Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/158da5-b3df-4122-b35c-121645d98e94/1/tI3vS8bXRpYk2uJT942ZTBiVKdc.roa
File:                     tI3vS8bXRpYk2uJT942ZTBiVKdc.roa (raw, json)
Hash identifier:          m8AWxg57zCEgWp5C3CXYTmTH0M1td7C0p+1vWuP3iI8=
Subject key identifier:   B4:8D:EF:4B:C6:D7:46:96:24:DA:E2:53:F7:8D:99:4C:18:95:29:D7
Certificate issuer:       /CN=8dcd7d398fc466e121bc45faf50dd87c36bbc96d
Certificate serial:       019888CF5076AB9C80022956A9C3E5DC4531
Authority key identifier: 8D:CD:7D:39:8F:C4:66:E1:21:BC:45:FA:F5:0D:D8:7C:36:BB:C9:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jc19OY_EZuEhvEX69Q3YfDa7yW0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/158da5-b3df-4122-b35c-121645d98e94/1/tI3vS8bXRpYk2uJT942ZTBiVKdc.roa
Signing time:             Fri 08 Aug 2025 08:32:24 +0000
ROA not before:           Fri 08 Aug 2025 08:32:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8881
IP address blocks:        185.251.140.0/22 maxlen: 22
                          2a0c:22c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/158da5-b3df-4122-b35c-121645d98e94/1/jc19OY_EZuEhvEX69Q3YfDa7yW0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/158da5-b3df-4122-b35c-121645d98e94/1/jc19OY_EZuEhvEX69Q3YfDa7yW0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jc19OY_EZuEhvEX69Q3YfDa7yW0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 21:02:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:88:cf:50:76:ab:9c:80:02:29:56:a9:c3:e5:dc:45:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8dcd7d398fc466e121bc45faf50dd87c36bbc96d
        Validity
            Not Before: Aug  8 08:32:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b48def4bc6d7469624dae253f78d994c189529d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:4e:09:b9:d9:78:b8:0d:09:ca:9c:b3:a3:82:
                    67:48:09:33:e9:c0:03:3c:f7:ad:3e:4a:04:70:9d:
                    e6:7c:6f:25:2d:ae:7a:c2:c0:81:28:6e:3b:9f:77:
                    cc:0e:4e:de:70:1c:1a:b9:fa:91:49:94:ca:dc:84:
                    d2:48:0d:e6:da:2a:f0:b9:b4:7e:d4:9a:2e:af:76:
                    9c:af:57:fb:bc:ec:b0:97:75:83:b0:eb:18:7b:a6:
                    2f:2c:e7:a4:8f:2b:86:f2:c6:da:a4:e9:ae:13:69:
                    57:9f:c2:67:fe:f2:71:82:17:af:aa:bb:06:21:a6:
                    34:3a:6a:11:b7:88:ea:a8:50:4e:7e:c3:1b:64:15:
                    bd:41:db:74:cc:3d:07:d2:de:34:a6:28:4c:37:3b:
                    ba:c5:0e:67:8d:96:d3:e9:6d:7a:b0:52:04:6b:80:
                    2c:96:45:d1:3d:f3:c3:0a:98:19:59:f2:9a:5b:5d:
                    35:4f:42:0d:aa:e6:f9:7e:47:88:f2:4f:79:1c:9d:
                    34:51:6a:d4:74:f2:b7:10:82:8e:47:ff:be:b0:f0:
                    5f:90:a7:f7:7c:b0:52:b9:22:6f:07:14:ec:62:5c:
                    9c:4c:60:5f:2c:e8:48:ed:26:67:2a:58:92:b4:74:
                    7e:f8:07:f7:88:11:39:2a:1e:4e:3a:fa:2c:ab:13:
                    ae:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:8D:EF:4B:C6:D7:46:96:24:DA:E2:53:F7:8D:99:4C:18:95:29:D7
            X509v3 Authority Key Identifier:
