Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/6ac0a2-5c6c-4357-97e4-ceb8ab6d112e/1/kj9rgsBpPLepIKPHD5eAEuwwvw0.roa
File:                     kj9rgsBpPLepIKPHD5eAEuwwvw0.roa (raw, json)
Hash identifier:          EHHLSrODdY/NFx0Xqw8ficGV0VFf608vkoi6uBTcBb0=
Subject key identifier:   92:3F:6B:82:C0:69:3C:B7:A9:20:A3:C7:0F:97:80:12:EC:30:BF:0D
Certificate issuer:       /CN=b4425cf5501344ac5acc307abd0af013fac67073
Certificate serial:       0198B20DC834762C53EC38E7A4CA52AEC59B
Authority key identifier: B4:42:5C:F5:50:13:44:AC:5A:CC:30:7A:BD:0A:F0:13:FA:C6:70:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tEJc9VATRKxazDB6vQrwE_rGcHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/6ac0a2-5c6c-4357-97e4-ceb8ab6d112e/1/kj9rgsBpPLepIKPHD5eAEuwwvw0.roa
Signing time:             Sat 16 Aug 2025 08:45:04 +0000
ROA not before:           Sat 16 Aug 2025 08:45:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208851
IP address blocks:        185.142.21.0/24 maxlen: 24
                          185.142.22.0/24 maxlen: 24
                          185.142.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/6ac0a2-5c6c-4357-97e4-ceb8ab6d112e/1/tEJc9VATRKxazDB6vQrwE_rGcHM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/6ac0a2-5c6c-4357-97e4-ceb8ab6d112e/1/tEJc9VATRKxazDB6vQrwE_rGcHM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tEJc9VATRKxazDB6vQrwE_rGcHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b2:0d:c8:34:76:2c:53:ec:38:e7:a4:ca:52:ae:c5:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4425cf5501344ac5acc307abd0af013fac67073
        Validity
            Not Before: Aug 16 08:45:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=923f6b82c0693cb7a920a3c70f978012ec30bf0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:c9:35:0d:fc:ba:51:db:9d:5e:07:6c:c9:a6:
                    eb:27:06:80:5e:11:e3:90:4a:21:f6:17:9e:04:bb:
                    f1:8a:57:65:e7:1e:60:b9:4d:03:2a:57:03:fa:12:
                    f7:46:75:5a:2d:1b:6e:09:e4:06:fe:ef:3d:e3:15:
                    53:4d:6e:80:74:89:b8:df:df:fc:38:16:e6:2d:22:
                    2c:0a:f2:9f:c0:d1:76:c3:59:50:09:41:71:a0:07:
                    5e:54:c0:18:69:19:93:b3:37:62:21:cb:3b:26:d4:
                    28:af:72:0c:63:44:74:b2:2c:16:f2:66:23:69:8c:
                    46:cf:3b:b5:e4:a6:7e:bb:36:8f:4d:1a:50:12:6d:
                    12:07:ac:a2:fe:b2:f4:27:b3:b3:7b:ad:fd:dc:5b:
                    0a:92:48:f3:a2:55:f9:a0:84:fc:3e:f9:57:e4:bc:
                    44:e3:b6:14:89:cd:57:0d:cf:e3:a4:59:1f:45:5e:
                    e6:d5:02:6c:c9:89:9a:6d:1d:53:a7:8f:8b:20:51:
                    be:cc:4d:84:bc:cd:47:c7:40:d0:78:bc:9a:06:ce:
                    67:35:b0:b7:d1:3a:48:55:22:cb:60:81:58:8d:16:
                    98:25:e8:bc:d5:89:cb:28:3d:ad:db:19:f9:05:aa:
                    6a:81:79:47:35:65:de:09:1e:f7:8f:d8:2d:28:f1:
                    e9:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:3F:6B:82:C0:69:3C:B7:A9:20:A3:C7:0F:97:80:12:EC:30:BF:0D
            X509v3 Authority Key Identifier:
                keyid:B4:42:5C:F5:50:13:44:AC:5A:CC:30:7A:BD:0A:F0:13:FA:C6:70:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tEJc9VATRKxazDB6vQrwE_rGcHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/6ac0a2-5c6c-4357-97e4-ceb8ab6d112e/1/kj9rgsBpPLepIKPHD5eAEuwwvw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/6ac0a2-5c6c-4357-97e4-ceb8ab6d112e/1/tEJc9VATRKxazDB6vQrwE_rGcHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.21.0-185.142.23.255

    Signature Algorithm: sha256WithRSAEncryption
         21:22:ee:e5:ef:36:42:ce:47:e1:99:7d:96:13:e7:9c:fa:b0:
         e1:41:1f:0e:93:ab:78:c2:08:82:17:12:66:fc:33:b6:11:10:
         88:e1:ca:7b:4c:f1:cb:cc:22:d7:50:a5:1d:39:88:08:b8:51:
         a9:fa:e5:52:c9:02:ac:64:d3:97:cd:6b:33:a0:2b:4a:37:fb:
         de:7d:51:07:97:9a:c0:67:0a:a3:4c:bb:88:8b:f0:11:08:2e:
         f4:48:94:5d:7c:e2:59:9e:dd:92:aa:02:b5:06:5f:30:37:03:
         b4:d5:29:d8:aa:2d:cd:0b:fe:19:c9:bb:65:9e:51:b5:34:49:
         c8:60:be:0e:e6:65:b3:32:4d:5b:f5:00:c6:86:f5:a1:03:fc:
         ba:2e:bd:90:3c:6f:8d:96:09:dc:63:65:00:42:8c:2b:78:94:
         89:e9:df:52:cd:20:ab:3c:ab:73:9a:87:0f:f1:bb:95:6a:63:
         96:f5:33:29:42:42:aa:8a:b7:7a:b6:51:61:68:63:16:db:f9:
         09:15:61:d3:d3:b9:00:59:ca:22:cd:a5:8f:05:34:35:54:fb:
         d9:07:6b:8c:82:ff:e6:aa:1d:6c:c6:21:c9:d5:a1:c4:75:05:
         bb:22:1f:c8:b6:bd:7b:e6:83:d0:c5:9c:e3:e6:2a:9e:6f:63:
         91:5f:41:21
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZiyDcg0dixT7DjnpMpSrsWbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NDI1Y2Y1NTAxMzQ0YWM1YWNjMzA3YWJkMGFmMDEzZmFj
NjcwNzMwHhcNMjUwODE2MDg0NTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjNmNmI4MmMwNjkzY2I3YTkyMGEzYzcwZjk3ODAxMmVjMzBiZjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMk1Dfy6UdudXgdsyabrJwaAXhHj
kEoh9heeBLvxildl5x5guU0DKlcD+hL3RnVaLRtuCeQG/u894xVTTW6AdIm439/8
OBbmLSIsCvKfwNF2w1lQCUFxoAdeVMAYaRmTszdiIcs7JtQor3IMY0R0siwW8mYj
aYxGzzu15KZ+uzaPTRpQEm0SB6yi/rL0J7Oze6393FsKkkjzolX5oIT8PvlX5LxE
47YUic1XDc/jpFkfRV7m1QJsyYmabR1Tp4+LIFG+zE2EvM1Hx0DQeLyaBs5nNbC3
0TpIVSLLYIFYjRaYJei81YnLKD2t2xn5BapqgXlHNWXeCR73j9gtKPHp6wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJI/a4LAaTy3qSCjxw+XgBLsML8NMB8GA1UdIwQY
MBaAFLRCXPVQE0SsWswwer0K8BP6xnBzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEVKYzlWQVRSS3hhekRCNnZRcndFX3JHY0hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS82YWMwYTItNWM2Yy00MzU3LTk3ZTQt
Y2ViOGFiNmQxMTJlLzEva2o5cmdzQnBQTGVwSUtQSEQ1ZUFFdXd3dncwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS82YWMwYTItNWM2Yy00MzU3LTk3ZTQtY2ViOGFiNmQxMTJl
LzEvdEVKYzlWQVRSS3hhekRCNnZRcndFX3JHY0hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5jhUD
BAO5jhAwDQYJKoZIhvcNAQELBQADggEBACEi7uXvNkLOR+GZfZYT55z6sOFBHw6T
q3jCCIIXEmb8M7YREIjhyntM8cvMItdQpR05iAi4Uan65VLJAqxk05fNazOgK0o3
+959UQeXmsBnCqNMu4iL8BEILvRIlF184lme3ZKqArUGXzA3A7TVKdiqLc0L/hnJ
u2WeUbU0Schgvg7mZbMyTVv1AMaG9aED/LouvZA8b42WCdxjZQBCjCt4lInp31LN
IKs8q3Oahw/xu5VqY5b1MylCQqqKt3q2UWFoYxbb+QkVYdPTuQBZyiLNpY8FNDVU
+9kHa4yC/+aqHWzGIcnVocR1BbsiH8i2vXvmg9DFnOPmKp5vY5FfQSE=
-----END CERTIFICATE-----