Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/loVwrvg92wZ7zx8vNurvGSPWCJg.roa
File:                     loVwrvg92wZ7zx8vNurvGSPWCJg.roa (raw, json)
Hash identifier:          oKtFkfmck2e1Bhm99yhzXyD5mQ2/n3sLoKcPg8KaNnE=
Subject key identifier:   96:85:70:AE:F8:3D:DB:06:7B:CF:1F:2F:36:EA:EF:19:23:D6:08:98
Certificate issuer:       /CN=55c9b2025e0e695808f6b61ee276aed4fb5680cd
Certificate serial:       019A4AB628B0F3F3450164EE45B495B65BCC
Authority key identifier: 55:C9:B2:02:5E:0E:69:58:08:F6:B6:1E:E2:76:AE:D4:FB:56:80:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VcmyAl4OaVgI9rYe4nau1PtWgM0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/loVwrvg92wZ7zx8vNurvGSPWCJg.roa
Signing time:             Mon 03 Nov 2025 17:14:03 +0000
ROA not before:           Mon 03 Nov 2025 17:14:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211557
IP address blocks:        168.222.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/VcmyAl4OaVgI9rYe4nau1PtWgM0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/VcmyAl4OaVgI9rYe4nau1PtWgM0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VcmyAl4OaVgI9rYe4nau1PtWgM0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:49:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4a:b6:28:b0:f3:f3:45:01:64:ee:45:b4:95:b6:5b:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55c9b2025e0e695808f6b61ee276aed4fb5680cd
        Validity
            Not Before: Nov  3 17:14:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=968570aef83ddb067bcf1f2f36eaef1923d60898
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:c6:f6:34:ad:99:6d:79:75:6f:b4:b4:82:ff:
                    2a:cf:31:2c:e1:d3:e0:a6:b8:15:a7:56:f5:64:9a:
                    d1:97:5c:9f:ee:3a:1c:8c:d3:d7:2a:94:e6:e1:6b:
                    0e:72:6f:e9:40:9e:7e:8b:cc:df:32:07:1a:34:42:
                    20:23:7c:aa:6c:f4:33:36:3a:3d:37:36:fd:a4:89:
                    0f:36:e9:b7:b8:97:33:e4:c4:93:bb:5f:10:97:94:
                    ae:3c:4a:e9:18:f0:c3:33:36:82:27:c7:a0:77:54:
                    49:0c:95:14:9a:a4:4b:47:63:8a:01:1e:db:18:e2:
                    73:84:3d:53:a0:fa:7f:55:39:15:9c:68:ba:62:5e:
                    d9:9e:db:bb:e6:c2:a4:f2:62:e4:fc:06:3f:e7:8d:
                    e4:50:c2:69:cd:62:0e:6c:5f:4b:29:7d:50:a3:b7:
                    7c:8f:37:8c:b3:70:58:e8:78:4d:a4:e4:59:b3:a0:
                    73:0f:97:be:b5:83:43:09:9e:57:a9:d2:3c:68:75:
                    73:5d:3b:af:4f:c7:c4:73:64:e8:36:83:b9:d5:e2:
                    c2:01:30:1b:6c:27:64:e3:91:aa:69:9c:ce:51:06:
                    e7:6a:3c:87:9e:c4:41:29:4d:46:46:10:c0:e4:fc:
                    c6:bb:5b:b3:2f:10:de:dc:51:02:68:fc:4f:dd:6c:
                    1d:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:85:70:AE:F8:3D:DB:06:7B:CF:1F:2F:36:EA:EF:19:23:D6:08:98
            X509v3 Authority Key Identifier:
