Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/0RROrS7EP_5CwYaWtOibTCuabhc.roa
File:                     0RROrS7EP_5CwYaWtOibTCuabhc.roa (raw, json)
Hash identifier:          uwLvq6OyphLPb9DhsW74rLK9fPzz8lUuatzazhiEDUA=
Subject key identifier:   D1:14:4E:AD:2E:C4:3F:FE:42:C1:86:96:B4:E8:9B:4C:2B:9A:6E:17
Certificate issuer:       /CN=5813e26d71ac5b6a601156d90ce0dccec5986243
Certificate serial:       019A17C477DC9096061860E0BE0D7895B004
Authority key identifier: 58:13:E2:6D:71:AC:5B:6A:60:11:56:D9:0C:E0:DC:CE:C5:98:62:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WBPibXGsW2pgEVbZDODczsWYYkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/0RROrS7EP_5CwYaWtOibTCuabhc.roa
Signing time:             Fri 24 Oct 2025 19:49:02 +0000
ROA not before:           Fri 24 Oct 2025 19:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        185.224.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/WBPibXGsW2pgEVbZDODczsWYYkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/WBPibXGsW2pgEVbZDODczsWYYkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WBPibXGsW2pgEVbZDODczsWYYkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:17:c4:77:dc:90:96:06:18:60:e0:be:0d:78:95:b0:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5813e26d71ac5b6a601156d90ce0dccec5986243
        Validity
            Not Before: Oct 24 19:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1144ead2ec43ffe42c18696b4e89b4c2b9a6e17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:12:db:0f:5a:41:ce:f5:b4:98:e3:a6:18:f5:
                    a4:25:b5:6e:30:a4:66:28:4f:9e:3f:c8:19:54:db:
                    bc:b8:11:ca:b5:95:0d:a8:fd:89:b5:b5:f5:66:b3:
                    75:3c:e8:48:98:22:79:8d:64:a0:08:f3:53:96:85:
                    48:b4:af:1d:a2:4a:e0:68:3c:23:15:1f:8d:84:dd:
                    88:88:99:cd:d1:01:72:62:49:cc:e1:b7:34:ac:43:
                    d5:d7:a5:ae:1f:cc:f5:a8:2d:bc:25:dc:ac:b4:9f:
                    f8:82:5f:a1:fe:84:9c:3e:73:77:5e:eb:e3:30:de:
                    d4:90:6c:69:84:d2:c4:b3:24:55:98:2e:98:5f:6b:
                    4c:05:3a:f0:91:74:42:0c:e0:d8:41:0d:d3:25:a7:
                    be:aa:c1:b0:76:ec:af:c2:2f:09:02:27:e1:fc:a5:
                    f0:29:d8:f4:fc:a2:85:bd:70:12:c9:3e:6a:30:cb:
                    43:e5:13:af:4e:17:43:06:a3:ad:11:47:42:20:b0:
                    48:c5:60:1f:3b:da:62:9a:81:61:85:d0:ac:e4:c7:
                    79:cc:f7:54:fc:b2:09:fc:3b:46:4b:17:41:14:cd:
                    4f:a5:15:ac:7e:2c:13:fc:26:f0:7b:fc:a3:60:69:
                    6d:cd:00:d9:e1:2f:6c:45:db:77:3b:bd:76:a0:e7:
                    78:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:14:4E:AD:2E:C4:3F:FE:42:C1:86:96:B4:E8:9B:4C:2B:9A:6E:17
            X509v3 Authority Key Identifier:
