Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/tthWAGRbmNIzSgjynE28-INdovs.roa
File:                     tthWAGRbmNIzSgjynE28-INdovs.roa (raw, json)
Hash identifier:          JNyyQCgYIQQWxqXWa0zOC6v5y7nOJ0Nt9MezWJNo5KM=
Subject key identifier:   B6:D8:56:00:64:5B:98:D2:33:4A:08:F2:9C:4D:BC:F8:83:5D:A2:FB
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       019A48AE22D7ADA35AB0FA84E946D6F965F5
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/tthWAGRbmNIzSgjynE28-INdovs.roa
Signing time:             Mon 03 Nov 2025 07:46:03 +0000
ROA not before:           Mon 03 Nov 2025 07:46:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.81.28.0/22 maxlen: 24
                          185.81.30.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:48:ae:22:d7:ad:a3:5a:b0:fa:84:e9:46:d6:f9:65:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Nov  3 07:46:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6d85600645b98d2334a08f29c4dbcf8835da2fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:23:39:ca:6a:60:97:fa:b5:79:cc:25:ae:1b:
                    31:4a:c1:08:3f:1f:92:3e:0d:60:e2:c0:16:b8:66:
                    0b:3b:9f:03:f7:9e:00:54:57:81:45:83:51:31:cd:
                    97:7f:0e:b2:c0:98:03:d7:68:48:25:bd:7b:54:2f:
                    a5:47:34:24:3b:94:ce:34:d7:f8:38:8a:b3:e7:98:
                    0c:07:28:f6:04:a6:18:00:42:51:0b:fd:20:06:16:
                    8f:a4:70:26:25:54:68:54:70:a0:8c:a1:c2:2a:0d:
                    23:bf:b9:52:86:f0:d4:48:ac:c5:73:69:b0:e9:fc:
                    6a:fb:a8:5b:8c:37:d1:73:79:21:74:ab:e5:6e:c8:
                    10:f8:e2:22:10:f4:24:85:3a:93:eb:09:3e:a8:d8:
                    2d:1c:27:a3:53:70:8a:5c:95:fa:05:18:ec:95:ff:
                    37:89:5a:de:d4:a5:68:02:95:b7:08:2a:ca:54:7a:
                    25:8a:af:93:5d:27:96:5d:cd:7d:1c:b4:8a:10:20:
                    ba:99:f8:d4:be:2c:a5:c2:5a:f6:82:e6:aa:f3:f5:
                    b5:87:ac:f2:16:ad:ad:b5:5b:1c:36:82:26:48:75:
                    90:1f:c4:dd:55:63:1d:12:ec:7b:f2:7c:22:9b:dd:
                    85:93:80:e0:cb:db:f5:e1:6c:b6:b2:25:4d:a5:67:
                    81:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:D8:56:00:64:5B:98:D2:33:4A:08:F2:9C:4D:BC:F8:83:5D:A2:FB
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/tthWAGRbmNIzSgjynE28-INdovs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:03:8a:32:80:35:7d:a7:b8:fe:0f:d4:b1:16:aa:e6:a6:58:
         bc:f0:87:c9:5b:89:6b:50:1d:02:39:a8:8d:8f:c6:13:a2:d6:
         55:80:1c:00:47:d5:d7:79:02:b7:f3:3d:aa:46:22:1f:d7:42:
         a3:e2:b3:ff:1d:bb:8f:ae:8c:54:b3:e1:88:bd:71:49:bc:fc:
         b2:dc:73:84:53:62:7e:bf:b3:df:23:db:04:55:78:a8:d2:0c:
         f5:00:1a:ca:71:d3:80:cb:71:bd:d1:7e:96:83:ae:b2:af:62:
         ba:42:de:07:46:36:3a:87:26:e5:64:a8:e0:f6:84:68:c9:3e:
         bd:51:0e:90:2a:54:ce:86:21:f0:b9:39:de:84:df:d0:9b:d3:
         9a:11:94:de:0b:d1:29:63:38:52:59:1e:43:35:00:d2:5e:89:
         d0:6b:2e:bc:26:0e:a2:81:e7:68:e3:93:d4:26:71:4a:2a:8f:
         b8:b6:e1:6b:66:39:d5:ab:bb:89:15:d0:65:1d:29:07:6b:26:
         28:a0:86:9a:2f:2c:ca:b2:7e:4b:b7:6b:cd:55:46:1b:89:a5:
         9c:99:b9:25:8c:17:3d:48:4f:21:ed:06:24:f6:f5:e6:81:08:
         73:ab:8d:1c:09:f8:74:4f:29:1f:1a:21:ad:9b:96:5a:65:0c:
         5c:8f:b4:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpIriLXraNasPqE6UbW+WX1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjUxMTAzMDc0NjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmQ4NTYwMDY0NWI5OGQyMzM0YTA4ZjI5YzRkYmNmODgzNWRhMmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyM5ympgl/q1ecwlrhsxSsEIPx+S
Pg1g4sAWuGYLO58D954AVFeBRYNRMc2Xfw6ywJgD12hIJb17VC+lRzQkO5TONNf4
OIqz55gMByj2BKYYAEJRC/0gBhaPpHAmJVRoVHCgjKHCKg0jv7lShvDUSKzFc2mw
6fxq+6hbjDfRc3khdKvlbsgQ+OIiEPQkhTqT6wk+qNgtHCejU3CKXJX6BRjslf83
iVre1KVoApW3CCrKVHoliq+TXSeWXc19HLSKECC6mfjUviylwlr2guaq8/W1h6zy
Fq2ttVscNoImSHWQH8TdVWMdEux78nwim92Fk4Dgy9v14Wy2siVNpWeBMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLbYVgBkW5jSM0oI8pxNvPiDXaL7MB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvdHRoV0FHUmJtTkl6U2dqeW5FMjgtSU5kb3ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVEcMA0G
CSqGSIb3DQEBCwUAA4IBAQATA4oygDV9p7j+D9SxFqrmpli88IfJW4lrUB0COaiN
j8YTotZVgBwAR9XXeQK38z2qRiIf10Kj4rP/HbuProxUs+GIvXFJvPyy3HOEU2J+
v7PfI9sEVXio0gz1ABrKcdOAy3G90X6Wg66yr2K6Qt4HRjY6hyblZKjg9oRoyT69
UQ6QKlTOhiHwuTnehN/Qm9OaEZTeC9EpYzhSWR5DNQDSXonQay68Jg6igedo45PU
JnFKKo+4tuFrZjnVq7uJFdBlHSkHayYooIaaLyzKsn5Lt2vNVUYbiaWcmbkljBc9
SE8h7QYk9vXmgQhzq40cCfh0TykfGiGtm5ZaZQxcj7S+
-----END CERTIFICATE-----