Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/4ae4c7-f286-4c6e-9514-88e6816271f7/1/DI4aL2VDjSmaj-T6WF7qWyVxEy8.roa
File:                     DI4aL2VDjSmaj-T6WF7qWyVxEy8.roa (raw, json)
Hash identifier:          irLOs0EfjvwV0yEqJPJZBOPh+tRGrPv6PzJ4eB+9FwU=
Subject key identifier:   0C:8E:1A:2F:65:43:8D:29:9A:8F:E4:FA:58:5E:EA:5B:25:71:13:2F
Certificate issuer:       /CN=bc9c403ad007e2a242a6b09061a3c1a360a64d5a
Certificate serial:       0197F44DCD1743D3B4FADB4187025E26B499
Authority key identifier: BC:9C:40:3A:D0:07:E2:A2:42:A6:B0:90:61:A3:C1:A3:60:A6:4D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vJxAOtAH4qJCprCQYaPBo2CmTVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/4ae4c7-f286-4c6e-9514-88e6816271f7/1/DI4aL2VDjSmaj-T6WF7qWyVxEy8.roa
Signing time:             Thu 10 Jul 2025 12:27:08 +0000
ROA not before:           Thu 10 Jul 2025 12:27:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        185.112.188.0/24 maxlen: 24
                          185.112.189.0/24 maxlen: 24
                          185.112.190.0/24 maxlen: 24
                          185.112.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/4ae4c7-f286-4c6e-9514-88e6816271f7/1/vJxAOtAH4qJCprCQYaPBo2CmTVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/4ae4c7-f286-4c6e-9514-88e6816271f7/1/vJxAOtAH4qJCprCQYaPBo2CmTVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vJxAOtAH4qJCprCQYaPBo2CmTVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 04:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f4:4d:cd:17:43:d3:b4:fa:db:41:87:02:5e:26:b4:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc9c403ad007e2a242a6b09061a3c1a360a64d5a
        Validity
            Not Before: Jul 10 12:27:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c8e1a2f65438d299a8fe4fa585eea5b2571132f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e3:c4:37:f5:86:c6:36:ac:66:a7:81:f5:14:
                    89:d8:f9:99:45:d0:bb:f2:ee:19:15:2a:c4:ff:fc:
                    e9:9f:1a:12:93:ce:79:22:1b:b0:69:1f:67:58:76:
                    32:4b:c9:5f:05:87:87:e4:51:e5:07:43:c1:29:0e:
                    55:e0:68:24:ef:f4:8e:fb:bc:c3:d7:b5:e9:4e:39:
                    d3:da:42:0f:b6:86:f3:c6:78:83:29:f5:ca:78:42:
                    91:a4:e9:06:44:f8:5a:aa:49:bb:4d:93:79:8a:7e:
                    c5:18:4c:9a:d7:12:2a:0f:09:85:54:39:a4:aa:97:
                    77:96:23:d4:01:8c:0b:ea:e7:a1:14:5a:89:d1:ea:
                    dd:c4:c4:a4:bc:23:56:82:f2:20:12:dd:59:87:6d:
                    67:95:7a:ed:a5:6e:28:95:c1:dc:4e:10:bf:a1:7b:
                    3f:84:df:34:fd:82:07:cb:ef:db:13:98:3e:59:9a:
                    ef:9e:05:b4:88:26:a1:64:10:58:57:c9:8e:5f:ac:
                    c0:ed:0a:b2:f1:43:f4:2c:6c:0c:35:6e:a0:c6:9c:
                    11:d2:26:48:aa:4a:2b:e1:75:cc:cf:68:ad:1e:1c:
                    33:88:5d:cd:9a:62:7b:5c:a0:f0:c9:5b:ff:b2:3b:
                    ce:40:dd:de:2b:b5:03:7b:42:dc:40:e9:00:42:ef:
                    2d:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:8E:1A:2F:65:43:8D:29:9A:8F:E4:FA:58:5E:EA:5B:25:71:13:2F
