Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/pdhN-MZpD_hNi80yknZO7jZPsqI.roa
File:                     pdhN-MZpD_hNi80yknZO7jZPsqI.roa (raw, json)
Hash identifier:          Vq61y4v3/rCjHkyR2L7fl+qX1NPi84b5r+WF68rRDB4=
Subject key identifier:   A5:D8:4D:F8:C6:69:0F:F8:4D:8B:CD:32:92:76:4E:EE:36:4F:B2:A2
Certificate issuer:       /CN=8d89223c1f335c0cc569359fa2dda349a2236ccb
Certificate serial:       0199C33386FE3AEF08C179CFE53C68E1F2AD
Authority key identifier: 8D:89:22:3C:1F:33:5C:0C:C5:69:35:9F:A2:DD:A3:49:A2:23:6C:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jYkiPB8zXAzFaTWfot2jSaIjbMs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/pdhN-MZpD_hNi80yknZO7jZPsqI.roa
Signing time:             Wed 08 Oct 2025 09:42:37 +0000
ROA not before:           Wed 08 Oct 2025 09:42:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204036
IP address blocks:        185.213.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/jYkiPB8zXAzFaTWfot2jSaIjbMs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/jYkiPB8zXAzFaTWfot2jSaIjbMs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jYkiPB8zXAzFaTWfot2jSaIjbMs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c3:33:86:fe:3a:ef:08:c1:79:cf:e5:3c:68:e1:f2:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d89223c1f335c0cc569359fa2dda349a2236ccb
        Validity
            Not Before: Oct  8 09:42:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5d84df8c6690ff84d8bcd3292764eee364fb2a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:7e:a9:ff:df:e0:c9:71:d6:a9:f6:70:17:ff:
                    21:17:26:90:a6:ce:0b:9a:f3:da:af:a9:92:10:ec:
                    72:0b:9a:e5:ae:39:66:a8:01:5d:5e:89:cc:47:a0:
                    f0:66:f9:dc:91:3e:3f:7c:5e:81:4c:af:dd:78:25:
                    d8:b1:34:cc:04:c0:8e:99:0c:53:80:c9:ce:b0:68:
                    22:bb:12:61:43:f3:89:30:4e:3b:a6:11:45:8c:b3:
                    4c:c4:86:42:07:6c:51:cd:0d:01:67:fe:33:a0:84:
                    21:aa:0b:58:9a:94:c0:ff:e6:9b:f2:cd:85:1f:ef:
                    d1:da:b4:80:76:3c:36:98:c1:3f:7e:22:93:ae:e4:
                    99:f6:88:ef:8e:49:36:81:cc:9a:38:15:43:80:b1:
                    dc:9c:ff:5e:1c:04:ab:b3:21:b6:ef:d0:b1:25:39:
                    f8:52:63:f1:a3:4f:af:18:93:78:e2:c4:c2:9d:fd:
                    2c:8c:dd:c7:16:30:c6:8e:ca:93:dd:15:fb:a1:b7:
                    8b:90:a8:79:40:2e:f3:a5:0c:4d:2c:9a:1b:36:55:
                    46:46:cb:26:6b:5f:fd:12:a6:32:d4:d4:f9:95:ee:
                    fc:b4:ce:cb:83:30:5f:38:3c:1a:0a:c1:2a:5b:2e:
                    bb:2a:b2:53:87:17:a5:db:e9:6e:4f:7c:dd:01:ca:
                    e1:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:D8:4D:F8:C6:69:0F:F8:4D:8B:CD:32:92:76:4E:EE:36:4F:B2:A2
            X509v3 Authority Key Identifier:
                keyid:8D:89:22:3C:1F:33:5C:0C:C5:69:35:9F:A2:DD:A3:49:A2:23:6C:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jYkiPB8zXAzFaTWfot2jSaIjbMs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/pdhN-MZpD_hNi80yknZO7jZPsqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/jYkiPB8zXAzFaTWfot2jSaIjbMs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:e3:a5:dd:8d:47:fe:cf:69:0e:c7:68:91:bd:80:89:23:b4:
         79:30:66:6c:e7:4f:03:3b:a8:4f:6f:1c:0c:9a:9b:d7:04:61:
         20:90:97:b9:e9:35:ec:1c:8c:22:79:9d:af:53:64:b3:d2:9b:
         5f:0d:57:bc:92:a8:ff:5a:c4:13:b7:0a:c8:83:a6:7e:21:43:
         fe:c3:4d:7f:0e:e7:00:80:57:56:66:11:dd:0f:d4:12:c0:09:
         c1:35:5d:7e:a8:b5:a1:1d:70:b1:58:98:d1:b3:b7:e2:b9:37:
         a0:4d:9a:39:32:c0:4a:ca:69:79:22:c2:9f:16:f4:77:57:dc:
         64:38:ff:41:9d:41:ee:c6:92:51:9f:6d:90:c3:4b:cf:de:87:
         27:c7:89:e6:de:71:4d:4a:a1:d6:f2:b7:53:42:3b:86:ed:42:
         33:2b:6a:d2:04:6e:22:b3:41:a9:f1:ce:86:7b:27:d3:a9:60:
         a1:94:ce:29:1f:20:19:98:fc:7e:b5:67:03:75:39:6c:d4:b4:
         26:5f:11:67:8f:be:7b:9f:e8:00:83:3f:83:b5:e1:ff:dd:8b:
         53:83:87:20:e2:9d:cd:bd:7d:d5:cb:26:90:72:a2:39:4e:41:
         72:14:48:b6:16:e9:33:c0:53:4a:b7:f1:bb:89:d4:8a:b2:af:
         8d:84:37:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnDM4b+Ou8IwXnP5Txo4fKtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkODkyMjNjMWYzMzVjMGNjNTY5MzU5ZmEyZGRhMzQ5YTIy
MzZjY2IwHhcNMjUxMDA4MDk0MjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWQ4NGRmOGM2NjkwZmY4NGQ4YmNkMzI5Mjc2NGVlZTM2NGZiMmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3X6p/9/gyXHWqfZwF/8hFyaQps4L
mvPar6mSEOxyC5rlrjlmqAFdXonMR6DwZvnckT4/fF6BTK/deCXYsTTMBMCOmQxT
gMnOsGgiuxJhQ/OJME47phFFjLNMxIZCB2xRzQ0BZ/4zoIQhqgtYmpTA/+ab8s2F
H+/R2rSAdjw2mME/fiKTruSZ9ojvjkk2gcyaOBVDgLHcnP9eHASrsyG279CxJTn4
UmPxo0+vGJN44sTCnf0sjN3HFjDGjsqT3RX7obeLkKh5QC7zpQxNLJobNlVGRssm
a1/9EqYy1NT5le78tM7LgzBfODwaCsEqWy67KrJThxel2+luT3zdAcrhxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKXYTfjGaQ/4TYvNMpJ2Tu42T7KiMB8GA1UdIwQY
MBaAFI2JIjwfM1wMxWk1n6Ldo0miI2zLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvallraVBCOHpYQXpGYVRXZm90MmpTYUlqYk1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy81MmExMGQtZDg1MS00MGFlLWE4YjAt
YTEwMjhlZGE2MzgzLzEvcGRoTi1NWnBEX2hOaTgweWtuWk83alpQc3FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy81MmExMGQtZDg1MS00MGFlLWE4YjAtYTEwMjhlZGE2Mzgz
LzEvallraVBCOHpYQXpGYVRXZm90MmpTYUlqYk1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudWoMA0G
CSqGSIb3DQEBCwUAA4IBAQAD46XdjUf+z2kOx2iRvYCJI7R5MGZs508DO6hPbxwM
mpvXBGEgkJe56TXsHIwieZ2vU2Sz0ptfDVe8kqj/WsQTtwrIg6Z+IUP+w01/DucA
gFdWZhHdD9QSwAnBNV1+qLWhHXCxWJjRs7fiuTegTZo5MsBKyml5IsKfFvR3V9xk
OP9BnUHuxpJRn22Qw0vP3ocnx4nm3nFNSqHW8rdTQjuG7UIzK2rSBG4is0Gp8c6G
eyfTqWChlM4pHyAZmPx+tWcDdTls1LQmXxFnj757n+gAgz+DteH/3YtTg4cg4p3N
vX3VyyaQcqI5TkFyFEi2FukzwFNKt/G7idSKsq+NhDeR
-----END CERTIFICATE-----