Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ivimYLUnEeVRYyQSKIDwfYVIvj0.roa
File:                     ivimYLUnEeVRYyQSKIDwfYVIvj0.roa (raw, json)
Hash identifier:          1StHrBwzjrIzndNDRp1l4+nrw7ErsGMr48gLPEJPP40=
Subject key identifier:   8A:F8:A6:60:B5:27:11:E5:51:63:24:12:28:80:F0:7D:85:48:BE:3D
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01990EE9F1F13B2B4D4C86960FFE88E39C01
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ivimYLUnEeVRYyQSKIDwfYVIvj0.roa
Signing time:             Wed 03 Sep 2025 09:30:36 +0000
ROA not before:           Wed 03 Sep 2025 09:30:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137235
IP address blocks:        193.58.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0e:e9:f1:f1:3b:2b:4d:4c:86:96:0f:fe:88:e3:9c:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Sep  3 09:30:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8af8a660b52711e5516324122880f07d8548be3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:b7:90:75:e6:03:21:ea:24:d6:d5:fd:5e:85:
                    93:ac:52:e0:1f:ec:94:d9:25:89:71:1b:b8:1e:c1:
                    2a:c2:30:79:e8:3e:7a:79:33:60:4f:9b:a6:77:ba:
                    89:54:6a:8b:cc:3c:b7:42:da:5c:c0:d1:67:0c:ec:
                    cf:95:d9:fe:eb:0b:99:2e:0a:30:24:65:cb:a4:af:
                    86:99:ae:27:03:00:be:d3:50:ca:1f:19:e3:5e:f0:
                    bb:d9:55:99:02:90:bf:5b:bb:4b:fd:42:57:27:dc:
                    1b:f9:22:e9:65:28:e3:f4:04:00:94:e3:3b:36:c4:
                    38:2d:49:c5:4e:54:b4:cd:29:62:c1:3e:2a:b8:ec:
                    4e:20:75:2e:60:3c:1b:c2:63:a3:0e:4a:70:28:dd:
                    3c:ee:d0:71:6d:a1:eb:e5:f1:62:2c:d6:28:89:e4:
                    00:ff:0d:97:21:c8:2b:dd:06:76:9c:2c:9a:3e:2a:
                    5d:81:b9:19:aa:17:59:bb:b2:c8:05:3a:d0:16:ee:
                    1b:53:39:17:71:60:b3:c2:e5:9d:13:87:89:36:7c:
                    8f:40:53:3e:01:a7:be:49:7c:36:ee:0b:5a:56:cd:
                    37:f4:74:ee:27:2f:c8:bc:55:14:a7:fb:96:a4:c1:
                    24:3d:3d:74:ca:86:43:1a:67:d0:53:d7:19:45:c5:
                    d1:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:F8:A6:60:B5:27:11:E5:51:63:24:12:28:80:F0:7D:85:48:BE:3D
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ivimYLUnEeVRYyQSKIDwfYVIvj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:88:44:20:0f:d3:a3:57:b2:fb:96:65:e3:8f:27:c4:5d:ad:
         20:a0:57:5b:73:b2:18:b3:64:1b:d3:d1:8a:63:df:f1:ce:bc:
         b6:97:53:1f:c6:a9:a8:ea:7b:f7:fa:90:92:41:69:71:83:d5:
         61:6f:29:bf:f7:0b:50:a3:0b:c7:da:c3:39:8d:6e:28:50:3a:
         28:6a:ab:f3:fa:33:9a:c1:e0:84:fa:72:59:ae:6e:da:3e:a7:
         c0:8e:c6:8f:ad:9e:33:5a:6a:dc:9d:99:0e:06:f7:c4:7f:9e:
         ac:e8:8b:82:fc:9f:91:b1:f4:6a:ca:e0:e2:86:35:51:c7:b7:
         d3:92:6b:08:27:31:eb:5c:ee:cd:f2:74:42:c9:c3:8f:41:fc:
         cf:76:53:9e:f8:eb:82:14:42:6e:40:09:69:7f:09:e1:5d:11:
         6b:f5:23:30:d3:3f:d1:8d:77:f2:0b:e3:ce:e0:b7:dc:d2:25:
         16:7e:ba:4e:e5:39:ca:70:69:d2:22:42:a4:23:d7:41:24:7e:
         c6:91:d4:22:f4:bb:8e:d7:75:3a:40:57:8b:90:b2:9a:9d:53:
         6d:86:d4:ab:cf:6d:54:9a:3f:ea:c8:b0:58:40:d9:36:f8:7b:
         1b:31:1f:68:dc:d3:ac:99:cf:dd:71:42:8b:5a:88:0e:09:6f:
         68:c8:1e:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkO6fHxOytNTIaWD/6I45wBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwOTAzMDkzMDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWY4YTY2MGI1MjcxMWU1NTE2MzI0MTIyODgwZjA3ZDg1NDhiZTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsreQdeYDIeok1tX9XoWTrFLgH+yU
2SWJcRu4HsEqwjB56D56eTNgT5umd7qJVGqLzDy3QtpcwNFnDOzPldn+6wuZLgow
JGXLpK+Gma4nAwC+01DKHxnjXvC72VWZApC/W7tL/UJXJ9wb+SLpZSjj9AQAlOM7
NsQ4LUnFTlS0zSliwT4quOxOIHUuYDwbwmOjDkpwKN087tBxbaHr5fFiLNYoieQA
/w2XIcgr3QZ2nCyaPipdgbkZqhdZu7LIBTrQFu4bUzkXcWCzwuWdE4eJNnyPQFM+
Aae+SXw27gtaVs039HTuJy/IvFUUp/uWpMEkPT10yoZDGmfQU9cZRcXRTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIr4pmC1JxHlUWMkEiiA8H2FSL49MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvaXZpbVlMVW5FZVZSWXlRU0tJRHdmWVZJdmowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTqSMA0G
CSqGSIb3DQEBCwUAA4IBAQC2iEQgD9OjV7L7lmXjjyfEXa0goFdbc7IYs2Qb09GK
Y9/xzry2l1Mfxqmo6nv3+pCSQWlxg9Vhbym/9wtQowvH2sM5jW4oUDooaqvz+jOa
weCE+nJZrm7aPqfAjsaPrZ4zWmrcnZkOBvfEf56s6IuC/J+RsfRqyuDihjVRx7fT
kmsIJzHrXO7N8nRCycOPQfzPdlOe+OuCFEJuQAlpfwnhXRFr9SMw0z/RjXfyC+PO
4Lfc0iUWfrpO5TnKcGnSIkKkI9dBJH7GkdQi9LuO13U6QFeLkLKanVNthtSrz21U
mj/qyLBYQNk2+HsbMR9o3NOsmc/dcUKLWogOCW9oyB4z
-----END CERTIFICATE-----