Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/kfd0B7YUXjP5BkiSga_I2bFGDjE.roa
File:                     kfd0B7YUXjP5BkiSga_I2bFGDjE.roa (raw, json)
Hash identifier:          BHoHm0FgI/hNJZj/ps+lj0bhjSOg0FxpXV30jd+oQxk=
Subject key identifier:   91:F7:74:07:B6:14:5E:33:F9:06:48:92:81:AF:C8:D9:B1:46:0E:31
Certificate issuer:       /CN=53b46ab79b9fc58f5dc4cf29d72dc5267ec3edde
Certificate serial:       0198A353081CC754DDC969EAE3AC2B20631E
Authority key identifier: 53:B4:6A:B7:9B:9F:C5:8F:5D:C4:CF:29:D7:2D:C5:26:7E:C3:ED:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/kfd0B7YUXjP5BkiSga_I2bFGDjE.roa
Signing time:             Wed 13 Aug 2025 12:06:24 +0000
ROA not before:           Wed 13 Aug 2025 12:06:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42695
IP address blocks:        80.254.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a3:53:08:1c:c7:54:dd:c9:69:ea:e3:ac:2b:20:63:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53b46ab79b9fc58f5dc4cf29d72dc5267ec3edde
        Validity
            Not Before: Aug 13 12:06:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91f77407b6145e33f906489281afc8d9b1460e31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:18:32:3b:76:8e:fe:8a:a7:c7:9d:14:3f:7f:
                    87:0b:b1:17:89:17:b3:95:c2:4a:d9:05:7e:8e:cb:
                    6a:61:a5:67:00:a5:61:36:5c:4b:88:ee:a1:4f:0c:
                    fa:50:1e:c9:4a:10:19:2e:ca:53:8a:d9:85:57:48:
                    14:5c:e8:69:0a:bc:3d:15:77:0a:56:58:49:ed:a1:
                    6f:7f:ee:da:a7:be:30:2c:2e:f1:23:ec:d5:7d:8e:
                    fc:d5:87:ad:12:19:10:32:94:84:28:27:db:80:a6:
                    6c:18:dd:66:c2:5b:5c:af:4d:1f:56:55:c7:bf:1b:
                    91:a2:55:55:7b:6d:04:67:f6:d3:bf:94:a0:d5:65:
                    e2:c9:48:e4:8c:ca:6f:95:70:cd:d5:6c:d5:07:f6:
                    78:61:43:28:a0:a2:00:e4:45:3b:79:96:bd:5c:f1:
                    ca:32:8e:20:40:8a:29:e0:79:83:db:ca:4e:65:ab:
                    c5:00:f3:5a:2e:ee:a2:3c:1a:b3:0b:61:8d:76:4e:
                    9c:72:98:2f:61:cc:db:0e:6e:76:06:d4:8f:0b:bb:
                    86:cf:a9:c7:c4:2a:98:77:f3:a3:9f:47:5e:25:a8:
                    ff:df:24:17:e4:5b:e8:1e:68:d3:ed:79:be:90:37:
                    f9:b5:c1:6e:8d:76:ee:87:3c:a3:b3:80:ad:32:ff:
                    3b:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:F7:74:07:B6:14:5E:33:F9:06:48:92:81:AF:C8:D9:B1:46:0E:31
            X509v3 Authority Key Identifier:
                keyid:53:B4:6A:B7:9B:9F:C5:8F:5D:C4:CF:29:D7:2D:C5:26:7E:C3:ED:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/kfd0B7YUXjP5BkiSga_I2bFGDjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.254.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:32:4b:d0:eb:bd:8e:7f:72:a6:8c:de:dc:50:8b:ff:11:d8:
         2b:b1:1c:62:3f:03:6f:67:fd:a4:2e:63:6a:17:3d:16:a2:c1:
         e3:4c:73:b0:99:08:dc:d5:d7:03:be:9f:9c:9c:d1:08:a1:0d:
         b3:ed:20:65:6d:ed:92:f2:fa:7e:52:ac:7b:4e:82:b0:3c:65:
         5f:fa:e1:d2:fa:5d:38:d2:80:b2:c9:3f:98:a7:4c:7d:06:42:
         2a:b2:f0:28:83:89:1a:1a:6f:d5:0e:7f:c8:bb:ce:b4:21:9e:
         f2:3a:02:4a:33:cb:55:7b:d6:90:3b:0d:3f:a5:e4:54:0b:f6:
         25:ad:54:5a:72:45:5c:b9:e7:18:e7:da:06:97:74:19:0f:b1:
         49:a4:8b:4b:89:99:31:8f:e1:87:c1:9a:ff:a4:8f:96:85:63:
         b2:e7:17:3c:3d:24:23:4b:d5:87:a0:6d:37:82:10:9d:2a:2e:
         54:7d:a8:2f:8c:64:de:96:a7:89:14:3e:83:20:05:bf:d2:dc:
         4b:22:05:82:14:8d:2e:f7:3f:60:33:72:bf:a8:b3:1a:5e:e6:
         8e:12:1a:cb:1b:7f:c8:65:96:01:c7:31:22:58:a7:bf:14:6c:
         b8:58:f0:fa:0f:d9:23:44:67:3d:79:e4:82:52:64:95:10:85:
         97:ae:af:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZijUwgcx1TdyWnq46wrIGMeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYjQ2YWI3OWI5ZmM1OGY1ZGM0Y2YyOWQ3MmRjNTI2N2Vj
M2VkZGUwHhcNMjUwODEzMTIwNjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWY3NzQwN2I2MTQ1ZTMzZjkwNjQ4OTI4MWFmYzhkOWIxNDYwZTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzRgyO3aO/oqnx50UP3+HC7EXiRez
lcJK2QV+jstqYaVnAKVhNlxLiO6hTwz6UB7JShAZLspTitmFV0gUXOhpCrw9FXcK
VlhJ7aFvf+7ap74wLC7xI+zVfY781YetEhkQMpSEKCfbgKZsGN1mwltcr00fVlXH
vxuRolVVe20EZ/bTv5Sg1WXiyUjkjMpvlXDN1WzVB/Z4YUMooKIA5EU7eZa9XPHK
Mo4gQIop4HmD28pOZavFAPNaLu6iPBqzC2GNdk6ccpgvYczbDm52BtSPC7uGz6nH
xCqYd/Ojn0deJaj/3yQX5FvoHmjT7Xm+kDf5tcFujXbuhzyjs4CtMv87XwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJH3dAe2FF4z+QZIkoGvyNmxRg4xMB8GA1UdIwQY
MBaAFFO0arebn8WPXcTPKdctxSZ+w+3eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTdScXQ1dWZ4WTlkeE04cDF5M0ZKbjdEN2Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9hYzlhZjYtN2ZjMy00ZDEzLWE1OTQt
MDYwYTQ3MzgwOTFkLzEva2ZkMEI3WVVYalA1QmtpU2dhX0kyYkZHRGpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9hYzlhZjYtN2ZjMy00ZDEzLWE1OTQtMDYwYTQ3MzgwOTFk
LzEvVTdScXQ1dWZ4WTlkeE04cDF5M0ZKbjdEN2Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUP7mMA0G
CSqGSIb3DQEBCwUAA4IBAQBnMkvQ672Of3KmjN7cUIv/EdgrsRxiPwNvZ/2kLmNq
Fz0WosHjTHOwmQjc1dcDvp+cnNEIoQ2z7SBlbe2S8vp+Uqx7ToKwPGVf+uHS+l04
0oCyyT+Yp0x9BkIqsvAog4kaGm/VDn/Iu860IZ7yOgJKM8tVe9aQOw0/peRUC/Yl
rVRackVcuecY59oGl3QZD7FJpItLiZkxj+GHwZr/pI+WhWOy5xc8PSQjS9WHoG03
ghCdKi5UfagvjGTelqeJFD6DIAW/0txLIgWCFI0u9z9gM3K/qLMaXuaOEhrLG3/I
ZZYBxzEiWKe/FGy4WPD6D9kjRGc9eeSCUmSVEIWXrq9G
-----END CERTIFICATE-----