Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/6197c1-72f4-4e4f-a4b8-9e4d0cf95544/1/mDsweMkaL1JbKbZzCYFKYaPY4fI.roa
File:                     mDsweMkaL1JbKbZzCYFKYaPY4fI.roa (raw, json)
Hash identifier:          BtasHw5Jg0bTGV67WazewH+iivaOZB7fga3y4+cYqwE=
Subject key identifier:   98:3B:30:78:C9:1A:2F:52:5B:29:B6:73:09:81:4A:61:A3:D8:E1:F2
Certificate issuer:       /CN=191b1a99358daa58e72625c4ce9d829e918efc86
Certificate serial:       019A5ECD339D63CE01AAAD09DACC284081F6
Authority key identifier: 19:1B:1A:99:35:8D:AA:58:E7:26:25:C4:CE:9D:82:9E:91:8E:FC:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GRsamTWNqljnJiXEzp2CnpGO_IY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/6197c1-72f4-4e4f-a4b8-9e4d0cf95544/1/mDsweMkaL1JbKbZzCYFKYaPY4fI.roa
Signing time:             Fri 07 Nov 2025 14:51:37 +0000
ROA not before:           Fri 07 Nov 2025 14:51:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212280
IP address blocks:        185.217.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/6197c1-72f4-4e4f-a4b8-9e4d0cf95544/1/GRsamTWNqljnJiXEzp2CnpGO_IY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/6197c1-72f4-4e4f-a4b8-9e4d0cf95544/1/GRsamTWNqljnJiXEzp2CnpGO_IY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GRsamTWNqljnJiXEzp2CnpGO_IY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 08:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:5e:cd:33:9d:63:ce:01:aa:ad:09:da:cc:28:40:81:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=191b1a99358daa58e72625c4ce9d829e918efc86
        Validity
            Not Before: Nov  7 14:51:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=983b3078c91a2f525b29b67309814a61a3d8e1f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7b:ad:56:d5:b5:1f:de:a2:64:1f:e8:cd:f5:
                    2e:6f:c3:31:b9:3e:e8:db:3c:bd:a6:0d:c8:43:7e:
                    08:55:3b:49:91:99:5d:73:8d:57:3f:77:e1:7f:78:
                    42:13:58:f6:3c:ca:ac:be:35:dd:40:07:1d:1b:bd:
                    50:fa:70:d1:8a:55:ad:db:88:1f:7f:7f:6b:cb:80:
                    f3:49:8b:ba:32:1c:0e:53:c8:e4:4e:88:ee:51:41:
                    d3:64:33:1b:27:66:6d:a0:4e:94:6b:0a:ff:bb:e8:
                    cf:7e:a2:b3:b7:bb:b5:bb:4e:28:a3:9a:f4:6c:df:
                    3d:46:a1:d9:70:fb:6d:d7:eb:36:3b:50:37:04:fb:
                    38:c9:a5:bb:81:e1:35:07:c3:9d:ee:6b:b5:bd:cb:
                    12:fa:e2:41:36:b7:c2:a4:9a:99:43:a2:57:6a:e0:
                    8c:01:dd:90:15:53:a4:f3:e7:52:4e:39:81:d9:0e:
                    c0:ac:38:bb:f8:84:0f:6e:e8:16:88:91:40:58:55:
                    ca:6d:11:b8:98:72:56:f6:b1:80:b1:1f:89:f3:1f:
                    90:9a:18:7e:75:84:bc:50:fd:14:cc:1d:da:56:fb:
                    8e:81:b1:6d:66:3a:e5:fe:64:c3:95:5a:cf:e9:8d:
                    7a:6e:fe:ae:59:36:3b:25:cf:71:ed:7f:a4:ad:ae:
                    90:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:3B:30:78:C9:1A:2F:52:5B:29:B6:73:09:81:4A:61:A3:D8:E1:F2
            X509v3 Authority Key Identifier:
