Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/O--ohDSHb3_cgUUA6fEd67yI0qE.roa
File:                     O--ohDSHb3_cgUUA6fEd67yI0qE.roa (raw, json)
Hash identifier:          ZeZLP6PWTPODtcpDZvxrQiDQ91HF+onUP31S24SY2QI=
Subject key identifier:   3B:EF:A8:84:34:87:6F:7F:DC:81:45:00:E9:F1:1D:EB:BC:88:D2:A1
Certificate issuer:       /CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Certificate serial:       019A40D3A3ABFCAA3404757B074D7D6473F6
Authority key identifier: 32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/O--ohDSHb3_cgUUA6fEd67yI0qE.roa
Signing time:             Sat 01 Nov 2025 19:10:03 +0000
ROA not before:           Sat 01 Nov 2025 19:10:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209235
IP address blocks:        185.130.194.0/24 maxlen: 24
                          2a09:c0c0::/29 maxlen: 48
                          2a09:c0c0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:40:d3:a3:ab:fc:aa:34:04:75:7b:07:4d:7d:64:73:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
        Validity
            Not Before: Nov  1 19:10:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3befa88434876f7fdc814500e9f11debbc88d2a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:00:5c:d8:c2:07:e5:2f:2a:2a:65:f0:bb:32:
                    3f:a1:72:aa:53:16:19:f6:ae:58:92:ef:c2:2f:a3:
                    36:4b:8b:49:f9:92:ae:01:af:3f:a5:ee:e9:c5:01:
                    b1:93:9c:c2:29:21:16:da:41:e7:40:a7:e9:13:e2:
                    50:33:d7:dd:04:8e:9b:c0:13:8d:5f:b6:25:6e:9d:
                    39:02:bd:a1:14:ea:41:ca:40:77:85:4c:a1:ea:da:
                    47:c3:50:ca:29:1b:ce:a3:5f:a8:10:b4:54:5f:21:
                    08:31:ef:b4:86:d9:19:2d:82:c0:2d:c1:e0:da:48:
                    c5:3a:49:2e:73:ee:c4:9f:f3:60:84:09:96:65:f1:
                    af:dd:e6:53:88:fa:e7:df:01:93:31:f3:7b:1a:1d:
                    57:f7:0a:5f:3e:a8:cc:da:2f:b1:87:14:1a:cb:e1:
                    46:8e:4e:0a:8e:5a:31:b4:69:ce:8f:ed:ca:10:58:
                    d9:11:5e:d8:71:30:56:f0:fc:06:d9:00:b2:9b:88:
                    a7:38:b3:9e:9e:9f:38:ec:cd:bc:9a:a2:6b:25:cf:
                    d8:c2:9a:a1:11:4a:13:27:2a:8e:ea:47:4f:b1:c4:
                    8b:19:03:36:ca:50:83:c4:b1:11:7e:58:a9:ee:18:
                    ed:d0:f6:fd:3f:37:9c:59:8e:f3:26:b4:11:da:b5:
                    d7:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:EF:A8:84:34:87:6F:7F:DC:81:45:00:E9:F1:1D:EB:BC:88:D2:A1
            X509v3 Authority Key Identifier:
                keyid:32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/O--ohDSHb3_cgUUA6fEd67yI0qE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.130.194.0/24
                IPv6:
                  2a09:c0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6f:69:ea:a2:f4:2e:34:80:b4:1e:62:a6:d1:f1:fc:da:dd:e3:
         34:30:d4:54:d3:24:49:76:a5:06:6b:fb:13:83:33:57:e5:b6:
         d8:ab:97:00:73:c2:61:79:20:c5:ef:cb:1d:31:25:79:f5:06:
         97:b1:ce:7e:20:1f:53:02:74:4a:73:76:a0:27:77:0e:60:7d:
         6b:e3:5b:72:f2:9e:2d:24:10:6e:7e:66:77:c4:37:aa:ce:ac:
         70:70:52:1c:12:1e:1d:18:2f:f7:65:d3:3d:75:df:31:74:3e:
         b1:51:d4:db:21:c3:57:27:d2:cb:cf:18:d0:8d:88:b9:cd:2f:
         16:f1:25:78:91:9f:b3:2b:d6:2d:c3:af:32:36:6c:01:1e:1f:
         b9:b0:0b:51:fd:5d:4a:ca:2b:04:bf:88:dc:10:d5:d7:fe:74:
         bd:0e:24:95:f1:a5:b4:ba:20:92:75:b1:c1:6f:ab:94:38:de:
         42:21:02:17:6c:0c:7c:2a:09:a1:cd:e5:64:8e:6f:72:e3:7d:
         3e:9e:19:34:5e:51:d6:f0:af:8c:fb:99:21:c0:a7:c6:54:d1:
         f5:04:7e:6c:e2:44:70:bd:5c:f1:48:56:d0:46:e9:04:15:52:
         a2:30:8e:3d:33:47:6d:a6:1f:f9:a1:c9:45:32:28:8c:5e:39:
         60:89:2d:60
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZpA06Or/Ko0BHV7B019ZHP2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYzc4ZWVlZjdhY2I0NTFmYzM3NTc1ZmViOTExNGRmY2Nj
MWNkZmIwHhcNMjUxMTAxMTkxMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmVmYTg4NDM0ODc2ZjdmZGM4MTQ1MDBlOWYxMWRlYmJjODhkMmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugBc2MIH5S8qKmXwuzI/oXKqUxYZ
9q5Yku/CL6M2S4tJ+ZKuAa8/pe7pxQGxk5zCKSEW2kHnQKfpE+JQM9fdBI6bwBON
X7Ylbp05Ar2hFOpBykB3hUyh6tpHw1DKKRvOo1+oELRUXyEIMe+0htkZLYLALcHg
2kjFOkkuc+7En/NghAmWZfGv3eZTiPrn3wGTMfN7Gh1X9wpfPqjM2i+xhxQay+FG
jk4KjloxtGnOj+3KEFjZEV7YcTBW8PwG2QCym4inOLOenp847M28mqJrJc/Ywpqh
EUoTJyqO6kdPscSLGQM2ylCDxLERflip7hjt0Pb9PzecWY7zJrQR2rXXbQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDvvqIQ0h29/3IFFAOnxHeu8iNKhMB8GA1UdIwQY
MBaAFDLHju73rLRR/DdXX+uRFN/Mwc37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYt
MmYxYzhlNDA4YjY0LzEvTy0tb2hEU0hiM19jZ1VVQTZmRWQ2N3lJMHFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYtMmYxYzhlNDA4YjY0
LzEvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuYLCMA0E
AgACMAcDBQMqCcDAMA0GCSqGSIb3DQEBCwUAA4IBAQBvaeqi9C40gLQeYqbR8fza
3eM0MNRU0yRJdqUGa/sTgzNX5bbYq5cAc8JheSDF78sdMSV59QaXsc5+IB9TAnRK
c3agJ3cOYH1r41ty8p4tJBBufmZ3xDeqzqxwcFIcEh4dGC/3ZdM9dd8xdD6xUdTb
IcNXJ9LLzxjQjYi5zS8W8SV4kZ+zK9Ytw68yNmwBHh+5sAtR/V1KyisEv4jcENXX
/nS9DiSV8aW0uiCSdbHBb6uUON5CIQIXbAx8KgmhzeVkjm9y430+nhk0XlHW8K+M
+5khwKfGVNH1BH5s4kRwvVzxSFbQRukEFVKiMI49M0dtph/5oclFMiiMXjlgiS1g
-----END CERTIFICATE-----