Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/qokcHE99iTrXl6i5ZKbVWDs737c.roa
File:                     qokcHE99iTrXl6i5ZKbVWDs737c.roa (raw, json)
Hash identifier:          i4+UG/3lSUIbQWMfcvfYr7tTK0L7q3cwt000JnF1onE=
Subject key identifier:   AA:89:1C:1C:4F:7D:89:3A:D7:97:A8:B9:64:A6:D5:58:3B:3B:DF:B7
Certificate issuer:       /CN=49af2153f02409a464e4d7461c802d4b8dd10dff
Certificate serial:       0198A89DA9AF58575CB0BB4C4A64C5B5D6D0
Authority key identifier: 49:AF:21:53:F0:24:09:A4:64:E4:D7:46:1C:80:2D:4B:8D:D1:0D:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sa8hU_AkCaRk5NdGHIAtS43RDf8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/qokcHE99iTrXl6i5ZKbVWDs737c.roa
Signing time:             Thu 14 Aug 2025 12:46:01 +0000
ROA not before:           Thu 14 Aug 2025 12:46:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8764
IP address blocks:        185.140.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/Sa8hU_AkCaRk5NdGHIAtS43RDf8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/Sa8hU_AkCaRk5NdGHIAtS43RDf8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sa8hU_AkCaRk5NdGHIAtS43RDf8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a8:9d:a9:af:58:57:5c:b0:bb:4c:4a:64:c5:b5:d6:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49af2153f02409a464e4d7461c802d4b8dd10dff
        Validity
            Not Before: Aug 14 12:46:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa891c1c4f7d893ad797a8b964a6d5583b3bdfb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:7d:04:56:19:05:4a:c5:aa:06:33:cb:a5:19:
                    8b:6d:26:d2:aa:c2:e1:56:ff:8a:88:d8:39:b8:f1:
                    ec:8f:5e:85:91:62:7a:bf:f6:f9:90:f2:a7:42:97:
                    9a:3d:fd:1a:e8:b7:e9:52:7c:6b:b9:37:e6:ff:4c:
                    4b:d7:cb:3e:72:68:5f:8e:bc:b2:fb:ad:4a:db:89:
                    10:1e:55:41:fa:55:81:11:77:cf:ef:7b:fa:bb:91:
                    5d:1f:3f:57:fc:51:67:b8:7a:16:57:49:78:9b:dd:
                    78:82:d0:9e:ad:f4:8c:e6:e9:52:8a:10:ac:26:ec:
                    7e:e1:02:ed:19:a6:62:60:f5:cf:8b:e0:b2:a7:5b:
                    c6:5e:aa:e2:27:4f:69:bd:f1:82:9b:be:fd:34:cc:
                    90:bb:24:84:fe:77:33:d8:f4:f3:60:6e:a3:b6:02:
                    e6:50:43:1a:51:51:66:f8:20:3c:2d:1a:1e:7f:f8:
                    fd:22:62:41:ed:0d:48:ef:d3:84:ac:c3:8a:43:a7:
                    c7:a6:08:1b:ce:3c:c6:49:2b:48:76:01:89:7a:dc:
                    94:75:32:eb:90:b7:ab:0c:b0:9f:24:23:fb:4a:bd:
                    de:74:34:f2:9a:29:38:11:ba:4d:12:9f:4a:d9:73:
                    d7:5e:9b:79:29:b3:e8:eb:f1:6d:3b:bd:e7:ea:f8:
                    a7:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:89:1C:1C:4F:7D:89:3A:D7:97:A8:B9:64:A6:D5:58:3B:3B:DF:B7
            X509v3 Authority Key Identifier:
