Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/_UPJ8qHXYmScIPdo47sXULCowxc.roa
File:                     _UPJ8qHXYmScIPdo47sXULCowxc.roa (raw, json)
Hash identifier:          x+bwdKrD+TEkJ3sWZza6bM8RVF+G5YSW9hY6F/RhNRI=
Subject key identifier:   FD:43:C9:F2:A1:D7:62:64:9C:20:F7:68:E3:BB:17:50:B0:A8:C3:17
Certificate issuer:       /CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
Certificate serial:       0199D4D4295DB6B7D9801E0A6252377A8833
Authority key identifier: 2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/_UPJ8qHXYmScIPdo47sXULCowxc.roa
Signing time:             Sat 11 Oct 2025 19:51:38 +0000
ROA not before:           Sat 11 Oct 2025 19:51:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.14.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:d4:d4:29:5d:b6:b7:d9:80:1e:0a:62:52:37:7a:88:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
        Validity
            Not Before: Oct 11 19:51:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd43c9f2a1d762649c20f768e3bb1750b0a8c317
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:10:32:54:18:a4:78:f8:be:3a:98:43:e3:2e:
                    04:80:d3:91:22:ca:7a:04:1a:d3:2d:99:fa:9b:9b:
                    fd:b1:85:18:e5:21:92:ec:a3:9d:3c:30:e8:9b:94:
                    6d:4a:6e:39:52:34:ff:dc:ec:41:81:ad:f7:97:fc:
                    9f:16:68:82:96:b2:03:7e:28:39:ae:79:05:c9:a5:
                    1d:7e:d3:5b:c0:5b:60:1d:2a:47:d3:9e:3a:b0:83:
                    85:3f:f7:f8:2a:a9:fe:a2:61:c4:48:02:71:eb:c2:
                    5b:ae:d4:30:be:3b:70:58:ba:cf:93:bd:c6:ad:cf:
                    08:a2:49:c9:25:3f:85:bf:ba:b3:0c:43:d0:75:dd:
                    e8:c0:ff:7f:26:fd:23:49:95:4e:a4:30:d4:b2:26:
                    3f:ae:72:10:b3:e7:83:14:c8:5e:0e:0c:c0:05:79:
                    53:48:23:27:1f:95:4a:32:03:48:ea:b4:db:72:3a:
                    12:b2:5f:30:f3:27:1f:ad:8e:9a:ff:2a:5c:84:3d:
                    eb:3f:2a:3c:ce:22:04:b0:9e:8c:0f:b7:49:b4:12:
                    b0:be:87:50:64:b7:5e:a3:f0:21:54:04:33:29:ae:
                    de:c9:03:1a:b3:1d:be:be:ab:32:93:4b:f9:7b:fd:
                    d8:2f:2a:14:a7:9a:63:ca:62:31:02:f4:9a:89:d5:
                    a4:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:43:C9:F2:A1:D7:62:64:9C:20:F7:68:E3:BB:17:50:B0:A8:C3:17
            X509v3 Authority Key Identifier:
                keyid:2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/_UPJ8qHXYmScIPdo47sXULCowxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:27:76:f1:9a:36:cd:75:a0:5c:1e:c3:2c:0c:d8:a2:99:08:
         bb:28:40:36:49:b7:09:c1:1b:2c:d2:0d:7e:4d:db:02:78:b5:
         e6:6b:ed:0e:2d:bc:1b:e3:6c:63:5d:83:b7:3c:1d:26:ca:63:
         de:6d:43:17:6a:02:91:4b:d1:69:9b:6b:d4:e8:05:1a:57:30:
         e1:3a:3a:b5:6e:b1:c4:0e:94:e3:00:b2:7e:32:42:5f:a6:38:
         17:db:02:78:d3:93:74:4c:bc:b2:d0:b7:48:4e:1f:4d:8d:4d:
         a3:20:da:1f:62:bb:8b:12:47:4a:f0:86:fc:a4:31:8c:e6:68:
         a0:de:c9:3f:61:95:8a:fa:49:73:02:0b:e2:08:be:e0:82:ea:
         10:4d:85:08:8b:66:a1:1a:dc:75:97:9f:ba:34:7c:6c:28:f8:
         9f:2d:0e:9e:ab:0c:e2:6f:6c:ca:23:fa:f7:a0:c2:a9:a2:44:
         cf:ea:c1:16:d4:9e:cc:b5:03:e4:43:9a:0f:5e:5a:67:0b:40:
         ca:10:21:d1:67:f4:af:ae:9e:4d:d6:00:53:56:bd:0a:df:3d:
         0e:3d:3a:54:45:df:32:f5:af:a6:97:b5:de:c4:c9:39:24:61:
         62:be:87:80:47:55:62:5b:d3:49:d8:a2:5a:12:fe:cd:7b:01:
         33:22:82:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnU1CldtrfZgB4KYlI3eogzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkYzgxZDI0YzQ1ZGRhYTM0NWY5MDY0ZGUyOWZiY2E3YjEy
OWE1MmMwHhcNMjUxMDExMTk1MTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDQzYzlmMmExZDc2MjY0OWMyMGY3NjhlM2JiMTc1MGIwYThjMzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxAyVBikePi+OphD4y4EgNORIsp6
BBrTLZn6m5v9sYUY5SGS7KOdPDDom5RtSm45UjT/3OxBga33l/yfFmiClrIDfig5
rnkFyaUdftNbwFtgHSpH0546sIOFP/f4Kqn+omHESAJx68JbrtQwvjtwWLrPk73G
rc8IoknJJT+Fv7qzDEPQdd3owP9/Jv0jSZVOpDDUsiY/rnIQs+eDFMheDgzABXlT
SCMnH5VKMgNI6rTbcjoSsl8w8ycfrY6a/ypchD3rPyo8ziIEsJ6MD7dJtBKwvodQ
ZLdeo/AhVAQzKa7eyQMasx2+vqsyk0v5e/3YLyoUp5pjymIxAvSaidWkkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1DyfKh12JknCD3aOO7F1CwqMMXMB8GA1UdIwQY
MBaAFC3IHSTEXdqjRfkGTeKfvKexKaUsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDkt
MmZjYzBiNzQ5YjMyLzEvX1VQSjhxSFhZbVNjSVBkbzQ3c1hVTENvd3hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDktMmZjYzBiNzQ5YjMy
LzEvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ7tMA0G
CSqGSIb3DQEBCwUAA4IBAQArJ3bxmjbNdaBcHsMsDNiimQi7KEA2SbcJwRss0g1+
TdsCeLXma+0OLbwb42xjXYO3PB0mymPebUMXagKRS9Fpm2vU6AUaVzDhOjq1brHE
DpTjALJ+MkJfpjgX2wJ405N0TLyy0LdITh9NjU2jINofYruLEkdK8Ib8pDGM5mig
3sk/YZWK+klzAgviCL7gguoQTYUIi2ahGtx1l5+6NHxsKPifLQ6eqwzib2zKI/r3
oMKpokTP6sEW1J7MtQPkQ5oPXlpnC0DKECHRZ/Svrp5N1gBTVr0K3z0OPTpURd8y
9a+ml7XexMk5JGFivoeAR1ViW9NJ2KJaEv7NewEzIoIo
-----END CERTIFICATE-----