Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/plkAs-IyDZJCIAE40BkNI36hTng.roa
File:                     plkAs-IyDZJCIAE40BkNI36hTng.roa (raw, json)
Hash identifier:          wOkXtaw5IC+9zxwCff906pm32/bh8wTs2La7fXktK8s=
Subject key identifier:   A6:59:00:B3:E2:32:0D:92:42:20:01:38:D0:19:0D:23:7E:A1:4E:78
Certificate issuer:       /CN=dd640339e59addc75fd978101b40082b5d2b8796
Certificate serial:       019A3585A81147E6B3C0DE8827A17CEC85F5
Authority key identifier: DD:64:03:39:E5:9A:DD:C7:5F:D9:78:10:1B:40:08:2B:5D:2B:87:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3WQDOeWa3cdf2XgQG0AIK10rh5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/plkAs-IyDZJCIAE40BkNI36hTng.roa
Signing time:             Thu 30 Oct 2025 14:29:03 +0000
ROA not before:           Thu 30 Oct 2025 14:29:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.191.144.0/24 maxlen: 24
                          185.191.145.0/24 maxlen: 24
                          185.191.146.0/24 maxlen: 24
                          185.191.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/3WQDOeWa3cdf2XgQG0AIK10rh5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/3WQDOeWa3cdf2XgQG0AIK10rh5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3WQDOeWa3cdf2XgQG0AIK10rh5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 Oct 2025 19:55:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:35:85:a8:11:47:e6:b3:c0:de:88:27:a1:7c:ec:85:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd640339e59addc75fd978101b40082b5d2b8796
        Validity
            Not Before: Oct 30 14:29:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a65900b3e2320d9242200138d0190d237ea14e78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0d:4e:26:b5:01:b2:25:45:49:77:53:0f:5c:
                    08:ce:8f:33:60:5f:4c:2b:dd:5f:45:97:3a:59:41:
                    48:fb:80:d9:d9:64:92:c8:b4:37:58:f0:81:84:f9:
                    33:75:ef:a9:3e:d4:f3:e5:55:fc:e1:3d:33:01:74:
                    d0:b3:01:04:37:fe:05:1c:8f:84:ff:d9:44:b2:80:
                    29:7b:6b:c5:ce:da:98:ca:3d:dd:02:08:52:3e:5c:
                    07:52:74:cf:26:7c:05:90:e6:e4:6e:0d:18:af:49:
                    91:21:9a:21:37:ce:8f:bb:25:ba:a2:7f:8e:e3:c1:
                    eb:e4:0d:b8:0e:63:04:f8:09:9f:3d:f3:99:64:9b:
                    90:04:b3:d6:08:5a:74:cc:13:32:21:15:4e:39:59:
                    c0:08:64:a0:10:b5:8e:de:6e:6c:d9:9e:60:f7:32:
                    fe:9a:47:fd:51:cb:16:7e:c6:72:c4:67:32:4c:68:
                    34:f0:31:7c:3d:c6:3f:04:91:5e:6a:b6:c7:82:4e:
                    1b:c7:6a:53:90:d2:4c:61:1f:2b:f6:ff:51:63:7a:
                    a1:c5:13:fa:a1:f4:bb:45:b3:51:2c:4e:94:39:90:
                    a4:9d:b3:e0:a1:02:7d:b2:bc:be:2e:35:07:0a:f1:
                    c5:33:70:20:5a:87:2c:e7:42:e3:56:e8:fa:ac:e6:
                    53:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:59:00:B3:E2:32:0D:92:42:20:01:38:D0:19:0D:23:7E:A1:4E:78
