Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/m5QjthCyb83zFe-XzGZ1VPtryIE.roa
File:                     m5QjthCyb83zFe-XzGZ1VPtryIE.roa (raw, json)
Hash identifier:          idq0+QCfBZJuG2uqoWlXprOQsupzpFPhxR03Ji+VJ/A=
Subject key identifier:   9B:94:23:B6:10:B2:6F:CD:F3:15:EF:97:CC:66:75:54:FB:6B:C8:81
Certificate issuer:       /CN=a5c6373eab19cf43dd2f43111398383ee2bad030
Certificate serial:       0198CBBD18B71601B143C93CC8480E2C1D80
Authority key identifier: A5:C6:37:3E:AB:19:CF:43:DD:2F:43:11:13:98:38:3E:E2:BA:D0:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pcY3PqsZz0PdL0MRE5g4PuK60DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/m5QjthCyb83zFe-XzGZ1VPtryIE.roa
Signing time:             Thu 21 Aug 2025 08:27:04 +0000
ROA not before:           Thu 21 Aug 2025 08:27:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.228.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pcY3PqsZz0PdL0MRE5g4PuK60DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pcY3PqsZz0PdL0MRE5g4PuK60DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pcY3PqsZz0PdL0MRE5g4PuK60DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cb:bd:18:b7:16:01:b1:43:c9:3c:c8:48:0e:2c:1d:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5c6373eab19cf43dd2f43111398383ee2bad030
        Validity
            Not Before: Aug 21 08:27:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9b9423b610b26fcdf315ef97cc667554fb6bc881
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:24:c9:f8:c9:8c:41:10:b3:4c:dd:54:80:36:
                    06:46:36:da:b9:36:6e:81:e4:59:50:7d:d0:a7:48:
                    5a:4a:c1:27:e9:a8:b0:2e:eb:01:c7:9d:54:e5:04:
                    b5:f5:a5:86:0b:c5:9f:d1:d2:1d:fd:54:6a:a5:7c:
                    6a:af:1d:6b:55:c2:25:e0:e9:79:b6:f5:91:aa:7c:
                    74:9a:f3:06:d9:23:f3:1d:fa:a0:e4:e4:68:fc:8a:
                    02:09:e9:77:6b:93:bf:74:c4:36:01:25:8e:6e:2f:
                    e0:f3:06:5b:d9:50:de:64:f6:20:e0:39:69:4d:21:
                    42:f5:13:81:25:eb:da:db:fb:72:e5:3f:cd:e4:22:
                    3d:07:ed:dc:97:36:f9:51:76:3a:ec:99:b5:33:95:
                    c7:73:b9:1a:9c:67:d4:59:ad:98:57:06:76:73:31:
                    6f:bf:ca:e7:57:d8:58:83:45:e2:74:62:a5:c4:e7:
                    40:0f:e2:57:ac:34:26:24:06:db:78:cd:3e:20:88:
                    be:27:0a:bb:b0:92:29:4e:65:6e:a8:28:ac:c6:4e:
                    90:54:05:f0:f4:2d:83:0f:82:1d:e7:4c:17:d5:7d:
                    b9:4e:b6:c9:09:c8:02:3e:b7:80:20:e8:00:1f:5c:
                    a8:53:a7:ba:eb:88:5d:37:bb:c0:df:c0:9b:13:a2:
                    b6:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:94:23:B6:10:B2:6F:CD:F3:15:EF:97:CC:66:75:54:FB:6B:C8:81
            X509v3 Authority Key Identifier:
                keyid:A5:C6:37:3E:AB:19:CF:43:DD:2F:43:11:13:98:38:3E:E2:BA:D0:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pcY3PqsZz0PdL0MRE5g4PuK60DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/m5QjthCyb83zFe-XzGZ1VPtryIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pcY3PqsZz0PdL0MRE5g4PuK60DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:f4:0c:2e:87:a0:c7:01:bb:97:8c:71:bd:0c:42:17:c8:55:
         5e:75:4b:be:67:84:db:61:ca:d0:89:c4:35:98:59:d9:6c:df:
         f0:5e:c9:20:44:92:da:c9:5b:12:13:c2:b1:c5:54:ff:b7:56:
         84:dc:23:88:64:cc:fb:22:0c:f0:9f:32:2d:a4:c6:34:7e:73:
         bd:4f:5a:67:69:f9:13:a9:60:66:54:0f:ba:cc:e8:2b:a6:6a:
         52:01:12:59:02:68:34:9a:87:6f:40:6e:f9:54:ef:2a:ef:35:
         6b:5a:6c:05:8d:cc:6b:f4:cd:42:d4:00:7a:52:7b:3b:6e:e5:
         1d:96:5a:74:29:44:93:da:a8:fd:71:67:d5:70:aa:e0:e0:40:
         9e:12:27:5a:5c:57:8e:ab:4e:27:97:61:82:18:7b:23:2a:21:
         39:31:85:fa:2c:a3:9b:e1:9a:b3:ae:92:77:ed:2a:b0:30:ad:
         62:ae:09:f6:a6:21:ef:18:9b:97:7b:ab:b3:b8:a0:de:de:ae:
         e3:a2:b4:f4:3e:0c:4a:f9:c7:19:3a:36:ab:52:e5:a3:0e:85:
         d3:63:07:cd:68:50:30:82:2d:ae:6a:36:18:af:86:bb:19:37:
         4b:1c:e5:38:08:44:c8:7f:0f:aa:10:f1:18:b6:6f:dd:33:06:
         12:7f:5b:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjLvRi3FgGxQ8k8yEgOLB2AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YzYzNzNlYWIxOWNmNDNkZDJmNDMxMTEzOTgzODNlZTJi
YWQwMzAwHhcNMjUwODIxMDgyNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yjk0MjNiNjEwYjI2ZmNkZjMxNWVmOTdjYzY2NzU1NGZiNmJjODgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyTJ+MmMQRCzTN1UgDYGRjbauTZu
geRZUH3Qp0haSsEn6aiwLusBx51U5QS19aWGC8Wf0dId/VRqpXxqrx1rVcIl4Ol5
tvWRqnx0mvMG2SPzHfqg5ORo/IoCCel3a5O/dMQ2ASWObi/g8wZb2VDeZPYg4Dlp
TSFC9ROBJeva2/ty5T/N5CI9B+3clzb5UXY67Jm1M5XHc7kanGfUWa2YVwZ2czFv
v8rnV9hYg0XidGKlxOdAD+JXrDQmJAbbeM0+IIi+Jwq7sJIpTmVuqCisxk6QVAXw
9C2DD4Id50wX1X25TrbJCcgCPreAIOgAH1yoU6e664hdN7vA38CbE6K20QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJuUI7YQsm/N8xXvl8xmdVT7a8iBMB8GA1UdIwQY
MBaAFKXGNz6rGc9D3S9DEROYOD7iutAwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGNZM1Bxc1p6MFBkTDBNUkU1ZzRQdUs2MERBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9mMGY1ZTMtNjA1MC00ZTJkLWE0ZWEt
YTRlYTBhNjNmNzY2LzEvbTVRanRoQ3liODN6RmUtWHpHWjFWUHRyeUlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9mMGY1ZTMtNjA1MC00ZTJkLWE0ZWEtYTRlYTBhNjNmNzY2
LzEvcGNZM1Bxc1p6MFBkTDBNUkU1ZzRQdUs2MERBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueQCMA0G
CSqGSIb3DQEBCwUAA4IBAQCD9Awuh6DHAbuXjHG9DEIXyFVedUu+Z4TbYcrQicQ1
mFnZbN/wXskgRJLayVsSE8KxxVT/t1aE3COIZMz7IgzwnzItpMY0fnO9T1pnafkT
qWBmVA+6zOgrpmpSARJZAmg0modvQG75VO8q7zVrWmwFjcxr9M1C1AB6Uns7buUd
llp0KUST2qj9cWfVcKrg4ECeEidaXFeOq04nl2GCGHsjKiE5MYX6LKOb4ZqzrpJ3
7SqwMK1irgn2piHvGJuXe6uzuKDe3q7jorT0PgxK+ccZOjarUuWjDoXTYwfNaFAw
gi2uajYYr4a7GTdLHOU4CETIfw+qEPEYtm/dMwYSf1tk
-----END CERTIFICATE-----