                keyid:8D:CD:7D:39:8F:C4:66:E1:21:BC:45:FA:F5:0D:D8:7C:36:BB:C9:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jc19OY_EZuEhvEX69Q3YfDa7yW0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/158da5-b3df-4122-b35c-121645d98e94/1/tI3vS8bXRpYk2uJT942ZTBiVKdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/158da5-b3df-4122-b35c-121645d98e94/1/jc19OY_EZuEhvEX69Q3YfDa7yW0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.140.0/22
                IPv6:
                  2a0c:22c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6b:f1:be:4f:77:26:c8:f5:5d:7c:18:7b:45:02:0b:e8:06:23:
         57:b5:28:85:1a:73:7d:55:74:03:38:d6:8d:5d:44:49:05:14:
         ae:85:48:ee:0e:0a:50:b7:75:1a:2e:1b:bd:2e:10:80:d7:9b:
         42:80:b8:3a:f4:ef:95:c8:26:f1:49:7c:6f:04:70:0b:8e:c4:
         b3:dc:f7:5b:20:03:8c:ff:44:a1:02:6e:4c:43:0e:aa:4b:2d:
         58:18:a4:31:91:6f:44:e3:b3:a4:b3:f6:78:44:6c:42:9d:d6:
         a0:68:ae:e2:54:19:80:06:c6:be:b8:f5:2d:5c:d7:2b:8b:45:
         90:6e:a5:1b:83:c2:7a:9c:39:53:a0:95:18:55:eb:a0:17:66:
         aa:ca:3b:ba:d1:ed:d0:d7:cd:fc:c4:10:c7:bd:8a:56:a0:76:
         68:ef:93:44:d3:46:7f:13:d6:57:34:af:30:7c:da:eb:6e:e7:
         23:1d:e3:17:f7:2f:9e:4d:96:fd:26:b3:5e:aa:7a:6e:96:16:
         10:cd:e7:5c:35:aa:3b:da:74:bb:47:3c:5a:a4:15:8d:4c:7d:
         0d:88:45:22:d1:0c:05:d2:e5:f0:01:36:4e:5a:1d:5b:9b:ac:
         a0:5d:0e:b3:49:65:57:e1:59:f1:d1:fb:b3:fd:af:f4:e4:43:
         16:8a:08:76
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZiIz1B2q5yAAilWqcPl3EUxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkY2Q3ZDM5OGZjNDY2ZTEyMWJjNDVmYWY1MGRkODdjMzZi
YmM5NmQwHhcNMjUwODA4MDgzMjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDhkZWY0YmM2ZDc0Njk2MjRkYWUyNTNmNzhkOTk0YzE4OTUyOWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApU4Judl4uA0Jypyzo4JnSAkz6cAD
PPetPkoEcJ3mfG8lLa56wsCBKG47n3fMDk7ecBwaufqRSZTK3ITSSA3m2irwubR+
1Jour3acr1f7vOywl3WDsOsYe6YvLOekjyuG8sbapOmuE2lXn8Jn/vJxghevqrsG
IaY0OmoRt4jqqFBOfsMbZBW9Qdt0zD0H0t40pihMNzu6xQ5njZbT6W16sFIEa4As
lkXRPfPDCpgZWfKaW101T0INqub5fkeI8k95HJ00UWrUdPK3EIKOR/++sPBfkKf3
fLBSuSJvBxTsYlycTGBfLOhI7SZnKliStHR++Af3iBE5Kh5OOvosqxOuHQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLSN70vG10aWJNriU/eNmUwYlSnXMB8GA1UdIwQY
MBaAFI3NfTmPxGbhIbxF+vUN2Hw2u8ltMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamMxOU9ZX0VadUVodkVYNjlRM1lmRGE3eVcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8xNThkYTUtYjNkZi00MTIyLWIzNWMt
MTIxNjQ1ZDk4ZTk0LzEvdEkzdlM4YlhScFlrMnVKVDk0MlpUQmlWS2RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8xNThkYTUtYjNkZi00MTIyLWIzNWMtMTIxNjQ1ZDk4ZTk0
LzEvamMxOU9ZX0VadUVodkVYNjlRM1lmRGE3eVcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufuMMA0E
AgACMAcDBQMqDCLAMA0GCSqGSIb3DQEBCwUAA4IBAQBr8b5PdybI9V18GHtFAgvo
BiNXtSiFGnN9VXQDONaNXURJBRSuhUjuDgpQt3UaLhu9LhCA15tCgLg69O+VyCbx
SXxvBHALjsSz3PdbIAOM/0ShAm5MQw6qSy1YGKQxkW9E47Oks/Z4RGxCndagaK7i
VBmABsa+uPUtXNcri0WQbqUbg8J6nDlToJUYVeugF2aqyju60e3Q1838xBDHvYpW
oHZo75NE00Z/E9ZXNK8wfNrrbucjHeMX9y+eTZb9JrNeqnpulhYQzedcNao72nS7
RzxapBWNTH0NiEUi0QwF0uXwATZOWh1bm6ygXQ6zSWVX4Vnx0fuz/a/05EMWigh2
-----END CERTIFICATE-----