Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/1-gxOhCZj8nS37sWsUDKlmcK-Rw8.roa
File:                     1-gxOhCZj8nS37sWsUDKlmcK-Rw8.roa (raw, json)
Hash identifier:          /+5YDb/LdEiV9iy+qGtaTiI/QdW15m+uapnwWEACL9w=
Subject key identifier:   FA:0C:4E:84:26:63:F2:74:B7:EE:C5:AC:50:32:A5:99:C2:BE:47:0F
Certificate issuer:       /CN=e61bd7dd1f8ac8b4192ba78a592348b5dd0a1a66
Certificate serial:       0198C092D2736E1BD6AD10F91A122E3A9653
Authority key identifier: E6:1B:D7:DD:1F:8A:C8:B4:19:2B:A7:8A:59:23:48:B5:DD:0A:1A:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/1-gxOhCZj8nS37sWsUDKlmcK-Rw8.roa
Signing time:             Tue 19 Aug 2025 04:25:04 +0000
ROA not before:           Tue 19 Aug 2025 04:25:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398704
IP address blocks:        185.129.208.0/22 maxlen: 22
                          185.199.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c0:92:d2:73:6e:1b:d6:ad:10:f9:1a:12:2e:3a:96:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e61bd7dd1f8ac8b4192ba78a592348b5dd0a1a66
        Validity
            Not Before: Aug 19 04:25:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa0c4e842663f274b7eec5ac5032a599c2be470f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:98:21:a4:59:c5:33:5a:23:89:c7:8e:ef:3b:
                    ad:b8:b5:da:62:60:e3:5c:33:e4:03:6f:b0:39:f6:
                    c2:3e:5e:cd:f7:da:06:65:83:50:c9:14:1c:b8:21:
                    92:40:3e:72:26:2a:c4:e9:f2:4b:b3:ee:13:d6:d2:
                    24:92:86:cf:e8:de:e6:57:41:f0:6c:77:ae:1f:d8:
                    e1:0f:fc:cb:63:a3:3a:0c:43:fa:91:9e:6d:05:ea:
                    be:5d:d8:91:0f:ec:e6:2e:a0:ea:11:96:4a:b5:cb:
                    7f:ec:de:df:48:bf:cd:c9:97:9b:37:1e:95:2b:67:
                    90:47:c5:54:6b:42:b1:6e:7e:3f:af:a7:89:eb:4f:
                    41:19:d5:d2:83:13:54:fe:ca:fe:c4:f5:1b:e2:ec:
                    2e:52:58:3c:c4:16:f7:a5:9e:dd:65:94:97:e5:5b:
                    34:e0:a8:b3:c8:a2:0b:69:7e:5c:9f:41:a4:29:12:
                    82:41:4c:0e:b6:cf:58:ae:a6:bd:69:a5:01:fa:73:
                    68:be:0f:93:fe:c8:69:f8:d1:3d:fd:32:3b:00:47:
                    8e:43:9c:87:e3:ff:a2:b7:1a:7b:8a:5a:c6:a3:93:
                    71:4f:bb:0d:7c:e8:15:c1:52:de:34:67:fb:e8:86:
                    b9:d4:05:f3:d9:7d:d0:72:ff:2c:e1:db:ea:f1:73:
                    35:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:0C:4E:84:26:63:F2:74:B7:EE:C5:AC:50:32:A5:99:C2:BE:47:0F
            X509v3 Authority Key Identifier:
                keyid:E6:1B:D7:DD:1F:8A:C8:B4:19:2B:A7:8A:59:23:48:B5:DD:0A:1A:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/1-gxOhCZj8nS37sWsUDKlmcK-Rw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.208.0/22
