Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/710934-304b-4f5f-950e-12e8276fdac4/1/FTViE_nB5flZhX11bNZxevHcOSU.roa
File:                     FTViE_nB5flZhX11bNZxevHcOSU.roa (raw, json)
Hash identifier:          lrLA6ycucMTnLRv1QAGUJwgfaap5iDlR2rLRrE7Bf+E=
Subject key identifier:   15:35:62:13:F9:C1:E5:F9:59:85:7D:75:6C:D6:71:7A:F1:DC:39:25
Certificate issuer:       /CN=987277fc47d848fa5634ce8031a174fc249fa673
Certificate serial:       019A101C5498E7033D4525BB51485F0A494E
Authority key identifier: 98:72:77:FC:47:D8:48:FA:56:34:CE:80:31:A1:74:FC:24:9F:A6:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mHJ3_EfYSPpWNM6AMaF0_CSfpnM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/710934-304b-4f5f-950e-12e8276fdac4/1/FTViE_nB5flZhX11bNZxevHcOSU.roa
Signing time:             Thu 23 Oct 2025 08:08:03 +0000
ROA not before:           Thu 23 Oct 2025 08:08:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211908
IP address blocks:        185.194.8.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/710934-304b-4f5f-950e-12e8276fdac4/1/mHJ3_EfYSPpWNM6AMaF0_CSfpnM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/710934-304b-4f5f-950e-12e8276fdac4/1/mHJ3_EfYSPpWNM6AMaF0_CSfpnM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mHJ3_EfYSPpWNM6AMaF0_CSfpnM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Oct 2025 11:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:10:1c:54:98:e7:03:3d:45:25:bb:51:48:5f:0a:49:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=987277fc47d848fa5634ce8031a174fc249fa673
        Validity
            Not Before: Oct 23 08:08:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15356213f9c1e5f959857d756cd6717af1dc3925
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:3a:13:a3:7d:11:88:19:a2:9f:62:63:7e:b5:
                    6b:77:93:18:aa:79:46:d3:d8:8e:53:bf:84:80:82:
                    30:2b:01:e0:51:89:52:78:1c:0b:53:8c:24:c3:0b:
                    72:f8:d9:2f:be:c2:42:6f:63:0b:ec:5c:d8:a9:74:
                    de:ec:c7:2b:02:93:9f:20:af:6f:0a:88:13:66:23:
                    ad:a8:97:d7:11:a9:61:15:0e:a2:72:eb:a7:4c:09:
                    d9:87:e4:f3:43:0c:90:bc:e2:85:cf:9d:9d:b4:51:
                    96:3a:8b:4f:cd:3c:db:5c:d6:b0:41:4b:ea:a0:f4:
                    42:2f:86:0a:8a:ee:c6:0e:8a:1c:a1:6a:44:b8:55:
                    f6:94:31:d4:06:1c:47:cd:7c:d5:cd:ea:77:8a:c0:
                    bd:54:a7:68:f9:9d:06:a6:4b:a4:36:13:9a:81:60:
                    e3:95:e2:8d:c3:14:39:fe:40:eb:e7:65:5b:85:38:
                    f0:e0:73:5b:bc:78:96:27:61:62:3e:a4:76:4f:56:
                    b8:41:9c:06:9a:cd:0d:3d:95:88:79:dd:cf:be:10:
                    ec:59:bb:86:3d:c9:ac:ee:13:8e:be:59:3a:81:f7:
                    ab:87:70:40:41:97:cf:83:f9:f5:9f:46:9f:99:ee:
                    33:9d:93:e3:fa:61:52:3f:61:82:f2:77:c7:d2:d7:
                    44:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:35:62:13:F9:C1:E5:F9:59:85:7D:75:6C:D6:71:7A:F1:DC:39:25
            X509v3 Authority Key Identifier:
                keyid:98:72:77:FC:47:D8:48:FA:56:34:CE:80:31:A1:74:FC:24:9F:A6:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mHJ3_EfYSPpWNM6AMaF0_CSfpnM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/710934-304b-4f5f-950e-12e8276fdac4/1/FTViE_nB5flZhX11bNZxevHcOSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/710934-304b-4f5f-950e-12e8276fdac4/1/mHJ3_EfYSPpWNM6AMaF0_CSfpnM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a0:ac:b5:a6:fa:0e:62:0c:9c:f1:90:34:bd:30:4d:10:2c:ba:
         82:69:53:2e:f5:a1:ec:a4:6d:ca:bc:44:9c:b7:2e:fd:bd:0b:
         e0:0d:80:3f:a5:8e:e0:95:c5:08:8e:0f:ea:8b:b4:77:91:83:
         0d:37:4a:a0:15:fe:d2:26:2e:97:75:61:29:d6:df:e6:87:c4:
         56:17:29:b2:8a:27:aa:56:c6:71:f7:36:8e:f9:b2:98:4d:5c:
         bd:10:6a:9d:89:7e:30:a2:a5:cd:ff:81:ab:be:27:12:32:de:
         e8:27:a2:ed:bc:ad:26:d5:bf:ea:a0:40:56:16:65:87:bc:47:
         60:f1:9f:84:27:e9:3d:c8:60:ab:92:f1:ea:00:bb:8e:e4:67:
         43:95:db:b0:64:5e:ea:82:50:e7:75:1e:f4:2f:ce:c0:19:82:
         80:cf:82:ee:ba:c9:cf:ee:78:6e:da:31:69:b1:0d:70:3f:a7:
         a3:dc:da:e1:e3:c6:fd:6c:7e:0b:9f:a4:ae:da:8d:30:25:63:
         88:1c:2c:ae:b9:5a:8f:c5:af:00:f1:61:3a:fd:d5:cd:7e:9a:
         cb:fd:0c:04:a3:6b:97:fd:b0:b1:d9:a7:28:30:53:22:86:e0:
         46:df:7c:87:02:e2:91:3f:6b:df:03:ee:bf:10:bc:ee:19:c8:
         3f:b7:8f:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoQHFSY5wM9RSW7UUhfCklOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NzI3N2ZjNDdkODQ4ZmE1NjM0Y2U4MDMxYTE3NGZjMjQ5
ZmE2NzMwHhcNMjUxMDIzMDgwODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTM1NjIxM2Y5YzFlNWY5NTk4NTdkNzU2Y2Q2NzE3YWYxZGMzOTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+ToTo30RiBmin2JjfrVrd5MYqnlG
09iOU7+EgIIwKwHgUYlSeBwLU4wkwwty+NkvvsJCb2ML7FzYqXTe7McrApOfIK9v
CogTZiOtqJfXEalhFQ6icuunTAnZh+TzQwyQvOKFz52dtFGWOotPzTzbXNawQUvq
oPRCL4YKiu7GDoocoWpEuFX2lDHUBhxHzXzVzep3isC9VKdo+Z0GpkukNhOagWDj
leKNwxQ5/kDr52VbhTjw4HNbvHiWJ2FiPqR2T1a4QZwGms0NPZWIed3PvhDsWbuG
Pcms7hOOvlk6gferh3BAQZfPg/n1n0afme4znZPj+mFSP2GC8nfH0tdEYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBU1YhP5weX5WYV9dWzWcXrx3DklMB8GA1UdIwQY
MBaAFJhyd/xH2Ej6VjTOgDGhdPwkn6ZzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUhKM19FZllTUHBXTk02QU1hRjBfQ1NmcG5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi83MTA5MzQtMzA0Yi00ZjVmLTk1MGUt
MTJlODI3NmZkYWM0LzEvRlRWaUVfbkI1ZmxaaFgxMWJOWnhldkhjT1NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi83MTA5MzQtMzA0Yi00ZjVmLTk1MGUtMTJlODI3NmZkYWM0
LzEvbUhKM19FZllTUHBXTk02QU1hRjBfQ1NmcG5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucIIMA0G
CSqGSIb3DQEBCwUAA4IBAQCgrLWm+g5iDJzxkDS9ME0QLLqCaVMu9aHspG3KvESc
ty79vQvgDYA/pY7glcUIjg/qi7R3kYMNN0qgFf7SJi6XdWEp1t/mh8RWFymyiieq
VsZx9zaO+bKYTVy9EGqdiX4woqXN/4GrvicSMt7oJ6LtvK0m1b/qoEBWFmWHvEdg
8Z+EJ+k9yGCrkvHqALuO5GdDlduwZF7qglDndR70L87AGYKAz4LuusnP7nhu2jFp
sQ1wP6ej3Nrh48b9bH4Ln6Su2o0wJWOIHCyuuVqPxa8A8WE6/dXNfprL/QwEo2uX
/bCx2acoMFMihuBG33yHAuKRP2vfA+6/ELzuGcg/t4+E
-----END CERTIFICATE-----