Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/8AuUB3FxiHV1blKo-b6xY84eohk.roa
File:                     8AuUB3FxiHV1blKo-b6xY84eohk.roa (raw, json)
Hash identifier:          Kg20ZKTXvW1uV16aDD+SNuojir6sQqoC1ASnSIoi3uI=
Subject key identifier:   F0:0B:94:07:71:71:88:75:75:6E:52:A8:F9:BE:B1:63:CE:1E:A2:19
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       0199BD9858EDCB3ECAEF017481426952AB5F
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/8AuUB3FxiHV1blKo-b6xY84eohk.roa
Signing time:             Tue 07 Oct 2025 07:35:02 +0000
ROA not before:           Tue 07 Oct 2025 07:35:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4766
IP address blocks:        185.210.168.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:bd:98:58:ed:cb:3e:ca:ef:01:74:81:42:69:52:ab:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Oct  7 07:35:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f00b940771718875756e52a8f9beb163ce1ea219
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:a8:e4:53:ff:36:83:cd:9d:4f:c4:29:b4:47:
                    fd:bc:b5:00:e2:3c:54:9b:3b:b7:c3:d4:d3:f0:7a:
                    28:2a:14:b2:fa:a1:37:a9:d3:de:34:69:0e:ec:37:
                    93:a7:e3:bc:28:9b:39:17:1c:2b:e4:76:d7:b8:61:
                    96:fc:a8:a2:11:cd:80:ad:5e:d8:28:76:22:e6:38:
                    d1:d0:d7:40:38:74:04:c0:87:93:85:b2:dd:ee:75:
                    58:59:43:d7:12:11:86:7a:c5:54:1c:4c:f9:d1:e9:
                    36:3a:bf:cc:b8:86:e3:19:ec:a3:25:fc:23:73:54:
                    91:b2:d6:8b:14:4d:6d:18:7b:1c:1b:ed:c6:1a:dd:
                    7d:d6:ab:d6:8a:1c:cd:df:76:83:7b:8d:7e:6b:03:
                    bc:45:ec:f9:28:c0:57:fd:bd:88:bd:98:72:b8:9b:
                    71:4f:3b:26:ff:54:24:39:3b:a6:41:55:2c:45:51:
                    f4:f1:e9:d9:71:7e:9e:74:86:44:82:d0:27:38:83:
                    b3:4c:aa:b2:8a:af:e5:33:43:b7:ca:6d:54:3a:01:
                    c8:16:1d:21:72:ed:83:dd:64:1f:5a:91:b8:39:da:
                    fb:85:12:6a:d9:0c:f9:e5:91:52:26:d2:07:03:30:
                    d1:b6:5a:ea:80:01:f7:af:79:1f:d0:ea:6e:db:f4:
                    ea:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:0B:94:07:71:71:88:75:75:6E:52:A8:F9:BE:B1:63:CE:1E:A2:19
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/8AuUB3FxiHV1blKo-b6xY84eohk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a3:c1:dd:62:c4:67:dc:1c:e3:56:29:1d:22:e2:c9:74:0c:48:
         9f:43:30:9f:17:f3:ea:68:38:08:a0:87:47:d5:36:ae:b0:69:
         e0:e8:a6:c0:84:73:e1:1d:71:c7:d9:1c:d8:2d:7f:a9:9b:18:
         d3:f6:b7:cb:aa:f6:3d:73:a2:15:ba:72:b9:fd:c5:c7:6c:06:
         a5:23:2c:89:67:e4:07:df:d3:a5:83:25:55:61:c3:71:58:a5:
         3b:47:5d:54:fc:66:75:70:56:2e:06:5d:90:aa:ba:ac:32:7a:
         61:1a:93:e9:0e:69:f1:95:e3:d3:31:b2:99:69:7e:f6:6a:ce:
         d4:6d:c7:16:ea:cc:8f:34:a5:16:be:4a:56:24:d7:25:e1:b4:
         fb:7f:86:53:88:6d:bc:5f:12:b8:3b:f2:e2:af:6e:70:db:38:
         67:d7:2e:c8:76:fa:5d:80:14:eb:e2:e2:10:48:66:7c:b2:e4:
         c9:2a:79:64:df:d6:b9:5a:3f:dc:aa:0b:c4:c1:62:9c:42:00:
         cf:7d:aa:7c:cb:54:0c:f0:b4:43:9d:e7:d8:d6:2b:ed:b2:60:
         92:6a:c3:7c:79:da:57:5d:38:98:01:9e:05:46:ba:4b:3f:f4:
         b3:a2:fb:f2:a4:a6:d7:21:a3:b3:92:ff:cb:d5:89:b7:d3:a5:
         92:85:d9:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm9mFjtyz7K7wF0gUJpUqtfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjUxMDA3MDczNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDBiOTQwNzcxNzE4ODc1NzU2ZTUyYThmOWJlYjE2M2NlMWVhMjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqjkU/82g82dT8QptEf9vLUA4jxU
mzu3w9TT8HooKhSy+qE3qdPeNGkO7DeTp+O8KJs5Fxwr5HbXuGGW/KiiEc2ArV7Y
KHYi5jjR0NdAOHQEwIeThbLd7nVYWUPXEhGGesVUHEz50ek2Or/MuIbjGeyjJfwj
c1SRstaLFE1tGHscG+3GGt191qvWihzN33aDe41+awO8Rez5KMBX/b2IvZhyuJtx
Tzsm/1QkOTumQVUsRVH08enZcX6edIZEgtAnOIOzTKqyiq/lM0O3ym1UOgHIFh0h
cu2D3WQfWpG4Odr7hRJq2Qz55ZFSJtIHAzDRtlrqgAH3r3kf0Opu2/TqDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPALlAdxcYh1dW5SqPm+sWPOHqIZMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvOEF1VUIzRnhpSFYxYmxLby1iNnhZODRlb2hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudKoMA0G
CSqGSIb3DQEBCwUAA4IBAQCjwd1ixGfcHONWKR0i4sl0DEifQzCfF/PqaDgIoIdH
1TausGng6KbAhHPhHXHH2RzYLX+pmxjT9rfLqvY9c6IVunK5/cXHbAalIyyJZ+QH
39OlgyVVYcNxWKU7R11U/GZ1cFYuBl2QqrqsMnphGpPpDmnxlePTMbKZaX72as7U
bccW6syPNKUWvkpWJNcl4bT7f4ZTiG28XxK4O/Lir25w2zhn1y7IdvpdgBTr4uIQ
SGZ8suTJKnlk39a5Wj/cqgvEwWKcQgDPfap8y1QM8LRDnefY1ivtsmCSasN8edpX
XTiYAZ4FRrpLP/SzovvypKbXIaOzkv/L1Ym306WShdnE
-----END CERTIFICATE-----