Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/VqeMNw1f4Kb-5RW26wR-U5GBc40.roa
File:                     VqeMNw1f4Kb-5RW26wR-U5GBc40.roa (raw, json)
Hash identifier:          6ZgWTpjfHaEpVDH2QWmWgEsRQT7t6bfqIW7C1zjhJWk=
Subject key identifier:   56:A7:8C:37:0D:5F:E0:A6:FE:E5:15:B6:EB:04:7E:53:91:81:73:8D
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       019961AB0BF0FA42A05647A70912533B41A5
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/VqeMNw1f4Kb-5RW26wR-U5GBc40.roa
Signing time:             Fri 19 Sep 2025 11:10:23 +0000
ROA not before:           Fri 19 Sep 2025 11:10:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33830
IP address blocks:        85.153.158.0/24 maxlen: 24
                          85.153.213.0/24 maxlen: 24
                          213.14.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:61:ab:0b:f0:fa:42:a0:56:47:a7:09:12:53:3b:41:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Sep 19 11:10:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=56a78c370d5fe0a6fee515b6eb047e539181738d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:77:0d:0f:f6:e9:ab:41:65:2b:6d:a0:2e:b7:
                    2b:d3:48:1c:db:e7:0c:25:c8:d1:9e:ae:5d:99:8e:
                    09:f3:eb:7b:b7:41:33:2d:7b:00:2c:5c:e1:7b:db:
                    0a:f4:68:e2:90:3a:46:65:83:01:65:99:41:45:7e:
                    fb:10:68:4a:c3:26:eb:bb:1d:d8:c2:d3:d1:36:94:
                    8e:9c:ec:89:9f:f6:1e:dd:65:45:eb:94:cf:c6:1f:
                    26:28:3c:0b:3f:d4:63:6a:62:1b:bd:41:fc:be:92:
                    67:66:6c:36:09:c9:44:0f:36:1b:a7:a6:85:09:2c:
                    fd:e5:c0:45:74:23:02:97:3f:95:8e:09:f6:19:5d:
                    90:5f:40:c0:bb:66:ae:f1:30:ff:ad:70:cf:76:ea:
                    63:da:c6:97:b5:bc:27:a0:42:da:f5:1a:3c:69:a2:
                    d1:bf:4b:62:35:c2:8d:e8:86:b2:1c:4d:ed:cc:8f:
                    10:1e:7f:a8:08:c6:ce:9c:24:5f:a1:97:d5:f5:00:
                    ad:43:03:8e:d4:d3:26:ae:9e:1c:e9:4b:62:93:b0:
                    e9:f3:f1:d4:d7:77:b7:f9:e0:0f:3c:7d:2f:42:36:
                    28:8a:e0:32:67:0e:57:d0:fc:30:0d:c9:d5:7b:62:
                    9c:8b:ba:b1:bf:fb:2b:55:50:6c:fd:3f:f6:85:a2:
                    d8:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:A7:8C:37:0D:5F:E0:A6:FE:E5:15:B6:EB:04:7E:53:91:81:73:8D
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/VqeMNw1f4Kb-5RW26wR-U5GBc40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.153.158.0/24
                  85.153.213.0/24
                  213.14.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:c7:c9:31:c7:4f:ed:c6:86:78:2b:54:12:0a:92:fd:4c:4e:
         05:fb:9d:58:2f:04:f9:8b:65:a5:d5:d8:71:3a:6b:1c:75:da:
         1d:66:79:b2:c9:d8:82:75:2d:d8:1e:62:0f:9e:16:52:68:b0:
         33:23:39:79:95:be:17:5b:26:30:2e:60:04:86:01:71:17:19:
         e1:29:32:f0:09:75:c6:0f:11:ef:f3:f5:04:84:c5:a8:24:03:
         b2:43:0d:dd:b0:c7:83:af:b1:4a:43:95:c2:93:22:94:1c:e8:
         cd:5b:c5:45:d4:4a:0c:a1:9a:a8:c0:19:8b:9f:c4:af:97:15:
         84:2f:cb:dd:91:e8:65:58:c8:26:c4:e3:f9:dd:7f:52:35:b2:
         75:0d:54:1d:d6:03:44:13:f7:4d:2d:fa:f0:90:19:11:2d:7e:
         75:c9:a8:86:d3:9f:36:01:af:45:a2:ab:61:3f:c4:24:ae:49:
         e9:02:cc:94:d1:f9:64:4a:3f:fa:10:a7:1d:49:74:3b:81:d9:
         7e:88:69:49:22:d5:e1:a7:0f:d9:23:3b:b0:26:15:43:13:fb:
         97:7d:79:07:a7:0f:51:bb:a1:93:13:5e:ee:7e:27:5e:29:a9:
         2c:b7:66:77:1a:cd:28:41:de:23:e6:9d:77:39:62:c7:62:45:
         c0:dc:91:04
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZlhqwvw+kKgVkenCRJTO0GlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwOTE5MTExMDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmE3OGMzNzBkNWZlMGE2ZmVlNTE1YjZlYjA0N2U1MzkxODE3MzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxncND/bpq0FlK22gLrcr00gc2+cM
JcjRnq5dmY4J8+t7t0EzLXsALFzhe9sK9GjikDpGZYMBZZlBRX77EGhKwybrux3Y
wtPRNpSOnOyJn/Ye3WVF65TPxh8mKDwLP9RjamIbvUH8vpJnZmw2CclEDzYbp6aF
CSz95cBFdCMClz+Vjgn2GV2QX0DAu2au8TD/rXDPdupj2saXtbwnoELa9Ro8aaLR
v0tiNcKN6IayHE3tzI8QHn+oCMbOnCRfoZfV9QCtQwOO1NMmrp4c6Utik7Dp8/HU
13e3+eAPPH0vQjYoiuAyZw5X0PwwDcnVe2Kci7qxv/srVVBs/T/2haLYiQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFanjDcNX+Cm/uUVtusEflORgXONMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvVnFlTU53MWY0S2ItNVJXMjZ3Ui1VNUdCYzQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVZmeAwQA
VZnVAwQA1Q7XMA0GCSqGSIb3DQEBCwUAA4IBAQCFx8kxx0/txoZ4K1QSCpL9TE4F
+51YLwT5i2Wl1dhxOmscddodZnmyydiCdS3YHmIPnhZSaLAzIzl5lb4XWyYwLmAE
hgFxFxnhKTLwCXXGDxHv8/UEhMWoJAOyQw3dsMeDr7FKQ5XCkyKUHOjNW8VF1EoM
oZqowBmLn8SvlxWEL8vdkehlWMgmxOP53X9SNbJ1DVQd1gNEE/dNLfrwkBkRLX51
yaiG0582Aa9FoqthP8QkrknpAsyU0flkSj/6EKcdSXQ7gdl+iGlJItXhpw/ZIzuw
JhVDE/uXfXkHpw9Ru6GTE17ufideKakst2Z3Gs0oQd4j5p13OWLHYkXA3JEE
-----END CERTIFICATE-----