                keyid:49:AF:21:53:F0:24:09:A4:64:E4:D7:46:1C:80:2D:4B:8D:D1:0D:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sa8hU_AkCaRk5NdGHIAtS43RDf8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/qokcHE99iTrXl6i5ZKbVWDs737c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/Sa8hU_AkCaRk5NdGHIAtS43RDf8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:19:b3:3c:78:b7:7e:e7:21:5c:1d:d1:91:68:07:93:4e:ef:
         76:4d:be:f3:53:da:09:4c:b1:69:04:3d:0c:fc:18:da:21:a4:
         b2:4d:96:3b:bb:ba:99:01:5d:92:89:75:fe:d4:ef:0b:e3:c9:
         5c:ff:df:0e:a5:52:a8:50:23:2f:5e:3b:d3:52:da:83:42:12:
         4f:66:a9:f4:a2:77:d1:80:dd:09:3b:c5:3b:f6:70:58:f6:c3:
         94:6a:0e:40:d3:a8:eb:d3:db:e5:35:87:c4:92:36:01:5e:52:
         c1:c2:93:9a:24:b3:7d:4a:f4:e5:9a:30:42:66:30:01:d3:72:
         01:4f:1e:38:7f:3e:49:f2:fb:4d:26:34:1b:e3:2c:1e:62:03:
         e9:8b:51:53:a2:2a:56:cd:10:48:47:7a:34:9b:e2:44:99:19:
         8e:3c:91:7a:1a:e6:ce:7c:fb:19:0c:65:58:02:bb:b1:96:d3:
         17:d1:6e:53:81:8c:96:9b:26:5d:b3:8b:de:a7:4b:2b:b8:9e:
         66:3d:dc:09:ca:66:73:33:9c:8a:16:cb:c3:4e:93:f1:7d:54:
         fd:9e:11:42:a5:37:3d:72:30:46:7a:c1:84:51:65:e2:32:ae:
         bf:f5:f1:6d:6b:61:2a:4e:f3:92:c9:06:09:03:30:3b:6c:87:
         17:87:4d:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZionamvWFdcsLtMSmTFtdbQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5YWYyMTUzZjAyNDA5YTQ2NGU0ZDc0NjFjODAyZDRiOGRk
MTBkZmYwHhcNMjUwODE0MTI0NjAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTg5MWMxYzRmN2Q4OTNhZDc5N2E4Yjk2NGE2ZDU1ODNiM2JkZmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2H0EVhkFSsWqBjPLpRmLbSbSqsLh
Vv+KiNg5uPHsj16FkWJ6v/b5kPKnQpeaPf0a6LfpUnxruTfm/0xL18s+cmhfjryy
+61K24kQHlVB+lWBEXfP73v6u5FdHz9X/FFnuHoWV0l4m914gtCerfSM5ulSihCs
Jux+4QLtGaZiYPXPi+Cyp1vGXqriJ09pvfGCm779NMyQuySE/ncz2PTzYG6jtgLm
UEMaUVFm+CA8LRoef/j9ImJB7Q1I79OErMOKQ6fHpggbzjzGSStIdgGJetyUdTLr
kLerDLCfJCP7Sr3edDTymik4EbpNEp9K2XPXXpt5KbPo6/FtO73n6vinWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKqJHBxPfYk615eouWSm1Vg7O9+3MB8GA1UdIwQY
MBaAFEmvIVPwJAmkZOTXRhyALUuN0Q3/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2E4aFVfQWtDYVJrNU5kR0hJQXRTNDNSRGY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9lYjI1YjUtNzFlYS00NjlkLTk0ODQt
NGVhNmRmYjJlNWQzLzEvcW9rY0hFOTlpVHJYbDZpNVpLYlZXRHM3MzdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9lYjI1YjUtNzFlYS00NjlkLTk0ODQtNGVhNmRmYjJlNWQz
LzEvU2E4aFVfQWtDYVJrNU5kR0hJQXRTNDNSRGY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYzlMA0G
CSqGSIb3DQEBCwUAA4IBAQAaGbM8eLd+5yFcHdGRaAeTTu92Tb7zU9oJTLFpBD0M
/BjaIaSyTZY7u7qZAV2SiXX+1O8L48lc/98OpVKoUCMvXjvTUtqDQhJPZqn0onfR
gN0JO8U79nBY9sOUag5A06jr09vlNYfEkjYBXlLBwpOaJLN9SvTlmjBCZjAB03IB
Tx44fz5J8vtNJjQb4yweYgPpi1FToipWzRBIR3o0m+JEmRmOPJF6GubOfPsZDGVY
AruxltMX0W5TgYyWmyZds4vep0sruJ5mPdwJymZzM5yKFsvDTpPxfVT9nhFCpTc9
cjBGesGEUWXiMq6/9fFta2EqTvOSyQYJAzA7bIcXh00J
-----END CERTIFICATE-----