Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/84a85e-ad49-4c63-ab59-ab7b0aa1c3d4/1/tZdJ3gpSp_BcnEX4ePWmdTwhvi4.roa
File:                     tZdJ3gpSp_BcnEX4ePWmdTwhvi4.roa (raw, json)
Hash identifier:          CB6ct155CWiuuBsC4XGPM5LCeaov94YzQ+Lj1xQ4FUY=
Subject key identifier:   B5:97:49:DE:0A:52:A7:F0:5C:9C:45:F8:78:F5:A6:75:3C:21:BE:2E
Certificate issuer:       /CN=31e6591d1a04d6afe1ed5f4ed01d394ae5148589
Certificate serial:       019874D8E8A69C243EAC52D963787981B5C4
Authority key identifier: 31:E6:59:1D:1A:04:D6:AF:E1:ED:5F:4E:D0:1D:39:4A:E5:14:85:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MeZZHRoE1q_h7V9O0B05SuUUhYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/84a85e-ad49-4c63-ab59-ab7b0aa1c3d4/1/tZdJ3gpSp_BcnEX4ePWmdTwhvi4.roa
Signing time:             Mon 04 Aug 2025 11:30:29 +0000
ROA not before:           Mon 04 Aug 2025 11:30:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204978
IP address blocks:        185.233.96.0/22 maxlen: 22
                          185.233.97.0/24 maxlen: 24
                          185.233.98.0/24 maxlen: 24
                          185.233.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/84a85e-ad49-4c63-ab59-ab7b0aa1c3d4/1/MeZZHRoE1q_h7V9O0B05SuUUhYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/84a85e-ad49-4c63-ab59-ab7b0aa1c3d4/1/MeZZHRoE1q_h7V9O0B05SuUUhYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MeZZHRoE1q_h7V9O0B05SuUUhYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:74:d8:e8:a6:9c:24:3e:ac:52:d9:63:78:79:81:b5:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31e6591d1a04d6afe1ed5f4ed01d394ae5148589
        Validity
            Not Before: Aug  4 11:30:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b59749de0a52a7f05c9c45f878f5a6753c21be2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:55:dc:54:10:9d:9e:4b:1b:c6:03:7f:22:84:
                    db:1c:4b:2d:c5:94:68:f7:f1:bd:1d:b5:f8:01:fd:
                    91:c3:54:5e:39:64:c6:6a:0c:ef:cb:f6:e2:d1:b8:
                    f4:80:9e:b0:c7:ad:10:23:67:fa:5c:f5:5d:5d:79:
                    f6:df:65:66:f6:c1:55:c2:f7:c4:fa:68:9e:74:25:
                    82:db:1a:d3:d6:77:05:7c:b5:3c:a6:f5:a9:a5:b1:
                    92:aa:2c:dc:e0:18:90:6f:7e:13:8b:e9:13:75:11:
                    b9:89:da:83:0f:b3:0a:18:53:b1:99:0f:ea:cb:d9:
                    ac:85:fa:e5:dd:1f:ce:37:db:70:0b:e0:ad:3f:f9:
                    fe:8d:f2:63:84:77:e5:1e:72:f3:07:ed:04:f0:48:
                    42:04:15:82:92:be:68:9c:27:4e:c8:e7:5c:a6:59:
                    fc:7e:9e:9a:4e:ad:ed:3c:3c:af:19:cf:4a:41:f3:
                    c4:e9:a8:28:17:67:0b:a8:3a:aa:e8:9d:85:62:54:
                    f0:0d:bd:0e:71:aa:0f:a0:d2:e5:40:6a:8b:d2:b5:
                    a2:6f:4d:56:03:a7:45:1c:90:ba:61:fa:d1:dd:70:
                    1e:f0:ff:f1:bc:65:95:ad:85:ae:b0:da:fc:83:3d:
                    56:de:50:e8:9b:e1:af:3f:47:5c:5b:ed:c3:67:f4:
                    b4:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:97:49:DE:0A:52:A7:F0:5C:9C:45:F8:78:F5:A6:75:3C:21:BE:2E
