Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/wI8-fJQbxcuSylv9Fp6SxEIdA9k.roa
File:                     wI8-fJQbxcuSylv9Fp6SxEIdA9k.roa (raw, json)
Hash identifier:          l91s4sw4tYGvmBxDKLp8OZUryp7j20n+XHS11u6rS/g=
Subject key identifier:   C0:8F:3E:7C:94:1B:C5:CB:92:CA:5B:FD:16:9E:92:C4:42:1D:03:D9
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       019A24920E9D99A4D65D2DDB1911871FE4BE
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/wI8-fJQbxcuSylv9Fp6SxEIdA9k.roa
Signing time:             Mon 27 Oct 2025 07:29:03 +0000
ROA not before:           Mon 27 Oct 2025 07:29:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        159.148.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:24:92:0e:9d:99:a4:d6:5d:2d:db:19:11:87:1f:e4:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Oct 27 07:29:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c08f3e7c941bc5cb92ca5bfd169e92c4421d03d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:4d:73:14:d1:01:be:d3:20:9b:c2:fc:b2:0d:
                    08:5e:aa:15:51:4e:14:6e:e7:90:2e:86:bd:63:3a:
                    b2:d8:23:20:38:d7:e5:88:19:95:d1:d7:79:f2:09:
                    75:d2:d5:a9:37:7a:7b:8f:b4:bb:ef:b1:c3:b0:a7:
                    ae:49:f6:6a:4f:19:87:14:52:f2:03:62:b6:5e:84:
                    c1:ae:7e:6a:f4:f9:db:93:8f:7d:bd:c0:1d:a1:a3:
                    dc:7e:54:f7:f9:c8:43:66:54:33:b9:e1:06:fd:6e:
                    4d:72:be:2a:6d:e9:07:d1:5f:39:fd:2e:d3:f3:11:
                    48:8e:ad:12:10:5c:a5:70:67:3b:38:3c:c7:34:96:
                    00:a4:4e:46:d8:22:55:60:40:a8:cd:9e:d0:27:fa:
                    04:4d:7d:81:ae:82:31:17:47:13:ce:e9:74:ec:57:
                    b1:94:62:7c:b5:66:af:f3:85:9c:49:f6:73:dd:4a:
                    9b:3f:c9:8d:57:f2:bf:ed:c3:11:79:c2:a9:5a:c5:
                    f6:e8:90:40:3c:b2:5d:71:89:9c:5c:87:91:f5:61:
                    8b:6e:15:a3:37:87:ef:e1:ef:a5:5e:16:80:04:b3:
                    4b:d8:7f:45:fe:ad:bd:f8:02:fd:b4:20:f6:5c:11:
                    97:12:93:75:57:fb:5f:08:c2:c8:37:1b:b6:79:44:
                    2e:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:8F:3E:7C:94:1B:C5:CB:92:CA:5B:FD:16:9E:92:C4:42:1D:03:D9
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/wI8-fJQbxcuSylv9Fp6SxEIdA9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:c1:b3:40:aa:1b:e1:e2:ea:aa:04:2c:bb:94:e4:c3:75:0d:
         a8:61:da:b1:59:d5:a4:e1:d9:db:59:50:3d:32:5c:98:d9:9c:
         c3:a0:b7:ea:c6:c2:3f:43:b6:a3:b1:f2:f0:2b:4a:20:a9:ae:
         f5:2b:2b:97:33:06:94:d7:ea:cb:12:46:59:01:3d:ac:36:af:
         bd:f6:8a:09:cc:c8:2f:c7:a1:ea:93:63:09:84:b5:7a:04:aa:
         be:3f:b5:ea:ce:bf:a0:0e:fe:d6:b8:23:b0:07:cb:95:b9:b4:
         0d:11:6a:0c:e5:7f:4e:d4:b3:90:6f:c8:1f:74:20:dc:1b:bc:
         fe:9b:be:a2:e4:ae:7f:22:71:07:58:8b:a0:a8:da:59:cd:f2:
         f1:33:1f:c4:8c:f9:87:81:df:d4:84:3f:20:f6:d9:81:46:64:
         c2:72:5f:ef:91:87:96:75:3c:31:32:88:36:3e:b6:e7:2c:fb:
         01:0b:eb:ab:0d:e5:29:51:17:5a:87:0f:1c:54:7f:da:f3:02:
         6a:2e:8a:c2:d3:43:d7:6b:be:db:97:43:e1:c7:67:5c:fc:d5:
         e6:0d:fd:d4:aa:81:3d:16:b3:a4:f9:0e:96:32:5f:a6:cd:ba:
         36:9c:91:bb:23:23:20:99:95:02:1c:c2:c7:16:e1:68:12:7e:
         4c:b5:2c:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZokkg6dmaTWXS3bGRGHH+S+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjUxMDI3MDcyOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDhmM2U3Yzk0MWJjNWNiOTJjYTViZmQxNjllOTJjNDQyMWQwM2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1U1zFNEBvtMgm8L8sg0IXqoVUU4U
bueQLoa9Yzqy2CMgONfliBmV0dd58gl10tWpN3p7j7S777HDsKeuSfZqTxmHFFLy
A2K2XoTBrn5q9Pnbk499vcAdoaPcflT3+chDZlQzueEG/W5Ncr4qbekH0V85/S7T
8xFIjq0SEFylcGc7ODzHNJYApE5G2CJVYECozZ7QJ/oETX2BroIxF0cTzul07Fex
lGJ8tWav84WcSfZz3UqbP8mNV/K/7cMRecKpWsX26JBAPLJdcYmcXIeR9WGLbhWj
N4fv4e+lXhaABLNL2H9F/q29+AL9tCD2XBGXEpN1V/tfCMLINxu2eUQudwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMCPPnyUG8XLkspb/RaeksRCHQPZMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvd0k4LWZKUWJ4Y3VTeWx2OUZwNlN4RUlkQTlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn5S6MA0G
CSqGSIb3DQEBCwUAA4IBAQC/wbNAqhvh4uqqBCy7lOTDdQ2oYdqxWdWk4dnbWVA9
MlyY2ZzDoLfqxsI/Q7ajsfLwK0ogqa71KyuXMwaU1+rLEkZZAT2sNq+99ooJzMgv
x6Hqk2MJhLV6BKq+P7Xqzr+gDv7WuCOwB8uVubQNEWoM5X9O1LOQb8gfdCDcG7z+
m76i5K5/InEHWIugqNpZzfLxMx/EjPmHgd/UhD8g9tmBRmTCcl/vkYeWdTwxMog2
PrbnLPsBC+urDeUpURdahw8cVH/a8wJqLorC00PXa77bl0Phx2dc/NXmDf3UqoE9
FrOk+Q6WMl+mzbo2nJG7IyMgmZUCHMLHFuFoEn5MtSwS
-----END CERTIFICATE-----