Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/8795e0-efb7-48c5-849f-cfceb87973dd/1/lKUbuVCydMPLYxDoh9127xl2Npc.roa
File:                     lKUbuVCydMPLYxDoh9127xl2Npc.roa (raw, json)
Hash identifier:          en7K6suh3CPitlX5oTwC1BzuohYZ/bNPoP5vdVZR6Q8=
Subject key identifier:   94:A5:1B:B9:50:B2:74:C3:CB:63:10:E8:87:DD:76:EF:19:76:36:97
Certificate issuer:       /CN=81f3a87e11366b545a5a127b83287653b18c8a56
Certificate serial:       01988442FED3872E722F074FEE75E7ED535D
Authority key identifier: 81:F3:A8:7E:11:36:6B:54:5A:5A:12:7B:83:28:76:53:B1:8C:8A:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gfOofhE2a1RaWhJ7gyh2U7GMilY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/8795e0-efb7-48c5-849f-cfceb87973dd/1/lKUbuVCydMPLYxDoh9127xl2Npc.roa
Signing time:             Thu 07 Aug 2025 11:20:39 +0000
ROA not before:           Thu 07 Aug 2025 11:20:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208363
IP address blocks:        185.171.164.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/8795e0-efb7-48c5-849f-cfceb87973dd/1/gfOofhE2a1RaWhJ7gyh2U7GMilY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/8795e0-efb7-48c5-849f-cfceb87973dd/1/gfOofhE2a1RaWhJ7gyh2U7GMilY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gfOofhE2a1RaWhJ7gyh2U7GMilY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:84:42:fe:d3:87:2e:72:2f:07:4f:ee:75:e7:ed:53:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81f3a87e11366b545a5a127b83287653b18c8a56
        Validity
            Not Before: Aug  7 11:20:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94a51bb950b274c3cb6310e887dd76ef19763697
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:27:85:60:6f:d1:ab:1e:33:31:aa:2a:6c:a2:
                    ca:a8:a8:4a:51:76:d8:ab:cd:97:b1:9f:b6:ea:5d:
                    8c:09:6c:15:59:68:09:78:7f:0a:25:75:03:a5:2f:
                    3c:0b:01:b9:16:a1:c9:0b:b6:be:a6:0d:5a:7a:b6:
                    f3:73:dc:5c:d3:c1:41:29:24:86:5f:ba:15:b5:31:
                    c2:29:e0:79:d4:06:91:5a:c6:d0:ef:1c:d6:1c:fa:
                    c3:07:1b:97:be:24:4d:d8:50:17:d6:cb:8a:30:c2:
                    6a:a6:3f:41:32:f2:58:27:96:94:ac:e8:f1:e8:a3:
                    a3:92:14:ae:4c:5a:6d:fa:d5:65:c6:8d:21:2f:9f:
                    2d:0d:62:26:05:09:ff:3d:db:cb:40:05:d2:d4:fe:
                    2e:aa:b2:31:1c:49:1d:f2:de:91:6f:e6:ac:25:8b:
                    48:73:6b:3e:78:a4:f6:05:f9:80:cc:d6:23:b2:08:
                    12:02:a7:21:b0:85:61:65:65:92:05:e7:66:17:1b:
                    30:1e:f5:72:db:55:19:73:ce:fc:3c:02:6f:48:0c:
                    7b:6e:f8:9f:aa:4f:3f:1a:74:78:4a:d4:93:d9:9f:
                    68:02:7c:41:28:f3:5c:5a:65:04:39:56:6f:7a:55:
                    e8:96:1d:54:d6:87:99:2a:88:3f:b4:1d:fd:58:ae:
                    50:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:A5:1B:B9:50:B2:74:C3:CB:63:10:E8:87:DD:76:EF:19:76:36:97
            X509v3 Authority Key Identifier:
