Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/f2d5e1-c997-46c4-8e60-a5d234586d90/1/PwNeEQK8cYVwYwRg-w7R3ta0-Wc.roa
File:                     PwNeEQK8cYVwYwRg-w7R3ta0-Wc.roa (raw, json)
Hash identifier:          5U7iTxxmR/k00/iziXJJLBxCbjSuEb3qsWlrxIkzh5M=
Subject key identifier:   3F:03:5E:11:02:BC:71:85:70:63:04:60:FB:0E:D1:DE:D6:B4:F9:67
Certificate issuer:       /CN=15f5c427b50eb9e2aaf7c5acc1b2289633ab5353
Certificate serial:       019A5F149CDD1A0F423AE32F034203251D9B
Authority key identifier: 15:F5:C4:27:B5:0E:B9:E2:AA:F7:C5:AC:C1:B2:28:96:33:AB:53:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfXEJ7UOueKq98WswbIoljOrU1M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/f2d5e1-c997-46c4-8e60-a5d234586d90/1/PwNeEQK8cYVwYwRg-w7R3ta0-Wc.roa
Signing time:             Fri 07 Nov 2025 16:09:37 +0000
ROA not before:           Fri 07 Nov 2025 16:09:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210086
IP address blocks:        85.117.248.0/24 maxlen: 24
                          85.117.249.0/24 maxlen: 24
                          85.117.250.0/24 maxlen: 24
                          85.117.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/f2d5e1-c997-46c4-8e60-a5d234586d90/1/FfXEJ7UOueKq98WswbIoljOrU1M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/f2d5e1-c997-46c4-8e60-a5d234586d90/1/FfXEJ7UOueKq98WswbIoljOrU1M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfXEJ7UOueKq98WswbIoljOrU1M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:5f:14:9c:dd:1a:0f:42:3a:e3:2f:03:42:03:25:1d:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f5c427b50eb9e2aaf7c5acc1b2289633ab5353
        Validity
            Not Before: Nov  7 16:09:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f035e1102bc718570630460fb0ed1ded6b4f967
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:02:76:ba:e2:8c:1e:ad:49:ec:6d:57:0e:2c:
                    73:6a:bb:17:c1:56:53:17:01:50:17:f3:b8:a1:38:
                    f6:03:c6:81:76:8f:cb:58:62:69:53:fe:11:06:60:
                    cb:9a:fa:5b:09:4a:1f:60:7c:32:f2:1d:d4:59:18:
                    1d:23:14:4a:c9:c9:00:7a:75:12:f2:f6:c7:a6:b2:
                    2c:08:e2:81:f9:0e:02:a5:58:1e:63:6d:db:f2:57:
                    cb:09:51:a1:ef:7e:45:fb:15:03:08:c8:ae:72:cb:
                    76:12:ae:81:e2:4b:ef:f5:54:41:b9:49:61:96:70:
                    97:f1:d3:32:50:51:8c:5f:c1:cc:dd:14:aa:59:16:
                    9c:da:63:7e:41:51:fa:e3:ab:9c:83:9d:e1:24:13:
                    24:ac:84:f5:d5:da:2a:a7:d6:fb:62:4b:f8:fd:15:
                    3e:e4:95:93:3d:92:0d:1c:de:2f:6c:fe:7f:b7:45:
                    ee:7d:47:16:42:a5:70:43:e8:cf:83:a2:97:88:8b:
                    df:df:0c:df:2b:6a:33:80:32:71:65:4c:96:0f:f9:
                    86:da:a6:77:e8:aa:82:a5:9a:94:18:84:1c:78:96:
                    24:77:78:db:bc:c3:23:b1:e7:cd:7c:03:0d:2c:0b:
                    f7:b2:c0:d6:c7:0c:ff:16:18:45:4d:16:fa:c4:52:
                    65:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:03:5E:11:02:BC:71:85:70:63:04:60:FB:0E:D1:DE:D6:B4:F9:67
