Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/a954bd-157f-4dbb-bba4-3463b56e372c/1/O2jmvbfb7zAO9bVXb2l5Cf-GJs8.roa
File:                     O2jmvbfb7zAO9bVXb2l5Cf-GJs8.roa (raw, json)
Hash identifier:          kLsZ6W0RC6vfo2/gdG7edT6iF0a/93JSKwh9HnjHQuY=
Subject key identifier:   3B:68:E6:BD:B7:DB:EF:30:0E:F5:B5:57:6F:69:79:09:FF:86:26:CF
Certificate issuer:       /CN=c28973affaa9936d39146aa136fbcb051b9af99f
Certificate serial:       019A3A7D539A2C045FFEBE0DA8B3E432AA99
Authority key identifier: C2:89:73:AF:FA:A9:93:6D:39:14:6A:A1:36:FB:CB:05:1B:9A:F9:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wolzr_qpk205FGqhNvvLBRua-Z8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/a954bd-157f-4dbb-bba4-3463b56e372c/1/O2jmvbfb7zAO9bVXb2l5Cf-GJs8.roa
Signing time:             Fri 31 Oct 2025 13:38:03 +0000
ROA not before:           Fri 31 Oct 2025 13:38:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55470
IP address blocks:        82.119.216.0/23 maxlen: 23
                          82.119.222.0/23 maxlen: 23
                          217.22.228.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/a954bd-157f-4dbb-bba4-3463b56e372c/1/wolzr_qpk205FGqhNvvLBRua-Z8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/a954bd-157f-4dbb-bba4-3463b56e372c/1/wolzr_qpk205FGqhNvvLBRua-Z8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wolzr_qpk205FGqhNvvLBRua-Z8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 22:37:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:3a:7d:53:9a:2c:04:5f:fe:be:0d:a8:b3:e4:32:aa:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c28973affaa9936d39146aa136fbcb051b9af99f
        Validity
            Not Before: Oct 31 13:38:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b68e6bdb7dbef300ef5b5576f697909ff8626cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a8:f7:a3:e5:7d:8b:78:77:19:c0:07:33:d2:
                    b4:3c:ad:57:d6:9e:47:d4:0b:46:6f:e3:b1:ed:8a:
                    49:d7:44:23:11:5f:bc:76:40:ca:40:d3:cd:65:a8:
                    c8:d9:80:1b:b9:49:10:8a:df:38:a3:98:c4:64:59:
                    1e:18:ba:22:67:e5:e2:5b:ae:f3:ef:8d:dd:9b:b3:
                    ad:b2:17:ff:99:f2:8c:a9:e7:98:4b:2e:94:d5:14:
                    57:df:65:59:89:5b:ca:40:9b:99:a0:e8:10:9d:c0:
                    52:a7:d3:bf:32:c0:01:f1:73:4d:9e:8a:ed:1b:fc:
                    3c:f9:1b:74:12:be:b5:f4:bc:17:5b:a2:e2:66:30:
                    f0:d4:94:64:f1:46:e1:98:4c:0f:74:7d:70:0b:06:
                    be:cd:91:b8:d9:5b:37:17:28:03:23:92:f8:a8:cd:
                    48:0d:b0:bf:5b:74:47:c6:82:35:24:b0:c8:ae:ea:
                    c9:23:b4:ec:ed:32:50:a3:1f:50:fb:2b:d2:4d:8b:
                    5c:d8:eb:d5:4c:2b:d1:be:eb:3c:9e:e3:d7:71:8b:
                    78:66:75:a9:c1:3d:17:8e:12:4a:1b:68:41:92:c2:
                    78:6b:2b:ad:19:69:22:a2:27:b7:10:16:8f:82:15:
                    21:6a:1f:57:d3:f9:68:c1:5a:da:69:f6:85:0c:b3:
                    ea:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:68:E6:BD:B7:DB:EF:30:0E:F5:B5:57:6F:69:79:09:FF:86:26:CF
            X509v3 Authority Key Identifier:
