a6:4e:0d:90:f4:c4:f7:64:2a:55:26:a9:d5:29:79:9b:f0:a5:
         8b:4c:43:f5:10:1d:1e:3c:f0:ff:07:8a:64:9d:82:f6:a4:f6:
         20:17:58:06:f0:74:7e:9e:1e:36:6d:29:38:12:f7:f7:72:ce:
         79:a8:c1:f5:ac:c6:4c:b5:bf:85:d5:e9:92:ec:e7:59:b4:1e:
         85:71:61:0b:e7:f9:13:95:8e:fa:3a:13:a4:15:b2:75:a9:08:
         4d:89:8a:5f:90:79:1c:b0:d5:7c:92:31:95:14:b0:b9:76:66:
         fa:ab:ed:19:8e:84:2a:69:a6:66:48:b5:36:1b:a7:df:3d:ce:
         cc:8a:65:ad:47:4a:27:bf:42:3a:4b:4f:0d:e5:4c:ca:e9:61:
         39:11:78:59
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZmZT2u4InHlcME9WT35U0qxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjUwOTMwMDYyOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2M2YjU3NzcyNDM2Mjc5NjkxYzI3ODEyN2U4YTUxMWE2OGRlZWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWnhahwqa6DlAygs9FvQq8Stb6uw
Y54Pf2cuZDwanm4oJP04nR9YMEt2lQe9vbv8ZnPpP6t2eTHhDJV8zJNGqRVcsJU+
viqh3CNFXfgJw5ucYK67Fg8FfIKMbPCKM7lvuVT2rUVOwArwojvzZzcGWeJ81YYr
hWZMc3qdHrVbn2/Z9YH7LpZT5QXc4TaxcMvPCBDDytLYx4hLFBaY9rl6NqTaNjLO
Nb+7SKUfzrRxBGqfvJX75cvm8XHfT4HkJ+oxy1K9Xs0fr8yTM3/niGS8m/SHIFCN
B0Ybm5feJIXu2wvV/YHSMnealEOkjZ+xgM0S2sakUlZ8Ip2yC/X3w8NkPwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEPGtXdyQ2J5aRwngSfopRGmje7iMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvUThhMWQzSkRZbmxwSENlQkotaWxFYWFON3VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBURaOAwQC
WbkAAwQCbUh0MA0GCSqGSIb3DQEBCwUAA4IBAQByH2RI4thOzV+VuhaVssiW49B/
uRXbxQmOv5wgzUdiv0AIGh+ZDNFzdLXIVgKS5zjOb2gJ1wvdz3EJgzzylBQoWf1b
giYer9RO9Z0UyLXqHo4EI615Y+HQvyWD0gG4Ji06JB8OFR3rVpLptVumTg2Q9MT3
ZCpVJqnVKXmb8KWLTEP1EB0ePPD/B4pknYL2pPYgF1gG8HR+nh42bSk4Evf3cs55
qMH1rMZMtb+F1emS7OdZtB6FcWEL5/kTlY76OhOkFbJ1qQhNiYpfkHkcsNV8kjGV
FLC5dmb6q+0ZjoQqaaZmSLU2G6ffPc7MimWtR0onv0I6S08N5UzK6WE5EXhZ
-----END CERTIFICATE-----