Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/1eb97a-83bd-4448-b09e-af64a57ac8d2/1/IcIhqkwJl3oIn1TFze0JKC2ukZo.roa
File:                     IcIhqkwJl3oIn1TFze0JKC2ukZo.roa (raw, json)
Hash identifier:          N9HPji4dA8H0kkRU9JW+TERsQXqgse1gQnpLkAfBwZU=
Subject key identifier:   21:C2:21:AA:4C:09:97:7A:08:9F:54:C5:CD:ED:09:28:2D:AE:91:9A
Certificate issuer:       /CN=d2628e069b5ed8b4559343b5b67f5ab4f92251fe
Certificate serial:       0198E61A5E61C2490579D4B209C1CE0EC45D
Authority key identifier: D2:62:8E:06:9B:5E:D8:B4:55:93:43:B5:B6:7F:5A:B4:F9:22:51:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0mKOBpte2LRVk0O1tn9atPkiUf4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/1eb97a-83bd-4448-b09e-af64a57ac8d2/1/IcIhqkwJl3oIn1TFze0JKC2ukZo.roa
Signing time:             Tue 26 Aug 2025 11:19:04 +0000
ROA not before:           Tue 26 Aug 2025 11:19:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214539
IP address blocks:        185.183.164.0/24 maxlen: 24
                          185.183.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/1eb97a-83bd-4448-b09e-af64a57ac8d2/1/0mKOBpte2LRVk0O1tn9atPkiUf4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/1eb97a-83bd-4448-b09e-af64a57ac8d2/1/0mKOBpte2LRVk0O1tn9atPkiUf4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0mKOBpte2LRVk0O1tn9atPkiUf4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 14:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e6:1a:5e:61:c2:49:05:79:d4:b2:09:c1:ce:0e:c4:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2628e069b5ed8b4559343b5b67f5ab4f92251fe
        Validity
            Not Before: Aug 26 11:19:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21c221aa4c09977a089f54c5cded09282dae919a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:4e:50:45:05:53:55:38:9f:44:6b:f0:b4:d3:
                    42:ef:75:ee:e7:a6:34:d1:44:6e:03:28:96:09:11:
                    ad:bb:dc:e2:98:ec:1b:83:5e:68:81:cc:34:87:19:
                    c7:c8:bb:5d:ed:37:57:fe:5d:35:f8:36:1f:1c:b1:
                    40:d4:57:74:1b:50:e1:21:92:e0:56:29:f3:d3:10:
                    2d:db:03:22:2d:01:b4:50:a4:be:d2:a7:16:10:3d:
                    0f:49:ea:e7:96:c0:4d:c3:73:91:4d:e6:d8:cb:50:
                    19:31:04:3c:19:2f:66:33:2f:09:40:d4:b9:56:0b:
                    25:3a:b1:b0:f0:f5:1f:09:c8:a4:ef:15:5f:d3:d3:
                    60:06:c5:e8:17:b1:2d:cd:e5:d3:c3:f1:ee:9e:e0:
                    63:fc:4f:ac:79:15:6b:c0:d7:08:ca:1d:c4:d8:e9:
                    c7:91:e6:52:2b:8e:9b:00:43:b8:88:85:38:87:1e:
                    82:d6:ce:68:1f:e8:8e:9e:29:b6:2a:c0:2d:ca:63:
                    92:d1:a9:f5:c5:35:73:d3:38:e0:46:b7:98:6b:69:
                    cc:13:d1:4f:ef:fd:2d:fa:be:91:ff:4e:08:3a:d4:
                    33:30:3c:7b:ea:16:8b:77:19:8d:12:60:e6:27:5a:
                    4e:9b:7a:d6:95:bb:36:93:f8:ca:91:b8:3b:eb:4c:
                    84:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:C2:21:AA:4C:09:97:7A:08:9F:54:C5:CD:ED:09:28:2D:AE:91:9A
            X509v3 Authority Key Identifier:
                keyid:D2:62:8E:06:9B:5E:D8:B4:55:93:43:B5:B6:7F:5A:B4:F9:22:51:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0mKOBpte2LRVk0O1tn9atPkiUf4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/1eb97a-83bd-4448-b09e-af64a57ac8d2/1/IcIhqkwJl3oIn1TFze0JKC2ukZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/1eb97a-83bd-4448-b09e-af64a57ac8d2/1/0mKOBpte2LRVk0O1tn9atPkiUf4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.183.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:38:b9:80:4b:b4:d9:d7:95:86:74:10:bc:2f:f4:51:d9:4c:
         86:55:e7:25:bf:d0:d5:ff:06:a8:e9:95:e4:a4:47:32:41:44:
         68:7b:d1:e8:ce:45:d9:33:91:88:2b:29:2b:c8:29:10:dc:6e:
         45:ba:09:7e:97:ed:0f:10:b5:53:de:5b:42:d6:bf:a9:d7:74:
         2a:96:56:75:c0:01:4a:7b:a0:13:d0:00:10:de:e9:f8:83:b4:
         d4:5a:f2:60:96:92:62:1d:7f:0b:3e:be:95:bb:97:83:ba:47:
         3e:5b:a9:b6:a7:c8:91:d6:87:1d:1a:0d:d9:08:b4:60:95:27:
         2d:89:82:36:de:b9:e9:1d:4c:88:a1:c3:77:5f:4c:af:35:82:
         62:5b:76:54:98:c0:64:f7:28:ed:db:8f:54:0d:52:40:b4:fb:
         a9:9e:0e:54:2b:e4:a9:e4:33:68:d6:99:a7:d1:94:55:aa:86:
         93:d2:6a:f9:5e:55:a2:ed:a5:4e:25:ae:62:29:47:b9:0b:19:
         9c:ce:0b:eb:e2:1e:06:cc:72:31:d1:d5:1d:26:c4:7e:9b:68:
         a0:3d:6b:92:e3:61:d8:5f:9d:01:03:1f:82:4e:3f:ef:e5:f7:
         1c:44:c4:c6:10:67:b9:2e:60:0b:e5:30:7d:d6:c6:55:d0:24:
         5a:11:2d:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjmGl5hwkkFedSyCcHODsRdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNjI4ZTA2OWI1ZWQ4YjQ1NTkzNDNiNWI2N2Y1YWI0Zjky
MjUxZmUwHhcNMjUwODI2MTExOTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWMyMjFhYTRjMDk5NzdhMDg5ZjU0YzVjZGVkMDkyODJkYWU5MTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7k5QRQVTVTifRGvwtNNC73Xu56Y0
0URuAyiWCRGtu9zimOwbg15ogcw0hxnHyLtd7TdX/l01+DYfHLFA1Fd0G1DhIZLg
Vinz0xAt2wMiLQG0UKS+0qcWED0PSernlsBNw3ORTebYy1AZMQQ8GS9mMy8JQNS5
VgslOrGw8PUfCcik7xVf09NgBsXoF7EtzeXTw/HunuBj/E+seRVrwNcIyh3E2OnH
keZSK46bAEO4iIU4hx6C1s5oH+iOnim2KsAtymOS0an1xTVz0zjgRreYa2nME9FP
7/0t+r6R/04IOtQzMDx76haLdxmNEmDmJ1pOm3rWlbs2k/jKkbg760yEawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCHCIapMCZd6CJ9Uxc3tCSgtrpGaMB8GA1UdIwQY
MBaAFNJijgabXti0VZNDtbZ/WrT5IlH+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG1LT0JwdGUyTFJWazBPMXRuOWF0UGtpVWY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8xZWI5N2EtODNiZC00NDQ4LWIwOWUt
YWY2NGE1N2FjOGQyLzEvSWNJaHFrd0psM29JbjFURnplMEpLQzJ1a1pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8xZWI5N2EtODNiZC00NDQ4LWIwOWUtYWY2NGE1N2FjOGQy
LzEvMG1LT0JwdGUyTFJWazBPMXRuOWF0UGtpVWY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBubekMA0G
CSqGSIb3DQEBCwUAA4IBAQCPOLmAS7TZ15WGdBC8L/RR2UyGVeclv9DV/wao6ZXk
pEcyQURoe9HozkXZM5GIKykryCkQ3G5Fugl+l+0PELVT3ltC1r+p13QqllZ1wAFK
e6AT0AAQ3un4g7TUWvJglpJiHX8LPr6Vu5eDukc+W6m2p8iR1ocdGg3ZCLRglSct
iYI23rnpHUyIocN3X0yvNYJiW3ZUmMBk9yjt249UDVJAtPupng5UK+Sp5DNo1pmn
0ZRVqoaT0mr5XlWi7aVOJa5iKUe5Cxmczgvr4h4GzHIx0dUdJsR+m2igPWuS42HY
X50BAx+CTj/v5fccRMTGEGe5LmAL5TB91sZV0CRaES3M
-----END CERTIFICATE-----