            X509v3 Authority Key Identifier:
                keyid:BC:9C:40:3A:D0:07:E2:A2:42:A6:B0:90:61:A3:C1:A3:60:A6:4D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vJxAOtAH4qJCprCQYaPBo2CmTVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/4ae4c7-f286-4c6e-9514-88e6816271f7/1/DI4aL2VDjSmaj-T6WF7qWyVxEy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/4ae4c7-f286-4c6e-9514-88e6816271f7/1/vJxAOtAH4qJCprCQYaPBo2CmTVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:02:d7:9f:a0:36:be:d8:28:c4:fa:81:ba:e0:a3:e4:8c:b1:
         46:79:68:a2:a2:88:6e:48:b5:b2:f3:34:74:b7:83:e9:6d:a8:
         7d:c9:34:ab:57:e7:a4:06:ab:55:b5:91:9e:7b:63:01:7a:9d:
         87:69:0c:1a:d5:70:73:b8:ab:7e:5a:18:2a:bd:54:0b:c3:43:
         39:64:eb:ec:4c:7a:38:b9:5f:11:58:7f:d5:b4:18:30:db:0e:
         70:9a:94:b5:cc:51:dd:8b:68:eb:5b:48:bf:31:46:2f:4f:82:
         dc:b6:14:63:49:7c:9d:e2:56:fa:cc:ed:30:b5:33:08:1d:c5:
         c6:cc:50:9f:7f:f7:eb:6a:24:5a:41:32:4b:97:e1:e4:39:00:
         ea:e7:63:19:fd:28:ed:ca:7e:2a:45:00:68:a0:ea:34:74:4e:
         f8:00:ba:71:b1:b4:b0:c8:2f:96:64:cb:49:14:06:a4:9c:c6:
         69:6e:cc:5c:15:f0:73:92:16:e4:b6:5f:81:a9:3a:06:0c:17:
         24:c6:fd:88:36:58:c2:03:17:66:ce:9b:13:2a:2a:96:65:ef:
         4b:f6:2c:22:52:65:17:3e:8e:77:f9:b5:5a:d8:b6:23:4d:6f:
         4d:51:72:0d:33:bd:4e:0b:7b:3f:0d:e8:97:53:65:7a:f1:48:
         54:56:53:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf0Tc0XQ9O0+ttBhwJeJrSZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjOWM0MDNhZDAwN2UyYTI0MmE2YjA5MDYxYTNjMWEzNjBh
NjRkNWEwHhcNMjUwNzEwMTIyNzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzhlMWEyZjY1NDM4ZDI5OWE4ZmU0ZmE1ODVlZWE1YjI1NzExMzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuePEN/WGxjasZqeB9RSJ2PmZRdC7
8u4ZFSrE//zpnxoSk855IhuwaR9nWHYyS8lfBYeH5FHlB0PBKQ5V4Ggk7/SO+7zD
17XpTjnT2kIPtobzxniDKfXKeEKRpOkGRPhaqkm7TZN5in7FGEya1xIqDwmFVDmk
qpd3liPUAYwL6uehFFqJ0erdxMSkvCNWgvIgEt1Zh21nlXrtpW4olcHcThC/oXs/
hN80/YIHy+/bE5g+WZrvngW0iCahZBBYV8mOX6zA7Qqy8UP0LGwMNW6gxpwR0iZI
qkor4XXMz2itHhwziF3NmmJ7XKDwyVv/sjvOQN3eK7UDe0LcQOkAQu8t2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAyOGi9lQ40pmo/k+lhe6lslcRMvMB8GA1UdIwQY
MBaAFLycQDrQB+KiQqawkGGjwaNgpk1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkp4QU90QUg0cUpDcHJDUVlhUEJvMkNtVFZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS80YWU0YzctZjI4Ni00YzZlLTk1MTQt
ODhlNjgxNjI3MWY3LzEvREk0YUwyVkRqU21hai1UNldGN3FXeVZ4RXk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS80YWU0YzctZjI4Ni00YzZlLTk1MTQtODhlNjgxNjI3MWY3
LzEvdkp4QU90QUg0cUpDcHJDUVlhUEJvMkNtVFZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXC8MA0G
CSqGSIb3DQEBCwUAA4IBAQB8AtefoDa+2CjE+oG64KPkjLFGeWiioohuSLWy8zR0
t4Ppbah9yTSrV+ekBqtVtZGee2MBep2HaQwa1XBzuKt+WhgqvVQLw0M5ZOvsTHo4
uV8RWH/VtBgw2w5wmpS1zFHdi2jrW0i/MUYvT4LcthRjSXyd4lb6zO0wtTMIHcXG
zFCff/fraiRaQTJLl+HkOQDq52MZ/Sjtyn4qRQBooOo0dE74ALpxsbSwyC+WZMtJ
FAaknMZpbsxcFfBzkhbktl+BqToGDBckxv2INljCAxdmzpsTKiqWZe9L9iwiUmUX
Po53+bVa2LYjTW9NUXINM71OC3s/DeiXU2V68UhUVlP7
-----END CERTIFICATE-----