                keyid:58:13:E2:6D:71:AC:5B:6A:60:11:56:D9:0C:E0:DC:CE:C5:98:62:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WBPibXGsW2pgEVbZDODczsWYYkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/0RROrS7EP_5CwYaWtOibTCuabhc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/64ae31-d1c8-4004-a778-06df1dc03367/1/WBPibXGsW2pgEVbZDODczsWYYkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:9d:a5:09:05:ca:56:17:98:2e:1d:89:a9:1b:33:bd:0f:5e:
         a5:4c:2b:85:4e:e9:42:5b:ff:c1:8f:a8:0c:0e:2d:61:7d:ce:
         de:7e:f9:0b:24:7d:56:c2:0e:52:82:c2:5b:08:39:02:c9:96:
         0a:cd:56:1f:a6:d2:c1:46:72:23:14:00:cd:a1:b9:9c:3a:21:
         db:2a:16:bb:2f:bc:63:1b:e5:b6:6f:e1:db:4f:ef:b8:fa:dd:
         26:0f:09:a6:3d:7a:30:2b:64:8f:d2:f5:f7:97:c8:db:0d:19:
         a7:8f:4d:40:22:3a:a2:bc:90:91:d9:23:62:17:fa:aa:7d:8c:
         b8:49:68:cf:e0:00:d1:6b:72:06:94:84:68:c5:ef:97:4f:b9:
         b0:5a:f9:9a:29:d7:68:d2:7e:3c:c9:35:2a:71:37:11:b5:e0:
         07:8c:f6:b4:c5:c1:67:2f:ea:17:f0:b0:17:c7:d8:bb:3f:12:
         eb:2d:ed:07:c4:5a:60:46:e4:d4:d6:c7:95:0d:10:a1:ea:64:
         da:31:fe:19:76:45:9e:ea:d7:0c:ae:78:13:a5:cd:04:02:9d:
         18:c6:40:6c:1a:36:2c:06:9c:7c:7b:52:a1:bf:04:e6:0a:ae:
         b8:20:93:a4:83:23:8a:c1:54:b5:85:8f:fa:ba:b0:eb:15:8b:
         c5:ff:6e:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoXxHfckJYGGGDgvg14lbAEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MTNlMjZkNzFhYzViNmE2MDExNTZkOTBjZTBkY2NlYzU5
ODYyNDMwHhcNMjUxMDI0MTk0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTE0NGVhZDJlYzQzZmZlNDJjMTg2OTZiNGU4OWI0YzJiOWE2ZTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhLbD1pBzvW0mOOmGPWkJbVuMKRm
KE+eP8gZVNu8uBHKtZUNqP2JtbX1ZrN1POhImCJ5jWSgCPNTloVItK8dokrgaDwj
FR+NhN2IiJnN0QFyYknM4bc0rEPV16WuH8z1qC28JdystJ/4gl+h/oScPnN3Xuvj
MN7UkGxphNLEsyRVmC6YX2tMBTrwkXRCDODYQQ3TJae+qsGwduyvwi8JAifh/KXw
Kdj0/KKFvXASyT5qMMtD5ROvThdDBqOtEUdCILBIxWAfO9pimoFhhdCs5Md5zPdU
/LIJ/DtGSxdBFM1PpRWsfiwT/Cbwe/yjYGltzQDZ4S9sRdt3O712oOd4sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNEUTq0uxD/+QsGGlrTom0wrmm4XMB8GA1UdIwQY
MBaAFFgT4m1xrFtqYBFW2Qzg3M7FmGJDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0JQaWJYR3NXMnBnRVZiWkRPRGN6c1dZWWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi82NGFlMzEtZDFjOC00MDA0LWE3Nzgt
MDZkZjFkYzAzMzY3LzEvMFJST3JTN0VQXzVDd1lhV3RPaWJUQ3VhYmhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi82NGFlMzEtZDFjOC00MDA0LWE3NzgtMDZkZjFkYzAzMzY3
LzEvV0JQaWJYR3NXMnBnRVZiWkRPRGN6c1dZWWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueACMA0G
CSqGSIb3DQEBCwUAA4IBAQChnaUJBcpWF5guHYmpGzO9D16lTCuFTulCW//Bj6gM
Di1hfc7efvkLJH1Wwg5SgsJbCDkCyZYKzVYfptLBRnIjFADNobmcOiHbKha7L7xj
G+W2b+HbT++4+t0mDwmmPXowK2SP0vX3l8jbDRmnj01AIjqivJCR2SNiF/qqfYy4
SWjP4ADRa3IGlIRoxe+XT7mwWvmaKddo0n48yTUqcTcRteAHjPa0xcFnL+oX8LAX
x9i7PxLrLe0HxFpgRuTU1seVDRCh6mTaMf4ZdkWe6tcMrngTpc0EAp0YxkBsGjYs
Bpx8e1KhvwTmCq64IJOkgyOKwVS1hY/6urDrFYvF/24D
-----END CERTIFICATE-----