Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/pbIEZsxqRHKUwQBhfkufRfsKmSo.roa
File:                     pbIEZsxqRHKUwQBhfkufRfsKmSo.roa (raw, json)
Hash identifier:          FihsxpIP4qugEIdCV/l0qRIalXfvb4LDcxc44GpK8RA=
Subject key identifier:   A5:B2:04:66:CC:6A:44:72:94:C1:00:61:7E:4B:9F:45:FB:0A:99:2A
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019A154CC172900288C7801809D12EEE27E5
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/pbIEZsxqRHKUwQBhfkufRfsKmSo.roa
Signing time:             Fri 24 Oct 2025 08:19:03 +0000
ROA not before:           Fri 24 Oct 2025 08:19:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42831
IP address blocks:        178.219.6.0/24 maxlen: 24
                          188.255.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 22:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:15:4c:c1:72:90:02:88:c7:80:18:09:d1:2e:ee:27:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Oct 24 08:19:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5b20466cc6a447294c100617e4b9f45fb0a992a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:76:21:6a:86:10:20:45:b3:a2:ec:e9:98:81:
                    e1:60:f3:f3:cc:d1:f8:15:00:24:05:95:82:6f:cc:
                    0e:bd:7e:da:4e:fe:2f:de:e9:c3:03:14:22:fe:e8:
                    76:e3:81:79:ac:d6:bd:5a:d5:7e:6d:eb:30:bb:70:
                    c1:88:f0:b8:a8:47:3f:09:6c:77:49:3a:33:95:1a:
                    51:ba:a7:e0:b1:86:68:a4:55:9c:09:8c:82:39:27:
                    82:af:90:b4:53:96:8f:fd:cb:81:28:a4:56:1f:6a:
                    db:a1:2e:55:16:69:6b:9c:26:11:f3:d7:7c:c3:34:
                    af:8f:b8:9e:13:77:1b:59:63:fb:73:0c:93:f0:2d:
                    9a:48:a4:41:65:5b:77:2c:4b:79:52:c8:c6:66:bd:
                    05:98:c3:46:31:2c:ae:75:13:d8:a0:cc:ae:9c:af:
                    f2:8c:0b:ba:e0:e6:12:ae:92:ba:5d:20:4e:41:3b:
                    fc:08:81:10:82:26:f6:00:08:d9:f9:ee:2e:9e:28:
                    87:05:60:f0:99:de:e1:00:bb:e7:90:97:60:1a:5f:
                    3b:95:7b:56:e5:e4:7c:3f:6a:b7:52:fd:9d:1a:46:
                    dc:5b:c4:56:3e:17:2f:fb:f6:1a:94:b1:40:b9:16:
                    bc:3a:78:a6:e9:e8:75:c8:0d:d3:46:a5:48:65:0c:
                    a8:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:B2:04:66:CC:6A:44:72:94:C1:00:61:7E:4B:9F:45:FB:0A:99:2A
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/pbIEZsxqRHKUwQBhfkufRfsKmSo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.219.6.0/24
                  188.255.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:f2:41:84:99:c3:2c:fe:ce:df:b8:0c:fc:29:b5:e7:c2:4f:
         63:0c:eb:fc:fa:d8:16:8b:44:bd:93:3a:19:17:0e:88:76:61:
         4c:7f:68:8a:16:4f:42:f8:5a:cd:e4:f8:89:ea:45:f3:94:8b:
         84:20:f1:05:c3:0d:19:36:76:58:72:12:30:db:c7:0d:8e:1d:
         b4:f1:6b:3c:80:2a:88:67:ca:c3:6b:d5:50:ac:31:3f:47:a6:
         5c:68:0e:f5:16:80:7f:65:54:ef:17:8c:50:ee:eb:ef:59:72:
         c4:8b:9f:af:aa:c6:2f:a3:13:2f:8a:9c:c7:25:58:83:94:69:
         fb:ca:1a:3e:8c:75:03:e1:66:93:04:1a:96:25:62:2b:71:36:
         07:54:6e:e5:7f:41:cb:71:5a:76:ce:c2:16:8a:28:3f:31:4f:
         43:15:c3:4e:4f:85:c1:c2:c7:73:13:9c:da:ce:90:70:64:08:
         b8:27:bd:6d:d5:83:21:f1:e6:11:cd:79:56:c2:14:55:e4:be:
         3a:27:11:5a:93:a0:8f:a8:50:13:b8:24:7d:65:e1:a9:f9:fe:
         1b:89:46:9b:1e:83:e2:a7:5c:4f:a5:dc:a8:bf:46:ea:82:57:
         ce:38:72:92:02:1e:35:f6:2f:cc:21:43:6b:5c:fb:f0:cb:75:
         26:04:ec:75
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoVTMFykAKIx4AYCdEu7iflMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUxMDI0MDgxOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWIyMDQ2NmNjNmE0NDcyOTRjMTAwNjE3ZTRiOWY0NWZiMGE5OTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHYhaoYQIEWzouzpmIHhYPPzzNH4
FQAkBZWCb8wOvX7aTv4v3unDAxQi/uh244F5rNa9WtV+beswu3DBiPC4qEc/CWx3
STozlRpRuqfgsYZopFWcCYyCOSeCr5C0U5aP/cuBKKRWH2rboS5VFmlrnCYR89d8
wzSvj7ieE3cbWWP7cwyT8C2aSKRBZVt3LEt5UsjGZr0FmMNGMSyudRPYoMyunK/y
jAu64OYSrpK6XSBOQTv8CIEQgib2AAjZ+e4uniiHBWDwmd7hALvnkJdgGl87lXtW
5eR8P2q3Uv2dGkbcW8RWPhcv+/YalLFAuRa8Onim6eh1yA3TRqVIZQyo1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKWyBGbMakRylMEAYX5Ln0X7CpkqMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvcGJJRVpzeHFSSEtVd1FCaGZrdWZSZnNLbVNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAstsGAwQA
vP/UMA0GCSqGSIb3DQEBCwUAA4IBAQCm8kGEmcMs/s7fuAz8KbXnwk9jDOv8+tgW
i0S9kzoZFw6IdmFMf2iKFk9C+FrN5PiJ6kXzlIuEIPEFww0ZNnZYchIw28cNjh20
8Ws8gCqIZ8rDa9VQrDE/R6ZcaA71FoB/ZVTvF4xQ7uvvWXLEi5+vqsYvoxMvipzH
JViDlGn7yho+jHUD4WaTBBqWJWIrcTYHVG7lf0HLcVp2zsIWiig/MU9DFcNOT4XB
wsdzE5zazpBwZAi4J71t1YMh8eYRzXlWwhRV5L46JxFak6CPqFATuCR9ZeGp+f4b
iUabHoPip1xPpdyov0bqglfOOHKSAh419i/MIUNrXPvwy3UmBOx1
-----END CERTIFICATE-----