Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/1eb97a-83bd-4448-b09e-af64a57ac8d2/1/TB8ZBOob0du7AFIwtgPrOWYvJ3c.roa
File:                     TB8ZBOob0du7AFIwtgPrOWYvJ3c.roa (raw, json)
Hash identifier:          3RnPy4J7fbTZwjn2ySXLoVRzIX9Hk6aFnkI/5SMsvYs=
Subject key identifier:   4C:1F:19:04:EA:1B:D1:DB:BB:00:52:30:B6:03:EB:39:66:2F:27:77
Certificate issuer:       /CN=d2628e069b5ed8b4559343b5b67f5ab4f92251fe
Certificate serial:       01983BC1105ADB84F15CB833024047CBDEB9
Authority key identifier: D2:62:8E:06:9B:5E:D8:B4:55:93:43:B5:B6:7F:5A:B4:F9:22:51:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0mKOBpte2LRVk0O1tn9atPkiUf4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/1eb97a-83bd-4448-b09e-af64a57ac8d2/1/TB8ZBOob0du7AFIwtgPrOWYvJ3c.roa
Signing time:             Thu 24 Jul 2025 09:26:05 +0000
ROA not before:           Thu 24 Jul 2025 09:26:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34985
IP address blocks:        185.183.164.0/24 maxlen: 24
                          185.183.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/1eb97a-83bd-4448-b09e-af64a57ac8d2/1/0mKOBpte2LRVk0O1tn9atPkiUf4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/1eb97a-83bd-4448-b09e-af64a57ac8d2/1/0mKOBpte2LRVk0O1tn9atPkiUf4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0mKOBpte2LRVk0O1tn9atPkiUf4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 17:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:3b:c1:10:5a:db:84:f1:5c:b8:33:02:40:47:cb:de:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2628e069b5ed8b4559343b5b67f5ab4f92251fe
        Validity
            Not Before: Jul 24 09:26:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c1f1904ea1bd1dbbb005230b603eb39662f2777
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:1c:50:d2:d5:d6:22:56:ed:1e:ec:51:da:00:
                    6d:21:8b:33:62:2a:db:c0:3a:4e:59:0e:df:68:e1:
                    6a:78:1f:02:fb:2c:f3:be:6a:84:98:6c:34:6b:3d:
                    93:26:21:68:5f:8a:7e:1d:5f:36:77:7d:f4:fd:4a:
                    93:fd:ad:34:b2:73:17:55:63:25:d9:a4:4a:d2:24:
                    c2:c5:76:4f:77:90:0e:b1:29:a3:38:45:56:1e:38:
                    93:72:ad:c2:9f:b8:ba:eb:52:e4:33:d1:4a:e1:5a:
                    f3:89:5c:7d:e5:c0:64:eb:ba:c1:40:ce:ef:8d:b8:
                    d0:64:a9:d8:fa:04:fd:6c:1b:69:95:d7:8a:7a:9c:
                    ac:98:b9:8f:1a:13:fa:04:01:97:6b:01:14:ce:38:
                    97:5c:6b:b0:7f:69:0e:c6:48:db:33:9d:e4:4e:c7:
                    c8:a8:53:42:6a:ca:11:a5:31:46:1a:25:91:06:9c:
                    56:b4:c3:f0:4d:97:1c:2d:83:26:f5:9a:58:12:f8:
                    57:5d:ad:db:2a:6d:81:d0:13:3d:aa:63:8c:5f:fd:
                    92:8e:0d:63:48:ae:ad:b4:8e:bd:dc:83:60:59:45:
                    16:72:e2:65:c4:d3:b9:2b:f7:87:65:93:82:b6:26:
                    96:a8:12:80:c3:06:ed:8c:ab:a8:24:53:b9:64:fc:
                    2e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:1F:19:04:EA:1B:D1:DB:BB:00:52:30:B6:03:EB:39:66:2F:27:77
            X509v3 Authority Key Identifier:
                keyid:D2:62:8E:06:9B:5E:D8:B4:55:93:43:B5:B6:7F:5A:B4:F9:22:51:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0mKOBpte2LRVk0O1tn9atPkiUf4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/1eb97a-83bd-4448-b09e-af64a57ac8d2/1/TB8ZBOob0du7AFIwtgPrOWYvJ3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/1eb97a-83bd-4448-b09e-af64a57ac8d2/1/0mKOBpte2LRVk0O1tn9atPkiUf4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.183.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:2e:5f:e6:e7:0b:52:f0:46:c9:f4:98:30:49:76:05:39:06:
         ad:87:68:e5:9c:a2:98:c3:3b:21:7a:d3:74:70:f4:7f:06:aa:
         65:f5:e9:b7:18:55:4e:b5:0a:97:0b:e1:cb:45:7f:28:b1:de:
         b9:02:95:78:f3:44:12:5f:98:24:17:b5:01:f2:32:9f:49:bc:
         86:1a:dc:61:0f:31:2f:8f:b2:8a:79:82:71:70:71:ef:8e:f9:
         40:07:4f:44:f4:0b:77:f5:db:22:30:50:92:fa:93:8a:02:49:
         b4:71:22:f1:57:30:cb:55:f1:4f:f4:b5:f1:f3:52:a0:5d:f6:
         f0:59:07:10:ae:49:65:cc:1f:04:46:c4:2e:f8:cb:dc:8f:1e:
         7d:1d:04:8e:42:9d:4f:f9:a7:e1:9b:d5:55:18:f1:f5:c7:46:
         01:25:90:16:c8:65:b9:87:76:20:f2:80:e6:8d:a4:5e:d5:bd:
         fc:ed:45:0d:c5:c4:16:d9:e5:48:e7:02:bc:0c:6f:d8:5b:fa:
         d4:72:69:78:97:f6:81:4d:89:54:0e:0c:0c:01:8b:d8:da:a0:
         3f:6e:f8:3f:ba:bb:30:57:06:2e:b6:68:4d:1e:9a:70:c0:74:
         77:40:c5:47:95:dd:a6:52:23:e7:37:be:a3:4a:77:25:91:61:
         c8:d6:a3:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZg7wRBa24TxXLgzAkBHy965MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNjI4ZTA2OWI1ZWQ4YjQ1NTkzNDNiNWI2N2Y1YWI0Zjky
MjUxZmUwHhcNMjUwNzI0MDkyNjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzFmMTkwNGVhMWJkMWRiYmIwMDUyMzBiNjAzZWIzOTY2MmYyNzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRxQ0tXWIlbtHuxR2gBtIYszYirb
wDpOWQ7faOFqeB8C+yzzvmqEmGw0az2TJiFoX4p+HV82d330/UqT/a00snMXVWMl
2aRK0iTCxXZPd5AOsSmjOEVWHjiTcq3Cn7i661LkM9FK4VrziVx95cBk67rBQM7v
jbjQZKnY+gT9bBtpldeKepysmLmPGhP6BAGXawEUzjiXXGuwf2kOxkjbM53kTsfI
qFNCasoRpTFGGiWRBpxWtMPwTZccLYMm9ZpYEvhXXa3bKm2B0BM9qmOMX/2Sjg1j
SK6ttI693INgWUUWcuJlxNO5K/eHZZOCtiaWqBKAwwbtjKuoJFO5ZPwunQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEwfGQTqG9HbuwBSMLYD6zlmLyd3MB8GA1UdIwQY
MBaAFNJijgabXti0VZNDtbZ/WrT5IlH+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG1LT0JwdGUyTFJWazBPMXRuOWF0UGtpVWY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8xZWI5N2EtODNiZC00NDQ4LWIwOWUt
YWY2NGE1N2FjOGQyLzEvVEI4WkJPb2IwZHU3QUZJd3RnUHJPV1l2SjNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8xZWI5N2EtODNiZC00NDQ4LWIwOWUtYWY2NGE1N2FjOGQy
LzEvMG1LT0JwdGUyTFJWazBPMXRuOWF0UGtpVWY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBubekMA0G
CSqGSIb3DQEBCwUAA4IBAQApLl/m5wtS8EbJ9JgwSXYFOQath2jlnKKYwzshetN0
cPR/Bqpl9em3GFVOtQqXC+HLRX8osd65ApV480QSX5gkF7UB8jKfSbyGGtxhDzEv
j7KKeYJxcHHvjvlAB09E9At39dsiMFCS+pOKAkm0cSLxVzDLVfFP9LXx81KgXfbw
WQcQrkllzB8ERsQu+Mvcjx59HQSOQp1P+afhm9VVGPH1x0YBJZAWyGW5h3Yg8oDm
jaRe1b387UUNxcQW2eVI5wK8DG/YW/rUcml4l/aBTYlUDgwMAYvY2qA/bvg/ursw
VwYutmhNHppwwHR3QMVHld2mUiPnN76jSnclkWHI1qMe
-----END CERTIFICATE-----