Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/IJwx36HHcMIAtSnGXPzoY3isCvs.roa
File:                     IJwx36HHcMIAtSnGXPzoY3isCvs.roa (raw, json)
Hash identifier:          6z/6uyE8AMTuPf5yxFJzhR2yGdaN7pmlo56GY1r5eH0=
Subject key identifier:   20:9C:31:DF:A1:C7:70:C2:00:B5:29:C6:5C:FC:E8:63:78:AC:0A:FB
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       019A35A215677FBE07D17C4F8208C4656A2D
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/IJwx36HHcMIAtSnGXPzoY3isCvs.roa
Signing time:             Thu 30 Oct 2025 15:00:05 +0000
ROA not before:           Thu 30 Oct 2025 15:00:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199959
IP address blocks:        45.141.60.0/24 maxlen: 24
                          185.227.83.0/24 maxlen: 24
                          195.88.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 12:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:35:a2:15:67:7f:be:07:d1:7c:4f:82:08:c4:65:6a:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Oct 30 15:00:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=209c31dfa1c770c200b529c65cfce86378ac0afb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:aa:4e:1c:19:19:2a:dd:e3:ad:56:cf:d2:3b:
                    ab:89:64:c4:43:18:d4:cc:80:a6:31:c4:b5:44:18:
                    b5:30:f3:e1:ac:f6:fc:4a:bd:af:c1:bc:05:44:3e:
                    f6:ea:c6:db:b0:09:da:24:f8:c4:b0:00:f1:41:2c:
                    4b:6c:a9:7e:84:e9:d0:1b:a6:24:9a:6c:25:dc:1e:
                    a3:d4:7f:b2:44:41:8d:22:e7:d7:3b:8f:34:df:5c:
                    6d:61:22:39:20:ee:7b:8c:98:6d:7f:48:5c:05:0a:
                    91:4b:3c:d9:a0:d7:d1:4a:de:19:52:88:45:44:6b:
                    25:b7:08:21:91:14:bf:5b:cf:54:04:cd:79:2e:c4:
                    df:23:56:c0:90:50:c7:77:70:33:89:3a:6c:0e:77:
                    a9:4e:58:19:eb:22:48:73:00:7c:f1:40:b1:eb:67:
                    1c:54:38:d3:27:cc:15:b3:72:56:67:1d:e9:56:f0:
                    03:b0:13:e4:ae:fc:f7:83:ac:cd:71:a4:01:54:61:
                    1a:4f:1b:58:f5:b9:24:0c:fd:e4:9b:6e:1a:6a:ed:
                    4f:16:f5:4e:64:bc:6c:e3:9f:d7:bf:36:22:a5:4a:
                    21:a3:3a:9f:77:14:91:86:f4:32:19:f3:14:8b:88:
                    97:59:7a:4c:15:94:ca:74:41:3e:b6:0e:a1:4e:cd:
                    60:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:9C:31:DF:A1:C7:70:C2:00:B5:29:C6:5C:FC:E8:63:78:AC:0A:FB
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/IJwx36HHcMIAtSnGXPzoY3isCvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.60.0/24
                  185.227.83.0/24
                  195.88.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:b8:58:9b:ac:76:68:88:48:28:22:34:1e:bb:b0:ac:4e:9e:
         3d:16:d7:40:4e:ed:06:2c:71:41:f7:6f:cc:2c:e5:1f:bd:61:
         26:e1:b8:e4:a6:ae:47:07:74:c8:52:b1:5a:d9:5e:b3:62:45:
         2b:c0:15:75:db:af:7b:61:1a:70:bf:a8:10:b9:30:1d:47:79:
         09:8f:8f:8d:a2:00:84:25:61:10:41:a3:17:7f:44:07:95:9a:
         55:a5:d0:d5:ff:ef:2c:d6:a8:b4:5e:01:2c:b7:2f:c2:78:53:
         aa:8a:70:71:f3:f3:e0:05:6f:2a:4b:5a:fc:21:9b:8a:5b:58:
         a1:42:de:12:ad:e8:9c:c0:23:a8:38:d8:74:e9:3a:2c:10:19:
         e4:10:af:13:de:b2:59:17:47:0a:ea:60:9b:97:cb:e8:74:8b:
         ee:64:2a:88:62:57:c0:18:d7:d8:16:5e:5e:e3:7d:de:96:7a:
         f3:70:60:a9:5f:bc:aa:ce:09:df:34:ef:e9:62:6a:bc:72:44:
         84:f8:e7:24:a3:70:01:a0:7c:22:c6:83:ab:01:eb:98:a5:2b:
         c5:0d:ef:c5:1a:bc:2e:b6:0a:87:fd:91:03:53:51:a8:23:71:
         85:c4:bb:fd:bc:8b:41:72:b9:e8:8a:85:f8:d0:58:3f:c2:35:
         7a:8f:05:76
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZo1ohVnf74H0XxPggjEZWotMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjUxMDMwMTUwMDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDljMzFkZmExYzc3MGMyMDBiNTI5YzY1Y2ZjZTg2Mzc4YWMwYWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsapOHBkZKt3jrVbP0juriWTEQxjU
zICmMcS1RBi1MPPhrPb8Sr2vwbwFRD726sbbsAnaJPjEsADxQSxLbKl+hOnQG6Yk
mmwl3B6j1H+yREGNIufXO48031xtYSI5IO57jJhtf0hcBQqRSzzZoNfRSt4ZUohF
RGsltwghkRS/W89UBM15LsTfI1bAkFDHd3AziTpsDnepTlgZ6yJIcwB88UCx62cc
VDjTJ8wVs3JWZx3pVvADsBPkrvz3g6zNcaQBVGEaTxtY9bkkDP3km24aau1PFvVO
ZLxs45/XvzYipUohozqfdxSRhvQyGfMUi4iXWXpMFZTKdEE+tg6hTs1gGQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCCcMd+hx3DCALUpxlz86GN4rAr7MB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvSUp3eDM2SEhjTUlBdFNuR1hQem9ZM2lzQ3ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALY08AwQA
ueNTAwQAw1i/MA0GCSqGSIb3DQEBCwUAA4IBAQAjuFibrHZoiEgoIjQeu7CsTp49
FtdATu0GLHFB92/MLOUfvWEm4bjkpq5HB3TIUrFa2V6zYkUrwBV12697YRpwv6gQ
uTAdR3kJj4+NogCEJWEQQaMXf0QHlZpVpdDV/+8s1qi0XgEsty/CeFOqinBx8/Pg
BW8qS1r8IZuKW1ihQt4SreicwCOoONh06TosEBnkEK8T3rJZF0cK6mCbl8vodIvu
ZCqIYlfAGNfYFl5e433elnrzcGCpX7yqzgnfNO/pYmq8ckSE+Ocko3ABoHwixoOr
AeuYpSvFDe/FGrwutgqH/ZEDU1GoI3GFxLv9vItBcrnoioX40Fg/wjV6jwV2
-----END CERTIFICATE-----