Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/c010dc-0910-4341-8b33-2e694b339933/1/FlR_sk0hubhPMCfu5raRhlJPJVI.roa
File:                     FlR_sk0hubhPMCfu5raRhlJPJVI.roa (raw, json)
Hash identifier:          jgrduW2nXm1HR9mLaJPf4UkieZBEGxtAqGhwiRKUvSE=
Subject key identifier:   16:54:7F:B2:4D:21:B9:B8:4F:30:27:EE:E6:B6:91:86:52:4F:25:52
Certificate issuer:       /CN=4a9c5e56aacd01ffb2825a931ed5ede41c3f92e6
Certificate serial:       0198E66F81F763D1F56CBD56F6A32606F266
Authority key identifier: 4A:9C:5E:56:AA:CD:01:FF:B2:82:5A:93:1E:D5:ED:E4:1C:3F:92:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SpxeVqrNAf-yglqTHtXt5Bw_kuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/c010dc-0910-4341-8b33-2e694b339933/1/FlR_sk0hubhPMCfu5raRhlJPJVI.roa
Signing time:             Tue 26 Aug 2025 12:52:04 +0000
ROA not before:           Tue 26 Aug 2025 12:52:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204511
IP address blocks:        185.197.116.0/22 maxlen: 22
                          185.197.118.0/24 maxlen: 24
                          2a05:3f06::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/c010dc-0910-4341-8b33-2e694b339933/1/SpxeVqrNAf-yglqTHtXt5Bw_kuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/c010dc-0910-4341-8b33-2e694b339933/1/SpxeVqrNAf-yglqTHtXt5Bw_kuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SpxeVqrNAf-yglqTHtXt5Bw_kuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 20:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e6:6f:81:f7:63:d1:f5:6c:bd:56:f6:a3:26:06:f2:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a9c5e56aacd01ffb2825a931ed5ede41c3f92e6
        Validity
            Not Before: Aug 26 12:52:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16547fb24d21b9b84f3027eee6b69186524f2552
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:5a:5b:6b:9d:e7:1d:a7:c9:1c:f3:17:65:b8:
                    12:28:2a:68:44:27:fc:35:f1:44:ac:89:b2:9b:88:
                    dc:37:d9:4d:25:4e:fe:5b:02:fd:f3:1b:b9:5a:fe:
                    b5:1a:9c:26:d1:f7:2c:bc:ed:28:7a:49:b7:c3:fe:
                    31:d1:7b:45:c9:9f:6c:89:b8:e2:b3:ab:6e:69:88:
                    cb:1d:f3:4d:71:29:25:f0:cd:2d:be:df:eb:9e:65:
                    f9:d5:5e:02:84:0e:9f:2d:fd:67:61:d4:70:71:75:
                    53:26:6e:53:fa:fd:f0:e6:f0:bd:4d:12:85:56:5b:
                    65:0b:36:c6:59:24:96:09:9e:b6:9f:32:f4:a4:cf:
                    55:fb:a5:ae:15:4a:0e:6b:b3:c0:22:33:87:39:b6:
                    88:ab:88:b3:09:b1:cf:2e:d7:13:88:2b:6b:c3:25:
                    03:11:08:3d:5a:f2:23:fc:98:4e:a1:52:65:4c:db:
                    6a:dd:ed:1f:9a:5a:38:d4:41:25:b8:1c:7b:9e:fb:
                    3b:fe:d5:a8:c5:27:1f:5d:3a:8c:70:44:e7:64:bd:
                    3b:82:2f:91:9a:f0:aa:6b:94:ca:48:ee:b8:c0:64:
                    2c:7b:38:fc:14:28:62:d2:f8:9f:ba:f3:b8:f5:98:
                    bf:4a:36:45:4a:5c:54:64:04:02:53:5d:c7:5b:ed:
                    a1:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:54:7F:B2:4D:21:B9:B8:4F:30:27:EE:E6:B6:91:86:52:4F:25:52
            X509v3 Authority Key Identifier:
                keyid:4A:9C:5E:56:AA:CD:01:FF:B2:82:5A:93:1E:D5:ED:E4:1C:3F:92:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SpxeVqrNAf-yglqTHtXt5Bw_kuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c010dc-0910-4341-8b33-2e694b339933/1/FlR_sk0hubhPMCfu5raRhlJPJVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c010dc-0910-4341-8b33-2e694b339933/1/SpxeVqrNAf-yglqTHtXt5Bw_kuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.116.0/22
                IPv6:
                  2a05:3f06::/32

    Signature Algorithm: sha256WithRSAEncryption
         95:c5:52:8b:bd:25:ac:71:19:55:d6:b2:8a:65:54:48:03:ba:
         2b:c1:8d:3d:d2:82:52:96:2c:5e:d0:0b:17:a4:f9:1e:5b:58:
         29:35:0e:61:65:a4:cf:51:f6:e0:d1:d6:30:25:41:f4:60:a8:
         00:57:4b:f6:46:f1:c4:b1:b2:9e:8e:23:c4:f0:8f:b8:1e:13:
         ad:01:78:af:d1:85:e0:47:0d:3b:2a:0c:42:c3:a0:e6:91:68:
         95:07:87:fd:2d:f1:a9:eb:28:70:96:d1:46:85:01:2c:4a:13:
         eb:f3:c9:ff:a2:30:c0:3f:5f:63:2c:75:0c:f8:35:bd:a1:b9:
         d8:66:e3:7c:e1:74:9e:27:3c:17:ca:4c:87:c2:41:bf:00:32:
         fb:0f:ca:70:f4:ec:41:9e:26:0b:10:db:d6:55:00:8d:59:f5:
         0b:6b:27:34:75:07:b9:26:6b:24:1d:fb:08:aa:c5:3d:2b:62:
         67:02:d4:dc:0d:3d:83:47:b0:b9:d0:c2:c7:ce:40:a8:67:b0:
         f6:37:31:2e:f4:9c:4b:2d:d8:76:b8:b4:c2:a4:47:0e:5a:88:
         60:f9:22:c8:35:77:05:59:e8:2a:3d:af:3a:2c:90:fc:85:bf:
         87:37:da:1b:c1:f0:11:4c:49:c8:da:65:af:ed:c1:f3:d1:23:
         0d:55:cf:18
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZjmb4H3Y9H1bL1W9qMmBvJmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhOWM1ZTU2YWFjZDAxZmZiMjgyNWE5MzFlZDVlZGU0MWMz
ZjkyZTYwHhcNMjUwODI2MTI1MjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjU0N2ZiMjRkMjFiOWI4NGYzMDI3ZWVlNmI2OTE4NjUyNGYyNTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFpba53nHafJHPMXZbgSKCpoRCf8
NfFErImym4jcN9lNJU7+WwL98xu5Wv61Gpwm0fcsvO0oekm3w/4x0XtFyZ9sibji
s6tuaYjLHfNNcSkl8M0tvt/rnmX51V4ChA6fLf1nYdRwcXVTJm5T+v3w5vC9TRKF
VltlCzbGWSSWCZ62nzL0pM9V+6WuFUoOa7PAIjOHObaIq4izCbHPLtcTiCtrwyUD
EQg9WvIj/JhOoVJlTNtq3e0fmlo41EEluBx7nvs7/tWoxScfXTqMcETnZL07gi+R
mvCqa5TKSO64wGQsezj8FChi0vifuvO49Zi/SjZFSlxUZAQCU13HW+2hXQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBZUf7JNIbm4TzAn7ua2kYZSTyVSMB8GA1UdIwQY
MBaAFEqcXlaqzQH/soJakx7V7eQcP5LmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3B4ZVZxck5BZi15Z2xxVEh0WHQ1Qndfa3VZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9jMDEwZGMtMDkxMC00MzQxLThiMzMt
MmU2OTRiMzM5OTMzLzEvRmxSX3NrMGh1YmhQTUNmdTVyYVJobEpQSlZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9jMDEwZGMtMDkxMC00MzQxLThiMzMtMmU2OTRiMzM5OTMz
LzEvU3B4ZVZxck5BZi15Z2xxVEh0WHQ1Qndfa3VZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucV0MA0E
AgACMAcDBQAqBT8GMA0GCSqGSIb3DQEBCwUAA4IBAQCVxVKLvSWscRlV1rKKZVRI
A7orwY090oJSlixe0AsXpPkeW1gpNQ5hZaTPUfbg0dYwJUH0YKgAV0v2RvHEsbKe
jiPE8I+4HhOtAXiv0YXgRw07KgxCw6DmkWiVB4f9LfGp6yhwltFGhQEsShPr88n/
ojDAP19jLHUM+DW9obnYZuN84XSeJzwXykyHwkG/ADL7D8pw9OxBniYLENvWVQCN
WfULayc0dQe5JmskHfsIqsU9K2JnAtTcDT2DR7C50MLHzkCoZ7D2NzEu9JxLLdh2
uLTCpEcOWohg+SLINXcFWegqPa86LJD8hb+HN9obwfARTEnI2mWv7cHz0SMNVc8Y
-----END CERTIFICATE-----