Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/h5Sxz-4g29FV3kYMoX_wX3iFTqQ.roa
File:                     h5Sxz-4g29FV3kYMoX_wX3iFTqQ.roa (raw, json)
Hash identifier:          MiZeUc7o+bnHAdooPcAB7y8KMpj0xgLMlX8Uuhc2f7E=
Subject key identifier:   87:94:B1:CF:EE:20:DB:D1:55:DE:46:0C:A1:7F:F0:5F:78:85:4E:A4
Certificate issuer:       /CN=a5c6373eab19cf43dd2f43111398383ee2bad030
Certificate serial:       0198E5D69E45E64F9BE4287F443829CE6E5C
Authority key identifier: A5:C6:37:3E:AB:19:CF:43:DD:2F:43:11:13:98:38:3E:E2:BA:D0:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pcY3PqsZz0PdL0MRE5g4PuK60DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/h5Sxz-4g29FV3kYMoX_wX3iFTqQ.roa
Signing time:             Tue 26 Aug 2025 10:05:04 +0000
ROA not before:           Tue 26 Aug 2025 10:05:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        185.228.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pcY3PqsZz0PdL0MRE5g4PuK60DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pcY3PqsZz0PdL0MRE5g4PuK60DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pcY3PqsZz0PdL0MRE5g4PuK60DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 22:02:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e5:d6:9e:45:e6:4f:9b:e4:28:7f:44:38:29:ce:6e:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5c6373eab19cf43dd2f43111398383ee2bad030
        Validity
            Not Before: Aug 26 10:05:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8794b1cfee20dbd155de460ca17ff05f78854ea4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:5c:a3:9e:9e:bc:08:d2:22:8c:27:da:38:ee:
                    10:67:52:27:90:73:26:ad:f0:19:1b:3d:f2:70:4d:
                    78:c1:e6:e1:98:c4:3d:44:63:e5:ad:27:17:bb:7b:
                    63:8e:7f:03:32:13:67:12:6a:90:a2:4f:82:0e:7a:
                    b2:6b:af:04:ff:e4:cf:7e:d1:f2:e1:a6:e0:b5:10:
                    a8:ca:bd:48:46:00:2c:15:ee:72:7b:23:54:ff:fb:
                    a6:93:39:c4:3c:0c:16:b1:db:e6:62:e9:d1:74:54:
                    f9:5a:fc:0b:84:ae:c4:c2:d2:5f:02:4e:16:56:13:
                    99:3a:88:ac:c0:31:8f:1f:f2:17:55:2f:a2:3d:89:
                    12:ef:8a:9e:58:66:6e:f5:a4:71:dc:58:ef:0c:ba:
                    aa:57:40:14:fb:9b:1d:a3:4a:e1:22:8f:59:ee:b2:
                    40:1b:27:81:c7:86:4a:b4:94:c1:35:b6:38:43:4e:
                    6a:6e:d3:bb:c2:60:db:f9:f1:50:2c:95:e8:60:9b:
                    e0:69:da:0b:6f:f7:c5:09:c6:d3:12:26:a7:ed:d9:
                    d4:5d:58:7f:1e:88:59:2e:9e:fc:22:e0:db:1f:62:
                    ef:cb:86:f5:bb:99:fe:0e:2a:56:ae:ad:03:0e:fb:
                    d4:cf:a9:28:49:d0:58:45:db:16:fb:c7:ec:c3:22:
                    11:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:94:B1:CF:EE:20:DB:D1:55:DE:46:0C:A1:7F:F0:5F:78:85:4E:A4
            X509v3 Authority Key Identifier:
