Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/vk8FX4wZxwK6rp_iJX0gbFdajIs.roa
File:                     vk8FX4wZxwK6rp_iJX0gbFdajIs.roa (raw, json)
Hash identifier:          agal3n43VdIuebyX4kQrPibpDbYXM6MdxlEwibxujug=
Subject key identifier:   BE:4F:05:5F:8C:19:C7:02:BA:AE:9F:E2:25:7D:20:6C:57:5A:8C:8B
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0199E7E3560BF610D2BE8B6C2C556F1B0517
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/vk8FX4wZxwK6rp_iJX0gbFdajIs.roa
Signing time:             Wed 15 Oct 2025 12:40:59 +0000
ROA not before:           Wed 15 Oct 2025 12:40:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214364
IP address blocks:        31.13.212.0/24 maxlen: 24
                          87.121.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e7:e3:56:0b:f6:10:d2:be:8b:6c:2c:55:6f:1b:05:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Oct 15 12:40:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be4f055f8c19c702baae9fe2257d206c575a8c8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:64:7c:2a:23:14:7c:70:c5:13:73:0b:fa:60:
                    76:87:9d:99:c1:92:c6:89:76:22:88:54:7c:9c:50:
                    80:b9:d1:56:b2:82:70:2e:c0:87:8d:a8:44:f9:ae:
                    26:2d:12:a0:a1:37:e5:26:bf:8a:ff:78:2c:68:9a:
                    2e:af:e6:88:a1:bb:cb:64:78:27:2e:69:94:a7:1c:
                    69:69:d1:59:89:1f:bf:b5:be:11:96:96:74:a2:66:
                    05:4a:44:96:61:b5:fd:cc:a3:46:dc:fd:e6:33:bc:
                    de:1f:0f:d3:21:af:b8:ba:f1:50:e2:15:15:0a:78:
                    0a:51:c5:c3:d5:8e:56:51:39:27:e1:27:73:d7:99:
                    55:4e:1a:dd:ce:eb:21:f7:98:4f:44:e7:1f:10:be:
                    c0:dc:4b:94:ae:3a:7a:81:90:cf:24:98:e1:2c:e0:
                    b4:cc:18:87:0c:f5:c6:f0:e8:af:43:c5:d5:7c:fb:
                    8c:4a:4a:de:98:5e:a3:76:2a:15:d2:ba:73:9b:2c:
                    cf:ca:2b:78:93:a8:df:2e:ec:51:bb:fb:56:ea:7d:
                    b3:fc:6c:70:50:57:29:67:72:be:95:7f:be:9e:ba:
                    fd:c8:dd:d4:51:af:35:df:38:ed:f6:df:29:d3:65:
                    ca:7d:4d:2c:45:39:de:94:76:63:a4:e3:8d:8c:d3:
                    d3:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:4F:05:5F:8C:19:C7:02:BA:AE:9F:E2:25:7D:20:6C:57:5A:8C:8B
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/vk8FX4wZxwK6rp_iJX0gbFdajIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.212.0/24
                  87.121.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:1a:ee:4d:e1:ca:c3:15:9d:df:33:4e:c9:ee:cd:d0:60:36:
         95:2d:a4:1e:d1:ab:8e:fd:ac:72:b2:2a:e5:90:63:30:d2:cc:
         01:ea:19:4c:ee:6c:86:bb:d1:29:bd:5e:bb:4d:40:93:9b:19:
         92:cf:95:36:f1:a5:21:a1:e5:00:10:33:f2:86:2a:62:8f:4b:
         31:00:61:2d:96:b2:05:e3:1b:43:c9:b6:81:2b:8c:10:11:19:
         5c:0f:78:22:c6:14:b6:cf:7d:5a:72:12:74:de:d7:d0:81:3f:
         aa:31:4e:f6:92:f1:cd:a4:ca:ac:18:a3:ec:2b:15:55:08:7e:
         88:ad:05:6b:b6:37:62:1b:ec:24:54:bb:50:43:96:10:3f:bd:
         49:b2:2a:ed:12:4b:87:c5:29:c7:98:d0:6d:c8:29:da:0a:aa:
         e9:6f:72:22:77:0b:59:69:e7:4f:b5:43:1b:97:66:38:01:fe:
         09:58:84:d3:f1:1c:ba:d3:04:31:ec:58:6e:28:b3:b5:1c:fb:
         b1:70:8e:fc:f2:25:34:fb:b6:0d:5b:6d:47:f9:61:8c:a9:62:
         18:8b:81:3b:a6:e2:64:17:53:4a:8c:db:34:32:90:6f:76:7c:
         5f:8e:8f:84:43:82:85:e0:6e:73:54:e9:7e:13:40:1e:82:77:
         82:5c:3a:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnn41YL9hDSvotsLFVvGwUXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUxMDE1MTI0MDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTRmMDU1ZjhjMTljNzAyYmFhZTlmZTIyNTdkMjA2YzU3NWE4YzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmR8KiMUfHDFE3ML+mB2h52ZwZLG
iXYiiFR8nFCAudFWsoJwLsCHjahE+a4mLRKgoTflJr+K/3gsaJour+aIobvLZHgn
LmmUpxxpadFZiR+/tb4RlpZ0omYFSkSWYbX9zKNG3P3mM7zeHw/TIa+4uvFQ4hUV
CngKUcXD1Y5WUTkn4Sdz15lVThrdzush95hPROcfEL7A3EuUrjp6gZDPJJjhLOC0
zBiHDPXG8OivQ8XVfPuMSkremF6jdioV0rpzmyzPyit4k6jfLuxRu/tW6n2z/Gxw
UFcpZ3K+lX++nrr9yN3UUa813zjt9t8p02XKfU0sRTnelHZjpOONjNPTeQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL5PBV+MGccCuq6f4iV9IGxXWoyLMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdms4Rlg0d1p4d0s2cnBfaUpYMGdiRmRhaklzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHw3UAwQA
V3ncMA0GCSqGSIb3DQEBCwUAA4IBAQAWGu5N4crDFZ3fM07J7s3QYDaVLaQe0auO
/axysirlkGMw0swB6hlM7myGu9EpvV67TUCTmxmSz5U28aUhoeUAEDPyhipij0sx
AGEtlrIF4xtDybaBK4wQERlcD3gixhS2z31achJ03tfQgT+qMU72kvHNpMqsGKPs
KxVVCH6IrQVrtjdiG+wkVLtQQ5YQP71JsirtEkuHxSnHmNBtyCnaCqrpb3IidwtZ
aedPtUMbl2Y4Af4JWITT8Ry60wQx7FhuKLO1HPuxcI788iU0+7YNW21H+WGMqWIY
i4E7puJkF1NKjNs0MpBvdnxfjo+EQ4KF4G5zVOl+E0AegneCXDre
-----END CERTIFICATE-----