                keyid:81:F3:A8:7E:11:36:6B:54:5A:5A:12:7B:83:28:76:53:B1:8C:8A:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gfOofhE2a1RaWhJ7gyh2U7GMilY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/8795e0-efb7-48c5-849f-cfceb87973dd/1/lKUbuVCydMPLYxDoh9127xl2Npc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/8795e0-efb7-48c5-849f-cfceb87973dd/1/gfOofhE2a1RaWhJ7gyh2U7GMilY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         00:ab:88:3a:fe:cb:65:21:ac:ed:21:37:b8:f7:c2:6d:d6:f6:
         3c:1e:86:26:36:af:c3:45:21:cc:2b:01:c9:61:d9:c2:03:d8:
         b7:3c:c8:36:9c:e6:83:48:6f:ea:08:19:92:55:1f:76:c4:d0:
         5b:1b:4b:44:3e:90:47:36:99:6d:ff:83:8c:72:24:b5:41:4b:
         0a:b8:59:44:62:61:94:97:2b:ef:92:dd:c1:ff:0f:dc:5d:24:
         b3:55:c4:8c:22:cb:fc:94:3b:89:4a:e6:3f:d7:6e:b1:dd:91:
         34:30:be:19:21:aa:51:ab:dd:9f:b2:ce:ef:42:ea:70:70:90:
         9f:55:14:03:6d:71:5f:99:42:d0:33:f1:c9:6b:b9:3b:f2:50:
         3b:7b:12:1b:20:30:3b:14:5f:dd:e5:48:55:18:e0:3b:65:62:
         8c:03:7f:f8:1a:4f:f2:a8:c6:4a:a6:83:6f:7b:18:3e:d8:cf:
         c7:87:61:37:8b:c0:e4:0e:35:71:fc:8a:97:09:4e:a3:59:27:
         dc:dd:97:c5:95:f4:2d:b8:61:f4:2b:ee:ec:d1:35:28:c0:7d:
         1b:ca:96:a1:33:1f:d2:1b:47:55:e4:96:00:8f:8d:8d:13:be:
         2b:14:f5:33:c8:18:3e:c5:0b:ea:f5:3d:4b:b6:28:b5:51:a2:
         c8:f5:da:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiEQv7Thy5yLwdP7nXn7VNdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZjNhODdlMTEzNjZiNTQ1YTVhMTI3YjgzMjg3NjUzYjE4
YzhhNTYwHhcNMjUwODA3MTEyMDM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGE1MWJiOTUwYjI3NGMzY2I2MzEwZTg4N2RkNzZlZjE5NzYzNjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSeFYG/Rqx4zMaoqbKLKqKhKUXbY
q82XsZ+26l2MCWwVWWgJeH8KJXUDpS88CwG5FqHJC7a+pg1aerbzc9xc08FBKSSG
X7oVtTHCKeB51AaRWsbQ7xzWHPrDBxuXviRN2FAX1suKMMJqpj9BMvJYJ5aUrOjx
6KOjkhSuTFpt+tVlxo0hL58tDWImBQn/PdvLQAXS1P4uqrIxHEkd8t6Rb+asJYtI
c2s+eKT2BfmAzNYjsggSAqchsIVhZWWSBedmFxswHvVy21UZc878PAJvSAx7bvif
qk8/GnR4StST2Z9oAnxBKPNcWmUEOVZvelXolh1U1oeZKog/tB39WK5QfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJSlG7lQsnTDy2MQ6Ifddu8ZdjaXMB8GA1UdIwQY
MBaAFIHzqH4RNmtUWloSe4ModlOxjIpWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2ZPb2ZoRTJhMVJhV2hKN2d5aDJVN0dNaWxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC84Nzk1ZTAtZWZiNy00OGM1LTg0OWYt
Y2ZjZWI4Nzk3M2RkLzEvbEtVYnVWQ3lkTVBMWXhEb2g5MTI3eGwyTnBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC84Nzk1ZTAtZWZiNy00OGM1LTg0OWYtY2ZjZWI4Nzk3M2Rk
LzEvZ2ZPb2ZoRTJhMVJhV2hKN2d5aDJVN0dNaWxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuaukMA0G
CSqGSIb3DQEBCwUAA4IBAQAAq4g6/stlIaztITe498Jt1vY8HoYmNq/DRSHMKwHJ
YdnCA9i3PMg2nOaDSG/qCBmSVR92xNBbG0tEPpBHNplt/4OMciS1QUsKuFlEYmGU
lyvvkt3B/w/cXSSzVcSMIsv8lDuJSuY/126x3ZE0ML4ZIapRq92fss7vQupwcJCf
VRQDbXFfmULQM/HJa7k78lA7exIbIDA7FF/d5UhVGOA7ZWKMA3/4Gk/yqMZKpoNv
exg+2M/Hh2E3i8DkDjVx/IqXCU6jWSfc3ZfFlfQtuGH0K+7s0TUowH0bypahMx/S
G0dV5JYAj42NE74rFPUzyBg+xQvq9T1Ltii1UaLI9do1
-----END CERTIFICATE-----