Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/ijeoYWWuQU7RZMBbxRTbMcXGHJ0.roa
File:                     ijeoYWWuQU7RZMBbxRTbMcXGHJ0.roa (raw, json)
Hash identifier:          EhlVkFVVdh4wazceOuNOkG+gmIkWhBrp+b57IZ5gdpU=
Subject key identifier:   8A:37:A8:61:65:AE:41:4E:D1:64:C0:5B:C5:14:DB:31:C5:C6:1C:9D
Certificate issuer:       /CN=6f0b15193816fd15dcfd047db4eeca672912bb60
Certificate serial:       019A006DAD03B9D202C1B800F685286AC961
Authority key identifier: 6F:0B:15:19:38:16:FD:15:DC:FD:04:7D:B4:EE:CA:67:29:12:BB:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/ijeoYWWuQU7RZMBbxRTbMcXGHJ0.roa
Signing time:             Mon 20 Oct 2025 07:02:58 +0000
ROA not before:           Mon 20 Oct 2025 07:02:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.167.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 Oct 2025 19:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:00:6d:ad:03:b9:d2:02:c1:b8:00:f6:85:28:6a:c9:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f0b15193816fd15dcfd047db4eeca672912bb60
        Validity
            Not Before: Oct 20 07:02:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a37a86165ae414ed164c05bc514db31c5c61c9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:a8:6d:d4:79:0e:f0:80:ff:34:7e:72:35:ac:
                    e8:bd:69:2b:59:7c:7e:00:1e:c0:cc:da:dc:4c:c6:
                    b2:81:d5:70:6f:44:1b:01:74:79:34:a8:ad:a9:da:
                    52:f8:67:bf:ff:23:7a:5d:00:86:1d:0f:94:6b:c4:
                    6c:5a:04:be:fc:92:f9:aa:b9:9b:00:e0:19:3a:4b:
                    26:73:ed:73:f9:f4:bf:7b:5a:1a:18:f7:b4:3a:8d:
                    8a:6e:cc:11:58:d6:9f:ff:e3:f4:47:23:c3:0b:b8:
                    88:98:9e:29:0f:af:3b:19:09:92:bf:54:d0:f9:61:
                    0d:b9:44:12:b7:40:3a:3e:f5:5c:ad:29:7f:95:77:
                    9c:6b:73:7c:d4:c6:1d:02:71:98:26:00:f2:37:3f:
                    4a:f5:02:b5:55:44:58:9c:8f:57:30:bb:45:4e:19:
                    d2:43:a1:83:44:72:b3:23:bb:dd:d9:db:54:d7:e3:
                    10:1a:6b:20:0a:a0:5b:7d:69:02:fa:56:a1:4f:62:
                    d7:83:47:0d:8a:c3:37:e3:ca:3a:8d:43:3f:2a:c6:
                    75:1d:58:ad:2a:4f:c2:95:8a:fd:41:2d:06:20:40:
                    22:af:d2:4d:d0:1f:1a:9a:4f:ea:11:83:fb:17:f9:
                    70:02:3c:a9:e3:c2:c9:1e:d3:b0:8f:3b:a5:87:82:
                    9a:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:37:A8:61:65:AE:41:4E:D1:64:C0:5B:C5:14:DB:31:C5:C6:1C:9D
            X509v3 Authority Key Identifier:
                keyid:6F:0B:15:19:38:16:FD:15:DC:FD:04:7D:B4:EE:CA:67:29:12:BB:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bwsVGTgW_RXc_QR9tO7KZykSu2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/ijeoYWWuQU7RZMBbxRTbMcXGHJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/958841-f6b0-4249-8046-9cf843f05670/1/bwsVGTgW_RXc_QR9tO7KZykSu2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:e2:fe:ab:bd:b4:df:d8:ff:22:6d:dc:00:e2:73:b4:75:40:
         ca:25:b3:06:da:fd:16:75:af:a4:26:02:0e:e1:b2:e4:1f:83:
         fc:a1:60:c2:9f:58:f5:7a:6d:3f:ef:c8:cb:1b:9c:34:73:20:
         a5:7b:6e:c6:8f:4b:44:56:db:3f:8a:36:55:45:68:cc:33:2e:
         ed:f4:86:ea:48:b0:db:87:9e:fe:ff:6d:83:e0:45:0e:c3:de:
         81:50:1e:dd:e5:c2:0e:14:1d:20:51:0e:49:8c:14:d0:71:4b:
         8a:ec:41:83:6a:9b:7e:0e:f7:e7:32:74:47:05:23:0a:e2:ed:
         97:0e:bc:55:78:20:f2:50:aa:21:28:12:1e:23:e5:48:06:7f:
         b4:95:1f:58:30:89:a5:59:98:cc:a6:96:b5:0c:08:17:4a:45:
         0c:b2:6d:04:7a:a8:5b:fb:71:91:49:4a:37:46:9b:67:ed:00:
         38:64:24:40:8e:fe:dc:8b:a4:d8:ed:1e:0c:71:09:4a:66:c4:
         a0:a9:72:74:88:42:79:6c:89:de:1b:5e:da:3f:6d:22:07:fb:
         b9:a8:dd:bb:a4:91:da:07:46:80:88:80:15:a0:d0:85:c4:a5:
         78:3e:74:ef:66:55:ee:df:b2:c0:e6:9c:a7:2b:ae:b0:2b:d8:
         6f:7c:f1:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoAba0DudICwbgA9oUoaslhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMGIxNTE5MzgxNmZkMTVkY2ZkMDQ3ZGI0ZWVjYTY3Mjkx
MmJiNjAwHhcNMjUxMDIwMDcwMjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTM3YTg2MTY1YWU0MTRlZDE2NGMwNWJjNTE0ZGIzMWM1YzYxYzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaht1HkO8ID/NH5yNazovWkrWXx+
AB7AzNrcTMaygdVwb0QbAXR5NKitqdpS+Ge//yN6XQCGHQ+Ua8RsWgS+/JL5qrmb
AOAZOksmc+1z+fS/e1oaGPe0Oo2KbswRWNaf/+P0RyPDC7iImJ4pD687GQmSv1TQ
+WENuUQSt0A6PvVcrSl/lXeca3N81MYdAnGYJgDyNz9K9QK1VURYnI9XMLtFThnS
Q6GDRHKzI7vd2dtU1+MQGmsgCqBbfWkC+lahT2LXg0cNisM348o6jUM/KsZ1HVit
Kk/ClYr9QS0GIEAir9JN0B8amk/qEYP7F/lwAjyp48LJHtOwjzulh4KagwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIo3qGFlrkFO0WTAW8UU2zHFxhydMB8GA1UdIwQY
MBaAFG8LFRk4Fv0V3P0EfbTuymcpErtgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYndzVkdUZ1dfUlhjX1FSOXRPN0taeWtTdTJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS85NTg4NDEtZjZiMC00MjQ5LTgwNDYt
OWNmODQzZjA1NjcwLzEvaWplb1lXV3VRVTdSWk1CYnhSVGJNY1hHSEowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS85NTg4NDEtZjZiMC00MjQ5LTgwNDYtOWNmODQzZjA1Njcw
LzEvYndzVkdUZ1dfUlhjX1FSOXRPN0taeWtTdTJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuafoMA0G
CSqGSIb3DQEBCwUAA4IBAQCt4v6rvbTf2P8ibdwA4nO0dUDKJbMG2v0Wda+kJgIO
4bLkH4P8oWDCn1j1em0/78jLG5w0cyCle27Gj0tEVts/ijZVRWjMMy7t9IbqSLDb
h57+/22D4EUOw96BUB7d5cIOFB0gUQ5JjBTQcUuK7EGDapt+DvfnMnRHBSMK4u2X
DrxVeCDyUKohKBIeI+VIBn+0lR9YMImlWZjMppa1DAgXSkUMsm0Eeqhb+3GRSUo3
Rptn7QA4ZCRAjv7ci6TY7R4McQlKZsSgqXJ0iEJ5bIneG17aP20iB/u5qN27pJHa
B0aAiIAVoNCFxKV4PnTvZlXu37LA5pynK66wK9hvfPGw
-----END CERTIFICATE-----