                  185.199.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         04:92:c7:85:bf:5c:a8:47:d3:0a:29:24:2e:f4:fa:f4:9c:5d:
         1e:54:43:7d:03:bd:75:0b:c5:a7:04:e0:ed:27:aa:12:11:18:
         98:05:59:62:e0:be:45:65:81:a3:69:a7:b4:ce:0f:b6:03:8f:
         eb:a3:84:e9:9b:a0:56:f2:ef:af:f0:63:c9:df:52:8d:97:48:
         d5:db:9c:d9:e6:74:13:d6:45:ca:7d:53:fa:48:83:20:ec:0f:
         ba:00:ce:16:b9:9c:58:96:c7:f6:d5:1b:f8:05:d5:0a:7c:3f:
         7b:70:f7:45:44:1c:9d:3a:6f:53:30:90:0d:8b:39:98:a3:93:
         43:1b:7f:a5:81:ab:8e:20:76:0f:d2:cd:c4:44:aa:ee:3a:52:
         37:ce:6b:e9:56:12:5c:af:cf:79:45:c7:9e:86:16:f2:a8:ef:
         f8:39:c9:70:c1:c3:98:45:bc:df:3f:1f:0c:02:2c:cf:af:94:
         79:12:56:22:bb:09:34:ba:ea:09:36:b6:f6:ea:0a:73:dc:66:
         36:cd:45:03:04:52:6d:21:5b:05:98:33:3e:51:bb:d9:5c:d0:
         68:43:c4:c7:7e:64:99:3f:bd:20:54:12:07:8a:71:f4:f1:bc:
         26:f3:dd:d2:ba:1f:fb:df:54:ee:52:f6:97:fa:61:25:fe:e8:
         07:83:b5:c2
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZjAktJzbhvWrRD5GhIuOpZTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MWJkN2RkMWY4YWM4YjQxOTJiYTc4YTU5MjM0OGI1ZGQw
YTFhNjYwHhcNMjUwODE5MDQyNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTBjNGU4NDI2NjNmMjc0YjdlZWM1YWM1MDMyYTU5OWMyYmU0NzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0pghpFnFM1ojiceO7zutuLXaYmDj
XDPkA2+wOfbCPl7N99oGZYNQyRQcuCGSQD5yJirE6fJLs+4T1tIkkobP6N7mV0Hw
bHeuH9jhD/zLY6M6DEP6kZ5tBeq+XdiRD+zmLqDqEZZKtct/7N7fSL/NyZebNx6V
K2eQR8VUa0Kxbn4/r6eJ609BGdXSgxNU/sr+xPUb4uwuUlg8xBb3pZ7dZZSX5Vs0
4KizyKILaX5cn0GkKRKCQUwOts9Yrqa9aaUB+nNovg+T/shp+NE9/TI7AEeOQ5yH
4/+itxp7ilrGo5NxT7sNfOgVwVLeNGf76Ia51AXz2X3Qcv8s4dvq8XM1tQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPoMToQmY/J0t+7FrFAypZnCvkcPMB8GA1UdIwQY
MBaAFOYb190fisi0GSunilkjSLXdChpmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWh2WDNSLUt5TFFaSzZlS1dTTkl0ZDBLR21ZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80YWNjMTUtYmJhMC00NDU5LTk2Njct
ZGU5YjJmOGY3ZTI5LzEvMS1neE9oQ1pqOG5TMzdzV3NVREtsbWNLLVJ3OC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDAvNGFjYzE1LWJiYTAtNDQ1OS05NjY3LWRlOWIyZjhmN2Uy
OS8xLzVodlgzUi1LeUxRWks2ZUtXU05JdGQwS0dtWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEArmB0AME
ArnHxDANBgkqhkiG9w0BAQsFAAOCAQEABJLHhb9cqEfTCikkLvT69JxdHlRDfQO9
dQvFpwTg7SeqEhEYmAVZYuC+RWWBo2mntM4PtgOP66OE6ZugVvLvr/Bjyd9SjZdI
1duc2eZ0E9ZFyn1T+kiDIOwPugDOFrmcWJbH9tUb+AXVCnw/e3D3RUQcnTpvUzCQ
DYs5mKOTQxt/pYGrjiB2D9LNxESq7jpSN85r6VYSXK/PeUXHnoYW8qjv+DnJcMHD
mEW83z8fDAIsz6+UeRJWIrsJNLrqCTa29uoKc9xmNs1FAwRSbSFbBZgzPlG72VzQ
aEPEx35kmT+9IFQSB4px9PG8JvPd0rof+99U7lL2l/phJf7oB4O1wg==
-----END CERTIFICATE-----