Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/Fa8qL5_k3yxaN49UkA0pki8l6h4.roa
File:                     Fa8qL5_k3yxaN49UkA0pki8l6h4.roa (raw, json)
Hash identifier:          dc0xpbi1G7AAPL0COGz623a6KaPVNFnWSqvacBHHOY0=
Subject key identifier:   15:AF:2A:2F:9F:E4:DF:2C:5A:37:8F:54:90:0D:29:92:2F:25:EA:1E
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B53CF265EF55700A2D1A70B46D90C3
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/Fa8qL5_k3yxaN49UkA0pki8l6h4.roa
Signing time:             Mon 14 Jul 2025 16:12:09 +0000
ROA not before:           Mon 14 Jul 2025 16:12:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205507
IP address blocks:        185.112.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 06:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b5:3c:f2:65:ef:55:70:0a:2d:1a:70:b4:6d:90:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:12:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15af2a2f9fe4df2c5a378f54900d29922f25ea1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:5f:3c:1d:e5:f3:f3:94:74:50:72:09:2d:bd:
                    fe:82:ef:10:ce:8e:7c:78:a8:77:28:5b:9b:d1:0b:
                    34:59:ce:6f:a1:4e:4c:16:28:1b:8d:71:5d:4a:07:
                    88:45:8a:cd:5e:8f:b2:ae:58:e4:25:0b:75:60:a9:
                    61:9b:b7:df:9f:7b:ed:06:d0:d6:fb:43:d2:6d:dc:
                    f8:54:b4:8f:58:78:c0:f3:88:f6:41:91:c1:4e:25:
                    f0:78:e0:e6:31:32:aa:49:85:39:9d:60:7e:35:f6:
                    c5:d3:c5:0f:3d:e5:ff:0e:86:d5:32:3d:de:84:0e:
                    03:b3:3a:53:8d:57:35:73:19:9e:49:78:17:3e:c5:
                    6b:87:b3:3a:fe:3c:10:b0:50:27:9c:f3:eb:a0:cb:
                    77:53:1e:e9:9e:da:2d:b7:42:bc:a2:5c:4f:03:6c:
                    06:66:d9:14:35:41:a9:93:2f:2f:60:4b:61:56:14:
                    62:2a:d2:5f:b8:f2:91:f9:d1:a2:23:ae:80:cb:3b:
                    e8:65:5a:5f:6d:8e:88:53:66:99:e9:b8:81:e7:a3:
                    0d:37:6b:a0:de:30:a7:f0:32:c5:86:18:77:53:93:
                    e9:6c:0b:ca:ce:dd:f3:22:f4:35:1c:ec:56:38:eb:
                    0a:8b:c4:b1:15:20:18:31:87:4d:65:c0:d9:57:3c:
                    fa:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:AF:2A:2F:9F:E4:DF:2C:5A:37:8F:54:90:0D:29:92:2F:25:EA:1E
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/Fa8qL5_k3yxaN49UkA0pki8l6h4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:38:63:5b:6c:ec:d0:bf:19:1c:92:66:d8:40:b2:9c:68:c0:
         61:18:5d:cb:3f:55:86:5e:c6:b0:11:46:05:a5:75:40:09:fd:
         d9:55:ae:6f:a7:c8:88:87:cd:52:ca:d6:16:4c:70:cc:b4:94:
         16:13:35:8f:e2:b6:1c:90:7f:cb:7b:67:9f:a1:d5:0a:7a:ae:
         8b:61:1d:0d:b8:96:49:c3:46:73:b8:43:e3:a9:94:9d:07:76:
         97:3f:06:35:a8:62:8e:78:ee:28:06:61:ee:b7:a7:70:6b:13:
         d1:08:e9:c2:89:bd:18:de:d2:03:bf:d7:b4:3b:5c:34:f7:f0:
         91:5f:bd:85:27:00:d2:af:54:94:85:5c:59:7f:d5:f6:fc:f8:
         9d:bb:01:6a:25:dd:92:eb:ba:a6:df:f8:23:12:bf:6e:d5:fb:
         cb:34:a2:9d:05:eb:98:3c:a0:b6:0f:01:b3:7f:ed:75:fd:51:
         2c:c6:35:90:86:5a:ce:cc:08:80:51:0d:f0:48:d4:a4:c2:ff:
         c9:b0:22:73:7e:55:71:f4:43:3b:de:8b:7b:80:a0:04:10:81:
         d5:da:66:cc:cd:d6:48:66:0c:e6:71:5c:e7:f3:6a:35:7c:39:
         91:2d:1d:6e:34:9a:0e:ee:cb:83:cd:f0:7d:be:d3:52:ed:78:
         9c:d7:90:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJtTzyZe9VcAotGnC0bZDDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYxMjA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWFmMmEyZjlmZTRkZjJjNWEzNzhmNTQ5MDBkMjk5MjJmMjVlYTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAol88HeXz85R0UHIJLb3+gu8Qzo58
eKh3KFub0Qs0Wc5voU5MFigbjXFdSgeIRYrNXo+yrljkJQt1YKlhm7ffn3vtBtDW
+0PSbdz4VLSPWHjA84j2QZHBTiXweODmMTKqSYU5nWB+NfbF08UPPeX/DobVMj3e
hA4DszpTjVc1cxmeSXgXPsVrh7M6/jwQsFAnnPProMt3Ux7pntott0K8olxPA2wG
ZtkUNUGpky8vYEthVhRiKtJfuPKR+dGiI66AyzvoZVpfbY6IU2aZ6biB56MNN2ug
3jCn8DLFhhh3U5PpbAvKzt3zIvQ1HOxWOOsKi8SxFSAYMYdNZcDZVzz6sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBWvKi+f5N8sWjePVJANKZIvJeoeMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvRmE4cUw1X2szeXhhTjQ5VWtBMHBraThsNmg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXBRMA0G
CSqGSIb3DQEBCwUAA4IBAQDLOGNbbOzQvxkckmbYQLKcaMBhGF3LP1WGXsawEUYF
pXVACf3ZVa5vp8iIh81SytYWTHDMtJQWEzWP4rYckH/Le2efodUKeq6LYR0NuJZJ
w0ZzuEPjqZSdB3aXPwY1qGKOeO4oBmHut6dwaxPRCOnCib0Y3tIDv9e0O1w09/CR
X72FJwDSr1SUhVxZf9X2/PiduwFqJd2S67qm3/gjEr9u1fvLNKKdBeuYPKC2DwGz
f+11/VEsxjWQhlrOzAiAUQ3wSNSkwv/JsCJzflVx9EM73ot7gKAEEIHV2mbMzdZI
ZgzmcVzn82o1fDmRLR1uNJoO7suDzfB9vtNS7Xic15DV
-----END CERTIFICATE-----