Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/22heYmdbTfROS8eeFqJhj0nQxQg.roa
File:                     22heYmdbTfROS8eeFqJhj0nQxQg.roa (raw, json)
Hash identifier:          /bgfNL2NcGPZNQbvjl3QuqGdvunfqkzaXEyQAxT3eLg=
Subject key identifier:   DB:68:5E:62:67:5B:4D:F4:4E:4B:C7:9E:16:A2:61:8F:49:D0:C5:08
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       01992D44C201F4D449AD66804F64B0F061BA
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/22heYmdbTfROS8eeFqJhj0nQxQg.roa
Signing time:             Tue 09 Sep 2025 06:58:24 +0000
ROA not before:           Tue 09 Sep 2025 06:58:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210281
IP address blocks:        193.233.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 17:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2d:44:c2:01:f4:d4:49:ad:66:80:4f:64:b0:f0:61:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Sep  9 06:58:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db685e62675b4df44e4bc79e16a2618f49d0c508
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:bc:db:2a:9e:f5:4d:39:69:02:1e:10:46:3c:
                    eb:69:b6:be:2f:07:07:c5:f7:ea:75:e9:3a:78:1f:
                    05:3c:43:69:05:6d:46:71:98:9d:3d:c2:45:ad:f1:
                    74:91:87:28:92:d3:8e:16:57:4c:13:32:04:53:54:
                    a9:34:8f:ba:26:bc:a9:0c:c0:55:13:7b:2c:5b:0d:
                    fa:e4:35:41:ef:5b:98:06:e7:b3:a2:86:b9:81:0c:
                    b1:e4:2a:d0:85:ee:70:b0:de:42:cc:08:86:74:c7:
                    1f:31:d5:8b:60:10:8f:45:db:e4:17:67:0e:a1:da:
                    83:a5:f0:1e:4d:53:2b:4e:a4:90:41:08:e0:95:0e:
                    ca:f5:15:62:47:c7:46:94:7a:51:a7:0d:d8:ce:76:
                    57:da:ad:0e:73:50:68:21:6b:f4:56:6e:21:bc:18:
                    f3:c3:9d:f9:80:e5:14:16:a2:3a:db:45:62:da:af:
                    f6:2a:d9:0c:62:c9:5e:82:12:29:8f:05:bf:e5:98:
                    b0:ed:ba:e3:60:d7:4c:2d:43:3a:13:00:cf:eb:50:
                    b2:95:fe:9a:42:b6:70:6d:51:89:26:38:78:ee:7b:
                    49:6f:fd:40:89:8c:72:8d:fc:82:a9:f6:9b:2c:9d:
                    0c:d8:f8:9c:2e:b7:4a:9d:3b:a1:da:70:bb:51:c5:
                    ef:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:68:5E:62:67:5B:4D:F4:4E:4B:C7:9E:16:A2:61:8F:49:D0:C5:08
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/22heYmdbTfROS8eeFqJhj0nQxQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:16:dc:1b:86:56:75:f8:aa:5f:7e:75:f0:1f:7e:43:f4:a5:
         ee:85:71:05:b6:68:e6:dd:aa:52:7e:cd:a6:c2:11:88:2b:dc:
         01:b3:3e:a3:52:2c:87:c5:c6:86:c9:da:f8:85:94:52:8a:c5:
         20:12:f2:7f:94:f0:db:07:62:f8:c0:cc:18:a6:c1:f1:00:23:
         ec:37:29:fe:6c:64:fd:5f:9d:5e:14:bf:62:6d:a7:8a:e8:af:
         a2:67:08:37:1c:b7:cc:60:9b:bc:2f:24:47:f8:26:6c:c5:6c:
         99:ac:99:af:d3:9e:b1:58:06:10:e0:a4:e4:e8:59:3c:59:2f:
         8e:44:4b:45:12:59:1c:34:5a:21:aa:8e:22:5a:a0:58:91:f1:
         96:94:cb:93:c6:a0:55:69:a2:ee:a5:84:f1:a5:b2:6e:5c:99:
         e7:06:9f:eb:32:c6:63:c7:f7:7b:bc:b0:24:94:7f:b3:dc:b5:
         44:87:d8:a3:07:c0:f9:14:a2:eb:37:4c:0d:e2:6f:3d:ff:79:
         94:ef:c4:a3:f0:05:7a:78:61:a4:6a:4d:83:6b:d1:d5:44:de:
         d8:e6:66:66:f5:08:41:85:d1:e4:6d:5c:b8:bb:24:3e:d6:f6:
         cf:e0:e2:ce:5a:a2:a1:69:66:b0:32:e4:a3:8c:c9:dc:47:4f:
         14:2c:8c:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZktRMIB9NRJrWaAT2Sw8GG6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwOTA5MDY1ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjY4NWU2MjY3NWI0ZGY0NGU0YmM3OWUxNmEyNjE4ZjQ5ZDBjNTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7zbKp71TTlpAh4QRjzraba+LwcH
xffqdek6eB8FPENpBW1GcZidPcJFrfF0kYcoktOOFldMEzIEU1SpNI+6JrypDMBV
E3ssWw365DVB71uYBuezooa5gQyx5CrQhe5wsN5CzAiGdMcfMdWLYBCPRdvkF2cO
odqDpfAeTVMrTqSQQQjglQ7K9RViR8dGlHpRpw3YznZX2q0Oc1BoIWv0Vm4hvBjz
w535gOUUFqI620Vi2q/2KtkMYsleghIpjwW/5Ziw7brjYNdMLUM6EwDP61Cylf6a
QrZwbVGJJjh47ntJb/1AiYxyjfyCqfabLJ0M2PicLrdKnTuh2nC7UcXvswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNtoXmJnW030TkvHnhaiYY9J0MUIMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvMjJoZVltZGJUZlJPUzhlZUZxSmhqMG5ReFFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwemGMA0G
CSqGSIb3DQEBCwUAA4IBAQArFtwbhlZ1+KpffnXwH35D9KXuhXEFtmjm3apSfs2m
whGIK9wBsz6jUiyHxcaGydr4hZRSisUgEvJ/lPDbB2L4wMwYpsHxACPsNyn+bGT9
X51eFL9ibaeK6K+iZwg3HLfMYJu8LyRH+CZsxWyZrJmv056xWAYQ4KTk6Fk8WS+O
REtFElkcNFohqo4iWqBYkfGWlMuTxqBVaaLupYTxpbJuXJnnBp/rMsZjx/d7vLAk
lH+z3LVEh9ijB8D5FKLrN0wN4m89/3mU78Sj8AV6eGGkak2Da9HVRN7Y5mZm9QhB
hdHkbVy4uyQ+1vbP4OLOWqKhaWawMuSjjMncR08ULIxa
-----END CERTIFICATE-----