Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/28979b-0a34-4a5c-a2fe-698d912b7346/1/U9eMH3mJ7dmRgNgOahIDK8Y227U.roa
File:                     U9eMH3mJ7dmRgNgOahIDK8Y227U.roa (raw, json)
Hash identifier:          48YYvMDO3nzRNQKsGGHdHMEm3ZDrVnmUgVM/xFKVVe4=
Subject key identifier:   53:D7:8C:1F:79:89:ED:D9:91:80:D8:0E:6A:12:03:2B:C6:36:DB:B5
Certificate issuer:       /CN=18da3a40b117fb2572ccf7a4c272d2ec6925291c
Certificate serial:       0198CBE0CD20FB006AE4A0FE7074210427FF
Authority key identifier: 18:DA:3A:40:B1:17:FB:25:72:CC:F7:A4:C2:72:D2:EC:69:25:29:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GNo6QLEX-yVyzPekwnLS7GklKRw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/28979b-0a34-4a5c-a2fe-698d912b7346/1/U9eMH3mJ7dmRgNgOahIDK8Y227U.roa
Signing time:             Thu 21 Aug 2025 09:06:04 +0000
ROA not before:           Thu 21 Aug 2025 09:06:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213812
IP address blocks:        185.146.138.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/28979b-0a34-4a5c-a2fe-698d912b7346/1/GNo6QLEX-yVyzPekwnLS7GklKRw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/28979b-0a34-4a5c-a2fe-698d912b7346/1/GNo6QLEX-yVyzPekwnLS7GklKRw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GNo6QLEX-yVyzPekwnLS7GklKRw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cb:e0:cd:20:fb:00:6a:e4:a0:fe:70:74:21:04:27:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18da3a40b117fb2572ccf7a4c272d2ec6925291c
        Validity
            Not Before: Aug 21 09:06:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53d78c1f7989edd99180d80e6a12032bc636dbb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:4d:eb:b1:5b:d3:2c:e3:c0:a2:1f:e8:94:3c:
                    07:98:ac:40:5d:ee:d8:96:df:fc:82:7f:7a:89:15:
                    72:5a:88:3c:da:1c:dd:d4:93:5a:57:13:07:1e:30:
                    29:9b:97:74:45:94:e2:90:50:6b:95:a7:b1:00:5f:
                    09:43:94:09:b0:3c:3a:26:6a:70:8a:76:3c:f8:d5:
                    ec:98:37:c4:06:7f:1f:27:8b:a3:e1:8b:55:ff:c4:
                    4a:f6:61:2e:17:89:81:2d:6e:b8:69:35:a4:08:08:
                    05:cb:74:3b:6a:08:13:04:75:ae:5d:31:4f:a1:b6:
                    81:68:a3:f3:d0:9a:70:7d:f6:4f:cd:f9:c8:9d:14:
                    94:2a:2f:f5:b0:46:82:48:28:01:18:22:61:68:6e:
                    a4:d4:e1:68:a0:cd:42:b3:dc:02:6e:d5:5b:a5:f2:
                    cd:cd:45:2a:3d:df:08:e2:8e:e7:7c:7b:d4:c3:ae:
                    7c:67:a6:02:d2:ec:29:2f:82:fd:a2:f6:fd:8d:7a:
                    a5:99:6e:e6:08:6a:0f:29:ce:67:5f:a1:9f:5e:7f:
                    ba:6f:e0:4f:82:58:c2:8a:90:2c:94:ea:7e:73:80:
                    c0:68:79:61:64:4d:a6:17:36:63:c0:c6:74:a0:4a:
                    63:f5:49:44:bc:b8:3f:e7:68:92:34:5a:e9:1f:1c:
                    6d:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:D7:8C:1F:79:89:ED:D9:91:80:D8:0E:6A:12:03:2B:C6:36:DB:B5
            X509v3 Authority Key Identifier:
                keyid:18:DA:3A:40:B1:17:FB:25:72:CC:F7:A4:C2:72:D2:EC:69:25:29:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GNo6QLEX-yVyzPekwnLS7GklKRw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/28979b-0a34-4a5c-a2fe-698d912b7346/1/U9eMH3mJ7dmRgNgOahIDK8Y227U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/28979b-0a34-4a5c-a2fe-698d912b7346/1/GNo6QLEX-yVyzPekwnLS7GklKRw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:30:6f:03:bf:75:16:80:8a:b6:87:fe:c5:06:7a:fd:a9:00:
         08:f8:b1:29:57:b6:e0:57:37:07:99:76:b4:45:a6:ae:4c:db:
         4c:e6:e8:62:fb:c6:78:7c:18:f9:55:b3:2d:cf:a4:d3:1f:4a:
         2e:10:d3:8d:0f:3b:84:6b:3d:c4:20:25:dc:14:83:0a:02:13:
         d2:e4:f7:2b:4d:c1:44:2b:25:bd:23:bf:52:a6:af:9a:5e:1a:
         39:42:22:d4:55:f8:de:c3:7d:80:80:07:66:75:38:c2:3b:5f:
         f4:6d:51:6f:67:87:ce:1d:de:45:c9:8b:bf:3d:30:8f:91:f8:
         1b:fe:6a:66:9d:c3:b7:5f:8a:f7:0e:6e:84:6c:88:46:8c:b2:
         69:dd:b4:f1:96:c3:1e:3e:41:09:25:de:02:47:cf:ae:38:a4:
         47:2b:e2:7e:55:70:bc:55:f1:f2:c6:59:f3:53:16:cb:e1:91:
         bf:4f:f1:7f:8a:e0:30:18:0e:17:52:af:35:4f:00:04:d1:79:
         48:99:3d:3b:d4:71:a8:51:bf:45:fc:2f:eb:64:bb:34:91:ba:
         ae:27:e7:cb:4a:c4:db:4f:9f:19:db:88:49:2e:dd:21:27:d8:
         13:7b:2b:94:bf:47:45:3f:3f:c5:ec:e8:9b:f5:f6:d8:a3:f8:
         44:b8:5a:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjL4M0g+wBq5KD+cHQhBCf/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4ZGEzYTQwYjExN2ZiMjU3MmNjZjdhNGMyNzJkMmVjNjky
NTI5MWMwHhcNMjUwODIxMDkwNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2Q3OGMxZjc5ODllZGQ5OTE4MGQ4MGU2YTEyMDMyYmM2MzZkYmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2U3rsVvTLOPAoh/olDwHmKxAXe7Y
lt/8gn96iRVyWog82hzd1JNaVxMHHjApm5d0RZTikFBrlaexAF8JQ5QJsDw6Jmpw
inY8+NXsmDfEBn8fJ4uj4YtV/8RK9mEuF4mBLW64aTWkCAgFy3Q7aggTBHWuXTFP
obaBaKPz0JpwffZPzfnInRSUKi/1sEaCSCgBGCJhaG6k1OFooM1Cs9wCbtVbpfLN
zUUqPd8I4o7nfHvUw658Z6YC0uwpL4L9ovb9jXqlmW7mCGoPKc5nX6GfXn+6b+BP
gljCipAslOp+c4DAaHlhZE2mFzZjwMZ0oEpj9UlEvLg/52iSNFrpHxxtwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPXjB95ie3ZkYDYDmoSAyvGNtu1MB8GA1UdIwQY
MBaAFBjaOkCxF/slcsz3pMJy0uxpJSkcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR05vNlFMRVgteVZ5elBla3duTFM3R2tsS1J3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8yODk3OWItMGEzNC00YTVjLWEyZmUt
Njk4ZDkxMmI3MzQ2LzEvVTllTUgzbUo3ZG1SZ05nT2FoSURLOFkyMjdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8yODk3OWItMGEzNC00YTVjLWEyZmUtNjk4ZDkxMmI3MzQ2
LzEvR05vNlFMRVgteVZ5elBla3duTFM3R2tsS1J3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuZKKMA0G
CSqGSIb3DQEBCwUAA4IBAQAdMG8Dv3UWgIq2h/7FBnr9qQAI+LEpV7bgVzcHmXa0
RaauTNtM5uhi+8Z4fBj5VbMtz6TTH0ouENONDzuEaz3EICXcFIMKAhPS5PcrTcFE
KyW9I79Spq+aXho5QiLUVfjew32AgAdmdTjCO1/0bVFvZ4fOHd5FyYu/PTCPkfgb
/mpmncO3X4r3Dm6EbIhGjLJp3bTxlsMePkEJJd4CR8+uOKRHK+J+VXC8VfHyxlnz
UxbL4ZG/T/F/iuAwGA4XUq81TwAE0XlImT071HGoUb9F/C/rZLs0kbquJ+fLSsTb
T58Z24hJLt0hJ9gTeyuUv0dFPz/F7Oib9fbYo/hEuFqO
-----END CERTIFICATE-----