Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/890a41-be76-434d-87cf-ccc82f2d57e0/1/_UD-0s3a5L-DuKpnQLmvpANybxQ.roa
File:                     _UD-0s3a5L-DuKpnQLmvpANybxQ.roa (raw, json)
Hash identifier:          KfVEabLC35sn8DyWFnbokPqek3epj+ROSa1QAr9G1Gc=
Subject key identifier:   FD:40:FE:D2:CD:DA:E4:BF:83:B8:AA:67:40:B9:AF:A4:03:72:6F:14
Certificate issuer:       /CN=644d731965489244a7bd28f893d0b3769afd996f
Certificate serial:       019A017E9394F2C2CCB8EC3E8C2380778357
Authority key identifier: 64:4D:73:19:65:48:92:44:A7:BD:28:F8:93:D0:B3:76:9A:FD:99:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZE1zGWVIkkSnvSj4k9Czdpr9mW8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/890a41-be76-434d-87cf-ccc82f2d57e0/1/_UD-0s3a5L-DuKpnQLmvpANybxQ.roa
Signing time:             Mon 20 Oct 2025 12:01:03 +0000
ROA not before:           Mon 20 Oct 2025 12:01:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48192
IP address blocks:        185.255.16.0/24 maxlen: 24
                          185.255.18.0/24 maxlen: 24
                          185.255.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/890a41-be76-434d-87cf-ccc82f2d57e0/1/ZE1zGWVIkkSnvSj4k9Czdpr9mW8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/890a41-be76-434d-87cf-ccc82f2d57e0/1/ZE1zGWVIkkSnvSj4k9Czdpr9mW8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZE1zGWVIkkSnvSj4k9Czdpr9mW8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 12:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:01:7e:93:94:f2:c2:cc:b8:ec:3e:8c:23:80:77:83:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=644d731965489244a7bd28f893d0b3769afd996f
        Validity
            Not Before: Oct 20 12:01:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd40fed2cddae4bf83b8aa6740b9afa403726f14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:c1:a8:71:2a:a3:22:8f:d5:00:4f:6c:18:7a:
                    72:30:47:58:41:a6:e6:db:87:54:33:10:6b:16:fb:
                    dc:61:9e:00:e3:c5:ac:7e:77:13:3d:06:95:c0:05:
                    ff:c3:2e:69:0d:b9:66:ad:1d:9a:11:b9:c5:ac:8a:
                    be:9e:18:d2:b3:23:12:00:38:55:57:4c:1c:ec:2d:
                    8b:d4:aa:44:85:fa:40:75:cc:b1:30:9f:9b:fb:b8:
                    de:48:80:fb:bc:4a:ed:de:c6:9c:b5:1d:ed:3c:a9:
                    7d:20:bb:cb:6a:17:79:50:c0:8c:9a:11:07:b3:1c:
                    65:5d:e6:93:c0:e8:cb:e7:c2:64:41:7e:03:19:7a:
                    38:16:4f:72:43:15:d1:58:b6:57:ab:ac:da:5a:d1:
                    98:32:82:a6:5b:63:89:0c:33:24:5e:83:9b:9a:84:
                    50:f4:ca:61:17:f6:03:38:89:ca:cb:12:db:19:0a:
                    43:57:3f:43:55:02:61:c2:98:22:c6:79:83:e6:73:
                    41:0e:7c:67:7b:c2:a3:a8:6d:87:fb:be:8f:63:6a:
                    65:b4:a4:aa:7a:1a:1f:61:90:ca:4c:38:9d:d8:69:
                    49:a3:8f:96:be:ab:ed:d4:e5:58:bb:f9:a5:78:95:
                    b8:94:7b:71:82:bc:4b:84:a1:05:4a:1d:03:88:b0:
                    95:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:40:FE:D2:CD:DA:E4:BF:83:B8:AA:67:40:B9:AF:A4:03:72:6F:14
            X509v3 Authority Key Identifier:
                keyid:64:4D:73:19:65:48:92:44:A7:BD:28:F8:93:D0:B3:76:9A:FD:99:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZE1zGWVIkkSnvSj4k9Czdpr9mW8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/890a41-be76-434d-87cf-ccc82f2d57e0/1/_UD-0s3a5L-DuKpnQLmvpANybxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/890a41-be76-434d-87cf-ccc82f2d57e0/1/ZE1zGWVIkkSnvSj4k9Czdpr9mW8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.16.0/24
                  185.255.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:2f:2e:5e:97:c6:5c:8a:65:7c:12:85:3b:02:b8:77:9f:59:
         63:e6:9d:fd:95:35:d6:24:59:51:ef:eb:e5:42:0b:ba:18:95:
         b3:c8:e8:dc:c3:1f:a1:23:b7:a9:85:ef:cc:4f:95:a5:c7:37:
         00:55:fc:a8:a7:6e:11:fd:e6:21:af:ac:86:0a:99:79:9c:ac:
         79:d1:1a:4c:41:41:64:a8:21:2c:14:16:e5:69:5b:84:a8:23:
         8c:af:d2:23:a2:c9:2e:c9:a6:0b:07:b1:f5:98:4c:4a:62:ee:
         c7:31:4b:a0:ef:f4:01:44:79:c2:d4:02:b0:18:50:6a:1c:6b:
         86:92:a4:a9:8f:2e:4e:54:e8:53:34:3e:78:7e:1f:49:0b:ab:
         e2:68:3c:86:b9:05:5e:70:48:a6:41:b0:44:3e:e2:67:a3:00:
         99:29:29:f7:94:2c:8e:aa:4a:e6:fa:32:e3:53:da:d8:a5:72:
         c7:a8:24:7b:18:67:e2:2d:3a:3f:f1:6b:a0:90:c2:af:1c:bb:
         c3:b2:ec:0b:07:59:79:8c:a3:43:84:cf:91:2d:3d:b6:1c:eb:
         b1:aa:81:bb:d2:06:87:d7:4d:c8:38:eb:0a:00:8d:3a:19:46:
         cf:8f:f2:d1:1b:7b:c1:ff:fc:aa:e1:9b:b8:ea:d5:82:31:2b:
         60:83:0e:c3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoBfpOU8sLMuOw+jCOAd4NXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0NGQ3MzE5NjU0ODkyNDRhN2JkMjhmODkzZDBiMzc2OWFm
ZDk5NmYwHhcNMjUxMDIwMTIwMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDQwZmVkMmNkZGFlNGJmODNiOGFhNjc0MGI5YWZhNDAzNzI2ZjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8GocSqjIo/VAE9sGHpyMEdYQabm
24dUMxBrFvvcYZ4A48WsfncTPQaVwAX/wy5pDblmrR2aEbnFrIq+nhjSsyMSADhV
V0wc7C2L1KpEhfpAdcyxMJ+b+7jeSID7vErt3sactR3tPKl9ILvLahd5UMCMmhEH
sxxlXeaTwOjL58JkQX4DGXo4Fk9yQxXRWLZXq6zaWtGYMoKmW2OJDDMkXoObmoRQ
9MphF/YDOInKyxLbGQpDVz9DVQJhwpgixnmD5nNBDnxne8KjqG2H+76PY2pltKSq
ehofYZDKTDid2GlJo4+Wvqvt1OVYu/mleJW4lHtxgrxLhKEFSh0DiLCVVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP1A/tLN2uS/g7iqZ0C5r6QDcm8UMB8GA1UdIwQY
MBaAFGRNcxllSJJEp70o+JPQs3aa/ZlvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkUxekdXVklra1NudlNqNGs5Q3pkcHI5bVc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi84OTBhNDEtYmU3Ni00MzRkLTg3Y2Yt
Y2NjODJmMmQ1N2UwLzEvX1VELTBzM2E1TC1EdUtwblFMbXZwQU55YnhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi84OTBhNDEtYmU3Ni00MzRkLTg3Y2YtY2NjODJmMmQ1N2Uw
LzEvWkUxekdXVklra1NudlNqNGs5Q3pkcHI5bVc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuf8QAwQB
uf8SMA0GCSqGSIb3DQEBCwUAA4IBAQCTLy5el8ZcimV8EoU7Arh3n1lj5p39lTXW
JFlR7+vlQgu6GJWzyOjcwx+hI7ephe/MT5WlxzcAVfyop24R/eYhr6yGCpl5nKx5
0RpMQUFkqCEsFBblaVuEqCOMr9IjoskuyaYLB7H1mExKYu7HMUug7/QBRHnC1AKw
GFBqHGuGkqSpjy5OVOhTND54fh9JC6viaDyGuQVecEimQbBEPuJnowCZKSn3lCyO
qkrm+jLjU9rYpXLHqCR7GGfiLTo/8WugkMKvHLvDsuwLB1l5jKNDhM+RLT22HOux
qoG70gaH103IOOsKAI06GUbPj/LRG3vB//yq4Zu46tWCMStggw7D
-----END CERTIFICATE-----