Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/KFUGUcvmIlpq5q-ckZr_I-ACd8A.roa
File:                     KFUGUcvmIlpq5q-ckZr_I-ACd8A.roa (raw, json)
Hash identifier:          AxeqJ69DtzRoZ5va8UeQbeRY3eDeB2zp97Cos2PtkpE=
Subject key identifier:   28:55:06:51:CB:E6:22:5A:6A:E6:AF:9C:91:9A:FF:23:E0:02:77:C0
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0198CB5C0D81B8714C2B935F1A5AD475EC2A
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/KFUGUcvmIlpq5q-ckZr_I-ACd8A.roa
Signing time:             Thu 21 Aug 2025 06:41:04 +0000
ROA not before:           Thu 21 Aug 2025 06:41:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29066
IP address blocks:        83.137.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cb:5c:0d:81:b8:71:4c:2b:93:5f:1a:5a:d4:75:ec:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Aug 21 06:41:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28550651cbe6225a6ae6af9c919aff23e00277c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:91:58:3e:1a:1e:7d:73:7f:24:e5:3b:01:65:
                    92:f4:f1:1a:18:42:9b:a3:91:c7:fc:7e:b3:bb:21:
                    06:91:f9:f1:cb:8f:df:d4:29:e3:b2:68:56:af:4e:
                    5e:6d:0d:fc:71:27:f6:57:48:db:34:26:f2:97:9f:
                    9d:c7:c0:cd:e0:b0:86:88:7c:6c:07:df:c6:08:4d:
                    19:3c:80:a9:8f:31:e6:d6:f6:6b:51:34:30:db:95:
                    8e:aa:35:d4:0c:8f:55:24:66:f0:db:d8:1d:4e:f6:
                    e2:75:03:ee:d0:b6:4a:07:9c:76:0d:b5:6a:5b:c6:
                    02:7d:95:f7:73:33:6c:3b:42:dd:0f:98:b4:70:9c:
                    4e:a6:76:aa:bc:67:82:b7:ce:d1:b6:66:ba:79:d5:
                    f4:71:fe:ec:a3:f4:8d:e0:a7:e6:ec:1c:82:ad:78:
                    84:1e:03:ac:cd:0b:09:49:27:da:f7:fd:77:61:e3:
                    8d:78:25:23:44:fb:40:3c:d4:12:6c:bf:14:e5:70:
                    c1:4d:f3:75:e2:57:49:9d:99:a9:b0:66:69:65:c1:
                    92:d9:56:5b:be:85:e6:73:c9:e1:05:aa:5a:10:20:
                    d9:1a:fe:a1:26:bb:59:b0:68:5b:a4:6e:42:4b:77:
                    4f:a2:ac:d5:f0:ab:87:12:c3:83:8b:95:be:44:52:
                    ce:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:55:06:51:CB:E6:22:5A:6A:E6:AF:9C:91:9A:FF:23:E0:02:77:C0
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/KFUGUcvmIlpq5q-ckZr_I-ACd8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:45:32:51:6e:c3:7d:75:68:37:b7:17:cf:5f:92:10:e5:f0:
         1e:5f:7b:dd:45:b0:07:bd:a0:53:e5:c5:3c:46:e5:1a:9d:d7:
         6b:9b:70:ab:89:07:14:a4:35:e6:67:57:2e:59:ae:0b:e3:c6:
         ad:d4:e8:90:99:0a:f4:f5:c4:f4:b7:c5:9f:2e:5c:cb:99:a7:
         ea:43:37:89:38:3a:00:89:81:60:b7:8f:cf:38:97:5d:ce:af:
         b8:5f:5d:15:17:a7:2c:a2:97:9b:cb:13:8e:c9:66:a6:11:99:
         c6:05:28:a2:4f:5e:b1:1b:b7:70:d8:7e:41:6e:66:19:05:11:
         32:80:d7:e0:0e:1e:71:79:0a:de:82:4d:1d:64:0b:94:ae:89:
         df:46:b1:8e:8d:bb:3a:93:bb:44:95:ab:f3:6a:45:b6:8b:a8:
         37:e0:1c:9a:9f:71:2b:9c:5f:65:af:13:a7:f3:5c:07:28:80:
         ea:3a:d3:99:e1:8b:18:94:0a:df:b0:2c:2a:8a:df:93:50:bf:
         ff:4f:43:47:3e:aa:e1:aa:80:68:82:80:d8:22:4e:4d:8a:f1:
         e8:6b:e0:46:a5:59:2f:24:57:4a:cf:9e:83:52:ba:b0:43:f5:
         3a:57:dd:c2:97:16:0a:49:1f:0c:b1:cb:7b:9c:f5:37:0c:8f:
         0d:ee:a5:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjLXA2BuHFMK5NfGlrUdewqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUwODIxMDY0MTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODU1MDY1MWNiZTYyMjVhNmFlNmFmOWM5MTlhZmYyM2UwMDI3N2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJFYPhoefXN/JOU7AWWS9PEaGEKb
o5HH/H6zuyEGkfnxy4/f1CnjsmhWr05ebQ38cSf2V0jbNCbyl5+dx8DN4LCGiHxs
B9/GCE0ZPICpjzHm1vZrUTQw25WOqjXUDI9VJGbw29gdTvbidQPu0LZKB5x2DbVq
W8YCfZX3czNsO0LdD5i0cJxOpnaqvGeCt87Rtma6edX0cf7so/SN4Kfm7ByCrXiE
HgOszQsJSSfa9/13YeONeCUjRPtAPNQSbL8U5XDBTfN14ldJnZmpsGZpZcGS2VZb
voXmc8nhBapaECDZGv6hJrtZsGhbpG5CS3dPoqzV8KuHEsODi5W+RFLOgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFChVBlHL5iJaauavnJGa/yPgAnfAMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvS0ZVR1Vjdm1JbHBxNXEtY2tacl9JLUFDZDhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU4meMA0G
CSqGSIb3DQEBCwUAA4IBAQAKRTJRbsN9dWg3txfPX5IQ5fAeX3vdRbAHvaBT5cU8
RuUanddrm3CriQcUpDXmZ1cuWa4L48at1OiQmQr09cT0t8WfLlzLmafqQzeJODoA
iYFgt4/POJddzq+4X10VF6csopebyxOOyWamEZnGBSiiT16xG7dw2H5BbmYZBREy
gNfgDh5xeQregk0dZAuUronfRrGOjbs6k7tElavzakW2i6g34Byan3ErnF9lrxOn
81wHKIDqOtOZ4YsYlArfsCwqit+TUL//T0NHPqrhqoBogoDYIk5NivHoa+BGpVkv
JFdKz56DUrqwQ/U6V93ClxYKSR8Msct7nPU3DI8N7qVr
-----END CERTIFICATE-----