                keyid:55:C9:B2:02:5E:0E:69:58:08:F6:B6:1E:E2:76:AE:D4:FB:56:80:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VcmyAl4OaVgI9rYe4nau1PtWgM0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/loVwrvg92wZ7zx8vNurvGSPWCJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6366b4-dd6f-4040-8895-71be0d51919d/1/VcmyAl4OaVgI9rYe4nau1PtWgM0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.222.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:96:b8:0f:42:62:c8:0a:a8:d1:e9:b8:cf:e4:60:86:41:9f:
         5d:9c:25:8c:a7:81:24:9b:4d:d7:c5:eb:87:a2:f3:cd:44:d0:
         29:2e:75:a8:2f:8b:14:b1:ce:e2:ec:29:ba:e9:33:2b:28:af:
         fc:ef:1d:0f:05:f4:88:69:d9:14:17:79:18:1c:d9:c0:3f:b0:
         de:6f:6c:d7:eb:14:8c:2d:0e:bd:df:09:00:2d:d1:0d:f8:31:
         82:c3:90:5c:62:23:a3:c4:fb:b5:67:9d:ca:a1:10:b9:a9:9e:
         3c:5b:a1:6e:a5:c7:c6:98:6e:88:c4:30:55:cc:e5:9e:39:8c:
         e5:f4:6e:14:e0:91:5e:b7:81:22:05:05:85:77:22:e4:a9:47:
         01:bf:86:c6:07:a8:cc:93:c5:63:da:a8:60:ce:31:2c:aa:b7:
         1e:c9:35:fb:37:ac:a8:4d:7c:31:60:0b:ce:0b:98:9b:93:0d:
         69:31:53:f3:49:bc:b7:54:cf:df:0a:01:5b:27:bd:19:50:5e:
         76:d0:7c:eb:4c:b6:2a:46:41:5f:fa:3d:bb:a5:2a:e7:47:0e:
         f9:2d:b4:03:ec:b9:3c:d3:04:20:79:90:03:76:c3:cc:ff:8f:
         66:83:6e:bf:5a:fe:6a:c4:ff:6c:d4:36:74:ac:41:38:c9:fd:
         de:39:4b:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpKtiiw8/NFAWTuRbSVtlvMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YzliMjAyNWUwZTY5NTgwOGY2YjYxZWUyNzZhZWQ0ZmI1
NjgwY2QwHhcNMjUxMTAzMTcxNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Njg1NzBhZWY4M2RkYjA2N2JjZjFmMmYzNmVhZWYxOTIzZDYwODk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2sb2NK2ZbXl1b7S0gv8qzzEs4dPg
prgVp1b1ZJrRl1yf7jocjNPXKpTm4WsOcm/pQJ5+i8zfMgcaNEIgI3yqbPQzNjo9
Nzb9pIkPNum3uJcz5MSTu18Ql5SuPErpGPDDMzaCJ8egd1RJDJUUmqRLR2OKAR7b
GOJzhD1ToPp/VTkVnGi6Yl7Zntu75sKk8mLk/AY/543kUMJpzWIObF9LKX1Qo7d8
jzeMs3BY6HhNpORZs6BzD5e+tYNDCZ5XqdI8aHVzXTuvT8fEc2ToNoO51eLCATAb
bCdk45GqaZzOUQbnajyHnsRBKU1GRhDA5PzGu1uzLxDe3FECaPxP3WwdiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJaFcK74PdsGe88fLzbq7xkj1giYMB8GA1UdIwQY
MBaAFFXJsgJeDmlYCPa2HuJ2rtT7VoDNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmNteUFsNE9hVmdJOXJZZTRuYXUxUHRXZ00wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82MzY2YjQtZGQ2Zi00MDQwLTg4OTUt
NzFiZTBkNTE5MTlkLzEvbG9Wd3J2Zzkyd1o3eng4dk51cnZHU1BXQ0pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82MzY2YjQtZGQ2Zi00MDQwLTg4OTUtNzFiZTBkNTE5MTlk
LzEvVmNteUFsNE9hVmdJOXJZZTRuYXUxUHRXZ00wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqN60MA0G
CSqGSIb3DQEBCwUAA4IBAQBblrgPQmLICqjR6bjP5GCGQZ9dnCWMp4Ekm03XxeuH
ovPNRNApLnWoL4sUsc7i7Cm66TMrKK/87x0PBfSIadkUF3kYHNnAP7Deb2zX6xSM
LQ693wkALdEN+DGCw5BcYiOjxPu1Z53KoRC5qZ48W6FupcfGmG6IxDBVzOWeOYzl
9G4U4JFet4EiBQWFdyLkqUcBv4bGB6jMk8Vj2qhgzjEsqrceyTX7N6yoTXwxYAvO
C5ibkw1pMVPzSby3VM/fCgFbJ70ZUF520HzrTLYqRkFf+j27pSrnRw75LbQD7Lk8
0wQgeZADdsPM/49mg26/Wv5qxP9s1DZ0rEE4yf3eOUs5
-----END CERTIFICATE-----