Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/j5Bu15ueoJbA9JzOTf4zPebbgac.roa
File:                     j5Bu15ueoJbA9JzOTf4zPebbgac.roa (raw, json)
Hash identifier:          /KalK1Dgnir3Bwq49AltXYszlGpqXzN1xN2iuVIqsIc=
Subject key identifier:   8F:90:6E:D7:9B:9E:A0:96:C0:F4:9C:CE:4D:FE:33:3D:E6:DB:81:A7
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       0198DAEF2D7C697A0AC2420D949412DFA0C5
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/j5Bu15ueoJbA9JzOTf4zPebbgac.roa
Signing time:             Sun 24 Aug 2025 07:16:04 +0000
ROA not before:           Sun 24 Aug 2025 07:16:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.83.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:da:ef:2d:7c:69:7a:0a:c2:42:0d:94:94:12:df:a0:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Aug 24 07:16:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f906ed79b9ea096c0f49cce4dfe333de6db81a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:39:7d:05:42:3b:f9:51:01:cc:e3:b8:70:fc:
                    ac:b2:d5:12:e3:ae:e5:95:b9:ec:ba:c8:a2:bd:f2:
                    b9:8b:8a:91:4d:47:74:33:3f:18:e9:73:2d:22:cc:
                    04:81:5c:dc:3d:e7:63:6b:80:27:24:bd:9e:87:38:
                    c1:a3:77:e9:b1:11:90:43:4f:b0:64:3b:58:d9:ef:
                    c2:e2:ba:c4:08:5d:24:51:81:58:dd:58:cd:78:6f:
                    9c:c6:2b:75:1f:f0:84:8f:b1:b2:40:c2:1d:14:dd:
                    a5:09:6a:20:08:42:90:b4:f5:25:3e:73:d5:af:07:
                    db:2f:70:50:04:ea:1b:38:7b:3a:af:88:60:fd:8f:
                    a3:fe:e9:da:f8:2b:b9:88:7d:59:80:ae:4b:f7:02:
                    bd:d1:ff:3c:7e:1b:2f:75:ee:2c:56:a2:e2:30:73:
                    94:bc:ad:6f:5c:8c:24:28:a6:7f:ac:38:b5:b4:fc:
                    bb:eb:78:77:55:a1:65:42:61:31:1d:eb:4f:c9:fc:
                    02:30:7a:be:12:b0:e8:07:aa:ae:e8:d3:e9:ba:11:
                    2f:c9:86:c2:51:ab:82:74:fa:79:4e:a4:9d:a4:7c:
                    78:f2:3f:e1:e6:11:21:cc:db:b5:c2:0b:5d:cf:34:
                    65:1b:eb:75:04:0d:5d:9e:ae:8c:6e:e1:10:05:fa:
                    16:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:90:6E:D7:9B:9E:A0:96:C0:F4:9C:CE:4D:FE:33:3D:E6:DB:81:A7
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/j5Bu15ueoJbA9JzOTf4zPebbgac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:e7:63:e7:55:14:47:47:78:38:2e:50:f7:c6:ff:64:7c:fc:
         e5:94:97:92:db:c9:34:34:ff:77:e4:e0:5b:27:81:b8:a9:b9:
         ed:31:27:bd:29:51:1c:65:de:2a:3e:39:ed:83:d7:b9:72:99:
         a0:8c:29:ca:4a:97:4d:ff:87:22:0d:86:fc:2b:7c:81:a9:92:
         5f:09:75:11:72:7e:4c:79:8a:dd:ab:8d:33:3f:52:09:ae:e4:
         f9:82:7d:be:1c:1f:b3:7f:e1:e8:25:c8:33:e3:45:dc:f7:1f:
         a2:9f:1a:37:0e:cf:8e:c9:dc:46:87:3b:ca:8a:35:bd:19:80:
         51:07:91:4a:81:35:10:19:62:5d:2a:c7:20:b0:c9:ab:24:97:
         56:df:c2:03:ca:a9:94:7f:3a:b9:fc:2a:b6:a1:a6:2c:9f:18:
         15:0c:78:7a:bc:e2:d1:f1:e6:9d:56:ab:7e:04:0e:8d:2b:96:
         e6:1a:0d:a9:2b:a3:a5:88:a9:eb:32:c8:55:3d:de:e5:95:e8:
         0e:c0:82:14:8e:9b:43:c6:07:60:40:c8:43:f7:b4:36:18:ea:
         2b:67:15:f0:ef:90:27:31:25:24:94:2c:c4:dc:83:2a:f4:8f:
         e2:17:97:3c:fd:b8:08:90:16:4e:8b:a9:6d:42:32:42:c9:52:
         64:8d:f4:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZja7y18aXoKwkINlJQS36DFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUwODI0MDcxNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjkwNmVkNzliOWVhMDk2YzBmNDljY2U0ZGZlMzMzZGU2ZGI4MWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljl9BUI7+VEBzOO4cPysstUS467l
lbnsusiivfK5i4qRTUd0Mz8Y6XMtIswEgVzcPedja4AnJL2ehzjBo3fpsRGQQ0+w
ZDtY2e/C4rrECF0kUYFY3VjNeG+cxit1H/CEj7GyQMIdFN2lCWogCEKQtPUlPnPV
rwfbL3BQBOobOHs6r4hg/Y+j/una+Cu5iH1ZgK5L9wK90f88fhsvde4sVqLiMHOU
vK1vXIwkKKZ/rDi1tPy763h3VaFlQmExHetPyfwCMHq+ErDoB6qu6NPpuhEvyYbC
UauCdPp5TqSdpHx48j/h5hEhzNu1wgtdzzRlG+t1BA1dnq6MbuEQBfoWxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+QbtebnqCWwPSczk3+Mz3m24GnMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvajVCdTE1dWVvSmJBOUp6T1RmNHpQZWJiZ2FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVPLMA0G
CSqGSIb3DQEBCwUAA4IBAQCm52PnVRRHR3g4LlD3xv9kfPzllJeS28k0NP935OBb
J4G4qbntMSe9KVEcZd4qPjntg9e5cpmgjCnKSpdN/4ciDYb8K3yBqZJfCXURcn5M
eYrdq40zP1IJruT5gn2+HB+zf+HoJcgz40Xc9x+inxo3Ds+OydxGhzvKijW9GYBR
B5FKgTUQGWJdKscgsMmrJJdW38IDyqmUfzq5/Cq2oaYsnxgVDHh6vOLR8eadVqt+
BA6NK5bmGg2pK6OliKnrMshVPd7llegOwIIUjptDxgdgQMhD97Q2GOorZxXw75An
MSUklCzE3IMq9I/iF5c8/bgIkBZOi6ltQjJCyVJkjfRX
-----END CERTIFICATE-----