Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/uJPBnwCQe4pWBPSakttM1tJFVcw.roa
File:                     uJPBnwCQe4pWBPSakttM1tJFVcw.roa (raw, json)
Hash identifier:          SlkGHJE+y8/3ykMchDghQk+vAt9Ko0/kJI2Pi7OwLbY=
Subject key identifier:   B8:93:C1:9F:00:90:7B:8A:56:04:F4:9A:92:DB:4C:D6:D2:45:55:CC
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       0198ACFAA66A6D1C105AE96FAD645C04AD11
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/uJPBnwCQe4pWBPSakttM1tJFVcw.roa
Signing time:             Fri 15 Aug 2025 09:06:04 +0000
ROA not before:           Fri 15 Aug 2025 09:06:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202736
IP address blocks:        185.219.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 19:03:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ac:fa:a6:6a:6d:1c:10:5a:e9:6f:ad:64:5c:04:ad:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Aug 15 09:06:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b893c19f00907b8a5604f49a92db4cd6d24555cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:3e:b0:0e:b5:5a:12:eb:40:d6:7b:72:9e:35:
                    a4:73:7f:71:de:79:04:41:b8:75:c4:9e:3f:df:43:
                    1d:64:03:08:01:34:ac:e2:9d:f1:1c:bb:28:04:e0:
                    94:d2:55:37:4b:00:23:87:50:25:56:b9:e8:c6:ef:
                    8d:2c:2c:93:78:9e:62:fe:86:c7:ac:04:ce:2a:5d:
                    ac:f2:c5:76:aa:71:69:3a:bc:cb:5e:70:b5:b2:7b:
                    bd:c9:be:a8:f2:ec:d1:f6:77:86:15:82:43:91:2e:
                    4c:d2:4e:0e:b1:9e:64:ce:5e:24:64:06:4a:50:bb:
                    86:de:3a:17:1a:48:00:39:7a:e2:72:1f:b4:ef:f8:
                    25:97:2c:e7:19:5d:cf:86:ef:f1:07:d2:16:6f:43:
                    39:64:f7:07:55:b7:6a:13:ea:a1:4c:05:1d:a9:0f:
                    52:21:0d:18:5c:eb:22:7e:2f:6c:10:e1:fb:5a:9b:
                    13:41:bd:17:1b:bc:fc:80:ed:1b:eb:75:b3:8c:7d:
                    1f:2c:25:97:59:45:6d:45:25:66:fb:d2:67:d4:30:
                    30:0f:55:e3:46:b2:ce:b5:34:a2:e1:66:74:9d:6c:
                    77:48:21:98:ca:4b:6a:fa:92:40:8a:52:dc:c2:58:
                    26:e3:f5:2e:0c:72:21:69:53:cc:de:dc:f1:cc:e3:
                    3f:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:93:C1:9F:00:90:7B:8A:56:04:F4:9A:92:DB:4C:D6:D2:45:55:CC
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/uJPBnwCQe4pWBPSakttM1tJFVcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e2:6a:1e:a1:79:db:66:ad:e1:80:0e:46:b5:da:d9:f4:e6:8a:
         b8:3c:2f:d9:fe:60:18:17:e2:06:83:ba:e1:47:a0:e6:be:58:
         fb:cb:2d:c7:ab:44:67:d6:fb:66:08:6a:3b:7a:37:a7:b0:ee:
         d4:96:74:40:ca:e0:4f:45:ca:95:db:ff:d2:00:38:52:6e:78:
         fb:06:ac:1c:78:89:c8:48:f0:30:4e:2d:91:a1:08:ae:74:ca:
         50:20:ac:dc:05:6c:8a:14:ea:4d:27:16:29:49:5b:de:a9:ba:
         33:7d:7d:9e:55:a0:9b:c5:c8:85:14:86:0f:59:02:ea:fa:74:
         5a:6f:51:7e:46:fa:03:78:65:9a:d2:ec:7e:63:38:30:40:90:
         04:fd:1f:58:6b:42:fe:db:ed:2b:02:0a:1a:13:2d:eb:e1:df:
         28:49:e8:61:87:10:e4:62:2d:a9:7d:24:95:a1:4f:54:37:38:
         33:ec:2c:e2:2d:81:30:df:c5:d6:e1:93:ce:72:52:c8:c3:54:
         94:e2:8b:74:ab:c1:e5:04:cd:f5:7a:31:f3:fa:ee:cc:fd:78:
         5e:48:3c:63:df:da:5b:a0:2a:19:99:ec:83:b6:15:6c:20:6a:
         56:c1:bf:c0:f0:c2:2e:a0:25:9c:aa:30:c4:28:99:43:d7:5e:
         37:8d:5f:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZis+qZqbRwQWulvrWRcBK0RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjUwODE1MDkwNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODkzYzE5ZjAwOTA3YjhhNTYwNGY0OWE5MmRiNGNkNmQyNDU1NWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwj6wDrVaEutA1ntynjWkc39x3nkE
Qbh1xJ4/30MdZAMIATSs4p3xHLsoBOCU0lU3SwAjh1AlVrnoxu+NLCyTeJ5i/obH
rATOKl2s8sV2qnFpOrzLXnC1snu9yb6o8uzR9neGFYJDkS5M0k4OsZ5kzl4kZAZK
ULuG3joXGkgAOXrich+07/gllyznGV3Phu/xB9IWb0M5ZPcHVbdqE+qhTAUdqQ9S
IQ0YXOsifi9sEOH7WpsTQb0XG7z8gO0b63WzjH0fLCWXWUVtRSVm+9Jn1DAwD1Xj
RrLOtTSi4WZ0nWx3SCGYyktq+pJAilLcwlgm4/UuDHIhaVPM3tzxzOM/pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLiTwZ8AkHuKVgT0mpLbTNbSRVXMMB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEvdUpQQm53Q1FlNHBXQlBTYWt0dE0xdEpGVmN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudu8MA0G
CSqGSIb3DQEBCwUAA4IBAQDiah6hedtmreGADka12tn05oq4PC/Z/mAYF+IGg7rh
R6Dmvlj7yy3Hq0Rn1vtmCGo7ejensO7UlnRAyuBPRcqV2//SADhSbnj7BqwceInI
SPAwTi2RoQiudMpQIKzcBWyKFOpNJxYpSVveqbozfX2eVaCbxciFFIYPWQLq+nRa
b1F+RvoDeGWa0ux+YzgwQJAE/R9Ya0L+2+0rAgoaEy3r4d8oSehhhxDkYi2pfSSV
oU9UNzgz7CziLYEw38XW4ZPOclLIw1SU4ot0q8HlBM31ejHz+u7M/XheSDxj39pb
oCoZmeyDthVsIGpWwb/A8MIuoCWcqjDEKJlD1143jV+Z
-----END CERTIFICATE-----