Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/54274b-61cb-4686-ab8a-4cf8cf4ff6cd/1/uNOJmAq6voVkPfj182da4gb5W7g.roa
File:                     uNOJmAq6voVkPfj182da4gb5W7g.roa (raw, json)
Hash identifier:          /Vgo6Tc+QicjXS2eidHAg9cx4rFLuic3fsDr6FFDDKU=
Subject key identifier:   B8:D3:89:98:0A:BA:BE:85:64:3D:F8:F5:F3:67:5A:E2:06:F9:5B:B8
Certificate issuer:       /CN=1afcd87e61f91765c2c100204141b594d32c7b2e
Certificate serial:       019A070A8BECA5273C4BA49C812D6FCD84AE
Authority key identifier: 1A:FC:D8:7E:61:F9:17:65:C2:C1:00:20:41:41:B5:94:D3:2C:7B:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GvzYfmH5F2XCwQAgQUG1lNMsey4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/54274b-61cb-4686-ab8a-4cf8cf4ff6cd/1/uNOJmAq6voVkPfj182da4gb5W7g.roa
Signing time:             Tue 21 Oct 2025 13:52:02 +0000
ROA not before:           Tue 21 Oct 2025 13:52:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215747
IP address blocks:        185.189.182.0/24 maxlen: 24
                          185.189.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/54274b-61cb-4686-ab8a-4cf8cf4ff6cd/1/GvzYfmH5F2XCwQAgQUG1lNMsey4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/54274b-61cb-4686-ab8a-4cf8cf4ff6cd/1/GvzYfmH5F2XCwQAgQUG1lNMsey4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GvzYfmH5F2XCwQAgQUG1lNMsey4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Oct 2025 19:12:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:07:0a:8b:ec:a5:27:3c:4b:a4:9c:81:2d:6f:cd:84:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1afcd87e61f91765c2c100204141b594d32c7b2e
        Validity
            Not Before: Oct 21 13:52:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b8d389980ababe85643df8f5f3675ae206f95bb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:16:35:af:4c:82:d1:1e:f8:e7:8c:4f:05:3d:
                    b9:67:18:17:7d:8e:4e:29:17:94:62:a0:4b:61:e7:
                    5c:8e:ba:63:43:de:39:26:6b:db:0b:0d:e5:63:e0:
                    65:cf:ec:dc:7d:9e:37:4f:aa:49:58:db:57:b8:c2:
                    53:4b:57:30:44:15:23:a0:45:24:22:1b:1f:88:09:
                    53:d2:8c:6e:c0:7d:35:2a:63:e3:08:2f:f6:b0:63:
                    8f:9f:9d:94:a0:23:b2:29:34:d0:af:f3:ca:70:72:
                    90:de:c9:8f:c3:8e:dd:43:e4:ac:eb:55:4b:e2:61:
                    da:b7:49:bb:43:ad:45:cf:c2:47:d2:3a:c9:25:c7:
                    bc:d2:1a:29:b6:8f:92:cd:01:c4:02:c2:18:a0:7c:
                    ed:65:23:69:9d:fb:e6:48:11:14:50:b1:15:b4:fd:
                    fd:75:76:d3:51:b9:44:30:46:6b:2a:d3:b2:c1:59:
                    78:5e:6c:45:c4:55:f8:1a:65:80:3b:c0:18:fa:da:
                    3a:ae:a4:a7:7d:ed:cb:1d:09:ae:9b:cc:3a:49:f9:
                    ab:93:3d:5c:49:f7:2d:98:2e:ce:06:8f:84:0e:af:
                    40:5e:92:67:65:e3:d5:26:2e:6f:a2:fb:dc:41:03:
                    57:e5:2b:88:31:66:82:7e:94:aa:48:24:f8:3f:92:
                    1b:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:D3:89:98:0A:BA:BE:85:64:3D:F8:F5:F3:67:5A:E2:06:F9:5B:B8
            X509v3 Authority Key Identifier:
                keyid:1A:FC:D8:7E:61:F9:17:65:C2:C1:00:20:41:41:B5:94:D3:2C:7B:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GvzYfmH5F2XCwQAgQUG1lNMsey4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/54274b-61cb-4686-ab8a-4cf8cf4ff6cd/1/uNOJmAq6voVkPfj182da4gb5W7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/54274b-61cb-4686-ab8a-4cf8cf4ff6cd/1/GvzYfmH5F2XCwQAgQUG1lNMsey4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.189.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7f:3b:06:04:92:da:cf:87:d2:12:ea:27:b0:1c:4d:2d:ae:be:
         5a:8b:6a:57:01:88:4e:a7:32:ad:52:85:97:8f:51:27:70:cb:
         ab:95:3b:09:27:46:27:38:16:04:18:78:b6:8a:aa:1a:e8:29:
         6b:e4:cf:23:68:74:4c:fe:13:5f:8e:e5:ec:ee:4e:da:a0:72:
         e7:db:a5:e3:fa:7a:ce:ae:a8:30:76:de:ab:05:29:c9:f5:48:
         d5:af:96:ec:fb:83:e7:27:09:e8:3c:cf:c3:86:6a:a5:05:35:
         62:8b:3c:db:f4:0f:ca:dc:19:f6:db:61:67:66:b9:28:56:01:
         91:8e:b3:d5:84:0c:f8:5c:d9:15:32:09:ff:c8:dc:f1:8c:1d:
         a6:46:7b:79:c0:57:ee:82:22:53:e5:a5:5c:57:bc:c9:5e:70:
         e4:87:b7:75:c6:d0:47:a1:95:97:60:7a:b0:8e:cb:cf:e0:3e:
         a4:a3:04:c0:60:94:b2:a4:11:26:5d:ad:52:5f:b7:89:e3:b2:
         16:12:68:ae:0f:f5:dc:8e:73:50:13:d5:c3:f0:df:33:a8:90:
         98:b6:33:a5:eb:1f:25:02:54:66:ee:0b:46:df:ea:79:df:d7:
         d2:86:6a:18:d9:c6:04:ea:54:a5:d3:91:d3:3d:bc:0d:16:d9:
         ab:aa:80:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoHCovspSc8S6ScgS1vzYSuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhZmNkODdlNjFmOTE3NjVjMmMxMDAyMDQxNDFiNTk0ZDMy
YzdiMmUwHhcNMjUxMDIxMTM1MjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGQzODk5ODBhYmFiZTg1NjQzZGY4ZjVmMzY3NWFlMjA2Zjk1YmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBY1r0yC0R7454xPBT25ZxgXfY5O
KReUYqBLYedcjrpjQ945JmvbCw3lY+Blz+zcfZ43T6pJWNtXuMJTS1cwRBUjoEUk
IhsfiAlT0oxuwH01KmPjCC/2sGOPn52UoCOyKTTQr/PKcHKQ3smPw47dQ+Ss61VL
4mHat0m7Q61Fz8JH0jrJJce80hopto+SzQHEAsIYoHztZSNpnfvmSBEUULEVtP39
dXbTUblEMEZrKtOywVl4XmxFxFX4GmWAO8AY+to6rqSnfe3LHQmum8w6Sfmrkz1c
SfctmC7OBo+EDq9AXpJnZePVJi5vovvcQQNX5SuIMWaCfpSqSCT4P5Ib1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLjTiZgKur6FZD349fNnWuIG+Vu4MB8GA1UdIwQY
MBaAFBr82H5h+RdlwsEAIEFBtZTTLHsuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3Z6WWZtSDVGMlhDd1FBZ1FVRzFsTk1zZXk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS81NDI3NGItNjFjYi00Njg2LWFiOGEt
NGNmOGNmNGZmNmNkLzEvdU5PSm1BcTZ2b1ZrUGZqMTgyZGE0Z2I1VzdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS81NDI3NGItNjFjYi00Njg2LWFiOGEtNGNmOGNmNGZmNmNk
LzEvR3Z6WWZtSDVGMlhDd1FBZ1FVRzFsTk1zZXk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBub22MA0G
CSqGSIb3DQEBCwUAA4IBAQB/OwYEktrPh9IS6iewHE0trr5ai2pXAYhOpzKtUoWX
j1EncMurlTsJJ0YnOBYEGHi2iqoa6Clr5M8jaHRM/hNfjuXs7k7aoHLn26Xj+nrO
rqgwdt6rBSnJ9UjVr5bs+4PnJwnoPM/DhmqlBTViizzb9A/K3Bn222FnZrkoVgGR
jrPVhAz4XNkVMgn/yNzxjB2mRnt5wFfugiJT5aVcV7zJXnDkh7d1xtBHoZWXYHqw
jsvP4D6kowTAYJSypBEmXa1SX7eJ47IWEmiuD/XcjnNQE9XD8N8zqJCYtjOl6x8l
AlRm7gtG3+p539fShmoY2cYE6lSl05HTPbwNFtmrqoDu
-----END CERTIFICATE-----