                keyid:19:1B:1A:99:35:8D:AA:58:E7:26:25:C4:CE:9D:82:9E:91:8E:FC:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GRsamTWNqljnJiXEzp2CnpGO_IY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/6197c1-72f4-4e4f-a4b8-9e4d0cf95544/1/mDsweMkaL1JbKbZzCYFKYaPY4fI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/6197c1-72f4-4e4f-a4b8-9e4d0cf95544/1/GRsamTWNqljnJiXEzp2CnpGO_IY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:58:12:d9:c5:08:ea:7d:64:3b:4d:2f:f4:c7:29:c5:4f:1f:
         db:90:7f:c2:bc:49:3c:ef:03:43:20:3c:d1:a2:c6:3d:ca:e9:
         7e:6b:fb:a3:75:1e:8e:bd:66:7e:7f:41:d9:25:30:91:f9:32:
         43:83:8d:3e:de:9d:b0:45:c8:43:af:ae:35:e6:cb:7b:bf:5a:
         56:3c:bf:55:8f:21:e4:33:7f:33:db:b9:63:b6:71:28:82:c9:
         c4:56:eb:d3:4f:6c:c3:d5:46:42:d1:2e:4d:80:77:11:3d:2e:
         30:54:a5:95:11:cf:14:f1:8b:fa:d4:fd:41:d6:16:5c:e6:4a:
         b9:d4:09:df:72:d0:1a:9f:3b:d8:99:6f:d8:05:74:71:35:0c:
         af:69:fc:7e:4a:2c:43:91:61:70:92:23:38:7c:5b:4d:dc:1d:
         5a:25:73:d7:69:6c:c5:4a:a4:19:62:06:49:83:eb:eb:14:73:
         0a:5a:26:81:c1:19:17:ce:0f:74:b9:d2:63:09:f3:02:63:74:
         04:b7:de:1b:e0:e2:84:8f:3e:28:2e:71:b2:80:f5:60:ef:9f:
         34:8f:93:bd:f6:e5:d7:18:ad:1b:95:83:52:8c:32:c5:b0:8c:
         94:09:d4:fe:6e:76:d9:f2:0f:03:a2:37:e0:4d:05:56:81:b9:
         d7:4a:3f:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpezTOdY84Bqq0J2swoQIH2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5MWIxYTk5MzU4ZGFhNThlNzI2MjVjNGNlOWQ4MjllOTE4
ZWZjODYwHhcNMjUxMTA3MTQ1MTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODNiMzA3OGM5MWEyZjUyNWIyOWI2NzMwOTgxNGE2MWEzZDhlMWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXutVtW1H96iZB/ozfUub8MxuT7o
2zy9pg3IQ34IVTtJkZldc41XP3fhf3hCE1j2PMqsvjXdQAcdG71Q+nDRilWt24gf
f39ry4DzSYu6MhwOU8jkTojuUUHTZDMbJ2ZtoE6Uawr/u+jPfqKzt7u1u04oo5r0
bN89RqHZcPtt1+s2O1A3BPs4yaW7geE1B8Od7mu1vcsS+uJBNrfCpJqZQ6JXauCM
Ad2QFVOk8+dSTjmB2Q7ArDi7+IQPbugWiJFAWFXKbRG4mHJW9rGAsR+J8x+Qmhh+
dYS8UP0UzB3aVvuOgbFtZjrl/mTDlVrP6Y16bv6uWTY7Jc9x7X+kra6Q2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJg7MHjJGi9SWym2cwmBSmGj2OHyMB8GA1UdIwQY
MBaAFBkbGpk1japY5yYlxM6dgp6RjvyGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1JzYW1UV05xbGpuSmlYRXpwMkNucEdPX0lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni82MTk3YzEtNzJmNC00ZTRmLWE0Yjgt
OWU0ZDBjZjk1NTQ0LzEvbURzd2VNa2FMMUpiS2JaekNZRktZYVBZNGZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni82MTk3YzEtNzJmNC00ZTRmLWE0YjgtOWU0ZDBjZjk1NTQ0
LzEvR1JzYW1UV05xbGpuSmlYRXpwMkNucEdPX0lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudk9MA0G
CSqGSIb3DQEBCwUAA4IBAQCBWBLZxQjqfWQ7TS/0xynFTx/bkH/CvEk87wNDIDzR
osY9yul+a/ujdR6OvWZ+f0HZJTCR+TJDg40+3p2wRchDr6415st7v1pWPL9VjyHk
M38z27ljtnEogsnEVuvTT2zD1UZC0S5NgHcRPS4wVKWVEc8U8Yv61P1B1hZc5kq5
1AnfctAanzvYmW/YBXRxNQyvafx+SixDkWFwkiM4fFtN3B1aJXPXaWzFSqQZYgZJ
g+vrFHMKWiaBwRkXzg90udJjCfMCY3QEt94b4OKEjz4oLnGygPVg7580j5O99uXX
GK0blYNSjDLFsIyUCdT+bnbZ8g8DojfgTQVWgbnXSj/l
-----END CERTIFICATE-----