Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/ypSfnYrHfIsWJ-yk6oJ0kYo9M94.roa
File:                     ypSfnYrHfIsWJ-yk6oJ0kYo9M94.roa (raw, json)
Hash identifier:          rK8PGfH8qkdAddPcK6P5c+YtkrZFJwYwGJT7KA906VI=
Subject key identifier:   CA:94:9F:9D:8A:C7:7C:8B:16:27:EC:A4:EA:82:74:91:8A:3D:33:DE
Certificate issuer:       /CN=571cb51cba68eb7ef9867a75d17ab28018196aa1
Certificate serial:       0198F5B1CBAF374BD16FADF5F01D0B7905D6
Authority key identifier: 57:1C:B5:1C:BA:68:EB:7E:F9:86:7A:75:D1:7A:B2:80:18:19:6A:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/ypSfnYrHfIsWJ-yk6oJ0kYo9M94.roa
Signing time:             Fri 29 Aug 2025 11:58:46 +0000
ROA not before:           Fri 29 Aug 2025 11:58:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33659
IP address blocks:        185.188.192.0/22 maxlen: 22
                          195.211.116.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 04:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f5:b1:cb:af:37:4b:d1:6f:ad:f5:f0:1d:0b:79:05:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=571cb51cba68eb7ef9867a75d17ab28018196aa1
        Validity
            Not Before: Aug 29 11:58:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ca949f9d8ac77c8b1627eca4ea8274918a3d33de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:02:9e:b2:30:9b:27:ce:71:da:ef:c1:61:39:
                    f2:c0:3f:62:cb:4c:68:17:ad:c2:75:c2:fa:af:0e:
                    ee:6f:91:82:62:5e:3d:cb:78:6a:b1:26:f2:9b:70:
                    91:51:d0:b6:1b:f5:3f:54:88:d4:0e:e9:aa:db:d7:
                    63:8f:2a:7b:2b:22:73:e4:9c:1f:08:0f:44:14:99:
                    c0:65:26:79:2c:9a:26:df:41:1d:27:e3:47:0d:02:
                    5d:81:19:d8:1c:82:f8:0c:3c:82:d6:0d:b4:5d:f4:
                    b5:f2:33:35:ad:3b:c0:e8:50:71:ab:69:5b:6d:45:
                    d7:a9:cd:16:16:0a:cb:97:9d:30:55:4f:7f:fd:08:
                    09:98:03:a7:a5:ce:f0:3c:b9:03:c5:e0:76:ea:d4:
                    5e:f2:e4:99:69:1e:b0:12:1e:ed:a4:de:65:ea:da:
                    fe:8a:ab:fb:a3:67:9b:68:3d:fe:b4:10:e9:30:ba:
                    f9:2a:cb:d9:b6:f9:3f:69:63:30:54:6c:bc:f1:00:
                    2b:24:41:21:27:69:40:93:8a:5f:39:72:9b:b2:b0:
                    3e:e7:b8:a6:24:b0:00:8d:9b:66:b2:7f:ce:d0:44:
                    a6:b5:0a:fe:bd:41:e0:be:3f:26:25:1a:5a:ac:9a:
                    4a:7a:a6:a6:0c:c2:99:b4:29:5f:0c:aa:7f:b4:22:
                    80:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:94:9F:9D:8A:C7:7C:8B:16:27:EC:A4:EA:82:74:91:8A:3D:33:DE
            X509v3 Authority Key Identifier:
                keyid:57:1C:B5:1C:BA:68:EB:7E:F9:86:7A:75:D1:7A:B2:80:18:19:6A:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/ypSfnYrHfIsWJ-yk6oJ0kYo9M94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.192.0/22