            X509v3 Authority Key Identifier:
                keyid:15:F5:C4:27:B5:0E:B9:E2:AA:F7:C5:AC:C1:B2:28:96:33:AB:53:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfXEJ7UOueKq98WswbIoljOrU1M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/f2d5e1-c997-46c4-8e60-a5d234586d90/1/PwNeEQK8cYVwYwRg-w7R3ta0-Wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/f2d5e1-c997-46c4-8e60-a5d234586d90/1/FfXEJ7UOueKq98WswbIoljOrU1M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.117.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:54:3d:fd:e8:15:d3:90:44:b8:d1:e0:97:e5:72:eb:ed:59:
         da:ec:38:fe:79:c0:35:1e:e6:8f:c6:f0:9c:b9:54:00:3b:c8:
         72:fc:eb:aa:23:8b:78:37:8c:39:80:77:de:83:b4:7e:c8:fc:
         ae:82:a7:36:df:cc:e1:57:89:2b:dd:af:b4:f6:7b:4d:b3:54:
         aa:1a:57:9c:0f:67:4e:87:21:a9:15:1c:8c:8e:b3:9f:46:de:
         7f:5f:51:48:09:ed:cc:2b:2b:03:22:2d:75:29:df:75:ce:50:
         d8:f5:16:70:20:93:e7:f9:19:ee:0f:16:34:1c:f8:ea:1d:cc:
         b8:b3:65:96:fa:5a:d1:ef:2c:8c:58:b7:c1:0d:a7:e4:87:3c:
         1c:0b:e0:a8:b7:25:73:22:4d:a0:25:d1:71:38:e2:7a:a5:54:
         fd:aa:3a:aa:97:e4:21:51:be:48:b2:57:a8:23:49:12:f4:23:
         64:da:02:23:31:d3:e3:6b:69:92:02:2e:7a:98:91:a7:b1:27:
         26:90:64:7f:56:d7:a4:99:a9:f1:34:44:a7:13:06:06:c1:52:
         cb:0e:d7:84:a2:2b:cc:50:75:d0:16:c9:9f:e7:ae:47:00:22:
         df:b5:25:0c:1c:11:ca:cb:d6:ef:bc:2e:17:fd:3d:c8:34:96:
         9c:0d:90:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpfFJzdGg9COuMvA0IDJR2bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjVjNDI3YjUwZWI5ZTJhYWY3YzVhY2MxYjIyODk2MzNh
YjUzNTMwHhcNMjUxMTA3MTYwOTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjAzNWUxMTAyYmM3MTg1NzA2MzA0NjBmYjBlZDFkZWQ2YjRmOTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gJ2uuKMHq1J7G1XDixzarsXwVZT
FwFQF/O4oTj2A8aBdo/LWGJpU/4RBmDLmvpbCUofYHwy8h3UWRgdIxRKyckAenUS
8vbHprIsCOKB+Q4CpVgeY23b8lfLCVGh735F+xUDCMiucst2Eq6B4kvv9VRBuUlh
lnCX8dMyUFGMX8HM3RSqWRac2mN+QVH646ucg53hJBMkrIT11doqp9b7Ykv4/RU+
5JWTPZINHN4vbP5/t0XufUcWQqVwQ+jPg6KXiIvf3wzfK2ozgDJxZUyWD/mG2qZ3
6KqCpZqUGIQceJYkd3jbvMMjsefNfAMNLAv3ssDWxwz/FhhFTRb6xFJlNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD8DXhECvHGFcGMEYPsO0d7WtPlnMB8GA1UdIwQY
MBaAFBX1xCe1DrniqvfFrMGyKJYzq1NTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZYRUo3VU91ZUtxOThXc3diSW9sak9yVTFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9mMmQ1ZTEtYzk5Ny00NmM0LThlNjAt
YTVkMjM0NTg2ZDkwLzEvUHdOZUVRSzhjWVZ3WXdSZy13N1IzdGEwLVdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9mMmQ1ZTEtYzk5Ny00NmM0LThlNjAtYTVkMjM0NTg2ZDkw
LzEvRmZYRUo3VU91ZUtxOThXc3diSW9sak9yVTFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVXX4MA0G
CSqGSIb3DQEBCwUAA4IBAQBnVD396BXTkES40eCX5XLr7Vna7Dj+ecA1HuaPxvCc
uVQAO8hy/OuqI4t4N4w5gHfeg7R+yPyugqc238zhV4kr3a+09ntNs1SqGlecD2dO
hyGpFRyMjrOfRt5/X1FICe3MKysDIi11Kd91zlDY9RZwIJPn+RnuDxY0HPjqHcy4
s2WW+lrR7yyMWLfBDafkhzwcC+CotyVzIk2gJdFxOOJ6pVT9qjqql+QhUb5Isleo
I0kS9CNk2gIjMdPja2mSAi56mJGnsScmkGR/VtekmanxNESnEwYGwVLLDteEoivM
UHXQFsmf565HACLftSUMHBHKy9bvvC4X/T3INJacDZCv
-----END CERTIFICATE-----