Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/ZBT0NyASOwyhR6OpT_Z0fPSXTvQ.roa
File:                     ZBT0NyASOwyhR6OpT_Z0fPSXTvQ.roa (raw, json)
Hash identifier:          uWrBGv65Frrqu/bfEyO0k8tkiglYXXCRQgEqiNwgXqw=
Subject key identifier:   64:14:F4:37:20:12:3B:0C:A1:47:A3:A9:4F:F6:74:7C:F4:97:4E:F4
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       0198A341A4663191570F8D1AF1D9C6109E6B
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/ZBT0NyASOwyhR6OpT_Z0fPSXTvQ.roa
Signing time:             Wed 13 Aug 2025 11:47:24 +0000
ROA not before:           Wed 13 Aug 2025 11:47:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208825
IP address blocks:        95.182.109.0/24 maxlen: 24
                          95.182.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a3:41:a4:66:31:91:57:0f:8d:1a:f1:d9:c6:10:9e:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Aug 13 11:47:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6414f43720123b0ca147a3a94ff6747cf4974ef4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:6c:98:8a:4d:a0:a7:3a:39:19:57:5e:0d:8a:
                    2b:3d:06:bf:05:ca:7c:17:d9:ee:3b:3d:25:7f:3a:
                    e9:0f:d6:ee:d2:67:2a:dc:d1:dc:f5:96:35:ad:cc:
                    8e:af:87:bb:27:b5:6d:f8:99:91:f0:cd:56:3a:ba:
                    03:58:a3:35:ce:9c:2b:a9:cc:e1:5f:8b:27:b8:84:
                    76:cb:71:49:b4:9f:16:38:3a:7b:2f:ed:7b:25:a1:
                    4d:b6:9a:e1:24:d1:36:85:18:27:8d:50:4f:0b:94:
                    f5:8f:a6:e9:a0:66:dd:79:0e:e3:cb:e1:b1:fc:a5:
                    1a:57:50:b0:e2:e8:48:a9:ee:88:ae:84:30:9d:79:
                    59:35:dd:11:7e:35:72:a4:f9:85:c1:0a:43:75:27:
                    38:68:7c:4a:80:a2:0f:40:88:96:e2:a1:b3:25:11:
                    e9:96:7e:39:dd:10:4a:d2:71:f3:3c:03:56:64:93:
                    da:7b:90:5d:73:00:7a:60:ba:2e:d6:f6:c6:00:18:
                    9a:11:d8:f5:bc:ac:73:30:3d:74:da:16:58:cc:c9:
                    16:b7:2c:f2:32:c0:4f:8d:da:da:a1:89:e7:89:cc:
                    1c:8f:24:f8:d8:5c:40:41:b0:6b:e1:d3:aa:c2:72:
                    49:b8:03:47:15:d2:35:32:3b:68:3f:5d:6c:a3:c1:
                    da:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:14:F4:37:20:12:3B:0C:A1:47:A3:A9:4F:F6:74:7C:F4:97:4E:F4
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/ZBT0NyASOwyhR6OpT_Z0fPSXTvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.182.109.0/24
                  95.182.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:0e:c6:76:54:25:e4:af:76:d8:1b:1d:23:63:09:78:68:7f:
         6a:40:bf:80:45:a5:7c:81:e6:7d:9c:28:53:2b:fb:07:10:98:
         25:3d:dd:9f:d0:aa:dc:56:f3:b9:7b:28:1d:14:d1:71:cb:0c:
         2c:39:3e:1d:a9:67:cb:f9:37:a4:ab:5e:15:a1:83:86:34:14:
         a3:45:92:21:7a:a9:43:5c:f6:67:d9:87:e8:c8:50:76:f2:70:
         57:30:40:69:ac:61:f7:9f:86:ec:f2:25:13:4f:0c:de:c6:50:
         a3:2e:ef:9e:73:be:0f:a0:3b:6e:d4:17:ce:44:40:bc:ba:70:
         96:24:af:9d:67:0f:8c:e1:38:99:67:4a:0f:4a:00:d8:2f:8a:
         66:71:76:5a:2f:b6:cf:80:74:fd:6d:fb:f9:69:ae:e4:2b:e9:
         2c:b1:f8:20:05:95:d7:2a:7d:a4:af:ef:3c:c5:90:ba:82:57:
         2c:7b:aa:d5:a2:27:45:0e:ff:de:21:46:49:8f:07:54:10:cd:
         0f:4c:a5:43:a8:28:c8:a3:f9:95:a6:e5:42:16:3b:d1:80:e8:
         72:4f:9b:d1:d0:8a:8a:bc:c6:be:88:c2:79:d1:48:ef:e9:61:
         2c:c9:01:28:fb:c7:e9:1c:a8:ef:07:95:bd:6f:d6:47:c2:24:
         9d:c1:cb:8f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZijQaRmMZFXD40a8dnGEJ5rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwODEzMTE0NzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDE0ZjQzNzIwMTIzYjBjYTE0N2EzYTk0ZmY2NzQ3Y2Y0OTc0ZWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGyYik2gpzo5GVdeDYorPQa/Bcp8
F9nuOz0lfzrpD9bu0mcq3NHc9ZY1rcyOr4e7J7Vt+JmR8M1WOroDWKM1zpwrqczh
X4snuIR2y3FJtJ8WODp7L+17JaFNtprhJNE2hRgnjVBPC5T1j6bpoGbdeQ7jy+Gx
/KUaV1Cw4uhIqe6IroQwnXlZNd0RfjVypPmFwQpDdSc4aHxKgKIPQIiW4qGzJRHp
ln453RBK0nHzPANWZJPae5BdcwB6YLou1vbGABiaEdj1vKxzMD102hZYzMkWtyzy
MsBPjdraoYnnicwcjyT42FxAQbBr4dOqwnJJuANHFdI1MjtoP11so8HabwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGQU9DcgEjsMoUejqU/2dHz0l070MB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvWkJUME55QVNPd3loUjZPcFRfWjBmUFNYVHZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX7ZtAwQA
X7ZvMA0GCSqGSIb3DQEBCwUAA4IBAQBKDsZ2VCXkr3bYGx0jYwl4aH9qQL+ARaV8
geZ9nChTK/sHEJglPd2f0KrcVvO5eygdFNFxywwsOT4dqWfL+Tekq14VoYOGNBSj
RZIheqlDXPZn2YfoyFB28nBXMEBprGH3n4bs8iUTTwzexlCjLu+ec74PoDtu1BfO
REC8unCWJK+dZw+M4TiZZ0oPSgDYL4pmcXZaL7bPgHT9bfv5aa7kK+kssfggBZXX
Kn2kr+88xZC6glcse6rVoidFDv/eIUZJjwdUEM0PTKVDqCjIo/mVpuVCFjvRgOhy
T5vR0IqKvMa+iMJ50Ujv6WEsyQEo+8fpHKjvB5W9b9ZHwiSdwcuP
-----END CERTIFICATE-----