Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bUFwCWwFs8OHdMJq28-HQUpn1xo.roa
File:                     bUFwCWwFs8OHdMJq28-HQUpn1xo.roa (raw, json)
Hash identifier:          FEcABUCSs8uFXLzcw89gv5sSEkg/72OvpvqIcL663xc=
Subject key identifier:   6D:41:70:09:6C:05:B3:C3:87:74:C2:6A:DB:CF:87:41:4A:67:D7:1A
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019A4ECD859CAFC260AEF6142B3F9458A752
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bUFwCWwFs8OHdMJq28-HQUpn1xo.roa
Signing time:             Tue 04 Nov 2025 12:18:03 +0000
ROA not before:           Tue 04 Nov 2025 12:18:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213282
IP address blocks:        185.229.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 12:18:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4e:cd:85:9c:af:c2:60:ae:f6:14:2b:3f:94:58:a7:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Nov  4 12:18:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d4170096c05b3c38774c26adbcf87414a67d71a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e7:a4:17:ba:4d:8b:ce:b5:a1:97:d0:cf:90:
                    87:65:77:12:e0:4d:0e:6c:80:3a:01:42:92:db:f6:
                    bc:b8:14:13:d3:ba:4f:74:15:3a:ea:b8:bb:02:ff:
                    bf:87:76:a3:bd:1c:05:90:78:9a:07:72:71:04:a2:
                    c6:34:1b:39:c4:15:2b:15:22:ab:01:8a:71:3b:8e:
                    a2:1f:e8:8e:68:30:03:2f:8c:6b:b5:2a:ff:9f:de:
                    71:90:4c:ff:30:fc:6c:1f:f3:79:df:71:bc:64:8a:
                    79:ff:d8:ab:2a:74:37:d5:e8:4d:4b:28:e9:0d:93:
                    b8:43:b1:81:72:8e:0b:cd:ac:b3:ba:90:a2:8d:38:
                    dc:e7:f1:5b:5f:9e:89:86:8e:8a:25:94:f0:3a:c1:
                    47:4d:a6:39:5b:6b:24:68:26:4c:d0:34:27:6c:38:
                    4c:ca:01:9c:a6:da:86:69:26:6d:88:d9:d8:d4:91:
                    47:13:c9:8a:d8:ce:72:a7:27:f7:b4:37:0a:2e:7e:
                    73:fd:55:1a:e9:13:a1:ba:2a:2c:fa:e1:9b:3f:5d:
                    44:7f:48:f5:ca:8a:0f:b9:73:7a:e1:7c:e0:bf:4d:
                    69:4a:d4:5c:0c:18:0b:5a:69:31:1c:a1:88:1b:b4:
                    76:3f:6d:a7:3e:f9:50:99:34:43:1c:ac:ec:f8:78:
                    57:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:41:70:09:6C:05:B3:C3:87:74:C2:6A:DB:CF:87:41:4A:67:D7:1A
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bUFwCWwFs8OHdMJq28-HQUpn1xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:49:3f:52:91:03:fc:0c:8d:5c:89:2f:fb:6d:37:ab:b6:48:
         15:7b:84:d3:1a:82:37:d4:1a:98:f4:e5:15:be:79:80:8b:a5:
         f1:2f:74:9a:44:b3:ea:8c:34:39:f7:83:02:37:30:9c:e0:2d:
         24:33:52:ad:da:2e:d8:a5:d2:10:c9:0b:2b:03:4b:29:3b:f5:
         03:c7:eb:fd:4b:44:2a:5b:23:1b:66:09:40:d6:71:72:bd:01:
         f7:ee:f7:b3:0b:34:24:20:8a:24:3f:eb:31:0d:16:21:a5:41:
         8b:85:7e:46:7d:f5:4f:60:b5:fb:0d:af:de:e1:67:78:83:64:
         7c:79:bd:ae:f4:d3:46:8c:f9:7f:e5:07:91:76:87:08:ff:12:
         c6:4a:31:5d:94:c9:6e:39:25:28:09:ad:a0:48:7b:2f:43:ff:
         72:7e:70:66:89:cc:bf:e5:78:5d:6f:56:65:9d:5a:0b:21:2d:
         cb:b2:fd:28:1e:b3:a5:a7:4d:d1:40:d9:24:fa:47:0a:4a:41:
         e1:3f:d3:92:e4:d0:19:18:b6:e7:b6:d9:d2:6d:87:b2:c6:d1:
         ee:07:c7:31:e3:3c:fb:1a:4b:7a:ec:c7:c7:f0:40:aa:db:be:
         23:1f:87:54:39:c2:9b:62:99:bc:2a:5c:65:53:41:94:47:fa:
         01:c9:75:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpOzYWcr8JgrvYUKz+UWKdSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUxMTA0MTIxODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDQxNzAwOTZjMDViM2MzODc3NGMyNmFkYmNmODc0MTRhNjdkNzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+ekF7pNi861oZfQz5CHZXcS4E0O
bIA6AUKS2/a8uBQT07pPdBU66ri7Av+/h3ajvRwFkHiaB3JxBKLGNBs5xBUrFSKr
AYpxO46iH+iOaDADL4xrtSr/n95xkEz/MPxsH/N533G8ZIp5/9irKnQ31ehNSyjp
DZO4Q7GBco4LzayzupCijTjc5/FbX56Jho6KJZTwOsFHTaY5W2skaCZM0DQnbDhM
ygGcptqGaSZtiNnY1JFHE8mK2M5ypyf3tDcKLn5z/VUa6ROhuios+uGbP11Ef0j1
yooPuXN64Xzgv01pStRcDBgLWmkxHKGIG7R2P22nPvlQmTRDHKzs+HhX4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG1BcAlsBbPDh3TCatvPh0FKZ9caMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvYlVGd0NXd0ZzOE9IZE1KcTI4LUhRVXBuMXhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueXeMA0G
CSqGSIb3DQEBCwUAA4IBAQAgST9SkQP8DI1ciS/7bTertkgVe4TTGoI31BqY9OUV
vnmAi6XxL3SaRLPqjDQ594MCNzCc4C0kM1Kt2i7YpdIQyQsrA0spO/UDx+v9S0Qq
WyMbZglA1nFyvQH37vezCzQkIIokP+sxDRYhpUGLhX5GffVPYLX7Da/e4Wd4g2R8
eb2u9NNGjPl/5QeRdocI/xLGSjFdlMluOSUoCa2gSHsvQ/9yfnBmicy/5Xhdb1Zl
nVoLIS3Lsv0oHrOlp03RQNkk+kcKSkHhP9OS5NAZGLbnttnSbYeyxtHuB8cx4zz7
Gkt67MfH8ECq274jH4dUOcKbYpm8KlxlU0GUR/oByXVM
-----END CERTIFICATE-----