Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/c24341-a7cf-4275-ac4f-5c765c5373a3/1/8ofea1TR2-dllg5VQcblmlWW_Jw.roa
File:                     8ofea1TR2-dllg5VQcblmlWW_Jw.roa (raw, json)
Hash identifier:          DDzXIHlSYWS45kNZcp+/HWVN971pVq7eD5ioet4NIZ4=
Subject key identifier:   F2:87:DE:6B:54:D1:DB:E7:65:96:0E:55:41:C6:E5:9A:55:96:FC:9C
Certificate issuer:       /CN=4a8e17fdaa29187b8e40d630addebd9fd24c0176
Certificate serial:       019A08AA331C32A0B013F18ADCD67F352A6F
Authority key identifier: 4A:8E:17:FD:AA:29:18:7B:8E:40:D6:30:AD:DE:BD:9F:D2:4C:01:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/So4X_aopGHuOQNYwrd69n9JMAXY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/c24341-a7cf-4275-ac4f-5c765c5373a3/1/8ofea1TR2-dllg5VQcblmlWW_Jw.roa
Signing time:             Tue 21 Oct 2025 21:26:03 +0000
ROA not before:           Tue 21 Oct 2025 21:26:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31202
IP address blocks:        185.23.61.0/24 maxlen: 24
                          185.23.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/c24341-a7cf-4275-ac4f-5c765c5373a3/1/So4X_aopGHuOQNYwrd69n9JMAXY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/c24341-a7cf-4275-ac4f-5c765c5373a3/1/So4X_aopGHuOQNYwrd69n9JMAXY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/So4X_aopGHuOQNYwrd69n9JMAXY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:08:aa:33:1c:32:a0:b0:13:f1:8a:dc:d6:7f:35:2a:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a8e17fdaa29187b8e40d630addebd9fd24c0176
        Validity
            Not Before: Oct 21 21:26:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f287de6b54d1dbe765960e5541c6e59a5596fc9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:5e:63:cf:b4:08:be:78:34:98:4c:da:cf:6d:
                    96:07:3a:73:27:95:54:34:90:b2:0f:e5:a3:f4:7b:
                    6e:a8:1a:ed:a4:4e:42:85:33:2e:bb:fb:f3:8d:ca:
                    02:c9:70:ec:37:21:fa:86:2e:ba:1d:e0:76:27:f0:
                    a6:c0:8c:2a:0a:df:01:5d:7f:7d:cf:25:08:ab:35:
                    cc:3a:89:98:27:83:83:1f:7e:eb:49:b1:7a:c3:41:
                    ec:5b:05:d5:05:e0:ba:95:46:0c:21:79:a6:42:43:
                    02:d3:02:ec:1f:6a:2d:d9:1c:c2:75:9d:16:78:81:
                    6e:86:63:41:4e:d1:37:c7:f2:cb:61:e5:00:c3:35:
                    b7:8d:f5:d9:76:03:ad:7b:25:ff:c3:0c:e6:21:e0:
                    33:0f:c6:ce:ec:2f:18:19:9e:0d:1c:9d:71:d3:5e:
                    9e:77:03:1f:db:5c:1f:e4:21:43:de:b5:3f:68:5d:
                    3c:a4:82:0a:8f:f1:95:bd:44:0a:5e:c7:22:be:ca:
                    6c:82:53:0a:0e:f7:8c:1d:15:be:b9:9b:3d:4c:f2:
                    62:d2:4f:ef:5b:94:4c:0a:28:c0:0a:75:b7:73:11:
                    e0:2d:51:e0:31:ad:8a:ab:73:70:4a:c3:b1:c6:aa:
                    24:9d:16:35:c8:ad:cc:5f:a5:9d:0a:16:b6:69:97:
                    ab:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:87:DE:6B:54:D1:DB:E7:65:96:0E:55:41:C6:E5:9A:55:96:FC:9C
            X509v3 Authority Key Identifier:
                keyid:4A:8E:17:FD:AA:29:18:7B:8E:40:D6:30:AD:DE:BD:9F:D2:4C:01:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/So4X_aopGHuOQNYwrd69n9JMAXY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/c24341-a7cf-4275-ac4f-5c765c5373a3/1/8ofea1TR2-dllg5VQcblmlWW_Jw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/c24341-a7cf-4275-ac4f-5c765c5373a3/1/So4X_aopGHuOQNYwrd69n9JMAXY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.61.0-185.23.62.255

    Signature Algorithm: sha256WithRSAEncryption
         8e:4a:41:a2:6a:ec:f3:25:87:e9:a7:f8:40:b0:83:ca:bb:36:
         aa:e1:90:6f:92:b4:82:53:8c:e2:41:31:67:0b:82:7a:d8:5a:
         0b:e6:79:27:73:44:b2:6e:16:1f:17:c5:68:e1:73:35:96:1e:
         a0:f3:71:6c:ba:90:f4:fe:c6:8c:0d:cc:79:d3:c4:db:f2:ee:
         3e:e0:bf:3a:8a:00:07:e4:5c:04:da:36:ea:3e:7a:a0:d3:82:
         15:c4:eb:26:6a:cd:d2:b9:cc:1f:20:7b:f8:92:75:be:75:97:
         6d:d2:00:19:72:ae:5e:5f:53:64:88:64:55:7e:30:81:dc:0f:
         85:2b:73:c2:a4:9a:c8:27:97:04:2a:84:a0:b9:d1:03:eb:90:
         9b:31:ad:f7:cd:5e:fd:68:ae:d3:a5:39:9c:c8:2b:54:39:90:
         5a:6f:f4:54:1e:67:fd:2e:df:83:1a:65:ce:d1:cb:cc:7a:49:
         a2:51:1e:a5:30:3d:4a:f5:22:6e:53:3b:4f:60:55:7c:66:0e:
         0e:1a:05:a4:be:bb:a6:b3:98:70:b3:f8:43:f4:1f:4c:ad:8a:
         ec:fc:36:97:37:26:5c:ef:88:d0:c0:68:5c:c6:dd:66:fa:01:
         80:42:94:78:bb:37:5e:22:66:66:e1:b1:79:94:25:3a:1b:dc:
         cc:24:d3:db
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZoIqjMcMqCwE/GK3NZ/NSpvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhOGUxN2ZkYWEyOTE4N2I4ZTQwZDYzMGFkZGViZDlmZDI0
YzAxNzYwHhcNMjUxMDIxMjEyNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjg3ZGU2YjU0ZDFkYmU3NjU5NjBlNTU0MWM2ZTU5YTU1OTZmYzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAql5jz7QIvng0mEzaz22WBzpzJ5VU
NJCyD+Wj9HtuqBrtpE5ChTMuu/vzjcoCyXDsNyH6hi66HeB2J/CmwIwqCt8BXX99
zyUIqzXMOomYJ4ODH37rSbF6w0HsWwXVBeC6lUYMIXmmQkMC0wLsH2ot2RzCdZ0W
eIFuhmNBTtE3x/LLYeUAwzW3jfXZdgOteyX/wwzmIeAzD8bO7C8YGZ4NHJ1x016e
dwMf21wf5CFD3rU/aF08pIIKj/GVvUQKXscivspsglMKDveMHRW+uZs9TPJi0k/v
W5RMCijACnW3cxHgLVHgMa2Kq3NwSsOxxqoknRY1yK3MX6WdCha2aZerNwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPKH3mtU0dvnZZYOVUHG5ZpVlvycMB8GA1UdIwQY
MBaAFEqOF/2qKRh7jkDWMK3evZ/STAF2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU280WF9hb3BHSHVPUU5Zd3JkNjluOUpNQVhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9jMjQzNDEtYTdjZi00Mjc1LWFjNGYt
NWM3NjVjNTM3M2EzLzEvOG9mZWExVFIyLWRsbGc1VlFjYmxtbFdXX0p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9jMjQzNDEtYTdjZi00Mjc1LWFjNGYtNWM3NjVjNTM3M2Ez
LzEvU280WF9hb3BHSHVPUU5Zd3JkNjluOUpNQVhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5Fz0D
BAC5Fz4wDQYJKoZIhvcNAQELBQADggEBAI5KQaJq7PMlh+mn+ECwg8q7NqrhkG+S
tIJTjOJBMWcLgnrYWgvmeSdzRLJuFh8XxWjhczWWHqDzcWy6kPT+xowNzHnTxNvy
7j7gvzqKAAfkXATaNuo+eqDTghXE6yZqzdK5zB8ge/iSdb51l23SABlyrl5fU2SI
ZFV+MIHcD4Urc8KkmsgnlwQqhKC50QPrkJsxrffNXv1ortOlOZzIK1Q5kFpv9FQe
Z/0u34MaZc7Ry8x6SaJRHqUwPUr1Im5TO09gVXxmDg4aBaS+u6azmHCz+EP0H0yt
iuz8Npc3JlzviNDAaFzG3Wb6AYBClHi7N14iZmbhsXmUJTob3Mwk09s=
-----END CERTIFICATE-----