Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/ddeSZRPuR-YSoY2EU8Qkfv22Y9E.roa
File:                     ddeSZRPuR-YSoY2EU8Qkfv22Y9E.roa (raw, json)
Hash identifier:          8TFs5LJ5ZvfYMFEpFoY8UICNrWnDwFmIhjaokmp4ngU=
Subject key identifier:   75:D7:92:65:13:EE:47:E6:12:A1:8D:84:53:C4:24:7E:FD:B6:63:D1
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       01999A6C25DE45A040C9E5A3F832FADF5625
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/ddeSZRPuR-YSoY2EU8Qkfv22Y9E.roa
Signing time:             Tue 30 Sep 2025 11:40:02 +0000
ROA not before:           Tue 30 Sep 2025 11:40:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34577
IP address blocks:        85.187.19.0/24 maxlen: 24
                          85.187.19.5/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 23:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9a:6c:25:de:45:a0:40:c9:e5:a3:f8:32:fa:df:56:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Sep 30 11:40:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=75d7926513ee47e612a18d8453c4247efdb663d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:a8:90:1e:30:25:e1:ac:e2:c2:6b:a8:51:d8:
                    e0:b7:92:f7:89:9a:51:4e:62:31:40:32:c3:c4:f1:
                    79:f4:08:f7:42:7b:c4:56:8e:a0:fd:6a:79:aa:68:
                    35:c1:7d:bd:7a:2b:45:a9:72:11:73:6b:e1:c6:6f:
                    28:9d:71:ae:cb:f7:63:e6:39:4d:98:84:88:4b:29:
                    9e:1b:15:ad:84:2d:9d:ba:39:e3:0f:19:71:47:d1:
                    46:18:2f:78:1d:fe:9f:7f:8c:02:a6:a2:13:a5:6e:
                    64:5e:ef:6d:68:a6:d1:9c:55:86:b1:ae:6b:b3:61:
                    e4:d2:d2:23:7d:79:00:11:96:e8:d5:7a:fa:0e:44:
                    66:e8:d5:09:ba:38:bc:dd:a0:fe:35:85:2c:31:f6:
                    97:ef:c7:c1:dd:bc:3b:74:61:b9:d4:9c:eb:f7:cc:
                    e5:01:9a:be:03:84:7e:97:03:f1:70:c7:60:73:72:
                    2e:66:31:a2:70:85:fa:29:83:3d:9a:e5:12:dd:05:
                    43:03:94:01:e8:b5:58:55:4b:f7:62:86:da:37:9b:
                    c2:63:9e:2f:4c:27:78:1f:e1:8c:43:5e:4b:2f:be:
                    2b:99:cf:17:a0:e6:71:81:ed:23:7c:b0:38:8d:eb:
                    8f:11:32:a4:ef:2b:fc:af:10:ba:f7:98:70:95:1a:
                    85:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:D7:92:65:13:EE:47:E6:12:A1:8D:84:53:C4:24:7E:FD:B6:63:D1
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/ddeSZRPuR-YSoY2EU8Qkfv22Y9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.187.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:aa:b2:d3:d9:ad:42:9e:fb:d2:7d:79:86:e6:32:66:d0:c7:
         21:75:76:6d:c4:06:31:47:a8:af:ac:a0:f5:f4:6b:d3:2b:89:
         4e:81:fd:59:d5:9d:0c:01:bb:2d:e1:76:a7:44:59:05:95:7f:
         92:09:06:fb:41:73:45:1a:94:aa:3b:19:a7:5e:7a:f1:8f:83:
         8e:5f:3f:7c:33:07:19:39:d0:e6:c1:6f:78:91:5d:fd:8e:a7:
         71:3c:70:af:ea:ad:27:aa:0e:63:a2:8f:1a:70:0a:7d:94:6f:
         8c:9d:ee:9e:db:2c:f0:64:11:b4:4e:49:14:8b:c4:09:a7:c7:
         11:ba:5d:34:92:e3:37:df:f1:0a:c1:4b:d7:a4:c3:d1:0e:b8:
         eb:14:fb:63:e1:70:c5:60:7e:74:17:9c:80:0c:88:1d:ba:31:
         18:8a:3b:cd:bc:8a:0e:f6:35:1b:f6:b2:52:db:90:b9:c0:c5:
         a1:46:99:22:1a:78:dc:e3:5f:20:aa:c9:1c:74:b9:ad:61:2c:
         44:3e:20:a5:bc:e2:62:f6:0a:a7:63:a3:00:0d:c7:6c:47:da:
         13:b7:13:30:46:0d:5b:72:7b:e4:d2:ca:07:4e:f2:c3:4c:9b:
         26:7d:7d:6a:77:d7:1d:2f:ad:67:c6:c1:b7:91:ff:4f:66:17:
         a1:2b:7a:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmabCXeRaBAyeWj+DL631YlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjUwOTMwMTE0MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWQ3OTI2NTEzZWU0N2U2MTJhMThkODQ1M2M0MjQ3ZWZkYjY2M2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qiQHjAl4aziwmuoUdjgt5L3iZpR
TmIxQDLDxPF59Aj3QnvEVo6g/Wp5qmg1wX29eitFqXIRc2vhxm8onXGuy/dj5jlN
mISISymeGxWthC2dujnjDxlxR9FGGC94Hf6ff4wCpqITpW5kXu9taKbRnFWGsa5r
s2Hk0tIjfXkAEZbo1Xr6DkRm6NUJuji83aD+NYUsMfaX78fB3bw7dGG51Jzr98zl
AZq+A4R+lwPxcMdgc3IuZjGicIX6KYM9muUS3QVDA5QB6LVYVUv3YobaN5vCY54v
TCd4H+GMQ15LL74rmc8XoOZxge0jfLA4jeuPETKk7yv8rxC695hwlRqF3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHXXkmUT7kfmEqGNhFPEJH79tmPRMB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvZGRlU1pSUHVSLVlTb1kyRVU4UWtmdjIyWTlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVbsTMA0G
CSqGSIb3DQEBCwUAA4IBAQBnqrLT2a1CnvvSfXmG5jJm0MchdXZtxAYxR6ivrKD1
9GvTK4lOgf1Z1Z0MAbst4XanRFkFlX+SCQb7QXNFGpSqOxmnXnrxj4OOXz98MwcZ
OdDmwW94kV39jqdxPHCv6q0nqg5joo8acAp9lG+Mne6e2yzwZBG0TkkUi8QJp8cR
ul00kuM33/EKwUvXpMPRDrjrFPtj4XDFYH50F5yADIgdujEYijvNvIoO9jUb9rJS
25C5wMWhRpkiGnjc418gqskcdLmtYSxEPiClvOJi9gqnY6MADcdsR9oTtxMwRg1b
cnvk0soHTvLDTJsmfX1qd9cdL61nxsG3kf9PZhehK3r0
-----END CERTIFICATE-----