Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/9fBlTpzE1JBsgOrrxy7zfs5HX8k.roa
File:                     9fBlTpzE1JBsgOrrxy7zfs5HX8k.roa (raw, json)
Hash identifier:          pZfUWEYp7quP4c2uEiu9XQOEIJS1Fn2BIiWse8+7UWw=
Subject key identifier:   F5:F0:65:4E:9C:C4:D4:90:6C:80:EA:EB:C7:2E:F3:7E:CE:47:5F:C9
Certificate issuer:       /CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
Certificate serial:       019A1CFC390F21760874DF633C246CBF4619
Authority key identifier: 8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/9fBlTpzE1JBsgOrrxy7zfs5HX8k.roa
Signing time:             Sat 25 Oct 2025 20:08:03 +0000
ROA not before:           Sat 25 Oct 2025 20:08:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204487
IP address blocks:        185.29.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:1c:fc:39:0f:21:76:08:74:df:63:3c:24:6c:bf:46:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
        Validity
            Not Before: Oct 25 20:08:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5f0654e9cc4d4906c80eaebc72ef37ece475fc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:27:0e:ad:a1:97:1f:e9:ca:3f:ef:24:46:5c:
                    4c:13:d5:b1:a9:2e:25:97:d9:e9:b2:89:f7:4f:56:
                    a1:4e:62:2f:ad:1d:94:29:80:fa:47:b0:80:72:55:
                    74:15:64:58:2a:d1:5b:d1:e2:06:b8:8b:7a:b4:a7:
                    7a:a6:ec:d3:95:61:27:66:33:4f:01:cf:34:dd:74:
                    2e:13:96:31:95:45:52:82:4e:ce:db:36:67:f8:c2:
                    9b:9b:cc:94:e7:b8:73:ac:d2:aa:2a:3a:86:ef:e2:
                    c5:7c:43:ad:c4:ac:83:ee:d9:9d:ae:08:b0:ed:8f:
                    f4:a9:f0:f2:cc:24:3c:6d:3a:08:e5:58:85:36:59:
                    31:f3:a8:6c:e4:b3:51:7c:71:57:d5:ae:84:8e:29:
                    ee:04:a4:9c:29:c6:43:e2:9e:b2:ab:cb:49:83:b2:
                    19:c4:9f:6c:c7:68:6c:ad:66:b3:43:2b:fe:b3:91:
                    be:d9:1d:ee:63:e3:4f:f0:43:ae:ee:98:14:33:1f:
                    51:61:88:e1:af:a7:1d:0a:04:d6:4a:a6:88:7c:37:
                    6d:96:a7:6d:2b:b1:04:60:63:62:8f:5c:09:b0:40:
                    c9:f7:40:34:65:48:60:fc:f3:d4:d3:d3:46:a2:2a:
                    1b:98:c1:ea:95:83:93:82:bb:6d:9a:bc:18:ce:5b:
                    1a:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:F0:65:4E:9C:C4:D4:90:6C:80:EA:EB:C7:2E:F3:7E:CE:47:5F:C9
            X509v3 Authority Key Identifier:
                keyid:8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/9fBlTpzE1JBsgOrrxy7zfs5HX8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ea:b4:b3:f8:39:1a:20:a4:71:41:ba:20:a9:66:95:b8:3c:2a:
         19:72:fc:ca:a3:eb:36:f7:a2:e0:9a:2e:3c:c5:21:11:a1:92:
         61:80:7d:fc:6c:4e:84:53:f0:61:44:5e:b1:6e:94:27:09:25:
         65:64:6a:e1:0e:42:60:bd:a7:8f:8d:13:d3:7e:27:da:9c:c5:
         a6:84:1d:87:2e:e6:b6:a9:b8:16:ab:57:0c:67:57:8a:29:48:
         fd:d0:f7:19:1f:ac:2d:cd:b2:c4:3c:0b:a8:93:e9:66:73:06:
         f2:07:90:53:02:44:47:28:e3:3e:12:4f:cf:ec:58:5b:e6:50:
         a5:de:f0:be:16:43:ee:77:86:28:fe:e0:72:7f:0d:8b:55:89:
         34:da:e1:2c:62:fd:1b:5e:5c:f4:e6:c8:a2:aa:dc:35:49:0a:
         62:78:a6:21:8f:c9:f5:70:96:2d:15:e0:88:cb:de:e0:02:cc:
         f3:b7:a8:c4:4b:91:47:7e:72:c3:95:55:7b:3b:81:e9:2d:76:
         81:ff:92:f0:af:d9:ac:3e:f6:6c:ab:86:c5:72:a8:4d:2f:d9:
         1d:64:a2:0e:6b:fb:7b:f1:01:8f:d0:1e:af:56:50:24:9c:3f:
         f7:21:f6:47:43:32:87:09:2d:17:30:44:f3:74:5c:e1:fb:e1:
         35:34:60:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoc/DkPIXYIdN9jPCRsv0YZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMDFhYjZjZDQ0YTdhM2VhNDAwMmMxMDZhOTZjNDI3YjUy
YzgxZDUwHhcNMjUxMDI1MjAwODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWYwNjU0ZTljYzRkNDkwNmM4MGVhZWJjNzJlZjM3ZWNlNDc1ZmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCcOraGXH+nKP+8kRlxME9WxqS4l
l9npson3T1ahTmIvrR2UKYD6R7CAclV0FWRYKtFb0eIGuIt6tKd6puzTlWEnZjNP
Ac803XQuE5YxlUVSgk7O2zZn+MKbm8yU57hzrNKqKjqG7+LFfEOtxKyD7tmdrgiw
7Y/0qfDyzCQ8bToI5ViFNlkx86hs5LNRfHFX1a6EjinuBKScKcZD4p6yq8tJg7IZ
xJ9sx2hsrWazQyv+s5G+2R3uY+NP8EOu7pgUMx9RYYjhr6cdCgTWSqaIfDdtlqdt
K7EEYGNij1wJsEDJ90A0ZUhg/PPU09NGoiobmMHqlYOTgrttmrwYzlsaJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPXwZU6cxNSQbIDq68cu837OR1/JMB8GA1UdIwQY
MBaAFIoBq2zUSno+pAAsEGqWxCe1LIHVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEt
OWZlYmY4YzNlMzNmLzEvOWZCbFRwekUxSkJzZ09ycnh5N3pmczVIWDhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEtOWZlYmY4YzNlMzNm
LzEvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuR3/MA0G
CSqGSIb3DQEBCwUAA4IBAQDqtLP4ORogpHFBuiCpZpW4PCoZcvzKo+s296Lgmi48
xSERoZJhgH38bE6EU/BhRF6xbpQnCSVlZGrhDkJgvaePjRPTfifanMWmhB2HLua2
qbgWq1cMZ1eKKUj90PcZH6wtzbLEPAuok+lmcwbyB5BTAkRHKOM+Ek/P7Fhb5lCl
3vC+FkPud4Yo/uByfw2LVYk02uEsYv0bXlz05siiqtw1SQpieKYhj8n1cJYtFeCI
y97gAszzt6jES5FHfnLDlVV7O4HpLXaB/5Lwr9msPvZsq4bFcqhNL9kdZKIOa/t7
8QGP0B6vVlAknD/3IfZHQzKHCS0XMETzdFzh++E1NGDu
-----END CERTIFICATE-----