Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/oU9vngXlBh9qS58cidJgmaut8mI.roa
File:                     oU9vngXlBh9qS58cidJgmaut8mI.roa (raw, json)
Hash identifier:          81xEhNpA4axjgpY7GYYzc5dvarYHwCL8rkYCGoLgAKQ=
Subject key identifier:   A1:4F:6F:9E:05:E5:06:1F:6A:4B:9F:1C:89:D2:60:99:AB:AD:F2:62
Certificate issuer:       /CN=1c766b058c096753a34ad625d53275cd2dba5b33
Certificate serial:       0198EB6DBEB1BB47A2159FBCB698FE69ACF4
Authority key identifier: 1C:76:6B:05:8C:09:67:53:A3:4A:D6:25:D5:32:75:CD:2D:BA:5B:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHZrBYwJZ1OjStYl1TJ1zS26WzM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/oU9vngXlBh9qS58cidJgmaut8mI.roa
Signing time:             Wed 27 Aug 2025 12:08:14 +0000
ROA not before:           Wed 27 Aug 2025 12:08:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44285
IP address blocks:        185.171.54.0/24 maxlen: 24
                          185.171.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/HHZrBYwJZ1OjStYl1TJ1zS26WzM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/HHZrBYwJZ1OjStYl1TJ1zS26WzM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHZrBYwJZ1OjStYl1TJ1zS26WzM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 21:45:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:eb:6d:be:b1:bb:47:a2:15:9f:bc:b6:98:fe:69:ac:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c766b058c096753a34ad625d53275cd2dba5b33
        Validity
            Not Before: Aug 27 12:08:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a14f6f9e05e5061f6a4b9f1c89d26099abadf262
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:fd:47:7e:90:2d:ff:67:39:4b:9a:00:e6:5c:
                    a9:eb:08:05:fc:9e:4f:92:64:86:c3:87:04:4a:99:
                    75:16:89:83:29:56:6d:22:33:56:f7:5c:3f:f0:15:
                    5d:8b:04:30:a8:ba:3e:6a:c8:88:e9:86:e3:c4:4f:
                    a9:af:0c:08:f9:5a:1c:ac:97:ae:7f:22:3e:96:cc:
                    7d:f2:99:12:07:7a:16:03:97:a6:80:b7:80:7e:68:
                    d1:56:4d:a8:bc:80:ac:bd:b1:03:9a:29:14:68:f2:
                    93:c9:da:15:1d:5f:26:5f:ca:1f:7d:17:7f:1c:59:
                    7f:8c:20:06:5a:98:63:1a:c6:53:c5:cf:74:1d:39:
                    8f:e5:29:2b:c0:fe:dd:c6:7e:97:4c:5e:4c:0a:7f:
                    bb:19:66:9b:04:7a:48:9c:18:a8:fd:b9:a0:d0:94:
                    90:a7:90:9f:15:ee:5e:d8:2a:6a:2e:48:43:b4:e0:
                    45:04:45:fd:2a:f7:fc:60:a9:d2:52:5a:21:bb:5f:
                    5c:5a:be:f0:1d:0e:46:bc:4c:16:ad:55:45:51:e0:
                    6d:0c:f4:c6:cb:84:81:f7:94:43:8d:ec:78:7e:5c:
                    86:e8:fa:2c:02:6a:d5:83:9d:f0:cb:8c:55:29:b6:
                    91:94:69:0e:be:ac:73:d6:bc:13:d8:1a:cf:7a:d3:
                    86:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:4F:6F:9E:05:E5:06:1F:6A:4B:9F:1C:89:D2:60:99:AB:AD:F2:62
            X509v3 Authority Key Identifier:
                keyid:1C:76:6B:05:8C:09:67:53:A3:4A:D6:25:D5:32:75:CD:2D:BA:5B:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHZrBYwJZ1OjStYl1TJ1zS26WzM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/oU9vngXlBh9qS58cidJgmaut8mI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/HHZrBYwJZ1OjStYl1TJ1zS26WzM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         be:26:0f:8f:33:d1:d0:1e:36:c2:db:8f:4a:a2:f7:e8:10:2c:
         86:8e:97:eb:28:d3:6b:53:dc:62:c4:3a:d4:16:74:eb:13:40:
         86:23:ae:0d:c3:c7:df:c9:c6:53:d1:7b:6e:ef:4d:8c:bc:69:
         d5:de:6b:6f:19:fc:b4:10:14:4f:5e:e0:3e:f4:c1:61:c9:e6:
         be:df:bc:82:48:d9:eb:0a:3f:2b:02:85:49:25:79:2e:1e:04:
         98:82:90:b0:dc:c9:1a:a3:68:59:72:dc:1c:b3:33:35:d3:68:
         7d:82:48:a9:31:62:64:78:f0:b9:53:97:67:c8:ad:6a:e0:06:
         23:c5:3c:9a:6e:d4:9a:18:a4:14:53:1c:78:e8:ad:f6:85:21:
         9a:f3:17:91:66:01:8c:01:5f:b0:1a:9f:89:ec:1e:78:45:0e:
         7c:f3:56:7c:d2:f9:f2:59:0c:eb:c4:cf:65:cb:5a:2d:6f:fc:
         9e:fa:7b:f7:d1:52:b7:a7:4b:9c:40:dd:6b:6a:59:52:66:e7:
         62:4b:78:3c:ec:81:c8:4a:2d:f0:55:1c:4d:14:5f:b9:03:38:
         c9:13:a0:d2:aa:15:dc:3c:9e:20:2c:d0:fa:e4:83:0b:5e:a5:
         78:04:f1:d3:d4:de:e9:c5:14:64:71:38:48:d6:04:e7:b7:14:
         08:7c:d3:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjrbb6xu0eiFZ+8tpj+aaz0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNzY2YjA1OGMwOTY3NTNhMzRhZDYyNWQ1MzI3NWNkMmRi
YTViMzMwHhcNMjUwODI3MTIwODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTRmNmY5ZTA1ZTUwNjFmNmE0YjlmMWM4OWQyNjA5OWFiYWRmMjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvf1HfpAt/2c5S5oA5lyp6wgF/J5P
kmSGw4cESpl1FomDKVZtIjNW91w/8BVdiwQwqLo+asiI6YbjxE+prwwI+VocrJeu
fyI+lsx98pkSB3oWA5emgLeAfmjRVk2ovICsvbEDmikUaPKTydoVHV8mX8offRd/
HFl/jCAGWphjGsZTxc90HTmP5SkrwP7dxn6XTF5MCn+7GWabBHpInBio/bmg0JSQ
p5CfFe5e2CpqLkhDtOBFBEX9Kvf8YKnSUlohu19cWr7wHQ5GvEwWrVVFUeBtDPTG
y4SB95RDjex4flyG6PosAmrVg53wy4xVKbaRlGkOvqxz1rwT2BrPetOGTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKFPb54F5QYfakufHInSYJmrrfJiMB8GA1UdIwQY
MBaAFBx2awWMCWdTo0rWJdUydc0tulszMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhackJZd0paMU9qU3RZbDFUSjF6UzI2V3pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hYjgzZGMtYzBlNy00ZWMzLWFmNzIt
ODE5MTdkZmZkY2Q3LzEvb1U5dm5nWGxCaDlxUzU4Y2lkSmdtYXV0OG1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hYjgzZGMtYzBlNy00ZWMzLWFmNzItODE5MTdkZmZkY2Q3
LzEvSEhackJZd0paMU9qU3RZbDFUSjF6UzI2V3pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuas2MA0G
CSqGSIb3DQEBCwUAA4IBAQC+Jg+PM9HQHjbC249KovfoECyGjpfrKNNrU9xixDrU
FnTrE0CGI64Nw8ffycZT0Xtu702MvGnV3mtvGfy0EBRPXuA+9MFhyea+37yCSNnr
Cj8rAoVJJXkuHgSYgpCw3Mkao2hZctwcszM102h9gkipMWJkePC5U5dnyK1q4AYj
xTyabtSaGKQUUxx46K32hSGa8xeRZgGMAV+wGp+J7B54RQ5881Z80vnyWQzrxM9l
y1otb/ye+nv30VK3p0ucQN1rallSZudiS3g87IHISi3wVRxNFF+5AzjJE6DSqhXc
PJ4gLND65IMLXqV4BPHT1N7pxRRkcThI1gTntxQIfNPt
-----END CERTIFICATE-----