Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/_RcJWBC9z2DoyJEEVJqiJ3iNmSY.roa
File:                     _RcJWBC9z2DoyJEEVJqiJ3iNmSY.roa (raw, json)
Hash identifier:          shwbQcS4UjqPIXlBcN1Jjj6/KYNyV5tzzIShWjZk6kQ=
Subject key identifier:   FD:17:09:58:10:BD:CF:60:E8:C8:91:04:54:9A:A2:27:78:8D:99:26
Certificate issuer:       /CN=c8c2c7314593042cf74210f7f03be7106c224f89
Certificate serial:       01980827E474E76D9032EE7E6834D75F31EB
Authority key identifier: C8:C2:C7:31:45:93:04:2C:F7:42:10:F7:F0:3B:E7:10:6C:22:4F:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yMLHMUWTBCz3QhD38DvnEGwiT4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/_RcJWBC9z2DoyJEEVJqiJ3iNmSY.roa
Signing time:             Mon 14 Jul 2025 08:58:08 +0000
ROA not before:           Mon 14 Jul 2025 08:58:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208972
IP address blocks:        185.233.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/yMLHMUWTBCz3QhD38DvnEGwiT4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/yMLHMUWTBCz3QhD38DvnEGwiT4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yMLHMUWTBCz3QhD38DvnEGwiT4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 05:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:08:27:e4:74:e7:6d:90:32:ee:7e:68:34:d7:5f:31:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8c2c7314593042cf74210f7f03be7106c224f89
        Validity
            Not Before: Jul 14 08:58:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd17095810bdcf60e8c89104549aa227788d9926
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:7d:7f:cf:a2:6a:05:dc:1d:0d:e3:84:fd:d9:
                    f9:36:7d:26:68:1d:58:2e:15:e2:e6:85:31:79:f6:
                    61:f0:0d:d1:02:51:80:bf:da:54:9d:b5:61:c3:9d:
                    16:35:05:32:d6:fa:bb:bb:a0:58:0d:9a:c9:3f:29:
                    35:62:89:9a:a7:18:81:02:6f:a9:67:01:63:ae:88:
                    04:0a:04:c8:d3:03:09:b0:c0:99:ef:29:e7:9d:44:
                    97:36:bc:15:05:08:de:be:f7:6f:bd:e4:93:48:f2:
                    86:51:0c:a1:3d:33:fc:f6:29:d1:18:c8:cc:24:06:
                    86:ed:4a:f6:11:f9:d9:1f:03:0e:a9:b6:6b:2d:ca:
                    ad:17:e5:e9:ad:a4:77:d6:e6:1c:66:fd:87:0c:eb:
                    74:c5:ec:c1:79:13:ba:43:e7:7a:52:76:2b:70:a5:
                    da:35:75:08:51:68:0a:3b:d3:7e:71:cc:c7:94:d0:
                    18:71:69:2d:2c:ab:c6:54:51:64:bf:17:d3:02:f1:
                    cd:3f:c0:e8:fc:06:df:f5:f3:ff:1f:2f:0a:ca:88:
                    8b:af:ab:93:07:6c:6c:c9:3e:e7:a4:15:4c:a5:bd:
                    d4:ac:00:21:77:6c:69:fd:73:9c:37:8b:df:45:19:
                    bb:6f:8e:bb:b7:4d:aa:85:fd:c6:95:39:12:93:94:
                    20:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:17:09:58:10:BD:CF:60:E8:C8:91:04:54:9A:A2:27:78:8D:99:26
            X509v3 Authority Key Identifier:
                keyid:C8:C2:C7:31:45:93:04:2C:F7:42:10:F7:F0:3B:E7:10:6C:22:4F:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yMLHMUWTBCz3QhD38DvnEGwiT4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/_RcJWBC9z2DoyJEEVJqiJ3iNmSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/yMLHMUWTBCz3QhD38DvnEGwiT4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.233.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:ec:8b:10:b5:a3:6d:18:30:1c:e8:7f:d7:93:26:ee:14:a0:
         3e:0f:b3:e4:c5:39:86:db:51:a2:98:de:35:12:ac:d3:94:5a:
         bd:71:4e:8e:ce:a8:d4:15:f8:1e:cf:1d:15:a4:ea:ff:01:e2:
         9b:e4:32:47:45:14:57:1a:d9:76:49:6a:51:e6:dc:92:e5:dc:
         38:b4:fc:90:82:36:3a:e5:4c:d0:7d:a3:43:2b:9e:46:c5:f0:
         ce:46:80:a6:c1:50:23:f8:70:10:86:95:47:64:0a:6f:b9:d4:
         2f:33:12:0d:29:37:a8:17:ac:71:42:f2:d5:ac:a6:39:1d:55:
         85:43:e4:71:9d:bc:67:89:b0:9e:f0:b9:af:26:33:a4:fe:24:
         ef:cc:68:73:90:d7:e0:5b:a7:6a:d1:de:af:44:7d:53:0e:57:
         a2:4f:2b:6d:94:d4:4e:56:59:1d:23:3c:ed:03:59:83:29:00:
         bc:69:53:9f:19:bc:b6:96:97:5a:94:66:d9:54:61:f4:e6:66:
         d2:a8:10:65:2b:f1:45:b5:86:7a:b1:19:70:c3:52:69:b8:e9:
         fa:77:ed:11:a6:f8:bf:0f:9e:70:c6:ba:9c:d8:4d:e2:57:5d:
         8c:19:7b:27:9f:cb:28:cc:4d:f9:f7:43:02:46:f4:8b:83:20:
         f0:0c:49:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgIJ+R0522QMu5+aDTXXzHrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4YzJjNzMxNDU5MzA0MmNmNzQyMTBmN2YwM2JlNzEwNmMy
MjRmODkwHhcNMjUwNzE0MDg1ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDE3MDk1ODEwYmRjZjYwZThjODkxMDQ1NDlhYTIyNzc4OGQ5OTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoH1/z6JqBdwdDeOE/dn5Nn0maB1Y
LhXi5oUxefZh8A3RAlGAv9pUnbVhw50WNQUy1vq7u6BYDZrJPyk1YomapxiBAm+p
ZwFjrogECgTI0wMJsMCZ7ynnnUSXNrwVBQjevvdvveSTSPKGUQyhPTP89inRGMjM
JAaG7Ur2EfnZHwMOqbZrLcqtF+XpraR31uYcZv2HDOt0xezBeRO6Q+d6UnYrcKXa
NXUIUWgKO9N+cczHlNAYcWktLKvGVFFkvxfTAvHNP8Do/Abf9fP/Hy8KyoiLr6uT
B2xsyT7npBVMpb3UrAAhd2xp/XOcN4vfRRm7b467t02qhf3GlTkSk5QgmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP0XCVgQvc9g6MiRBFSaoid4jZkmMB8GA1UdIwQY
MBaAFMjCxzFFkwQs90IQ9/A75xBsIk+JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU1MSE1VV1RCQ3ozUWhEMzhEdm5FR3dpVDRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9iMmRiZTAtMDRjNS00MWJhLWFjNjIt
M2E1M2QwZWY4YjVhLzEvX1JjSldCQzl6MkRveUpFRVZKcWlKM2lObVNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9iMmRiZTAtMDRjNS00MWJhLWFjNjItM2E1M2QwZWY4YjVh
LzEveU1MSE1VV1RCQ3ozUWhEMzhEdm5FR3dpVDRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuenbMA0G
CSqGSIb3DQEBCwUAA4IBAQBt7IsQtaNtGDAc6H/XkybuFKA+D7PkxTmG21GimN41
EqzTlFq9cU6OzqjUFfgezx0VpOr/AeKb5DJHRRRXGtl2SWpR5tyS5dw4tPyQgjY6
5UzQfaNDK55GxfDORoCmwVAj+HAQhpVHZApvudQvMxINKTeoF6xxQvLVrKY5HVWF
Q+RxnbxnibCe8LmvJjOk/iTvzGhzkNfgW6dq0d6vRH1TDleiTyttlNROVlkdIzzt
A1mDKQC8aVOfGby2lpdalGbZVGH05mbSqBBlK/FFtYZ6sRlww1JpuOn6d+0Rpvi/
D55wxrqc2E3iV12MGXsnn8sozE3590MCRvSLgyDwDEkF
-----END CERTIFICATE-----