Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/UDoG0VyGiTlw2cE_bk01kxTEOgk.roa
File:                     UDoG0VyGiTlw2cE_bk01kxTEOgk.roa (raw, json)
Hash identifier:          xsTPKmGopDqXIX9OmyZyFM17NRbHEv2ddzZ5w1gDheM=
Subject key identifier:   50:3A:06:D1:5C:86:89:39:70:D9:C1:3F:6E:4D:35:93:14:C4:3A:09
Certificate issuer:       /CN=08953a5f11a8279cdf8798960de1e22eb1227d95
Certificate serial:       019993EE76BDAE24F43E7E732BED3B1EC179
Authority key identifier: 08:95:3A:5F:11:A8:27:9C:DF:87:98:96:0D:E1:E2:2E:B1:22:7D:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CJU6XxGoJ5zfh5iWDeHiLrEifZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/UDoG0VyGiTlw2cE_bk01kxTEOgk.roa
Signing time:             Mon 29 Sep 2025 05:25:02 +0000
ROA not before:           Mon 29 Sep 2025 05:25:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212469
IP address blocks:        185.229.42.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/CJU6XxGoJ5zfh5iWDeHiLrEifZU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/CJU6XxGoJ5zfh5iWDeHiLrEifZU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CJU6XxGoJ5zfh5iWDeHiLrEifZU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:93:ee:76:bd:ae:24:f4:3e:7e:73:2b:ed:3b:1e:c1:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08953a5f11a8279cdf8798960de1e22eb1227d95
        Validity
            Not Before: Sep 29 05:25:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=503a06d15c86893970d9c13f6e4d359314c43a09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:81:a9:83:13:a7:46:a3:c5:35:6e:04:82:fc:
                    a0:ec:52:63:2b:01:05:8f:c3:b3:b7:58:cc:0d:7c:
                    8e:ea:ec:43:00:cb:32:9e:ab:14:85:e6:bb:ef:a7:
                    b7:53:ee:33:68:bd:29:bb:d9:e1:1c:08:1c:1e:61:
                    8d:4d:da:59:19:20:fd:fe:21:a4:ba:1f:6b:01:83:
                    29:e5:94:1e:ed:4f:23:4b:98:d4:25:6c:6c:18:64:
                    a2:83:75:89:c4:42:52:15:35:01:bb:59:5a:a1:fd:
                    c1:bb:e5:36:25:d8:de:01:2c:da:04:9b:45:73:ef:
                    62:7c:65:00:02:40:53:90:5c:55:88:27:74:3a:a7:
                    69:d4:c6:e9:c1:61:e3:86:9c:5a:ab:39:f7:37:e4:
                    24:6f:9e:52:a8:da:b1:d6:00:95:07:fe:0b:49:59:
                    31:03:99:4d:70:f5:3f:37:5d:97:67:d9:ac:6b:b4:
                    f7:c0:0a:d9:4b:e1:33:0f:71:28:eb:cb:88:6c:82:
                    ee:41:20:8a:29:41:82:39:8c:a5:3b:68:55:7e:bd:
                    9d:a5:e4:91:2a:d0:20:e7:01:62:c6:69:1d:dc:1d:
                    df:5a:b7:6e:43:f4:4f:93:84:d2:51:7b:a4:1a:f9:
                    b1:01:74:57:26:0e:2e:ef:07:7a:ea:3d:83:bb:33:
                    85:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:3A:06:D1:5C:86:89:39:70:D9:C1:3F:6E:4D:35:93:14:C4:3A:09
            X509v3 Authority Key Identifier:
                keyid:08:95:3A:5F:11:A8:27:9C:DF:87:98:96:0D:E1:E2:2E:B1:22:7D:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CJU6XxGoJ5zfh5iWDeHiLrEifZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/UDoG0VyGiTlw2cE_bk01kxTEOgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/CJU6XxGoJ5zfh5iWDeHiLrEifZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         07:64:2d:3e:43:68:f9:3d:5a:c2:2d:64:0f:6e:ef:c9:83:09:
         14:2e:43:98:34:04:93:04:a8:9e:0f:df:5c:29:b2:20:34:bc:
         c8:eb:20:0d:51:65:33:37:fb:98:42:ab:70:0a:0c:86:4e:28:
         f4:93:dc:d7:b8:2e:88:59:4d:d1:d8:2a:46:ff:01:67:18:65:
         12:04:e8:46:18:49:96:5d:06:97:b4:a5:a3:17:70:ee:90:87:
         b0:fe:46:8c:d2:2c:ea:c4:2f:e2:8d:50:02:4a:a3:2d:07:38:
         e0:54:2d:d3:41:6a:bd:eb:c8:5d:80:88:fb:26:6d:eb:d4:71:
         05:33:5e:07:bf:cb:8b:cc:3b:e5:da:07:1c:29:65:02:79:c7:
         c5:e8:a1:99:1e:30:7d:07:94:2d:51:50:27:e2:b3:ee:bc:36:
         54:31:b7:d5:37:4d:4e:0c:63:0b:d2:c6:28:a8:27:53:43:f4:
         5d:b0:a8:f0:6a:cd:f5:fe:8e:a4:70:1b:bf:b1:b8:09:4c:22:
         b5:a6:f6:d5:86:ac:e7:84:ac:81:c8:8c:a9:1e:68:69:7a:5d:
         7a:30:52:09:bf:05:fe:34:0e:fb:6c:2e:e5:69:1c:1d:31:88:
         5a:08:72:98:95:e6:66:5c:a1:ef:78:be:2a:61:92:b2:cf:56:
         4f:e6:a1:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmT7na9riT0Pn5zK+07HsF5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4OTUzYTVmMTFhODI3OWNkZjg3OTg5NjBkZTFlMjJlYjEy
MjdkOTUwHhcNMjUwOTI5MDUyNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDNhMDZkMTVjODY4OTM5NzBkOWMxM2Y2ZTRkMzU5MzE0YzQzYTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIGpgxOnRqPFNW4Egvyg7FJjKwEF
j8Ozt1jMDXyO6uxDAMsynqsUhea776e3U+4zaL0pu9nhHAgcHmGNTdpZGSD9/iGk
uh9rAYMp5ZQe7U8jS5jUJWxsGGSig3WJxEJSFTUBu1laof3Bu+U2JdjeASzaBJtF
c+9ifGUAAkBTkFxViCd0Oqdp1MbpwWHjhpxaqzn3N+Qkb55SqNqx1gCVB/4LSVkx
A5lNcPU/N12XZ9msa7T3wArZS+EzD3Eo68uIbILuQSCKKUGCOYylO2hVfr2dpeSR
KtAg5wFixmkd3B3fWrduQ/RPk4TSUXukGvmxAXRXJg4u7wd66j2DuzOFXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFA6BtFchok5cNnBP25NNZMUxDoJMB8GA1UdIwQY
MBaAFAiVOl8RqCec34eYlg3h4i6xIn2VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0pVNlh4R29KNXpmaDVpV0RlSGlMckVpZlpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9jYzk0YzgtNzJlNC00Mzk4LWIzN2It
NzExNjk1NjdlMzljLzEvVURvRzBWeUdpVGx3MmNFX2JrMDFreFRFT2drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9jYzk0YzgtNzJlNC00Mzk4LWIzN2ItNzExNjk1NjdlMzlj
LzEvQ0pVNlh4R29KNXpmaDVpV0RlSGlMckVpZlpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBueUqMA0G
CSqGSIb3DQEBCwUAA4IBAQAHZC0+Q2j5PVrCLWQPbu/JgwkULkOYNASTBKieD99c
KbIgNLzI6yANUWUzN/uYQqtwCgyGTij0k9zXuC6IWU3R2CpG/wFnGGUSBOhGGEmW
XQaXtKWjF3DukIew/kaM0izqxC/ijVACSqMtBzjgVC3TQWq968hdgIj7Jm3r1HEF
M14Hv8uLzDvl2gccKWUCecfF6KGZHjB9B5QtUVAn4rPuvDZUMbfVN01ODGML0sYo
qCdTQ/RdsKjwas31/o6kcBu/sbgJTCK1pvbVhqznhKyByIypHmhpel16MFIJvwX+
NA77bC7laRwdMYhaCHKYleZmXKHveL4qYZKyz1ZP5qHH
-----END CERTIFICATE-----