Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/U9U3DWufEmSuJ_Qc6ztkeCGg3Lg.roa
File:                     U9U3DWufEmSuJ_Qc6ztkeCGg3Lg.roa (raw, json)
Hash identifier:          NeKPx/NQvhdiEwenlAUD+MkIfYVOxt5OeY+yttP0gOk=
Subject key identifier:   53:D5:37:0D:6B:9F:12:64:AE:27:F4:1C:EB:3B:64:78:21:A0:DC:B8
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       0198D2F67AC82ABF7ED387C43319F4235B9A
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/U9U3DWufEmSuJ_Qc6ztkeCGg3Lg.roa
Signing time:             Fri 22 Aug 2025 18:07:05 +0000
ROA not before:           Fri 22 Aug 2025 18:07:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51765
IP address blocks:        193.233.23.0/24 maxlen: 24
                          193.233.88.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d2:f6:7a:c8:2a:bf:7e:d3:87:c4:33:19:f4:23:5b:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Aug 22 18:07:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53d5370d6b9f1264ae27f41ceb3b647821a0dcb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:83:4e:72:85:38:78:93:90:2d:0d:5c:26:8d:
                    80:9f:03:28:5b:c3:e1:35:f8:d7:6f:da:6d:19:1d:
                    b6:5a:c3:12:15:7f:c3:e0:8b:79:70:58:fc:0e:17:
                    04:c2:ed:c4:04:83:49:9b:cc:39:af:fd:31:54:f5:
                    a4:02:a7:74:5e:d7:74:1b:2e:84:8e:22:81:d7:0c:
                    56:c1:7d:5c:79:06:3e:b4:d0:10:5a:46:93:86:09:
                    79:e7:c6:b5:b9:ba:18:30:1b:a9:b2:b1:45:3c:ca:
                    59:e8:82:fa:5b:95:76:3c:55:d8:57:ac:5b:69:26:
                    a0:84:b1:af:f8:d1:e3:45:fd:71:b4:3c:c6:97:56:
                    eb:a9:ca:3e:27:fb:a1:f3:b9:45:30:79:30:da:cc:
                    ad:45:08:ea:1e:b5:e7:e2:93:db:97:dd:27:96:11:
                    b6:c2:98:43:38:3d:4e:24:83:d7:d1:8c:7e:93:df:
                    0c:90:2f:17:96:eb:cb:cf:ef:0c:97:47:ff:bb:5f:
                    16:42:1f:68:44:bb:8f:9e:d3:69:5d:cb:54:5c:21:
                    9f:58:96:e9:d5:8c:c8:77:e0:d1:14:43:78:72:0e:
                    45:72:07:78:63:30:81:4d:5b:a0:eb:2f:31:69:06:
                    af:ef:e9:b9:f6:68:35:04:5d:fe:0f:6a:fc:a2:6a:
                    42:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:D5:37:0D:6B:9F:12:64:AE:27:F4:1C:EB:3B:64:78:21:A0:DC:B8
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/U9U3DWufEmSuJ_Qc6ztkeCGg3Lg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.23.0/24
                  193.233.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         35:c0:8e:da:43:ec:cd:d3:6e:12:cb:c3:03:3a:9b:76:82:e3:
         01:a1:19:0c:bc:fd:1b:9a:ef:96:44:55:5b:c9:7f:db:70:09:
         2a:9a:7c:63:55:38:90:44:e7:7d:38:17:db:37:bb:99:43:5d:
         fa:2a:43:bb:6d:2f:3d:53:13:a2:82:a5:9f:d6:15:89:23:40:
         de:d1:f3:bf:fb:39:ad:2d:52:36:b0:a3:93:a2:bc:a2:f1:4c:
         4d:48:da:96:39:72:48:cf:b2:52:67:33:a8:58:20:4e:3f:64:
         73:49:03:4c:30:8f:fa:5d:8b:99:f8:5d:ee:e5:00:e3:70:5a:
         98:bf:b4:48:56:08:ad:09:e3:3f:77:23:1d:3c:1e:1e:aa:74:
         50:35:5c:36:d2:a8:4b:ad:5d:db:ec:e1:49:99:e0:a1:ad:78:
         96:e6:fd:3a:1f:8f:ca:35:91:1c:e8:41:f6:16:c8:b2:00:ef:
         04:6a:e7:7e:05:7b:61:da:86:51:63:dc:3d:db:47:25:04:d6:
         d7:c6:fe:83:cf:7b:04:88:a7:04:df:3b:6d:3c:05:89:20:7b:
         83:44:9e:d0:0e:a0:62:ef:a7:8c:0a:ee:ca:d2:63:d4:63:de:
         08:08:0c:11:e8:60:2b:c0:e1:2b:73:de:de:90:2d:03:dd:b8:
         48:3a:1a:db
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjS9nrIKr9+04fEMxn0I1uaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwODIyMTgwNzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2Q1MzcwZDZiOWYxMjY0YWUyN2Y0MWNlYjNiNjQ3ODIxYTBkY2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYNOcoU4eJOQLQ1cJo2AnwMoW8Ph
NfjXb9ptGR22WsMSFX/D4It5cFj8DhcEwu3EBINJm8w5r/0xVPWkAqd0Xtd0Gy6E
jiKB1wxWwX1ceQY+tNAQWkaThgl558a1uboYMBupsrFFPMpZ6IL6W5V2PFXYV6xb
aSaghLGv+NHjRf1xtDzGl1brqco+J/uh87lFMHkw2sytRQjqHrXn4pPbl90nlhG2
wphDOD1OJIPX0Yx+k98MkC8XluvLz+8Ml0f/u18WQh9oRLuPntNpXctUXCGfWJbp
1YzId+DRFEN4cg5Fcgd4YzCBTVug6y8xaQav7+m59mg1BF3+D2r8ompCOwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFPVNw1rnxJkrif0HOs7ZHghoNy4MB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvVTlVM0RXdWZFbVN1Sl9RYzZ6dGtlQ0dnM0xnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwekXAwQC
welYMA0GCSqGSIb3DQEBCwUAA4IBAQA1wI7aQ+zN024Sy8MDOpt2guMBoRkMvP0b
mu+WRFVbyX/bcAkqmnxjVTiQROd9OBfbN7uZQ136KkO7bS89UxOigqWf1hWJI0De
0fO/+zmtLVI2sKOToryi8UxNSNqWOXJIz7JSZzOoWCBOP2RzSQNMMI/6XYuZ+F3u
5QDjcFqYv7RIVgitCeM/dyMdPB4eqnRQNVw20qhLrV3b7OFJmeChrXiW5v06H4/K
NZEc6EH2FsiyAO8Eaud+BXth2oZRY9w920clBNbXxv6Dz3sEiKcE3zttPAWJIHuD
RJ7QDqBi76eMCu7K0mPUY94ICAwR6GArwOErc97ekC0D3bhIOhrb
-----END CERTIFICATE-----