Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/cY4oD3aJCA3hPJ-HG5yOe86pth0.roa
File:                     cY4oD3aJCA3hPJ-HG5yOe86pth0.roa (raw, json)
Hash identifier:          6XtYpPP1NejHMwoPGzkgvVeeFIxmxEEEbrl1v95CK6c=
Subject key identifier:   71:8E:28:0F:76:89:08:0D:E1:3C:9F:87:1B:9C:8E:7B:CE:A9:B6:1D
Certificate issuer:       /CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Certificate serial:       01992F98BBFD9FECC67DCCF912C03F910643
Authority key identifier: 9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/cY4oD3aJCA3hPJ-HG5yOe86pth0.roa
Signing time:             Tue 09 Sep 2025 17:49:22 +0000
ROA not before:           Tue 09 Sep 2025 17:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211701
IP address blocks:        185.216.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 15:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2f:98:bb:fd:9f:ec:c6:7d:cc:f9:12:c0:3f:91:06:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
        Validity
            Not Before: Sep  9 17:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=718e280f7689080de13c9f871b9c8e7bcea9b61d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:ab:df:b4:33:1a:92:33:b9:fd:8a:01:ba:c4:
                    39:21:04:37:1e:ac:8f:da:99:b6:f2:fc:9f:a0:6c:
                    d8:34:6e:9a:4f:c9:df:81:15:07:ed:94:82:2c:e3:
                    14:2d:eb:aa:c6:2b:8f:36:ab:a5:1f:37:f8:ef:d8:
                    a4:72:2b:ee:26:75:7d:d8:fb:ce:56:3b:6b:7b:f4:
                    95:9c:ba:49:94:c4:a4:4c:a6:c3:74:0c:6a:dd:e1:
                    f8:6f:6f:72:59:71:d8:6b:db:61:1f:cf:0c:0d:65:
                    5a:82:9c:90:6d:99:c7:27:64:37:70:30:00:0d:ca:
                    e5:94:5c:c9:de:68:ce:9e:79:c9:64:50:14:47:ec:
                    85:e5:25:0d:c0:44:59:c0:85:3b:77:39:48:ce:c0:
                    aa:a1:65:42:59:e8:34:08:88:71:88:7b:14:ca:ee:
                    a5:67:f3:50:d1:fc:30:be:36:3a:0f:94:ec:25:94:
                    fe:c9:e2:53:46:e7:b1:d5:97:2b:a3:4e:a1:fe:60:
                    bd:a9:7a:34:c7:90:e8:93:cb:d4:75:9a:1a:af:0c:
                    af:cb:c9:48:0f:c1:d3:62:5c:4b:4b:b1:8a:da:ea:
                    fe:1d:36:d4:5f:d0:93:18:72:7e:a8:9c:99:a2:c7:
                    9d:70:6e:13:e0:ae:1f:f1:03:6a:08:ad:fb:75:c2:
                    f4:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:8E:28:0F:76:89:08:0D:E1:3C:9F:87:1B:9C:8E:7B:CE:A9:B6:1D
            X509v3 Authority Key Identifier:
                keyid:9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/cY4oD3aJCA3hPJ-HG5yOe86pth0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:ce:b1:35:97:1a:e8:2f:7e:2e:68:c9:d7:36:2d:f8:0c:e9:
         2d:91:d0:48:7c:e3:c7:20:ba:54:f0:18:2c:a2:54:d5:40:70:
         bd:74:16:0a:a2:ba:e2:f2:63:71:17:a0:08:d9:27:ef:84:cd:
         96:92:ae:79:8f:b9:6b:fb:71:d1:75:66:d3:a0:30:2c:61:c5:
         62:db:63:7f:80:47:57:52:93:83:c8:b5:5e:9b:0a:ab:82:a8:
         b1:64:62:85:52:b8:b1:9a:54:32:a4:58:b2:6f:b2:cb:cc:e8:
         99:93:63:ef:28:d1:bb:84:b6:3f:f7:87:71:00:0c:4b:3e:e2:
         ed:ed:6b:54:0e:47:23:72:a3:bc:eb:40:64:e0:98:2d:a2:1f:
         18:92:43:9d:2b:2c:9a:0d:2a:f4:e7:66:7e:e1:8a:0e:41:5f:
         cb:c7:fc:be:d5:9b:22:5d:54:eb:90:26:89:e7:a9:8a:75:89:
         8b:b9:93:f1:35:f1:51:e4:66:5d:e8:fa:16:ee:e8:52:9e:c9:
         0d:f1:17:97:00:7b:74:c0:ad:5e:77:ba:05:de:d7:f4:bb:da:
         e3:44:d7:1d:24:00:50:60:87:87:a3:10:ac:90:91:b7:1d:98:
         a3:dc:e5:63:0d:5c:75:a8:20:9a:27:b5:84:24:0d:0f:51:7b:
         0d:77:40:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkvmLv9n+zGfcz5EsA/kQZDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNTQyZjVkZjNjMWFjYjg1N2ZkNTBlZWIwMTZlZWQwNzM4
NWZmOGMwHhcNMjUwOTA5MTc0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MThlMjgwZjc2ODkwODBkZTEzYzlmODcxYjljOGU3YmNlYTliNjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA06vftDMakjO5/YoBusQ5IQQ3HqyP
2pm28vyfoGzYNG6aT8nfgRUH7ZSCLOMULeuqxiuPNqulHzf479ikcivuJnV92PvO
Vjtre/SVnLpJlMSkTKbDdAxq3eH4b29yWXHYa9thH88MDWVagpyQbZnHJ2Q3cDAA
DcrllFzJ3mjOnnnJZFAUR+yF5SUNwERZwIU7dzlIzsCqoWVCWeg0CIhxiHsUyu6l
Z/NQ0fwwvjY6D5TsJZT+yeJTRuex1Zcro06h/mC9qXo0x5Dok8vUdZoarwyvy8lI
D8HTYlxLS7GK2ur+HTbUX9CTGHJ+qJyZosedcG4T4K4f8QNqCK37dcL0JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHGOKA92iQgN4TyfhxucjnvOqbYdMB8GA1UdIwQY
MBaAFJxUL13zway4V/1Q7rAW7tBzhf+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUt
MjVkYmY0MzgwNGM1LzEvY1k0b0QzYUpDQTNoUEotSEc1eU9lODZwdGgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUtMjVkYmY0MzgwNGM1
LzEvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudi+MA0G
CSqGSIb3DQEBCwUAA4IBAQCRzrE1lxroL34uaMnXNi34DOktkdBIfOPHILpU8Bgs
olTVQHC9dBYKorri8mNxF6AI2SfvhM2Wkq55j7lr+3HRdWbToDAsYcVi22N/gEdX
UpODyLVemwqrgqixZGKFUrixmlQypFiyb7LLzOiZk2PvKNG7hLY/94dxAAxLPuLt
7WtUDkcjcqO860Bk4Jgtoh8YkkOdKyyaDSr052Z+4YoOQV/Lx/y+1ZsiXVTrkCaJ
56mKdYmLuZPxNfFR5GZd6PoW7uhSnskN8ReXAHt0wK1ed7oF3tf0u9rjRNcdJABQ
YIeHoxCskJG3HZij3OVjDVx1qCCaJ7WEJA0PUXsNd0AN
-----END CERTIFICATE-----