Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f6d25b-d543-422d-8b43-5fd098f3459d/1/vBgY54C9wF4igTn_ThI9AD2fAjA.roa
File:                     vBgY54C9wF4igTn_ThI9AD2fAjA.roa (raw, json)
Hash identifier:          QU8WNIR5SLJr3BG+FWmaZkiRSa43Txva+uD7lv+cdg8=
Subject key identifier:   BC:18:18:E7:80:BD:C0:5E:22:81:39:FF:4E:12:3D:00:3D:9F:02:30
Certificate issuer:       /CN=d61549f575b047bcbdc33e7d2d36eda8471fdeca
Certificate serial:       0198A953E565865E666B5BAA7D5BB79CFD2F
Authority key identifier: D6:15:49:F5:75:B0:47:BC:BD:C3:3E:7D:2D:36:ED:A8:47:1F:DE:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1hVJ9XWwR7y9wz59LTbtqEcf3so.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f6d25b-d543-422d-8b43-5fd098f3459d/1/vBgY54C9wF4igTn_ThI9AD2fAjA.roa
Signing time:             Thu 14 Aug 2025 16:05:04 +0000
ROA not before:           Thu 14 Aug 2025 16:05:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215540
IP address blocks:        185.138.88.0/24 maxlen: 24
                          185.138.89.0/24 maxlen: 24
                          185.138.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f6d25b-d543-422d-8b43-5fd098f3459d/1/1hVJ9XWwR7y9wz59LTbtqEcf3so.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f6d25b-d543-422d-8b43-5fd098f3459d/1/1hVJ9XWwR7y9wz59LTbtqEcf3so.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1hVJ9XWwR7y9wz59LTbtqEcf3so.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 16:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a9:53:e5:65:86:5e:66:6b:5b:aa:7d:5b:b7:9c:fd:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d61549f575b047bcbdc33e7d2d36eda8471fdeca
        Validity
            Not Before: Aug 14 16:05:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc1818e780bdc05e228139ff4e123d003d9f0230
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:0f:5e:f4:47:01:83:c9:7a:10:25:90:f1:63:
                    a6:c5:57:89:17:41:e9:a4:c8:14:28:4d:9b:c3:88:
                    31:fb:a7:89:54:3b:7d:ef:3a:64:c3:dc:37:76:5d:
                    93:60:52:4d:ba:ab:65:60:42:f9:5c:0e:fe:08:d7:
                    df:37:3c:4c:a7:fe:20:0d:65:a6:06:f6:62:f3:6c:
                    df:6f:78:12:87:5a:b6:67:4a:e1:61:1a:67:77:c0:
                    2d:82:79:b3:fb:38:82:66:af:c5:1a:fb:a9:0e:da:
                    13:55:01:b8:f3:83:58:c8:12:ec:a2:6d:57:f2:65:
                    08:0b:24:13:9a:fb:be:99:92:fa:5a:9f:af:95:cb:
                    79:16:ce:af:ef:bc:96:00:b8:a6:38:46:ea:7f:38:
                    e0:46:67:a0:f2:01:74:03:d2:d6:a7:c0:68:1c:a8:
                    57:cf:47:b3:58:2b:bd:99:19:a3:10:32:24:49:bc:
                    a4:0e:cf:a5:fb:02:d9:47:29:58:a0:4f:22:2d:06:
                    0f:eb:16:4b:4d:cd:1e:a0:77:fc:37:c9:f4:99:8e:
                    f9:c4:cc:9e:37:4d:c1:5a:5b:b0:34:a0:87:28:a0:
                    de:61:fb:15:24:db:43:54:9b:2e:8b:1c:9f:1f:e8:
                    44:da:d7:05:7b:98:3e:89:e3:62:50:b6:2c:cc:4a:
                    cc:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:18:18:E7:80:BD:C0:5E:22:81:39:FF:4E:12:3D:00:3D:9F:02:30
            X509v3 Authority Key Identifier:
                keyid:D6:15:49:F5:75:B0:47:BC:BD:C3:3E:7D:2D:36:ED:A8:47:1F:DE:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1hVJ9XWwR7y9wz59LTbtqEcf3so.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f6d25b-d543-422d-8b43-5fd098f3459d/1/vBgY54C9wF4igTn_ThI9AD2fAjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f6d25b-d543-422d-8b43-5fd098f3459d/1/1hVJ9XWwR7y9wz59LTbtqEcf3so.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.88.0-185.138.90.255

    Signature Algorithm: sha256WithRSAEncryption
         32:24:b8:37:27:e1:83:43:fc:6a:60:72:03:26:55:38:e7:53:
         79:bc:3d:12:6c:d2:d8:ff:9d:6a:3f:44:52:cf:92:fe:1e:ef:
         0b:64:ef:6e:1b:2d:14:98:88:09:94:46:25:c6:52:fb:8f:4d:
         46:ba:e6:4a:b8:a8:d5:e8:61:68:c1:e5:a6:25:da:eb:8d:51:
         13:03:98:fd:29:fb:ed:d8:bb:c3:0c:f7:8e:3d:56:64:67:9a:
         3e:ef:6e:4d:e1:33:36:3e:c9:a0:60:d1:87:05:fa:27:9e:53:
         d3:24:79:79:7a:ae:7e:ee:64:20:1a:28:24:20:5d:8a:1c:58:
         48:72:c2:00:81:d2:0d:e2:df:19:ef:bc:c0:a1:e6:64:54:3f:
         b4:70:a4:a3:f6:71:ff:f1:4e:84:c3:6b:68:e9:2e:58:10:0f:
         cc:3e:9a:18:5d:5a:ca:28:51:e7:36:14:f3:f6:04:00:20:fc:
         c4:f4:2b:2b:ce:fa:ee:70:85:52:1a:f0:f9:f8:8f:69:f4:0c:
         32:8f:e4:b8:e3:ed:19:0e:dc:e2:7e:db:59:69:ac:af:fb:c3:
         3b:f6:01:e3:26:78:a9:6e:11:68:a8:92:e8:9f:c3:45:0d:0f:
         7d:e3:03:f0:d7:14:5a:1e:e6:c5:78:2f:7e:73:80:a9:22:c1:
         26:e4:02:4d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZipU+Vlhl5ma1uqfVu3nP0vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MTU0OWY1NzViMDQ3YmNiZGMzM2U3ZDJkMzZlZGE4NDcx
ZmRlY2EwHhcNMjUwODE0MTYwNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzE4MThlNzgwYmRjMDVlMjI4MTM5ZmY0ZTEyM2QwMDNkOWYwMjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyA9e9EcBg8l6ECWQ8WOmxVeJF0Hp
pMgUKE2bw4gx+6eJVDt97zpkw9w3dl2TYFJNuqtlYEL5XA7+CNffNzxMp/4gDWWm
BvZi82zfb3gSh1q2Z0rhYRpnd8Atgnmz+ziCZq/FGvupDtoTVQG484NYyBLsom1X
8mUICyQTmvu+mZL6Wp+vlct5Fs6v77yWALimOEbqfzjgRmeg8gF0A9LWp8BoHKhX
z0ezWCu9mRmjEDIkSbykDs+l+wLZRylYoE8iLQYP6xZLTc0eoHf8N8n0mY75xMye
N03BWluwNKCHKKDeYfsVJNtDVJsuixyfH+hE2tcFe5g+ieNiULYszErM1QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLwYGOeAvcBeIoE5/04SPQA9nwIwMB8GA1UdIwQY
MBaAFNYVSfV1sEe8vcM+fS027ahHH97KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWhWSjlYV3dSN3k5d3o1OUxUYnRxRWNmM3NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNmQyNWItZDU0My00MjJkLThiNDMt
NWZkMDk4ZjM0NTlkLzEvdkJnWTU0Qzl3RjRpZ1RuX1RoSTlBRDJmQWpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNmQyNWItZDU0My00MjJkLThiNDMtNWZkMDk4ZjM0NTlk
LzEvMWhWSjlYV3dSN3k5d3o1OUxUYnRxRWNmM3NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAO5ilgD
BAC5ilowDQYJKoZIhvcNAQELBQADggEBADIkuDcn4YND/GpgcgMmVTjnU3m8PRJs
0tj/nWo/RFLPkv4e7wtk724bLRSYiAmURiXGUvuPTUa65kq4qNXoYWjB5aYl2uuN
URMDmP0p++3Yu8MM9449VmRnmj7vbk3hMzY+yaBg0YcF+ieeU9MkeXl6rn7uZCAa
KCQgXYocWEhywgCB0g3i3xnvvMCh5mRUP7RwpKP2cf/xToTDa2jpLlgQD8w+mhhd
WsooUec2FPP2BAAg/MT0KyvO+u5whVIa8Pn4j2n0DDKP5Ljj7RkO3OJ+21lprK/7
wzv2AeMmeKluEWiokuifw0UND33jA/DXFFoe5sV4L35zgKkiwSbkAk0=
-----END CERTIFICATE-----