            X509v3 Authority Key Identifier:
                keyid:DD:64:03:39:E5:9A:DD:C7:5F:D9:78:10:1B:40:08:2B:5D:2B:87:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3WQDOeWa3cdf2XgQG0AIK10rh5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/plkAs-IyDZJCIAE40BkNI36hTng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/3WQDOeWa3cdf2XgQG0AIK10rh5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d5:2d:82:dc:fe:6f:9d:3f:d6:86:52:40:5d:1c:7f:e6:e5:d4:
         4d:86:89:55:47:bf:b1:99:2d:9e:bd:76:1d:60:a6:ff:91:7e:
         75:a9:4a:48:de:5a:84:0d:a9:ec:32:1e:5a:40:24:c2:3b:e0:
         e5:7a:62:d1:43:d4:4b:93:d8:90:95:a5:bb:95:5c:96:e9:52:
         2c:cb:11:ea:b8:89:36:60:db:46:b4:19:0b:b7:b8:d2:5a:ab:
         cf:0f:22:87:02:aa:b4:d3:4a:0c:55:6b:d1:a9:fc:2f:f6:a3:
         df:8d:07:b9:e3:0f:c8:71:3b:97:3d:97:f2:52:60:a3:d8:82:
         e1:85:2f:1a:1a:37:13:58:d0:ac:c1:7f:52:e3:74:e3:2f:7a:
         b3:62:1a:0a:3b:85:e3:cc:4f:df:b9:0f:2a:71:d0:4a:7c:e9:
         61:5e:26:64:d5:c9:2a:0e:fd:b5:22:3c:22:8c:95:72:84:54:
         da:21:d9:57:8c:f4:e9:de:b0:84:29:23:13:2a:c1:2c:b9:18:
         6f:97:68:4c:d5:af:c6:a6:12:56:47:b6:bf:24:59:3d:ef:1a:
         35:4e:ea:87:99:c8:0f:84:79:2c:0e:cf:6e:ea:a8:e0:a0:23:
         03:86:d5:67:02:1c:65:72:bd:64:f2:75:18:4b:42:2c:e7:87:
         4d:4f:ad:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZo1hagRR+azwN6IJ6F87IX1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNjQwMzM5ZTU5YWRkYzc1ZmQ5NzgxMDFiNDAwODJiNWQy
Yjg3OTYwHhcNMjUxMDMwMTQyOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjU5MDBiM2UyMzIwZDkyNDIyMDAxMzhkMDE5MGQyMzdlYTE0ZTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArA1OJrUBsiVFSXdTD1wIzo8zYF9M
K91fRZc6WUFI+4DZ2WSSyLQ3WPCBhPkzde+pPtTz5VX84T0zAXTQswEEN/4FHI+E
/9lEsoApe2vFztqYyj3dAghSPlwHUnTPJnwFkObkbg0Yr0mRIZohN86PuyW6on+O
48Hr5A24DmME+AmfPfOZZJuQBLPWCFp0zBMyIRVOOVnACGSgELWO3m5s2Z5g9zL+
mkf9UcsWfsZyxGcyTGg08DF8PcY/BJFearbHgk4bx2pTkNJMYR8r9v9RY3qhxRP6
ofS7RbNRLE6UOZCknbPgoQJ9sry+LjUHCvHFM3AgWocs50LjVuj6rOZToQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKZZALPiMg2SQiABONAZDSN+oU54MB8GA1UdIwQY
MBaAFN1kAznlmt3HX9l4EBtACCtdK4eWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1dRRE9lV2EzY2RmMlhnUUcwQUlLMTByaDVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy83NjE2ZTUtYThjYy00NWQxLWIzZDAt
NjFiNzMzNTRhYmRiLzEvcGxrQXMtSXlEWkpDSUFFNDBCa05JMzZoVG5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy83NjE2ZTUtYThjYy00NWQxLWIzZDAtNjFiNzMzNTRhYmRi
LzEvM1dRRE9lV2EzY2RmMlhnUUcwQUlLMTByaDVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCub+QMA0G
CSqGSIb3DQEBCwUAA4IBAQDVLYLc/m+dP9aGUkBdHH/m5dRNholVR7+xmS2evXYd
YKb/kX51qUpI3lqEDansMh5aQCTCO+DlemLRQ9RLk9iQlaW7lVyW6VIsyxHquIk2
YNtGtBkLt7jSWqvPDyKHAqq000oMVWvRqfwv9qPfjQe54w/IcTuXPZfyUmCj2ILh
hS8aGjcTWNCswX9S43TjL3qzYhoKO4XjzE/fuQ8qcdBKfOlhXiZk1ckqDv21Ijwi
jJVyhFTaIdlXjPTp3rCEKSMTKsEsuRhvl2hM1a/GphJWR7a/JFk97xo1TuqHmcgP
hHksDs9u6qjgoCMDhtVnAhxlcr1k8nUYS0Is54dNT63f
-----END CERTIFICATE-----