                keyid:C2:89:73:AF:FA:A9:93:6D:39:14:6A:A1:36:FB:CB:05:1B:9A:F9:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wolzr_qpk205FGqhNvvLBRua-Z8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/a954bd-157f-4dbb-bba4-3463b56e372c/1/O2jmvbfb7zAO9bVXb2l5Cf-GJs8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/a954bd-157f-4dbb-bba4-3463b56e372c/1/wolzr_qpk205FGqhNvvLBRua-Z8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.119.216.0/23
                  82.119.222.0/23
                  217.22.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         17:a2:30:79:a8:4f:05:8c:30:d6:58:6e:c3:eb:9a:4a:f7:90:
         74:db:c6:5f:1c:a8:39:6d:f8:fd:14:6f:6c:b4:92:f9:67:eb:
         cc:98:88:53:49:0f:1f:42:a8:fe:d8:c0:43:e9:40:7d:c4:5a:
         da:95:f5:0b:81:57:20:35:d8:be:5e:e9:12:f2:bc:40:4a:9d:
         3e:a7:79:89:d8:53:6a:28:0a:b1:ae:f6:ea:cc:5c:8a:2c:bc:
         43:97:f2:27:bc:43:dd:e4:bb:5f:b7:80:72:c0:08:2e:94:87:
         d1:4b:d8:5c:93:17:8a:4e:e7:ab:3c:cf:d4:35:2b:a2:c9:1f:
         eb:17:5e:6c:67:4a:16:9c:8a:2d:3a:7b:d8:9c:29:ba:9b:60:
         35:13:c8:24:37:ba:62:3d:2d:d7:94:0a:46:36:6f:38:5f:a8:
         78:d9:33:a3:13:85:80:4e:88:3b:ca:e9:71:73:1e:4e:c4:c6:
         21:cc:02:b2:29:fa:b2:fb:87:91:d1:da:39:1e:eb:b2:d8:75:
         55:e1:37:39:8a:f4:73:1f:b8:04:76:db:5f:af:34:c2:81:e7:
         c2:26:56:a1:64:2b:fa:d9:fd:dc:a2:56:74:61:f8:24:bc:6c:
         92:ba:b3:51:f4:dd:d3:77:e2:d0:c3:a7:2a:33:e5:02:0b:c0:
         6f:71:ba:64
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZo6fVOaLARf/r4NqLPkMqqZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyODk3M2FmZmFhOTkzNmQzOTE0NmFhMTM2ZmJjYjA1MWI5
YWY5OWYwHhcNMjUxMDMxMTMzODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjY4ZTZiZGI3ZGJlZjMwMGVmNWI1NTc2ZjY5NzkwOWZmODYyNmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6j3o+V9i3h3GcAHM9K0PK1X1p5H
1AtGb+Ox7YpJ10QjEV+8dkDKQNPNZajI2YAbuUkQit84o5jEZFkeGLoiZ+XiW67z
743dm7Otshf/mfKMqeeYSy6U1RRX32VZiVvKQJuZoOgQncBSp9O/MsAB8XNNnort
G/w8+Rt0Er619LwXW6LiZjDw1JRk8UbhmEwPdH1wCwa+zZG42Vs3FygDI5L4qM1I
DbC/W3RHxoI1JLDIrurJI7Ts7TJQox9Q+yvSTYtc2OvVTCvRvus8nuPXcYt4ZnWp
wT0XjhJKG2hBksJ4ayutGWkioie3EBaPghUhah9X0/lowVraafaFDLPqqQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDto5r232+8wDvW1V29peQn/hibPMB8GA1UdIwQY
MBaAFMKJc6/6qZNtORRqoTb7ywUbmvmfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd29senJfcXBrMjA1RkdxaE52dkxCUnVhLVo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9hOTU0YmQtMTU3Zi00ZGJiLWJiYTQt
MzQ2M2I1NmUzNzJjLzEvTzJqbXZiZmI3ekFPOWJWWGIybDVDZi1HSnM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9hOTU0YmQtMTU3Zi00ZGJiLWJiYTQtMzQ2M2I1NmUzNzJj
LzEvd29senJfcXBrMjA1RkdxaE52dkxCUnVhLVo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBUnfYAwQB
UnfeAwQB2RbkMA0GCSqGSIb3DQEBCwUAA4IBAQAXojB5qE8FjDDWWG7D65pK95B0
28ZfHKg5bfj9FG9stJL5Z+vMmIhTSQ8fQqj+2MBD6UB9xFralfULgVcgNdi+XukS
8rxASp0+p3mJ2FNqKAqxrvbqzFyKLLxDl/InvEPd5Ltft4BywAgulIfRS9hckxeK
TuerPM/UNSuiyR/rF15sZ0oWnIotOnvYnCm6m2A1E8gkN7piPS3XlApGNm84X6h4
2TOjE4WATog7yulxcx5OxMYhzAKyKfqy+4eR0do5Huuy2HVV4Tc5ivRzH7gEdttf
rzTCgefCJlahZCv62f3colZ0YfgkvGySurNR9N3Td+LQw6cqM+UCC8Bvcbpk
-----END CERTIFICATE-----