                keyid:A5:C6:37:3E:AB:19:CF:43:DD:2F:43:11:13:98:38:3E:E2:BA:D0:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pcY3PqsZz0PdL0MRE5g4PuK60DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/h5Sxz-4g29FV3kYMoX_wX3iFTqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pcY3PqsZz0PdL0MRE5g4PuK60DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:c2:5b:9d:7a:53:82:56:ed:02:b9:2c:36:a5:22:83:67:85:
         c9:7f:a9:aa:17:b2:4d:19:3e:6c:81:18:e3:3b:72:fa:11:80:
         40:bf:5e:42:5d:5e:0f:c7:79:f4:fa:7c:8d:95:e2:cd:9a:36:
         34:60:42:af:04:13:08:ce:0a:c7:94:26:83:cb:b7:06:27:f1:
         62:6a:92:4a:71:b7:97:1e:83:5f:c7:e9:43:37:37:3d:f6:f9:
         3c:05:85:d2:a9:53:fa:f6:31:c5:c9:0e:3a:5e:c2:b8:ae:21:
         79:de:6a:d9:05:0b:b2:00:5c:32:3a:aa:c2:1f:68:44:d8:3e:
         82:5f:78:c0:f0:e6:55:b5:24:4d:ea:0f:3e:f7:5f:d1:08:7c:
         93:4f:26:66:fe:59:66:28:08:92:43:be:9d:8a:30:fa:8f:90:
         7f:b4:2f:8c:81:1a:29:d9:d0:a3:d8:a2:b7:13:d4:ff:17:a7:
         3c:29:ac:04:2a:0a:07:9a:78:a4:0b:96:3b:2a:89:66:7f:16:
         39:d2:3a:d4:d4:ce:b2:fb:65:39:b8:f4:a4:8c:63:f5:b8:b1:
         5a:95:94:89:39:3d:34:f4:8b:d1:dc:98:c5:00:5e:15:6d:17:
         00:14:de:12:eb:51:f4:1c:e2:a3:ce:f2:a4:f3:8c:00:18:f8:
         bc:78:b0:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjl1p5F5k+b5Ch/RDgpzm5cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YzYzNzNlYWIxOWNmNDNkZDJmNDMxMTEzOTgzODNlZTJi
YWQwMzAwHhcNMjUwODI2MTAwNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Nzk0YjFjZmVlMjBkYmQxNTVkZTQ2MGNhMTdmZjA1Zjc4ODU0ZWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVyjnp68CNIijCfaOO4QZ1InkHMm
rfAZGz3ycE14webhmMQ9RGPlrScXu3tjjn8DMhNnEmqQok+CDnqya68E/+TPftHy
4abgtRCoyr1IRgAsFe5yeyNU//umkznEPAwWsdvmYunRdFT5WvwLhK7EwtJfAk4W
VhOZOoiswDGPH/IXVS+iPYkS74qeWGZu9aRx3FjvDLqqV0AU+5sdo0rhIo9Z7rJA
GyeBx4ZKtJTBNbY4Q05qbtO7wmDb+fFQLJXoYJvgadoLb/fFCcbTEian7dnUXVh/
HohZLp78IuDbH2Lvy4b1u5n+DipWrq0DDvvUz6koSdBYRdsW+8fswyIRzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIeUsc/uINvRVd5GDKF/8F94hU6kMB8GA1UdIwQY
MBaAFKXGNz6rGc9D3S9DEROYOD7iutAwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGNZM1Bxc1p6MFBkTDBNUkU1ZzRQdUs2MERBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9mMGY1ZTMtNjA1MC00ZTJkLWE0ZWEt
YTRlYTBhNjNmNzY2LzEvaDVTeHotNGcyOUZWM2tZTW9YX3dYM2lGVHFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9mMGY1ZTMtNjA1MC00ZTJkLWE0ZWEtYTRlYTBhNjNmNzY2
LzEvcGNZM1Bxc1p6MFBkTDBNUkU1ZzRQdUs2MERBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueQCMA0G
CSqGSIb3DQEBCwUAA4IBAQAAwludelOCVu0CuSw2pSKDZ4XJf6mqF7JNGT5sgRjj
O3L6EYBAv15CXV4Px3n0+nyNleLNmjY0YEKvBBMIzgrHlCaDy7cGJ/FiapJKcbeX
HoNfx+lDNzc99vk8BYXSqVP69jHFyQ46XsK4riF53mrZBQuyAFwyOqrCH2hE2D6C
X3jA8OZVtSRN6g8+91/RCHyTTyZm/llmKAiSQ76dijD6j5B/tC+MgRop2dCj2KK3
E9T/F6c8KawEKgoHmnikC5Y7KolmfxY50jrU1M6y+2U5uPSkjGP1uLFalZSJOT00
9IvR3JjFAF4VbRcAFN4S61H0HOKjzvKk84wAGPi8eLCa
-----END CERTIFICATE-----