Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/fm8_hxutG5R7-Mx8bxRlfwSrl9o.roa
File:                     fm8_hxutG5R7-Mx8bxRlfwSrl9o.roa (raw, json)
Hash identifier:          kSoXtSfwPkhI0yioS1Tphp5+T9BGKf4elvsAZqNw9NE=
Subject key identifier:   7E:6F:3F:87:1B:AD:1B:94:7B:F8:CC:7C:6F:14:65:7F:04:AB:97:DA
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       019A013AC098B4F31AC82E3972E8E2CED636
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/fm8_hxutG5R7-Mx8bxRlfwSrl9o.roa
Signing time:             Mon 20 Oct 2025 10:46:58 +0000
ROA not before:           Mon 20 Oct 2025 10:46:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25198
IP address blocks:        185.253.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Oct 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:01:3a:c0:98:b4:f3:1a:c8:2e:39:72:e8:e2:ce:d6:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Oct 20 10:46:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e6f3f871bad1b947bf8cc7c6f14657f04ab97da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:96:f9:21:7c:86:f8:9d:73:ff:24:8d:41:10:
                    f4:37:49:94:7d:95:fd:fb:88:d3:ae:45:93:ea:95:
                    79:57:7a:7a:a0:9c:b5:65:a5:3c:bc:44:d5:5e:29:
                    99:26:86:1e:4a:23:4a:00:64:a6:f7:41:36:7f:c1:
                    84:56:4e:a5:8f:62:ee:aa:3d:2a:4a:22:a2:0a:0c:
                    da:ef:fd:5b:59:bc:ff:b0:fb:43:5d:67:4a:e4:78:
                    56:4a:01:da:a3:de:98:f2:72:73:0d:77:b4:17:68:
                    8a:0c:f0:c0:5d:bd:59:f2:e6:15:f3:c5:62:fc:33:
                    38:34:13:d7:f2:dd:e5:10:14:04:87:80:a4:8c:1a:
                    61:ef:4a:b9:eb:9d:6c:1d:62:96:03:f3:2e:0f:a6:
                    a8:9f:d7:7f:7d:80:58:9c:e9:dd:10:7e:11:bf:e7:
                    5a:8e:2c:a0:32:63:1a:42:98:75:33:9c:d5:a1:a0:
                    18:f1:26:2a:9f:aa:2c:6e:13:80:da:60:f3:4a:f7:
                    b0:9d:6d:cc:e9:75:7a:b1:7b:da:c8:a7:8e:1a:34:
                    06:34:37:da:d2:4e:b3:a6:27:23:3b:ee:70:74:30:
                    11:09:96:b8:db:85:0e:d9:8e:cc:58:55:77:bc:c9:
                    c5:97:88:81:7d:bd:b1:08:28:51:03:63:57:0e:a0:
                    c5:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:6F:3F:87:1B:AD:1B:94:7B:F8:CC:7C:6F:14:65:7F:04:AB:97:DA
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/fm8_hxutG5R7-Mx8bxRlfwSrl9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:6f:73:17:69:83:4c:74:5e:79:52:3b:57:a5:87:d8:bc:7d:
         34:81:1a:f3:e5:5b:14:1f:09:ef:e3:b1:8a:90:f9:1f:55:84:
         58:8b:58:94:d1:2e:71:85:ee:63:38:b7:c7:55:69:cb:c4:8a:
         62:98:08:be:82:63:d7:15:d6:27:cc:13:4f:3b:e0:41:d4:95:
         87:fb:18:73:ce:53:61:57:91:46:9c:ea:c7:ea:86:a5:1a:ea:
         d5:7e:15:6e:20:3a:91:1c:d2:59:dd:6b:04:11:2b:27:e5:8b:
         90:bf:a7:5e:e0:44:d4:23:1a:fa:47:d9:4c:f3:65:ca:39:e8:
         59:ad:3b:44:f4:d2:2d:94:bd:7a:47:dc:35:fb:57:41:db:a4:
         96:d2:a6:03:15:c5:c0:1a:00:fa:5c:bd:71:f2:20:7e:7e:ca:
         33:2d:de:8c:c0:95:92:bf:0b:20:c5:c1:d7:02:ab:a3:8b:24:
         50:b4:78:b0:96:31:15:58:6a:60:12:49:bf:64:c1:66:33:46:
         56:3e:ea:4b:9f:f6:94:90:5d:21:00:22:de:1e:74:54:ed:e9:
         60:0e:f6:1c:c2:9d:1e:e7:12:fe:00:70:52:a0:65:d1:fc:93:
         a4:a4:8f:41:61:2a:15:3e:b2:b5:ae:ec:af:92:3d:dc:78:95:
         a5:ce:75:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoBOsCYtPMayC45cujiztY2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjUxMDIwMTA0NjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTZmM2Y4NzFiYWQxYjk0N2JmOGNjN2M2ZjE0NjU3ZjA0YWI5N2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA25b5IXyG+J1z/ySNQRD0N0mUfZX9
+4jTrkWT6pV5V3p6oJy1ZaU8vETVXimZJoYeSiNKAGSm90E2f8GEVk6lj2Luqj0q
SiKiCgza7/1bWbz/sPtDXWdK5HhWSgHao96Y8nJzDXe0F2iKDPDAXb1Z8uYV88Vi
/DM4NBPX8t3lEBQEh4CkjBph70q5651sHWKWA/MuD6aon9d/fYBYnOndEH4Rv+da
jiygMmMaQph1M5zVoaAY8SYqn6osbhOA2mDzSvewnW3M6XV6sXvayKeOGjQGNDfa
0k6zpicjO+5wdDARCZa424UO2Y7MWFV3vMnFl4iBfb2xCChRA2NXDqDFawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH5vP4cbrRuUe/jMfG8UZX8Eq5faMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvZm04X2h4dXRHNVI3LU14OGJ4Umxmd1NybDlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf09MA0G
CSqGSIb3DQEBCwUAA4IBAQBUb3MXaYNMdF55UjtXpYfYvH00gRrz5VsUHwnv47GK
kPkfVYRYi1iU0S5xhe5jOLfHVWnLxIpimAi+gmPXFdYnzBNPO+BB1JWH+xhzzlNh
V5FGnOrH6oalGurVfhVuIDqRHNJZ3WsEESsn5YuQv6de4ETUIxr6R9lM82XKOehZ
rTtE9NItlL16R9w1+1dB26SW0qYDFcXAGgD6XL1x8iB+fsozLd6MwJWSvwsgxcHX
AqujiyRQtHiwljEVWGpgEkm/ZMFmM0ZWPupLn/aUkF0hACLeHnRU7elgDvYcwp0e
5xL+AHBSoGXR/JOkpI9BYSoVPrK1ruyvkj3ceJWlznWf
-----END CERTIFICATE-----