Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/1o33mTVp-sLzAkicxLikSA75wg4.roa
File:                     1o33mTVp-sLzAkicxLikSA75wg4.roa (raw, json)
Hash identifier:          ed6GlmsVsZfCNGu9N0GdJBDRnv8UTZkZYrtU19ndjKI=
Subject key identifier:   D6:8D:F7:99:35:69:FA:C2:F3:02:48:9C:C4:B8:A4:48:0E:F9:C2:0E
Certificate issuer:       /CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
Certificate serial:       01990B7A1D34AE3B4BAA6438EB5725EC35E7
Authority key identifier: B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/1o33mTVp-sLzAkicxLikSA75wg4.roa
Signing time:             Tue 02 Sep 2025 17:29:36 +0000
ROA not before:           Tue 02 Sep 2025 17:29:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205261
IP address blocks:        185.69.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 23:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0b:7a:1d:34:ae:3b:4b:aa:64:38:eb:57:25:ec:35:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
        Validity
            Not Before: Sep  2 17:29:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d68df7993569fac2f302489cc4b8a4480ef9c20e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ec:4e:48:01:f3:fc:ba:df:d2:53:cb:99:cf:
                    3f:94:8c:d5:b8:46:d8:8f:1b:17:e9:45:0f:f3:71:
                    19:b2:26:ad:2d:86:28:4a:18:7c:88:02:ce:c5:74:
                    88:0f:bc:fe:c5:7e:d9:0f:be:41:e2:e4:67:50:1d:
                    b3:24:87:e6:bf:41:41:67:50:f9:18:e0:fd:b1:cb:
                    8c:75:27:f5:fc:ec:d4:54:66:9e:46:e4:47:ee:75:
                    cb:9d:d2:4b:3d:2b:6d:aa:d1:25:29:5e:ed:0c:c8:
                    71:a3:2b:f4:83:1d:62:92:1c:d0:7f:37:20:e2:73:
                    67:e3:85:33:71:bb:48:a1:06:60:b6:23:6a:45:f0:
                    78:1e:e5:4a:79:fb:88:dc:2c:8e:04:79:f6:61:03:
                    e2:8b:bc:e3:fc:56:40:13:cd:c0:c2:d9:be:78:3a:
                    1e:18:7f:f6:23:ac:36:e8:8e:4f:c3:e6:13:45:c0:
                    c5:ea:38:b5:1f:0f:a3:29:65:19:a8:ae:95:6f:6b:
                    a7:0b:da:98:a1:fc:a7:37:df:fe:c9:a4:64:b2:31:
                    04:c0:4a:dd:63:1f:2a:75:06:aa:70:8b:3d:ef:9f:
                    1e:ff:99:b7:88:16:d5:5c:36:77:78:48:f8:d1:76:
                    a6:a5:49:c3:09:4c:63:0f:a4:02:5d:14:f2:ef:c0:
                    54:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:8D:F7:99:35:69:FA:C2:F3:02:48:9C:C4:B8:A4:48:0E:F9:C2:0E
            X509v3 Authority Key Identifier:
                keyid:B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/1o33mTVp-sLzAkicxLikSA75wg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:f8:b1:af:0b:61:c7:9d:88:53:60:46:2a:52:3b:54:65:b9:
         74:6c:0d:93:53:81:3b:7a:f4:12:d2:bb:2c:59:50:ec:51:2d:
         e1:cb:2f:47:72:b8:c5:60:fe:60:1b:1a:fb:0f:da:25:a8:7e:
         bd:b0:4e:9e:3f:83:44:b0:d7:1e:1c:e1:29:c3:a7:e0:87:51:
         d0:db:8c:99:89:e4:32:6d:d7:2f:62:56:50:92:a7:bc:32:11:
         be:30:c8:e7:30:4f:ed:b1:09:f4:79:bc:a2:12:45:f1:a5:0b:
         fd:d2:6f:7a:e3:ec:52:25:e1:8d:85:66:a6:1a:6f:ac:6a:f6:
         eb:91:5e:4d:d7:52:79:f4:09:61:11:64:3d:fe:8e:4c:6e:a1:
         1c:20:4c:de:fb:87:73:f3:85:42:2d:0f:0f:af:32:a5:8d:d3:
         9a:ef:8e:c0:88:40:fd:14:fa:f0:9b:30:d8:98:5c:ee:10:fe:
         4a:4a:a4:77:9f:92:76:06:0f:4e:67:3f:1e:b2:c2:da:2e:f3:
         80:f1:d7:8d:4f:72:3d:7f:66:9e:60:b9:e5:95:b1:05:81:a2:
         bc:44:ba:a1:ca:4f:25:91:cd:6a:cf:ce:1e:3e:4b:45:ad:7a:
         7e:ea:fa:07:0a:a9:e1:3b:7e:94:4b:bd:96:ed:78:93:87:92:
         1e:69:0b:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkLeh00rjtLqmQ461cl7DXnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZWE4OTM2ZjhlNTMwNjNiNGIzYmRmMGYzYjE1YjJhZTY2
N2VmMTMwHhcNMjUwOTAyMTcyOTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjhkZjc5OTM1NjlmYWMyZjMwMjQ4OWNjNGI4YTQ0ODBlZjljMjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluxOSAHz/Lrf0lPLmc8/lIzVuEbY
jxsX6UUP83EZsiatLYYoShh8iALOxXSID7z+xX7ZD75B4uRnUB2zJIfmv0FBZ1D5
GOD9scuMdSf1/OzUVGaeRuRH7nXLndJLPSttqtElKV7tDMhxoyv0gx1ikhzQfzcg
4nNn44UzcbtIoQZgtiNqRfB4HuVKefuI3CyOBHn2YQPii7zj/FZAE83Awtm+eDoe
GH/2I6w26I5Pw+YTRcDF6ji1Hw+jKWUZqK6Vb2unC9qYofynN9/+yaRksjEEwErd
Yx8qdQaqcIs9758e/5m3iBbVXDZ3eEj40XampUnDCUxjD6QCXRTy78BUHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNaN95k1afrC8wJInMS4pEgO+cIOMB8GA1UdIwQY
MBaAFLnqiTb45TBjtLO98POxWyrmZ+8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEt
YjI1MDk5N2ZjNzVkLzEvMW8zM21UVnAtc0x6QWtpY3hMaWtTQTc1d2c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEtYjI1MDk5N2ZjNzVk
LzEvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUXdMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ+LGvC2HHnYhTYEYqUjtUZbl0bA2TU4E7evQS0rss
WVDsUS3hyy9HcrjFYP5gGxr7D9olqH69sE6eP4NEsNceHOEpw6fgh1HQ24yZieQy
bdcvYlZQkqe8MhG+MMjnME/tsQn0ebyiEkXxpQv90m964+xSJeGNhWamGm+savbr
kV5N11J59AlhEWQ9/o5MbqEcIEze+4dz84VCLQ8PrzKljdOa747AiED9FPrwmzDY
mFzuEP5KSqR3n5J2Bg9OZz8essLaLvOA8deNT3I9f2aeYLnllbEFgaK8RLqhyk8l
kc1qz84ePktFrXp+6voHCqnhO36US72W7XiTh5IeaQvq
-----END CERTIFICATE-----