            X509v3 Authority Key Identifier:
                keyid:31:E6:59:1D:1A:04:D6:AF:E1:ED:5F:4E:D0:1D:39:4A:E5:14:85:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MeZZHRoE1q_h7V9O0B05SuUUhYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/84a85e-ad49-4c63-ab59-ab7b0aa1c3d4/1/tZdJ3gpSp_BcnEX4ePWmdTwhvi4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/84a85e-ad49-4c63-ab59-ab7b0aa1c3d4/1/MeZZHRoE1q_h7V9O0B05SuUUhYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.233.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:c7:c5:77:99:14:ff:35:ad:1c:09:c1:04:22:c8:a2:be:ca:
         35:3b:36:2d:8a:33:61:e8:92:a5:0c:9a:0b:1b:c1:06:04:67:
         fd:01:c2:a4:09:0a:f4:a4:49:67:2e:28:52:11:a7:73:c3:9b:
         22:03:02:bc:bb:a0:d3:71:b2:61:2f:23:5f:b6:68:11:43:8e:
         e3:ab:9d:6c:13:66:de:f8:80:fe:1d:ca:c5:32:12:0d:3e:27:
         f2:ca:b1:f1:43:ec:47:5e:f0:0a:1a:c5:fb:64:c7:a5:de:b3:
         22:04:de:f8:fe:a6:61:5a:fe:29:2a:d9:0f:d9:0c:22:7b:0f:
         f1:f3:32:37:af:00:7c:0a:c5:98:59:cd:7d:52:8d:3d:4a:6d:
         3a:3b:00:d5:ab:b1:f4:a3:d4:d5:c0:ce:fc:49:44:ea:87:bf:
         10:e3:1f:53:87:2e:4f:59:e6:a0:3d:f1:2c:51:6c:16:5c:f9:
         1c:e2:87:4c:80:ca:e2:ad:00:a1:5c:fb:14:da:38:6e:47:72:
         25:79:30:b1:15:0a:d4:b7:5b:22:ae:bc:3e:5e:22:ce:7d:51:
         94:31:69:55:6f:71:93:d3:2e:ad:ae:3f:5d:42:97:72:ba:43:
         d2:56:1b:4b:50:4b:f1:83:6d:ad:df:0c:10:33:e0:ec:e2:8f:
         93:69:0c:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh02OimnCQ+rFLZY3h5gbXEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZTY1OTFkMWEwNGQ2YWZlMWVkNWY0ZWQwMWQzOTRhZTUx
NDg1ODkwHhcNMjUwODA0MTEzMDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTk3NDlkZTBhNTJhN2YwNWM5YzQ1Zjg3OGY1YTY3NTNjMjFiZTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0FXcVBCdnksbxgN/IoTbHEstxZRo
9/G9HbX4Af2Rw1ReOWTGagzvy/bi0bj0gJ6wx60QI2f6XPVdXXn232Vm9sFVwvfE
+miedCWC2xrT1ncFfLU8pvWppbGSqizc4BiQb34Ti+kTdRG5idqDD7MKGFOxmQ/q
y9mshfrl3R/ON9twC+CtP/n+jfJjhHflHnLzB+0E8EhCBBWCkr5onCdOyOdcpln8
fp6aTq3tPDyvGc9KQfPE6agoF2cLqDqq6J2FYlTwDb0OcaoPoNLlQGqL0rWib01W
A6dFHJC6YfrR3XAe8P/xvGWVrYWusNr8gz1W3lDom+GvP0dcW+3DZ/S0twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLWXSd4KUqfwXJxF+Hj1pnU8Ib4uMB8GA1UdIwQY
MBaAFDHmWR0aBNav4e1fTtAdOUrlFIWJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWVaWkhSb0UxcV9oN1Y5TzBCMDVTdVVVaFlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NGE4NWUtYWQ0OS00YzYzLWFiNTkt
YWI3YjBhYTFjM2Q0LzEvdFpkSjNncFNwX0JjbkVYNGVQV21kVHdodmk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NGE4NWUtYWQ0OS00YzYzLWFiNTktYWI3YjBhYTFjM2Q0
LzEvTWVaWkhSb0UxcV9oN1Y5TzBCMDVTdVVVaFlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuelgMA0G
CSqGSIb3DQEBCwUAA4IBAQCVx8V3mRT/Na0cCcEEIsiivso1OzYtijNh6JKlDJoL
G8EGBGf9AcKkCQr0pElnLihSEadzw5siAwK8u6DTcbJhLyNftmgRQ47jq51sE2be
+ID+HcrFMhINPifyyrHxQ+xHXvAKGsX7ZMel3rMiBN74/qZhWv4pKtkP2Qwiew/x
8zI3rwB8CsWYWc19Uo09Sm06OwDVq7H0o9TVwM78SUTqh78Q4x9Thy5PWeagPfEs
UWwWXPkc4odMgMrirQChXPsU2jhuR3IleTCxFQrUt1sirrw+XiLOfVGUMWlVb3GT
0y6trj9dQpdyukPSVhtLUEvxg22t3wwQM+Ds4o+TaQx9
-----END CERTIFICATE-----