Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/P8imnaMByX2VQuZ1SybGW3AjUXY.roa
File:                     P8imnaMByX2VQuZ1SybGW3AjUXY.roa (raw, json)
Hash identifier:          0IZFs0irOTV9DHBlA38hxfcFvu8tAoJ0vwmuZbIGZG4=
Subject key identifier:   3F:C8:A6:9D:A3:01:C9:7D:95:42:E6:75:4B:26:C6:5B:70:23:51:76
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0197121E251AD04812FC8C5387B6360605E9
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/P8imnaMByX2VQuZ1SybGW3AjUXY.roa
Signing time:             Tue 27 May 2025 14:20:54 +0000
ROA not before:           Tue 27 May 2025 14:20:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     273163
IP address blocks:        185.225.244.0/23 maxlen: 23
                          185.225.244.0/24 maxlen: 24
                          185.225.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:12:1e:25:1a:d0:48:12:fc:8c:53:87:b6:36:06:05:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: May 27 14:20:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3fc8a69da301c97d9542e6754b26c65b70235176
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:61:ed:36:2e:b1:8c:96:aa:c2:f8:c2:e0:27:
                    ac:c9:a9:c5:0f:77:56:e3:c0:b9:45:63:7a:70:f1:
                    e7:81:d7:a6:68:af:8e:be:47:64:b4:4a:20:24:db:
                    a9:4c:bf:75:41:f1:9e:74:98:35:8e:a3:fd:e8:d3:
                    f0:95:e2:d8:52:fc:88:64:23:96:e7:7c:3a:ac:3e:
                    81:8a:ed:40:7b:e8:cb:e6:ba:14:d7:ef:6c:43:cd:
                    43:26:37:10:cb:29:c5:01:73:a2:b1:f2:16:e8:f4:
                    b2:7b:69:2b:d9:66:d3:29:f6:0b:6c:be:e7:ed:2e:
                    a6:92:34:c1:ff:fd:9b:7a:be:10:3d:71:1b:72:1b:
                    2e:36:55:c2:81:3f:7e:d7:57:0f:51:44:4a:82:1e:
                    d1:b4:67:2c:c5:f2:5e:50:fd:db:b4:48:37:8e:6d:
                    06:c5:bc:52:2a:bf:20:16:89:8b:89:bd:9d:73:b4:
                    3b:30:d9:8e:89:b4:55:51:23:09:f1:80:95:db:5c:
                    59:5c:24:76:39:a9:7f:72:0e:47:35:f1:43:4f:9b:
                    5c:35:ce:7d:69:e7:ee:f7:e3:2d:84:0f:89:06:92:
                    c3:c4:6d:3c:9d:9c:a0:ba:25:3b:e3:1e:55:f0:85:
                    2a:1c:38:c7:5f:7f:68:6b:84:c3:9e:3b:a0:4f:1c:
                    c8:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:C8:A6:9D:A3:01:C9:7D:95:42:E6:75:4B:26:C6:5B:70:23:51:76
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/P8imnaMByX2VQuZ1SybGW3AjUXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:5b:5e:66:c4:fb:4f:56:61:33:47:a3:2e:9e:28:e2:f9:f6:
         4d:b0:8d:54:c9:01:f5:26:5f:a8:c2:fe:74:2d:7f:b3:a9:5b:
         20:cd:84:27:dc:d5:e6:55:a9:8f:1c:c7:23:fd:55:5f:fb:a9:
         18:93:b2:27:d1:35:4f:10:5a:02:c9:e0:9e:fd:47:3d:97:c8:
         e3:c8:a1:82:73:76:dc:c4:04:68:ac:80:c6:1d:2d:f9:eb:f1:
         bd:c0:b5:db:21:fd:01:7c:6b:15:0f:a1:96:43:0e:03:b5:30:
         29:76:29:27:08:36:c9:55:d5:1c:cc:d3:63:15:ab:f5:91:ea:
         03:93:cf:95:1c:bb:c9:3b:02:4f:69:08:2c:cb:5d:eb:0a:e6:
         63:28:d2:65:d2:6f:5b:7f:de:b5:82:7d:db:0b:2c:e3:98:c5:
         a4:0b:34:23:8f:2c:0a:b7:54:f3:9f:65:e9:f6:5b:f4:2e:96:
         36:f4:50:a0:42:ac:56:60:b8:75:c4:83:3f:24:b9:74:cd:7d:
         c6:4b:62:0d:b3:a9:ec:dd:7d:57:df:7e:80:9a:8c:38:19:86:
         93:55:72:a9:03:ff:eb:bd:39:3d:8d:89:1b:d2:1a:70:dd:3b:
         4c:52:66:a9:a3:5a:94:34:67:09:4f:e6:04:8f:42:f8:67:f6:
         2a:cc:c1:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcSHiUa0EgS/IxTh7Y2BgXpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwNTI3MTQyMDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmM4YTY5ZGEzMDFjOTdkOTU0MmU2NzU0YjI2YzY1YjcwMjM1MTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6WHtNi6xjJaqwvjC4CesyanFD3dW
48C5RWN6cPHngdemaK+OvkdktEogJNupTL91QfGedJg1jqP96NPwleLYUvyIZCOW
53w6rD6Biu1Ae+jL5roU1+9sQ81DJjcQyynFAXOisfIW6PSye2kr2WbTKfYLbL7n
7S6mkjTB//2ber4QPXEbchsuNlXCgT9+11cPUURKgh7RtGcsxfJeUP3btEg3jm0G
xbxSKr8gFomLib2dc7Q7MNmOibRVUSMJ8YCV21xZXCR2Oal/cg5HNfFDT5tcNc59
aefu9+MthA+JBpLDxG08nZyguiU74x5V8IUqHDjHX39oa4TDnjugTxzI8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD/Ipp2jAcl9lULmdUsmxltwI1F2MB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvUDhpbW5hTUJ5WDJWUXVaMVN5YkdXM0FqVVhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBueH0MA0G
CSqGSIb3DQEBCwUAA4IBAQA/W15mxPtPVmEzR6Muniji+fZNsI1UyQH1Jl+owv50
LX+zqVsgzYQn3NXmVamPHMcj/VVf+6kYk7In0TVPEFoCyeCe/Uc9l8jjyKGCc3bc
xARorIDGHS356/G9wLXbIf0BfGsVD6GWQw4DtTApdiknCDbJVdUczNNjFav1keoD
k8+VHLvJOwJPaQgsy13rCuZjKNJl0m9bf961gn3bCyzjmMWkCzQjjywKt1Tzn2Xp
9lv0LpY29FCgQqxWYLh1xIM/JLl0zX3GS2INs6ns3X1X336Amow4GYaTVXKpA//r
vTk9jYkb0hpw3TtMUmapo1qUNGcJT+YEj0L4Z/YqzMEq
-----END CERTIFICATE-----