Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/xb8_ZcW4jhf5-8wm9mWIxOrRZjI.roa
File:                     xb8_ZcW4jhf5-8wm9mWIxOrRZjI.roa (raw, json)
Hash identifier:          zko3V+GK6eqPlKbkFaTZdkx+0Cwtxed3gmxJYt8XCTU=
Subject key identifier:   C5:BF:3F:65:C5:B8:8E:17:F9:FB:CC:26:F6:65:88:C4:EA:D1:66:32
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       0199946A101125C1EE9832B75EA1DD5661B2
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/xb8_ZcW4jhf5-8wm9mWIxOrRZjI.roa
Signing time:             Mon 29 Sep 2025 07:40:02 +0000
ROA not before:           Mon 29 Sep 2025 07:40:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57208
IP address blocks:        194.132.36.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:94:6a:10:11:25:c1:ee:98:32:b7:5e:a1:dd:56:61:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Sep 29 07:40:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5bf3f65c5b88e17f9fbcc26f66588c4ead16632
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:4b:40:30:56:6c:34:80:69:e2:a8:ea:95:75:
                    99:43:96:4f:4e:62:92:45:72:e6:0c:64:c0:52:57:
                    d9:6d:20:2d:00:01:ba:09:1f:d0:04:67:8f:aa:89:
                    33:f2:3e:c4:e5:30:24:00:19:0a:eb:46:9e:b2:fc:
                    94:f8:4d:0c:09:21:b9:7b:31:46:ad:d7:41:bb:c7:
                    f1:6e:bc:bb:ab:79:0b:a2:7f:f8:db:e2:fc:dd:b7:
                    6c:32:a2:a4:75:40:d9:b4:7a:49:a2:63:f3:66:62:
                    c7:a7:17:fd:1f:cb:1a:ee:53:1c:e7:d5:18:38:22:
                    cd:3b:ca:17:d3:1d:0d:37:5e:fa:96:f1:72:38:61:
                    45:b1:ce:dc:9a:e4:0f:26:f8:c5:c9:b6:75:a2:14:
                    a5:07:b2:b5:ac:e6:28:ad:77:15:68:b0:34:5f:7f:
                    2a:a2:89:db:91:d4:5b:24:aa:39:05:88:65:96:f3:
                    4e:a9:11:39:41:30:f3:e5:d3:99:8c:6b:3c:50:f2:
                    c7:d5:48:bc:02:01:4e:c0:6a:04:75:ee:5f:b1:c9:
                    97:46:95:d2:2d:3f:6d:ac:3f:fa:60:49:98:26:6b:
                    00:b5:d3:66:3a:c3:d7:b4:1d:41:fd:2d:82:c9:2d:
                    f1:07:3e:17:f0:84:61:25:ca:3c:81:98:2a:01:b4:
                    4e:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:BF:3F:65:C5:B8:8E:17:F9:FB:CC:26:F6:65:88:C4:EA:D1:66:32
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/xb8_ZcW4jhf5-8wm9mWIxOrRZjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.132.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c4:7d:b1:aa:69:c6:b3:fd:14:da:8f:af:5e:06:c2:0b:4e:6d:
         9d:bc:b5:63:78:65:20:c6:d5:52:06:5f:5a:cd:3e:b6:c2:0a:
         06:fa:ac:4a:af:b5:8d:06:82:1e:27:86:1a:2c:9c:a1:11:dc:
         77:c4:a4:8f:da:4e:8a:df:bf:06:94:49:a9:f0:2e:88:2f:59:
         46:95:5d:c9:87:07:46:19:3e:fe:3e:4b:86:74:fb:01:31:1f:
         4d:7a:5c:00:f2:60:24:98:17:9b:08:8c:f6:71:ad:c2:c7:2f:
         36:58:9e:04:af:1b:fa:96:6d:76:16:29:aa:d8:d6:31:eb:11:
         f5:d8:21:02:a9:47:fb:13:69:f9:18:8e:8c:6c:c5:3a:d2:51:
         2c:a1:02:54:80:aa:aa:b2:b7:f2:c8:f8:49:74:b9:3f:b4:1b:
         67:f0:d7:94:b1:4b:d9:ee:fa:52:4d:d5:69:a0:c7:4b:8b:a7:
         1e:5a:1f:6d:e5:72:07:dd:73:7b:ea:20:33:c1:f8:a6:27:85:
         56:f3:f3:b4:1d:3a:50:7c:5c:8a:f7:3b:f3:60:ad:f5:c6:bf:
         01:e2:1b:95:cf:17:30:dc:05:28:6c:5e:f5:6e:e7:80:62:2b:
         68:33:48:3c:c3:93:1a:21:30:94:77:b1:2f:b7:1a:94:50:44:
         83:e6:f7:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmUahARJcHumDK3XqHdVmGyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwOTI5MDc0MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWJmM2Y2NWM1Yjg4ZTE3ZjlmYmNjMjZmNjY1ODhjNGVhZDE2NjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA20tAMFZsNIBp4qjqlXWZQ5ZPTmKS
RXLmDGTAUlfZbSAtAAG6CR/QBGePqokz8j7E5TAkABkK60aesvyU+E0MCSG5ezFG
rddBu8fxbry7q3kLon/42+L83bdsMqKkdUDZtHpJomPzZmLHpxf9H8sa7lMc59UY
OCLNO8oX0x0NN176lvFyOGFFsc7cmuQPJvjFybZ1ohSlB7K1rOYorXcVaLA0X38q
oonbkdRbJKo5BYhllvNOqRE5QTDz5dOZjGs8UPLH1Ui8AgFOwGoEde5fscmXRpXS
LT9trD/6YEmYJmsAtdNmOsPXtB1B/S2CyS3xBz4X8IRhJco8gZgqAbROQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMW/P2XFuI4X+fvMJvZliMTq0WYyMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEveGI4X1pjVzRqaGY1LTh3bTltV0l4T3JSWmpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwoQkMA0G
CSqGSIb3DQEBCwUAA4IBAQDEfbGqacaz/RTaj69eBsILTm2dvLVjeGUgxtVSBl9a
zT62wgoG+qxKr7WNBoIeJ4YaLJyhEdx3xKSP2k6K378GlEmp8C6IL1lGlV3JhwdG
GT7+PkuGdPsBMR9NelwA8mAkmBebCIz2ca3Cxy82WJ4Erxv6lm12Fimq2NYx6xH1
2CECqUf7E2n5GI6MbMU60lEsoQJUgKqqsrfyyPhJdLk/tBtn8NeUsUvZ7vpSTdVp
oMdLi6ceWh9t5XIH3XN76iAzwfimJ4VW8/O0HTpQfFyK9zvzYK31xr8B4huVzxcw
3AUobF71bueAYitoM0g8w5MaITCUd7EvtxqUUESD5vdQ
-----END CERTIFICATE-----