Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/8uE7VW_v5GbWc8SKzzlNYHZm3lE.roa
File:                     8uE7VW_v5GbWc8SKzzlNYHZm3lE.roa (raw, json)
Hash identifier:          L2o0VX7lMvYHiZ2KchBMMQK66uH+9/QhM6NnNqm2/R8=
Subject key identifier:   F2:E1:3B:55:6F:EF:E4:66:D6:73:C4:8A:CF:39:4D:60:76:66:DE:51
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019A532E4AD7A8E63341884F34D01FDD8A00
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/8uE7VW_v5GbWc8SKzzlNYHZm3lE.roa
Signing time:             Wed 05 Nov 2025 08:42:13 +0000
ROA not before:           Wed 05 Nov 2025 08:42:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205886
IP address blocks:        185.199.159.0/24 maxlen: 24
                          185.246.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Nov 2025 11:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:53:2e:4a:d7:a8:e6:33:41:88:4f:34:d0:1f:dd:8a:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov  5 08:42:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f2e13b556fefe466d673c48acf394d607666de51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:0a:74:80:f3:6b:8c:d8:1a:4f:84:e5:6f:ac:
                    1c:77:9d:a6:f2:4a:2c:b1:04:c7:fa:f5:fb:10:d5:
                    ae:a6:44:36:5e:9f:08:35:eb:f7:c6:5c:f0:cf:dd:
                    0a:53:ba:c3:d9:4e:2e:3a:8b:6a:d4:aa:2f:f6:c6:
                    b6:79:bb:8e:f8:cb:56:7e:ee:e7:f7:ce:76:3c:19:
                    46:60:ab:b6:25:82:0e:a7:06:32:b6:3b:be:03:28:
                    2e:c0:a7:3f:52:9d:41:bd:34:6e:83:24:6a:06:72:
                    5d:d8:34:c8:af:01:c4:f2:7e:1f:d6:5a:a0:b3:76:
                    bf:ee:88:65:bf:6e:4e:76:c2:a5:e4:52:20:e4:3a:
                    59:c1:ff:b5:1a:5f:c3:0e:bb:f1:b9:b1:24:5b:36:
                    86:bc:e5:e1:be:cc:68:37:a6:d2:7e:88:44:08:9f:
                    30:10:f3:7c:68:8a:f6:60:5a:23:ce:c1:a8:a8:1a:
                    6f:6c:c9:59:64:c6:f9:cb:e8:7b:bb:d1:ec:33:e9:
                    cf:a9:99:54:05:a6:11:6c:3d:19:f3:eb:f3:69:f3:
                    e9:4c:2a:a7:6c:8a:cf:06:5a:51:af:32:9e:3a:f5:
                    dc:65:cd:91:96:70:ab:2b:c5:f4:d6:8c:12:c8:77:
                    de:13:76:dc:c3:31:42:13:97:41:b6:13:50:93:e7:
                    a6:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:E1:3B:55:6F:EF:E4:66:D6:73:C4:8A:CF:39:4D:60:76:66:DE:51
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/8uE7VW_v5GbWc8SKzzlNYHZm3lE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.159.0/24
                  185.246.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:4c:13:27:f0:4a:73:54:51:d7:eb:f2:94:45:9c:20:79:aa:
         80:8a:a9:17:c4:a4:46:b8:6c:5a:97:2e:3d:1c:a1:bf:14:3c:
         c4:af:cd:af:4a:d8:c7:60:6f:fa:14:75:90:63:83:55:71:0c:
         44:78:bc:38:19:56:b2:ed:f2:75:1b:e2:c7:5e:58:82:d9:0c:
         17:be:23:87:3f:34:c3:a6:42:0e:d1:e4:61:35:bb:03:da:a1:
         4f:4f:16:f4:d0:96:b9:d9:93:65:08:1f:40:6e:6e:aa:6f:d8:
         46:60:96:fe:fd:f3:19:f3:46:1a:4c:94:e2:6c:4a:06:66:03:
         cc:ec:23:07:05:f1:ef:71:6c:2b:ba:dd:b3:5d:75:b1:18:5a:
         bb:cd:0a:51:fc:d0:00:d0:4c:17:a5:ba:4a:81:93:51:11:bc:
         cd:ee:8f:28:13:1e:5f:28:ad:e2:27:00:06:59:69:65:05:d6:
         73:7f:ba:c4:00:6e:ca:81:61:fa:18:e2:3b:89:3a:02:5a:6c:
         32:47:9d:87:9d:51:d8:d5:1c:b0:f5:2b:98:20:5f:49:f7:b7:
         98:10:04:23:77:35:8b:ce:c0:42:54:b7:80:b2:d1:fc:98:be:
         a0:e1:7d:29:b1:9b:d5:71:66:65:80:c1:64:0a:58:4a:ca:74:
         22:0b:f8:55
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZpTLkrXqOYzQYhPNNAf3YoAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUxMTA1MDg0MjEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmUxM2I1NTZmZWZlNDY2ZDY3M2M0OGFjZjM5NGQ2MDc2NjZkZTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Ap0gPNrjNgaT4Tlb6wcd52m8kos
sQTH+vX7ENWupkQ2Xp8INev3xlzwz90KU7rD2U4uOotq1Kov9sa2ebuO+MtWfu7n
9852PBlGYKu2JYIOpwYytju+AyguwKc/Up1BvTRugyRqBnJd2DTIrwHE8n4f1lqg
s3a/7ohlv25OdsKl5FIg5DpZwf+1Gl/DDrvxubEkWzaGvOXhvsxoN6bSfohECJ8w
EPN8aIr2YFojzsGoqBpvbMlZZMb5y+h7u9HsM+nPqZlUBaYRbD0Z8+vzafPpTCqn
bIrPBlpRrzKeOvXcZc2RlnCrK8X01owSyHfeE3bcwzFCE5dBthNQk+emkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPLhO1Vv7+Rm1nPEis85TWB2Zt5RMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvOHVFN1ZXX3Y1R2JXYzhTS3p6bE5ZSFptM2xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAucefAwQA
ufZwMA0GCSqGSIb3DQEBCwUAA4IBAQC3TBMn8EpzVFHX6/KURZwgeaqAiqkXxKRG
uGxaly49HKG/FDzEr82vStjHYG/6FHWQY4NVcQxEeLw4GVay7fJ1G+LHXliC2QwX
viOHPzTDpkIO0eRhNbsD2qFPTxb00Ja52ZNlCB9Abm6qb9hGYJb+/fMZ80YaTJTi
bEoGZgPM7CMHBfHvcWwrut2zXXWxGFq7zQpR/NAA0EwXpbpKgZNREbzN7o8oEx5f
KK3iJwAGWWllBdZzf7rEAG7KgWH6GOI7iToCWmwyR52HnVHY1Ryw9SuYIF9J97eY
EAQjdzWLzsBCVLeAstH8mL6g4X0psZvVcWZlgMFkClhKynQiC/hV
-----END CERTIFICATE-----