Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/sVAaC1BBBoytcdwHWkooZRIR8-s.roa
File:                     sVAaC1BBBoytcdwHWkooZRIR8-s.roa (raw, json)
Hash identifier:          36HHVgLaL2pXQjYCKOW8rL/zYREdNh/lyntTzD4auF8=
Subject key identifier:   B1:50:1A:0B:50:41:06:8C:AD:71:DC:07:5A:4A:28:65:12:11:F3:EB
Certificate issuer:       /CN=374e2729b17369890a1512f643cd08e4ba2ff414
Certificate serial:       01990C8DB15A5112BD20B641B0676B7F0B59
Authority key identifier: 37:4E:27:29:B1:73:69:89:0A:15:12:F6:43:CD:08:E4:BA:2F:F4:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N04nKbFzaYkKFRL2Q80I5Lov9BQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/sVAaC1BBBoytcdwHWkooZRIR8-s.roa
Signing time:             Tue 02 Sep 2025 22:30:36 +0000
ROA not before:           Tue 02 Sep 2025 22:30:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209372
IP address blocks:        185.239.136.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/N04nKbFzaYkKFRL2Q80I5Lov9BQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/N04nKbFzaYkKFRL2Q80I5Lov9BQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N04nKbFzaYkKFRL2Q80I5Lov9BQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 19:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0c:8d:b1:5a:51:12:bd:20:b6:41:b0:67:6b:7f:0b:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=374e2729b17369890a1512f643cd08e4ba2ff414
        Validity
            Not Before: Sep  2 22:30:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1501a0b5041068cad71dc075a4a28651211f3eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:71:93:64:49:20:c5:d8:a5:61:c4:98:7f:55:
                    59:08:56:0d:64:43:45:ab:1a:e0:3f:56:54:ef:ee:
                    d7:3c:4c:f2:45:f5:dc:db:37:5e:7f:f4:84:b2:21:
                    d3:b8:98:d4:08:0e:1e:14:14:b5:4a:1c:c2:a8:55:
                    25:dd:cf:92:6c:09:08:05:05:e8:ab:b6:77:9b:0e:
                    b9:68:99:50:f4:57:5a:45:ca:eb:b1:2c:12:71:2b:
                    37:ce:e5:37:c4:1e:de:ea:af:c7:7e:fa:0d:4a:c1:
                    a9:26:5a:3f:9b:33:04:89:9c:7a:e0:cd:a5:92:b8:
                    97:c2:f3:86:77:24:a3:72:ae:17:29:bc:ba:88:03:
                    ec:47:16:7d:46:69:2e:4f:b0:91:66:13:66:81:c5:
                    12:f3:00:5c:6f:8c:b4:cc:b9:26:1f:ad:1f:b0:16:
                    1d:d9:94:37:bd:44:3f:1c:33:88:1d:3b:dd:4d:56:
                    e4:30:07:74:c7:0f:65:a0:be:9f:bf:d5:bb:ea:f9:
                    d6:b5:96:20:a6:8b:25:5d:7d:62:26:d7:e8:f5:56:
                    5e:ea:f8:da:4b:aa:c5:d3:5b:21:fc:50:bf:01:89:
                    5c:c0:93:4b:6d:71:aa:56:58:46:7a:65:95:c3:7e:
                    06:a6:d7:0a:01:3e:29:60:ed:0c:c9:9d:ff:82:c3:
                    e6:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:50:1A:0B:50:41:06:8C:AD:71:DC:07:5A:4A:28:65:12:11:F3:EB
            X509v3 Authority Key Identifier:
                keyid:37:4E:27:29:B1:73:69:89:0A:15:12:F6:43:CD:08:E4:BA:2F:F4:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N04nKbFzaYkKFRL2Q80I5Lov9BQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/sVAaC1BBBoytcdwHWkooZRIR8-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/N04nKbFzaYkKFRL2Q80I5Lov9BQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         97:42:ae:20:9a:bd:6b:38:2f:5d:e2:82:34:69:be:9f:11:65:
         14:18:13:c0:86:ef:ba:cb:56:2a:04:93:85:a8:49:a8:f4:f1:
         4d:7d:11:34:bd:30:6a:e3:a5:3e:72:0f:52:48:fc:8f:b4:69:
         a4:9b:af:46:36:77:ee:0b:4d:68:3e:64:8c:11:84:8e:d0:c7:
         05:1b:84:70:46:12:13:28:fb:03:08:6e:65:89:19:f4:a2:5e:
         88:f2:8c:07:4e:f4:40:9f:42:f9:a8:e3:5c:0a:1c:8c:85:5c:
         25:65:ab:bc:7e:ea:64:04:84:f4:0d:be:d7:2e:e4:ac:34:0b:
         1b:c8:d4:db:5d:87:9d:9b:35:c7:55:ab:59:2a:28:9a:e3:d9:
         58:45:a9:e3:0b:c4:fb:cd:76:b0:b1:bb:a8:4c:9d:1c:e1:2f:
         4e:47:29:c0:75:31:f8:18:4f:ec:ae:4a:10:8c:82:a3:77:6d:
         0f:cd:80:86:16:f3:d0:05:a0:6b:0d:bc:e7:74:03:68:22:b0:
         cc:5d:7b:7e:a2:e3:cd:7c:6d:0e:90:46:1d:34:09:74:e1:b3:
         79:3d:48:12:c7:eb:3b:3b:02:8f:fd:18:cc:42:13:8f:39:f2:
         b9:29:fd:bc:b5:b8:1d:6e:d3:26:6a:05:74:ad:38:7b:f1:81:
         c1:51:66:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkMjbFaURK9ILZBsGdrfwtZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NGUyNzI5YjE3MzY5ODkwYTE1MTJmNjQzY2QwOGU0YmEy
ZmY0MTQwHhcNMjUwOTAyMjIzMDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTUwMWEwYjUwNDEwNjhjYWQ3MWRjMDc1YTRhMjg2NTEyMTFmM2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHGTZEkgxdilYcSYf1VZCFYNZENF
qxrgP1ZU7+7XPEzyRfXc2zdef/SEsiHTuJjUCA4eFBS1ShzCqFUl3c+SbAkIBQXo
q7Z3mw65aJlQ9FdaRcrrsSwScSs3zuU3xB7e6q/HfvoNSsGpJlo/mzMEiZx64M2l
kriXwvOGdySjcq4XKby6iAPsRxZ9RmkuT7CRZhNmgcUS8wBcb4y0zLkmH60fsBYd
2ZQ3vUQ/HDOIHTvdTVbkMAd0xw9loL6fv9W76vnWtZYgposlXX1iJtfo9VZe6vja
S6rF01sh/FC/AYlcwJNLbXGqVlhGemWVw34GptcKAT4pYO0MyZ3/gsPmvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLFQGgtQQQaMrXHcB1pKKGUSEfPrMB8GA1UdIwQY
MBaAFDdOJymxc2mJChUS9kPNCOS6L/QUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjA0bktiRnphWWtLRlJMMlE4MEk1TG92OUJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC85NTIyMzAtYzI2Mi00MWNjLWI5NTYt
Y2ZjNDZhNzZlYzc4LzEvc1ZBYUMxQkJCb3l0Y2R3SFdrb29aUklSOC1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC85NTIyMzAtYzI2Mi00MWNjLWI5NTYtY2ZjNDZhNzZlYzc4
LzEvTjA0bktiRnphWWtLRlJMMlE4MEk1TG92OUJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCue+IMA0G
CSqGSIb3DQEBCwUAA4IBAQCXQq4gmr1rOC9d4oI0ab6fEWUUGBPAhu+6y1YqBJOF
qEmo9PFNfRE0vTBq46U+cg9SSPyPtGmkm69GNnfuC01oPmSMEYSO0McFG4RwRhIT
KPsDCG5liRn0ol6I8owHTvRAn0L5qONcChyMhVwlZau8fupkBIT0Db7XLuSsNAsb
yNTbXYedmzXHVatZKiia49lYRanjC8T7zXawsbuoTJ0c4S9ORynAdTH4GE/srkoQ
jIKjd20PzYCGFvPQBaBrDbzndANoIrDMXXt+ouPNfG0OkEYdNAl04bN5PUgSx+s7
OwKP/RjMQhOPOfK5Kf28tbgdbtMmagV0rTh78YHBUWaL
-----END CERTIFICATE-----