Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/UhKvXl_m9nZBE-_rxYy3N0dwSmQ.roa
File:                     UhKvXl_m9nZBE-_rxYy3N0dwSmQ.roa (raw, json)
Hash identifier:          MTKTbfYtfwy4jMu3+6j7vVJcG2UaV+0Ha/vAze0SZ3c=
Subject key identifier:   52:12:AF:5E:5F:E6:F6:76:41:13:EF:EB:C5:8C:B7:37:47:70:4A:64
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       019933EADBD7C38C334DE4B4F5CA55FF1D3B
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/UhKvXl_m9nZBE-_rxYy3N0dwSmQ.roa
Signing time:             Wed 10 Sep 2025 13:57:33 +0000
ROA not before:           Wed 10 Sep 2025 13:57:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215955
IP address blocks:        81.22.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:33:ea:db:d7:c3:8c:33:4d:e4:b4:f5:ca:55:ff:1d:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Sep 10 13:57:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5212af5e5fe6f6764113efebc58cb73747704a64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:86:2a:1f:e9:79:b1:91:ae:82:ee:09:97:20:
                    34:14:f0:52:48:d2:0c:f3:22:97:fb:28:99:4e:69:
                    a7:df:01:80:f4:f3:2c:b7:57:7e:66:0d:f3:9c:38:
                    59:d6:95:14:89:fb:34:4a:90:cf:2b:d0:df:94:85:
                    59:b7:d0:57:05:0b:e6:47:a3:a3:c8:51:fc:a7:95:
                    9b:b4:b0:6d:4a:71:4a:01:65:1e:4f:52:26:e3:49:
                    a1:87:bb:2e:b2:f1:44:44:ca:da:5f:b3:2d:7a:c6:
                    98:b8:ae:da:9d:4d:a6:f8:82:4e:cb:84:1a:47:c4:
                    6c:8a:1f:4e:85:7b:19:b9:20:e4:ff:8a:4c:2a:7a:
                    53:a0:cd:37:cd:6c:fc:a7:33:0d:42:bc:36:9f:c5:
                    5b:77:d3:63:dc:bc:9a:ce:47:d4:de:3e:bd:27:08:
                    45:cc:59:90:5b:ef:69:07:66:14:41:18:8c:7a:ac:
                    65:46:31:b4:38:ac:35:a0:c0:2e:7b:a8:2d:2e:4d:
                    11:1b:51:86:ff:2b:94:4f:54:34:b8:1a:a5:96:cb:
                    b3:de:15:6f:70:58:f0:11:d0:4e:89:54:4a:35:c5:
                    2e:59:42:5c:f9:62:66:4e:15:33:e7:de:8d:d0:a3:
                    1b:96:b7:42:d0:d8:70:ed:8a:14:1e:0a:21:e7:57:
                    28:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:12:AF:5E:5F:E6:F6:76:41:13:EF:EB:C5:8C:B7:37:47:70:4A:64
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/UhKvXl_m9nZBE-_rxYy3N0dwSmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:04:a0:e3:1c:ed:1e:9f:fb:f2:49:4c:38:3c:e6:67:3b:f6:
         7a:66:d8:30:6a:28:df:88:b9:b8:64:8a:f6:c2:d9:d1:7e:e7:
         e6:74:04:99:90:93:71:8e:4b:4a:a3:f4:5c:fb:35:82:98:fe:
         fb:55:81:05:a9:72:db:e5:e0:f4:8a:69:13:8c:72:59:92:f8:
         44:76:0f:c6:27:45:c0:0d:9d:75:14:37:11:69:d7:73:ae:1f:
         c6:cc:d9:3f:d7:d7:20:46:be:57:be:a7:f0:0f:07:cb:5d:84:
         3c:c6:17:1a:de:5c:45:5f:0a:3d:b1:ce:09:14:60:e1:5d:59:
         3d:50:5f:ee:9f:46:9f:a5:6c:f2:34:2a:92:2d:8a:d1:5f:cb:
         42:43:88:1e:cf:66:f1:a9:9a:be:ee:3e:5e:37:f3:d4:81:90:
         ec:a5:e4:40:98:52:8f:8c:f6:ef:b6:1a:fc:7b:23:6d:c1:5c:
         fa:07:f2:cf:e1:57:8d:a3:76:77:39:1b:f1:07:a5:b6:21:f0:
         54:68:c8:b9:7c:8d:c4:1d:c0:66:d6:e5:20:81:28:d7:3b:f5:
         be:86:c9:ec:b9:bd:63:06:1e:56:97:43:cf:65:67:53:f2:8c:
         28:3b:56:e3:d2:c1:2c:4f:c3:0d:66:47:fc:d0:42:ff:e1:d9:
         6f:7f:9b:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkz6tvXw4wzTeS09cpV/x07MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjUwOTEwMTM1NzMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjEyYWY1ZTVmZTZmNjc2NDExM2VmZWJjNThjYjczNzQ3NzA0YTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4YqH+l5sZGugu4JlyA0FPBSSNIM
8yKX+yiZTmmn3wGA9PMst1d+Zg3znDhZ1pUUifs0SpDPK9DflIVZt9BXBQvmR6Oj
yFH8p5WbtLBtSnFKAWUeT1Im40mhh7susvFERMraX7MtesaYuK7anU2m+IJOy4Qa
R8Rsih9OhXsZuSDk/4pMKnpToM03zWz8pzMNQrw2n8Vbd9Nj3LyazkfU3j69JwhF
zFmQW+9pB2YUQRiMeqxlRjG0OKw1oMAue6gtLk0RG1GG/yuUT1Q0uBqllsuz3hVv
cFjwEdBOiVRKNcUuWUJc+WJmThUz596N0KMblrdC0Nhw7YoUHgoh51coxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFISr15f5vZ2QRPv68WMtzdHcEpkMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvVWhLdlhsX205blpCRS1fcnhZeTNOMGR3U21RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURaIMA0G
CSqGSIb3DQEBCwUAA4IBAQBjBKDjHO0en/vySUw4POZnO/Z6ZtgwaijfiLm4ZIr2
wtnRfufmdASZkJNxjktKo/Rc+zWCmP77VYEFqXLb5eD0imkTjHJZkvhEdg/GJ0XA
DZ11FDcRaddzrh/GzNk/19cgRr5XvqfwDwfLXYQ8xhca3lxFXwo9sc4JFGDhXVk9
UF/un0afpWzyNCqSLYrRX8tCQ4gez2bxqZq+7j5eN/PUgZDspeRAmFKPjPbvthr8
eyNtwVz6B/LP4VeNo3Z3ORvxB6W2IfBUaMi5fI3EHcBm1uUggSjXO/W+hsnsub1j
Bh5Wl0PPZWdT8owoO1bj0sEsT8MNZkf80EL/4dlvf5tU
-----END CERTIFICATE-----