Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/DYgC_wXxnEgJuH-cACU484oZ2pE.roa
File:                     DYgC_wXxnEgJuH-cACU484oZ2pE.roa (raw, json)
Hash identifier:          jFVNUxIOqtUEhIDn4xuUsDyMe5nXxi2iJIXpfO1w0VM=
Subject key identifier:   0D:88:02:FF:05:F1:9C:48:09:B8:7F:9C:00:25:38:F3:8A:19:DA:91
Certificate issuer:       /CN=1c766b058c096753a34ad625d53275cd2dba5b33
Certificate serial:       0198EB6DBF992AEFCA07C12D8EAD14C13C22
Authority key identifier: 1C:76:6B:05:8C:09:67:53:A3:4A:D6:25:D5:32:75:CD:2D:BA:5B:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHZrBYwJZ1OjStYl1TJ1zS26WzM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/DYgC_wXxnEgJuH-cACU484oZ2pE.roa
Signing time:             Wed 27 Aug 2025 12:08:14 +0000
ROA not before:           Wed 27 Aug 2025 12:08:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51431
IP address blocks:        185.171.52.0/24 maxlen: 24
                          185.171.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/HHZrBYwJZ1OjStYl1TJ1zS26WzM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/HHZrBYwJZ1OjStYl1TJ1zS26WzM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHZrBYwJZ1OjStYl1TJ1zS26WzM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 09:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:eb:6d:bf:99:2a:ef:ca:07:c1:2d:8e:ad:14:c1:3c:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c766b058c096753a34ad625d53275cd2dba5b33
        Validity
            Not Before: Aug 27 12:08:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d8802ff05f19c4809b87f9c002538f38a19da91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:33:5c:29:fd:44:8a:e1:d9:92:01:b5:ae:0c:
                    9d:fa:05:32:74:07:60:cc:c9:61:bd:87:85:0d:e8:
                    91:da:85:f5:93:71:a5:5e:5b:93:15:5b:e3:f0:c1:
                    3e:fb:df:49:44:11:d8:e1:b9:25:1c:9d:51:50:4a:
                    e8:96:9c:82:4f:89:41:17:7a:5d:2d:0c:9e:c2:19:
                    d4:c4:9c:ff:af:6c:1c:be:40:f2:87:47:5c:f5:84:
                    9c:cb:d5:c0:a5:e3:c3:9b:26:84:b6:ff:3f:2f:bf:
                    81:e6:d9:59:0f:d0:e6:2d:cc:6b:89:82:c1:22:b0:
                    53:fa:b9:2c:ef:7b:fd:4c:96:12:03:59:81:b3:17:
                    9e:99:4d:1d:49:01:ab:98:ed:57:63:fc:25:cc:36:
                    71:17:95:33:e8:77:12:03:9f:c3:36:a4:45:59:74:
                    25:31:db:7d:a2:f6:13:0c:a9:2b:9b:21:b7:2c:45:
                    71:0f:0b:b9:92:7c:35:15:49:6a:e0:f7:0f:8a:2f:
                    68:f8:76:68:14:61:15:ed:99:9a:d0:e3:17:47:1a:
                    88:f2:b3:57:26:4e:92:46:06:54:b3:c5:70:94:8a:
                    26:f8:e6:5f:c8:64:4c:f1:db:ec:66:a2:0a:a4:62:
                    7c:83:a1:21:93:f8:90:d8:ae:1f:6d:0c:91:f3:1d:
                    30:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:88:02:FF:05:F1:9C:48:09:B8:7F:9C:00:25:38:F3:8A:19:DA:91
            X509v3 Authority Key Identifier:
                keyid:1C:76:6B:05:8C:09:67:53:A3:4A:D6:25:D5:32:75:CD:2D:BA:5B:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHZrBYwJZ1OjStYl1TJ1zS26WzM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/DYgC_wXxnEgJuH-cACU484oZ2pE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/HHZrBYwJZ1OjStYl1TJ1zS26WzM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9f:87:d0:60:43:dc:f5:e1:c4:72:4a:a8:d2:04:47:90:08:3f:
         d3:65:5e:a6:df:ef:b1:fd:49:de:ed:b5:ad:18:db:e0:65:35:
         54:78:e4:87:c4:8c:d7:80:df:c3:f9:79:e2:af:81:fa:aa:3c:
         40:29:90:df:9d:73:0f:b1:6e:39:17:09:b2:79:32:67:14:ff:
         3f:bd:c1:41:74:f7:7f:65:7b:e2:de:aa:51:5d:74:a6:96:f4:
         0a:63:34:b8:31:63:0d:01:3f:9e:62:3c:79:fa:e2:c8:26:68:
         55:6d:13:cb:99:1f:ca:f4:5a:9d:43:68:78:ca:13:b0:1f:ef:
         95:66:72:80:06:f8:5c:6e:4c:ab:3d:d0:5f:69:b2:72:56:79:
         15:9d:59:a2:f4:23:e2:51:63:06:82:2e:bc:fa:d8:1a:8e:07:
         45:2b:7c:46:f6:69:f9:d4:6e:14:0d:85:6b:3d:06:20:d7:99:
         4e:18:a3:3e:b7:4f:97:bb:14:9d:41:fd:98:a9:30:89:1c:7e:
         c5:05:82:f7:00:4d:04:02:c5:ec:17:31:85:f7:5f:db:7f:33:
         21:9c:aa:63:51:8d:a5:d7:64:db:1a:8c:46:c5:8d:22:ac:97:
         90:28:d0:91:34:19:13:e4:36:39:99:a3:f8:66:b7:40:39:3d:
         2c:8b:ff:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjrbb+ZKu/KB8Etjq0UwTwiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNzY2YjA1OGMwOTY3NTNhMzRhZDYyNWQ1MzI3NWNkMmRi
YTViMzMwHhcNMjUwODI3MTIwODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDg4MDJmZjA1ZjE5YzQ4MDliODdmOWMwMDI1MzhmMzhhMTlkYTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzNcKf1EiuHZkgG1rgyd+gUydAdg
zMlhvYeFDeiR2oX1k3GlXluTFVvj8ME++99JRBHY4bklHJ1RUErolpyCT4lBF3pd
LQyewhnUxJz/r2wcvkDyh0dc9YScy9XApePDmyaEtv8/L7+B5tlZD9DmLcxriYLB
IrBT+rks73v9TJYSA1mBsxeemU0dSQGrmO1XY/wlzDZxF5Uz6HcSA5/DNqRFWXQl
Mdt9ovYTDKkrmyG3LEVxDwu5knw1FUlq4PcPii9o+HZoFGEV7Zma0OMXRxqI8rNX
Jk6SRgZUs8VwlIom+OZfyGRM8dvsZqIKpGJ8g6Ehk/iQ2K4fbQyR8x0w9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA2IAv8F8ZxICbh/nAAlOPOKGdqRMB8GA1UdIwQY
MBaAFBx2awWMCWdTo0rWJdUydc0tulszMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhackJZd0paMU9qU3RZbDFUSjF6UzI2V3pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hYjgzZGMtYzBlNy00ZWMzLWFmNzIt
ODE5MTdkZmZkY2Q3LzEvRFlnQ193WHhuRWdKdUgtY0FDVTQ4NG9aMnBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hYjgzZGMtYzBlNy00ZWMzLWFmNzItODE5MTdkZmZkY2Q3
LzEvSEhackJZd0paMU9qU3RZbDFUSjF6UzI2V3pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuas0MA0G
CSqGSIb3DQEBCwUAA4IBAQCfh9BgQ9z14cRySqjSBEeQCD/TZV6m3++x/Une7bWt
GNvgZTVUeOSHxIzXgN/D+Xnir4H6qjxAKZDfnXMPsW45FwmyeTJnFP8/vcFBdPd/
ZXvi3qpRXXSmlvQKYzS4MWMNAT+eYjx5+uLIJmhVbRPLmR/K9FqdQ2h4yhOwH++V
ZnKABvhcbkyrPdBfabJyVnkVnVmi9CPiUWMGgi68+tgajgdFK3xG9mn51G4UDYVr
PQYg15lOGKM+t0+XuxSdQf2YqTCJHH7FBYL3AE0EAsXsFzGF91/bfzMhnKpjUY2l
12TbGoxGxY0irJeQKNCRNBkT5DY5maP4ZrdAOT0si/9a
-----END CERTIFICATE-----