Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/Y_LhhtvD9SkoiLH5cA3Al64iqzs.roa
File:                     Y_LhhtvD9SkoiLH5cA3Al64iqzs.roa (raw, json)
Hash identifier:          5oHa98DE0MxzalqndgOK6+knxe30QHngwLCfSE/9kh8=
Subject key identifier:   63:F2:E1:86:DB:C3:F5:29:28:88:B1:F9:70:0D:C0:97:AE:22:AB:3B
Certificate issuer:       /CN=874bf8070cee4305d1a389e910fb5102bbcc1941
Certificate serial:       019A4E7DDEAD39E267ED5DEC12AE7169D968
Authority key identifier: 87:4B:F8:07:0C:EE:43:05:D1:A3:89:E9:10:FB:51:02:BB:CC:19:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/Y_LhhtvD9SkoiLH5cA3Al64iqzs.roa
Signing time:             Tue 04 Nov 2025 10:51:03 +0000
ROA not before:           Tue 04 Nov 2025 10:51:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        85.237.92.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:49:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4e:7d:de:ad:39:e2:67:ed:5d:ec:12:ae:71:69:d9:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=874bf8070cee4305d1a389e910fb5102bbcc1941
        Validity
            Not Before: Nov  4 10:51:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63f2e186dbc3f5292888b1f9700dc097ae22ab3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:2c:f2:23:cb:3b:14:a0:80:a0:b9:3a:c1:cc:
                    b8:e9:f5:93:c9:bc:bb:20:55:09:a0:39:42:38:b4:
                    c6:71:5f:81:a7:4c:cd:28:ee:a2:c6:d1:db:38:9a:
                    2b:20:cf:09:cb:a7:2d:4d:80:64:80:be:19:53:a1:
                    8f:1b:04:cf:d5:a8:51:2c:0c:ee:6d:b9:31:35:55:
                    d5:a0:1e:d1:11:fd:06:ee:c1:88:ea:28:7d:c7:a6:
                    65:79:30:86:a9:4f:9d:e9:2d:8c:99:45:21:7a:30:
                    8b:8f:13:ca:c4:ad:90:c3:a9:e0:30:4a:a9:78:90:
                    7d:03:f7:dd:cc:c2:5b:27:d0:5c:ce:8b:83:d7:01:
                    75:c8:3e:8a:ea:15:b5:67:50:03:5f:d8:9b:62:af:
                    3c:e1:e4:4e:db:6c:46:79:de:4d:72:af:1e:d5:76:
                    04:e1:75:27:a2:09:4f:b7:fd:6f:ff:46:75:d6:2e:
                    85:af:2d:a4:f2:db:56:87:26:5f:c4:08:0d:bc:06:
                    90:15:58:8a:a4:3f:98:54:76:f9:c8:e9:04:71:d8:
                    ad:e2:cf:63:12:56:fd:03:d1:a5:ca:f5:43:af:db:
                    61:ed:49:20:95:6a:ab:b5:3c:9d:5f:88:61:e0:8b:
                    ae:47:a0:b9:c8:ef:53:31:1a:16:75:2e:70:ae:45:
                    fc:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:F2:E1:86:DB:C3:F5:29:28:88:B1:F9:70:0D:C0:97:AE:22:AB:3B
            X509v3 Authority Key Identifier:
                keyid:87:4B:F8:07:0C:EE:43:05:D1:A3:89:E9:10:FB:51:02:BB:CC:19:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/Y_LhhtvD9SkoiLH5cA3Al64iqzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         98:ab:fa:02:7e:8d:38:54:f5:e3:5b:dc:fa:b8:1d:a7:f7:45:
         fa:b8:ee:23:28:ba:d7:b9:5e:1e:7e:7c:b1:76:c9:63:a8:48:
         5a:05:90:2b:0f:de:ae:33:73:41:8f:9c:da:35:93:2b:0d:c0:
         6e:f9:7b:0a:1b:2f:64:29:fa:0b:21:cd:80:6e:b3:6d:bb:c5:
         68:38:d5:e5:2c:7d:da:0c:57:d5:06:2a:15:a2:3f:9d:ca:09:
         a4:bf:9d:1d:0f:01:a7:71:cd:8c:a7:bb:28:14:06:97:f4:0c:
         58:c1:49:b0:92:0d:ee:24:31:47:a3:4b:c2:b7:5b:b9:98:07:
         06:0e:bc:14:ac:1c:a8:4d:16:0c:f0:da:0f:6d:80:50:00:9c:
         fa:42:73:c4:2b:b2:da:8a:f0:f1:b5:02:71:4e:1f:a4:92:90:
         9b:bc:8f:03:68:8a:ef:17:b3:cf:72:9d:e1:81:9e:ff:d3:6e:
         06:77:56:ef:62:53:5c:c1:75:8b:cf:94:3d:58:20:02:49:4f:
         3d:c8:50:37:ec:be:13:88:72:df:d1:76:d9:bc:05:69:75:3c:
         d4:83:78:91:c8:e8:21:e1:60:de:31:33:c6:5b:1d:2e:10:9f:
         d1:38:74:e6:8d:79:57:c5:33:c2:73:ef:5f:e4:e8:2c:ce:46:
         8c:c7:7a:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpOfd6tOeJn7V3sEq5xadloMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NGJmODA3MGNlZTQzMDVkMWEzODllOTEwZmI1MTAyYmJj
YzE5NDEwHhcNMjUxMTA0MTA1MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2YyZTE4NmRiYzNmNTI5Mjg4OGIxZjk3MDBkYzA5N2FlMjJhYjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmizyI8s7FKCAoLk6wcy46fWTyby7
IFUJoDlCOLTGcV+Bp0zNKO6ixtHbOJorIM8Jy6ctTYBkgL4ZU6GPGwTP1ahRLAzu
bbkxNVXVoB7REf0G7sGI6ih9x6ZleTCGqU+d6S2MmUUhejCLjxPKxK2Qw6ngMEqp
eJB9A/fdzMJbJ9BczouD1wF1yD6K6hW1Z1ADX9ibYq884eRO22xGed5Ncq8e1XYE
4XUnoglPt/1v/0Z11i6Fry2k8ttWhyZfxAgNvAaQFViKpD+YVHb5yOkEcdit4s9j
Elb9A9GlyvVDr9th7UkglWqrtTydX4hh4IuuR6C5yO9TMRoWdS5wrkX8OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPy4Ybbw/UpKIix+XANwJeuIqs7MB8GA1UdIwQY
MBaAFIdL+AcM7kMF0aOJ6RD7UQK7zBlBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDB2NEJ3enVRd1hSbzRucEVQdFJBcnZNR1VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9lZWUxMzEtYmI4Yy00ODg3LTg2OWIt
NmZlNGQ4ZmVkMTYwLzEvWV9MaGh0dkQ5U2tvaUxINWNBM0FsNjRpcXpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9lZWUxMzEtYmI4Yy00ODg3LTg2OWItNmZlNGQ4ZmVkMTYw
LzEvaDB2NEJ3enVRd1hSbzRucEVQdFJBcnZNR1VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVe1cMA0G
CSqGSIb3DQEBCwUAA4IBAQCYq/oCfo04VPXjW9z6uB2n90X6uO4jKLrXuV4efnyx
dsljqEhaBZArD96uM3NBj5zaNZMrDcBu+XsKGy9kKfoLIc2AbrNtu8VoONXlLH3a
DFfVBioVoj+dygmkv50dDwGncc2Mp7soFAaX9AxYwUmwkg3uJDFHo0vCt1u5mAcG
DrwUrByoTRYM8NoPbYBQAJz6QnPEK7LaivDxtQJxTh+kkpCbvI8DaIrvF7PPcp3h
gZ7/024Gd1bvYlNcwXWLz5Q9WCACSU89yFA37L4TiHLf0XbZvAVpdTzUg3iRyOgh
4WDeMTPGWx0uEJ/ROHTmjXlXxTPCc+9f5OgszkaMx3rP
-----END CERTIFICATE-----