Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/SVDba3c5JwKNT_9O80xlrgywUPo.roa
File:                     SVDba3c5JwKNT_9O80xlrgywUPo.roa (raw, json)
Hash identifier:          y8/CxIFfpyDYuv3uKMMuzQkteVC7KubD/FZFFVGPFkE=
Subject key identifier:   49:50:DB:6B:77:39:27:02:8D:4F:FF:4E:F3:4C:65:AE:0C:B0:50:FA
Certificate issuer:       /CN=126c660b30f5692b2b16e289b24901c518fda520
Certificate serial:       019953CE573974E6971714C84B8E1513ABC2
Authority key identifier: 12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/SVDba3c5JwKNT_9O80xlrgywUPo.roa
Signing time:             Tue 16 Sep 2025 18:34:15 +0000
ROA not before:           Tue 16 Sep 2025 18:34:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401951
IP address blocks:        185.161.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Sep 2025 22:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:53:ce:57:39:74:e6:97:17:14:c8:4b:8e:15:13:ab:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=126c660b30f5692b2b16e289b24901c518fda520
        Validity
            Not Before: Sep 16 18:34:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4950db6b773927028d4fff4ef34c65ae0cb050fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:df:59:2f:82:27:93:23:0e:84:bd:af:ff:6c:
                    5f:a1:eb:9c:68:91:cd:1d:ce:0b:51:c4:ae:8d:78:
                    f6:af:95:df:65:99:66:2d:12:69:b1:b6:7f:46:62:
                    84:71:bd:f0:f8:46:a0:d3:02:0c:99:f8:47:7f:2c:
                    3b:4d:1d:89:73:48:f8:d4:dd:cb:57:cf:92:89:47:
                    1f:95:3c:9d:02:62:0b:57:78:9a:0f:b3:89:06:21:
                    7f:0d:b4:f7:b9:f8:18:31:ad:0a:c2:cb:22:83:f3:
                    03:c0:d1:85:0d:4c:8b:d3:9e:b9:8f:9a:fb:35:83:
                    f4:ff:69:eb:8c:3f:53:c0:08:d8:b7:42:70:3c:b3:
                    88:3a:76:55:3b:5e:00:97:32:c1:d3:02:aa:30:1b:
                    87:bd:e4:76:a0:07:63:7b:18:d0:38:e1:cd:c0:89:
                    58:61:13:6f:e2:1d:e8:94:64:ba:cd:1d:f7:3b:e8:
                    c4:eb:14:05:8d:38:cc:32:b2:13:b7:df:f5:eb:38:
                    a0:bb:0b:94:97:d8:46:36:a1:9a:31:24:08:36:06:
                    53:23:c9:9b:b6:7a:c6:bc:de:28:27:b9:62:36:6d:
                    29:f6:22:28:54:89:79:54:39:92:58:ad:11:00:72:
                    b5:ac:4d:99:e6:c2:3e:ff:3b:93:9d:e0:9b:2f:3a:
                    12:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:50:DB:6B:77:39:27:02:8D:4F:FF:4E:F3:4C:65:AE:0C:B0:50:FA
            X509v3 Authority Key Identifier:
                keyid:12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/SVDba3c5JwKNT_9O80xlrgywUPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:2c:e0:47:5c:62:c9:06:37:e4:25:10:c1:8d:35:be:e6:4f:
         8f:5b:a9:e1:86:46:48:7c:33:5e:bd:be:d3:5e:53:b5:2a:24:
         47:b7:82:da:d9:1c:07:1f:01:df:9b:6a:b5:ed:46:d7:a4:45:
         95:57:06:a6:8d:48:da:0b:1e:cd:f7:ae:5c:a7:ad:f9:1b:98:
         02:28:18:40:32:15:cf:54:ad:2a:51:d9:7a:99:b9:fd:bc:9c:
         4d:c2:ea:67:e7:b4:d8:c3:4b:89:d3:64:23:c0:29:a7:3c:52:
         6a:7b:b4:6c:e2:7e:63:a2:d9:40:c2:7e:49:cd:01:69:ec:e8:
         46:d1:00:4b:fd:d7:26:9e:28:de:36:ab:1b:9c:49:17:c1:ff:
         00:e7:ce:d4:0a:0b:6c:af:f3:ee:5b:3d:cb:ee:a1:7f:cd:51:
         6b:fb:62:55:40:8e:0e:3d:60:1c:02:1f:4a:a7:6c:e2:76:e4:
         2a:5b:85:89:90:64:ff:41:27:4d:8a:e6:87:2f:4b:80:ab:90:
         bc:9c:33:33:fc:e1:0a:a2:b7:24:57:74:1d:a0:78:1e:90:84:
         d7:ad:9a:fe:1e:af:4d:82:a3:21:1e:95:9f:2f:a5:4b:44:9e:
         33:6f:f3:57:15:f6:ca:bf:27:94:69:39:a5:f9:3e:45:3e:c8:
         5c:df:98:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlTzlc5dOaXFxTIS44VE6vCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNmM2NjBiMzBmNTY5MmIyYjE2ZTI4OWIyNDkwMWM1MThm
ZGE1MjAwHhcNMjUwOTE2MTgzNDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTUwZGI2Yjc3MzkyNzAyOGQ0ZmZmNGVmMzRjNjVhZTBjYjA1MGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo99ZL4InkyMOhL2v/2xfoeucaJHN
Hc4LUcSujXj2r5XfZZlmLRJpsbZ/RmKEcb3w+Eag0wIMmfhHfyw7TR2Jc0j41N3L
V8+SiUcflTydAmILV3iaD7OJBiF/DbT3ufgYMa0Kwssig/MDwNGFDUyL0565j5r7
NYP0/2nrjD9TwAjYt0JwPLOIOnZVO14AlzLB0wKqMBuHveR2oAdjexjQOOHNwIlY
YRNv4h3olGS6zR33O+jE6xQFjTjMMrITt9/16ziguwuUl9hGNqGaMSQINgZTI8mb
tnrGvN4oJ7liNm0p9iIoVIl5VDmSWK0RAHK1rE2Z5sI+/zuTneCbLzoSqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFElQ22t3OScCjU//TvNMZa4MsFD6MB8GA1UdIwQY
MBaAFBJsZgsw9WkrKxbiibJJAcUY/aUgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW14bUN6RDFhU3NyRnVLSnNra0J4Umo5cFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9kYjc4N2YtYzI3YS00ZjIzLTk5YjIt
NDM4YWNiNzJmYzViLzEvU1ZEYmEzYzVKd0tOVF85TzgweGxyZ3l3VVBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9kYjc4N2YtYzI3YS00ZjIzLTk5YjItNDM4YWNiNzJmYzVi
LzEvRW14bUN6RDFhU3NyRnVLSnNra0J4Umo5cFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaH8MA0G
CSqGSIb3DQEBCwUAA4IBAQAtLOBHXGLJBjfkJRDBjTW+5k+PW6nhhkZIfDNevb7T
XlO1KiRHt4La2RwHHwHfm2q17UbXpEWVVwamjUjaCx7N965cp635G5gCKBhAMhXP
VK0qUdl6mbn9vJxNwupn57TYw0uJ02QjwCmnPFJqe7Rs4n5jotlAwn5JzQFp7OhG
0QBL/dcmnijeNqsbnEkXwf8A587UCgtsr/PuWz3L7qF/zVFr+2JVQI4OPWAcAh9K
p2ziduQqW4WJkGT/QSdNiuaHL0uAq5C8nDMz/OEKorckV3QdoHgekITXrZr+Hq9N
gqMhHpWfL6VLRJ4zb/NXFfbKvyeUaTml+T5FPshc35hS
-----END CERTIFICATE-----