Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/aca790-6329-414a-bed5-bad2cb480912/1/1-U8-4zu6FwPD_h-JBtHqluBUugc.roa
File:                     1-U8-4zu6FwPD_h-JBtHqluBUugc.roa (raw, json)
Hash identifier:          B3V6UvPy+Yv+8toI+28gvW2unDO4YgNU77Me0s0gt9U=
Subject key identifier:   F9:4F:3E:E3:3B:BA:17:03:C3:FE:1F:89:06:D1:EA:96:E0:54:BA:07
Certificate issuer:       /CN=4e0f31c6efdb9a445b8f172f0be0dfd5142be000
Certificate serial:       019985D2B52C0C038D2D6547007D58D4A144
Authority key identifier: 4E:0F:31:C6:EF:DB:9A:44:5B:8F:17:2F:0B:E0:DF:D5:14:2B:E0:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tg8xxu_bmkRbjxcvC-Df1RQr4AA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/aca790-6329-414a-bed5-bad2cb480912/1/1-U8-4zu6FwPD_h-JBtHqluBUugc.roa
Signing time:             Fri 26 Sep 2025 11:40:02 +0000
ROA not before:           Fri 26 Sep 2025 11:40:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34984
IP address blocks:        185.73.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/aca790-6329-414a-bed5-bad2cb480912/1/Tg8xxu_bmkRbjxcvC-Df1RQr4AA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/aca790-6329-414a-bed5-bad2cb480912/1/Tg8xxu_bmkRbjxcvC-Df1RQr4AA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tg8xxu_bmkRbjxcvC-Df1RQr4AA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 17:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:85:d2:b5:2c:0c:03:8d:2d:65:47:00:7d:58:d4:a1:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e0f31c6efdb9a445b8f172f0be0dfd5142be000
        Validity
            Not Before: Sep 26 11:40:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f94f3ee33bba1703c3fe1f8906d1ea96e054ba07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:5c:20:58:af:be:ba:d7:f2:a7:da:61:a6:cf:
                    86:7f:c9:34:6e:f0:a9:64:12:c5:9b:e6:ac:9a:ec:
                    ce:cb:ea:b0:aa:f7:74:a7:96:74:32:65:4c:3c:c3:
                    90:bd:fa:ab:9c:03:fc:d8:f1:22:e0:e0:c3:c3:17:
                    7d:89:ff:b2:b1:cd:f9:32:7c:df:c7:79:c3:2e:72:
                    d7:41:c6:95:70:76:ea:fb:9b:f3:c7:f7:b5:c7:81:
                    b4:a6:26:94:1e:e9:30:9d:eb:65:64:f4:1c:19:df:
                    49:75:0f:8d:0f:72:4e:8e:0f:0f:b5:63:b0:0e:bc:
                    9c:dc:9a:f2:01:32:9e:1a:e3:41:f3:b3:32:6d:42:
                    25:41:fa:84:bc:d4:d7:00:19:15:26:24:11:3e:73:
                    0a:41:ec:c5:b4:0b:5c:ab:65:a8:25:0b:50:66:9e:
                    8f:cb:37:fd:f8:42:5f:79:70:20:94:05:21:a7:45:
                    c0:ed:5e:d7:84:82:b4:21:7f:d6:09:14:72:0f:71:
                    f5:0b:f8:a6:3c:0e:10:49:51:f2:7a:4b:e0:f5:62:
                    19:b8:39:22:7d:26:76:e8:12:2a:2e:50:b8:19:67:
                    da:ab:d6:42:1a:1a:32:e3:dc:cc:c1:41:12:3d:86:
                    78:95:81:f0:74:eb:9d:ed:b3:4b:89:45:5e:71:56:
                    95:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:4F:3E:E3:3B:BA:17:03:C3:FE:1F:89:06:D1:EA:96:E0:54:BA:07
            X509v3 Authority Key Identifier:
                keyid:4E:0F:31:C6:EF:DB:9A:44:5B:8F:17:2F:0B:E0:DF:D5:14:2B:E0:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tg8xxu_bmkRbjxcvC-Df1RQr4AA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/aca790-6329-414a-bed5-bad2cb480912/1/1-U8-4zu6FwPD_h-JBtHqluBUugc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/aca790-6329-414a-bed5-bad2cb480912/1/Tg8xxu_bmkRbjxcvC-Df1RQr4AA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:7a:31:59:a0:0d:97:0a:32:f6:db:0b:af:38:b4:a6:b7:f1:
         7d:c3:30:89:35:92:55:b3:39:f3:59:53:f2:81:45:0c:d1:4e:
         3d:c8:ed:e7:75:34:62:cd:53:03:44:e4:be:b7:d7:7e:b7:88:
         89:57:08:66:1a:29:1c:aa:5a:fd:49:cc:10:15:9d:9f:42:66:
         e3:e2:c6:47:6a:7d:1a:5b:e1:7a:75:14:d8:c5:20:dd:00:80:
         26:cc:9f:14:d6:0e:84:43:b2:ba:4b:c9:14:0c:62:04:e6:f1:
         c3:72:13:17:0e:fb:31:25:db:27:3f:ed:06:bb:5e:3c:80:36:
         9d:70:27:a6:ea:fc:08:14:05:f1:81:c2:52:7b:8b:b1:f6:62:
         7d:97:18:3f:3d:46:c4:30:9f:0b:7e:2f:e3:94:f1:ca:b8:d3:
         ad:2b:27:9e:43:a9:32:da:9b:e5:8d:ff:b7:4b:03:7f:27:79:
         d1:80:ee:d0:ba:3b:a0:b9:be:01:24:0c:ed:ac:1d:f6:57:14:
         13:f0:9b:49:5b:9c:eb:86:a0:f5:c7:57:f3:dd:8a:da:62:e6:
         1d:ab:a4:cf:33:a9:d9:f5:fd:d8:d5:22:c8:cf:36:3a:10:25:
         56:ac:99:ec:92:1d:f9:d1:13:08:dc:c8:be:ab:f2:a4:16:57:
         05:c1:1e:89
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZmF0rUsDAONLWVHAH1Y1KFEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlMGYzMWM2ZWZkYjlhNDQ1YjhmMTcyZjBiZTBkZmQ1MTQy
YmUwMDAwHhcNMjUwOTI2MTE0MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTRmM2VlMzNiYmExNzAzYzNmZTFmODkwNmQxZWE5NmUwNTRiYTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFwgWK++utfyp9phps+Gf8k0bvCp
ZBLFm+asmuzOy+qwqvd0p5Z0MmVMPMOQvfqrnAP82PEi4ODDwxd9if+ysc35Mnzf
x3nDLnLXQcaVcHbq+5vzx/e1x4G0piaUHukwnetlZPQcGd9JdQ+ND3JOjg8PtWOw
Dryc3JryATKeGuNB87MybUIlQfqEvNTXABkVJiQRPnMKQezFtAtcq2WoJQtQZp6P
yzf9+EJfeXAglAUhp0XA7V7XhIK0IX/WCRRyD3H1C/imPA4QSVHyekvg9WIZuDki
fSZ26BIqLlC4GWfaq9ZCGhoy49zMwUESPYZ4lYHwdOud7bNLiUVecVaVxQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPlPPuM7uhcDw/4fiQbR6pbgVLoHMB8GA1UdIwQY
MBaAFE4PMcbv25pEW48XLwvg39UUK+AAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGc4eHh1X2Jta1JianhjdkMtRGYxUlFyNEFBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9hY2E3OTAtNjMyOS00MTRhLWJlZDUt
YmFkMmNiNDgwOTEyLzEvMS1VOC00enU2RndQRF9oLUpCdEhxbHVCVXVnYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMGIvYWNhNzkwLTYzMjktNDE0YS1iZWQ1LWJhZDJjYjQ4MDkx
Mi8xL1RnOHh4dV9ibWtSYmp4Y3ZDLURmMVJRcjRBQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALlJVjAN
BgkqhkiG9w0BAQsFAAOCAQEAXHoxWaANlwoy9tsLrzi0prfxfcMwiTWSVbM581lT
8oFFDNFOPcjt53U0Ys1TA0TkvrfXfreIiVcIZhopHKpa/UnMEBWdn0Jm4+LGR2p9
GlvhenUU2MUg3QCAJsyfFNYOhEOyukvJFAxiBObxw3ITFw77MSXbJz/tBrtePIA2
nXAnpur8CBQF8YHCUnuLsfZifZcYPz1GxDCfC34v45TxyrjTrSsnnkOpMtqb5Y3/
t0sDfyd50YDu0Lo7oLm+ASQM7awd9lcUE/CbSVuc64ag9cdX892K2mLmHaukzzOp
2fX92NUiyM82OhAlVqyZ7JId+dETCNzIvqvypBZXBcEeiQ==
-----END CERTIFICATE-----