                  195.211.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:2e:27:08:d1:51:13:f5:9b:c6:25:f7:20:b1:bc:4b:52:e1:
         d9:db:ac:77:aa:e3:42:dd:c3:99:95:ee:ef:f7:ff:09:1e:25:
         f5:c7:2e:f6:9e:e0:5f:fe:57:7e:08:42:b8:06:29:77:f5:10:
         64:6c:06:9b:35:41:de:2e:be:24:ed:e5:12:22:d1:f1:f7:a7:
         c3:e2:87:87:17:3a:30:aa:6a:70:34:46:93:2b:d7:08:5f:6a:
         fb:cc:3f:d1:96:a8:59:a6:47:7e:ab:35:fc:c8:4a:ca:5a:37:
         05:f5:69:87:1c:b3:69:d4:fc:e6:28:aa:bc:34:1f:ad:bd:8d:
         93:bd:28:b6:b3:97:fe:1e:fa:e5:3b:54:a4:e7:62:fb:a0:2d:
         55:07:2e:31:fb:44:6b:c1:9f:03:56:1c:49:e1:40:91:99:bb:
         ea:a7:ad:71:0f:b8:bd:0a:f0:51:db:73:1a:89:b9:83:8c:aa:
         eb:4f:dc:67:b0:38:2a:bb:9d:72:33:25:f4:22:ec:97:bd:9b:
         a0:65:c0:27:a5:3b:25:bc:b9:da:df:91:24:1b:ae:5d:72:5d:
         5b:cf:f1:1b:04:63:03:e9:26:e9:0e:45:30:c7:bc:49:bf:bb:
         52:ce:c2:b1:51:04:53:d8:01:f5:da:98:2d:35:ac:6c:65:87:
         c6:cc:3a:b7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZj1scuvN0vRb6318B0LeQXWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MWNiNTFjYmE2OGViN2VmOTg2N2E3NWQxN2FiMjgwMTgx
OTZhYTEwHhcNMjUwODI5MTE1ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTk0OWY5ZDhhYzc3YzhiMTYyN2VjYTRlYTgyNzQ5MThhM2QzM2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2AKesjCbJ85x2u/BYTnywD9iy0xo
F63CdcL6rw7ub5GCYl49y3hqsSbym3CRUdC2G/U/VIjUDumq29djjyp7KyJz5Jwf
CA9EFJnAZSZ5LJom30EdJ+NHDQJdgRnYHIL4DDyC1g20XfS18jM1rTvA6FBxq2lb
bUXXqc0WFgrLl50wVU9//QgJmAOnpc7wPLkDxeB26tRe8uSZaR6wEh7tpN5l6tr+
iqv7o2ebaD3+tBDpMLr5KsvZtvk/aWMwVGy88QArJEEhJ2lAk4pfOXKbsrA+57im
JLAAjZtmsn/O0ESmtQr+vUHgvj8mJRparJpKeqamDMKZtClfDKp/tCKAYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMqUn52Kx3yLFifspOqCdJGKPTPeMB8GA1UdIwQY
MBaAFFcctRy6aOt++YZ6ddF6soAYGWqhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnh5MUhMcG82Mzc1aG5wMTBYcXlnQmdaYXFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9iOGQyYTgtNTNhOS00MmMwLWI3Yzkt
ZGQ4NjI3NzRhMDkyLzEveXBTZm5ZckhmSXNXSi15azZvSjBrWW85TTk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9iOGQyYTgtNTNhOS00MmMwLWI3YzktZGQ4NjI3NzRhMDky
LzEvVnh5MUhMcG82Mzc1aG5wMTBYcXlnQmdaYXFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCubzAAwQC
w9N0MA0GCSqGSIb3DQEBCwUAA4IBAQAqLicI0VET9ZvGJfcgsbxLUuHZ26x3quNC
3cOZle7v9/8JHiX1xy72nuBf/ld+CEK4Bil39RBkbAabNUHeLr4k7eUSItHx96fD
4oeHFzowqmpwNEaTK9cIX2r7zD/RlqhZpkd+qzX8yErKWjcF9WmHHLNp1PzmKKq8
NB+tvY2TvSi2s5f+HvrlO1Sk52L7oC1VBy4x+0RrwZ8DVhxJ4UCRmbvqp61xD7i9
CvBR23MaibmDjKrrT9xnsDgqu51yMyX0IuyXvZugZcAnpTslvLna35EkG65dcl1b
z/EbBGMD6SbpDkUwx7xJv7tSzsKxUQRT2AH12pgtNaxsZYfGzDq3
-----END CERTIFICATE-----