Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/50f08f-f907-44de-be94-05764c7edaa7/1/9b23r5dTMPyh48lf-ARDs_h89Qw.roa
File:                     9b23r5dTMPyh48lf-ARDs_h89Qw.roa (raw, json)
Hash identifier:          WWbvC+50HLDLUoSb1icbjf3J+3CktO1G6aw8ss6OERc=
Subject key identifier:   F5:BD:B7:AF:97:53:30:FC:A1:E3:C9:5F:F8:04:43:B3:F8:7C:F5:0C
Certificate issuer:       /CN=4ab6d7c468d092c921314d66473cfa53851cd686
Certificate serial:       0199153254DA65AF1725D5ABB4F3C06DE735
Authority key identifier: 4A:B6:D7:C4:68:D0:92:C9:21:31:4D:66:47:3C:FA:53:85:1C:D6:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SrbXxGjQkskhMU1mRzz6U4Uc1oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/50f08f-f907-44de-be94-05764c7edaa7/1/9b23r5dTMPyh48lf-ARDs_h89Qw.roa
Signing time:             Thu 04 Sep 2025 14:47:23 +0000
ROA not before:           Thu 04 Sep 2025 14:47:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207368
IP address blocks:        185.55.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/50f08f-f907-44de-be94-05764c7edaa7/1/SrbXxGjQkskhMU1mRzz6U4Uc1oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/50f08f-f907-44de-be94-05764c7edaa7/1/SrbXxGjQkskhMU1mRzz6U4Uc1oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SrbXxGjQkskhMU1mRzz6U4Uc1oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:15:32:54:da:65:af:17:25:d5:ab:b4:f3:c0:6d:e7:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ab6d7c468d092c921314d66473cfa53851cd686
        Validity
            Not Before: Sep  4 14:47:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5bdb7af975330fca1e3c95ff80443b3f87cf50c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:e4:d2:77:c2:d5:74:09:26:78:54:2c:62:72:
                    5c:52:40:ac:85:87:29:6f:56:16:84:a0:6d:5d:3f:
                    32:1d:6d:06:a0:f8:3a:12:92:99:d2:ae:40:96:f5:
                    8e:30:a5:aa:51:4d:3b:bb:af:dd:da:67:39:0d:9c:
                    7a:9e:e9:f9:32:42:7d:af:8c:bf:63:e8:d7:8d:79:
                    0a:4f:27:ea:c0:d0:c3:bc:56:e0:a5:4f:05:5d:12:
                    5d:09:5a:e9:33:d7:30:f8:f1:14:7e:6b:f1:79:53:
                    42:bf:f5:73:59:94:fb:4b:24:ea:24:b1:af:a7:06:
                    f6:b9:49:ba:78:39:64:1d:fa:c3:c4:ab:6a:74:f1:
                    b6:af:f8:48:b3:06:8f:82:e7:ad:fb:29:95:5e:07:
                    ed:8d:fa:a6:2a:a4:68:1b:19:3e:02:84:25:92:a8:
                    71:d5:a5:19:a1:cf:89:91:9d:70:4e:28:e6:ea:df:
                    16:f2:06:f0:34:89:90:d5:59:1c:9c:67:79:84:25:
                    25:1c:4d:4f:c8:6e:b1:50:5f:a7:ac:1f:53:ca:94:
                    6d:39:9d:41:0f:b0:73:35:ff:f3:cc:50:17:ec:c9:
                    b5:92:f8:80:84:ef:fa:84:e3:b3:35:15:46:73:78:
                    ab:3f:96:0b:1c:0e:bf:d1:40:49:2c:7b:74:9c:39:
                    25:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:BD:B7:AF:97:53:30:FC:A1:E3:C9:5F:F8:04:43:B3:F8:7C:F5:0C
            X509v3 Authority Key Identifier:
                keyid:4A:B6:D7:C4:68:D0:92:C9:21:31:4D:66:47:3C:FA:53:85:1C:D6:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SrbXxGjQkskhMU1mRzz6U4Uc1oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/50f08f-f907-44de-be94-05764c7edaa7/1/9b23r5dTMPyh48lf-ARDs_h89Qw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/50f08f-f907-44de-be94-05764c7edaa7/1/SrbXxGjQkskhMU1mRzz6U4Uc1oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.55.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:bf:c1:fa:04:0d:b6:a3:58:29:ac:19:79:a4:db:8f:a7:a4:
         ed:70:79:69:b4:2b:f8:00:66:b7:64:27:7e:2e:b7:0d:ea:c6:
         b9:2d:9d:15:03:be:07:01:91:68:a5:b7:20:6d:0d:6d:2f:75:
         2c:7a:45:97:e6:e6:c7:03:04:13:38:1c:df:b6:a8:44:c6:37:
         0f:08:b0:12:cc:a6:30:7c:87:11:b9:10:8f:5a:91:c9:20:52:
         1e:88:2d:60:dd:eb:09:43:c8:df:ac:6d:95:37:7e:b0:28:a2:
         2b:ab:9e:d6:27:62:4c:02:74:d1:20:81:13:df:2d:9b:8c:9b:
         0b:05:81:12:82:e6:26:15:10:d1:77:35:fc:05:40:d9:08:cd:
         27:e5:33:c7:ef:84:4f:03:64:b4:ed:fd:53:f8:97:2f:8b:a7:
         be:23:d5:75:41:63:d6:3b:b3:3a:bb:66:39:f7:df:8f:e1:5e:
         fa:9e:b9:87:db:0c:2b:2a:90:e7:64:ff:48:53:6f:f0:8b:07:
         b2:05:da:62:b8:6c:cc:3a:1c:4d:21:62:57:a2:2a:2a:4c:6b:
         d0:6a:91:27:03:a0:e5:84:fc:1e:17:28:4b:34:e6:84:cb:68:
         b5:0a:9b:9f:5d:e8:3a:5f:29:3e:9e:99:fd:50:b6:28:88:6d:
         8d:5f:b9:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkVMlTaZa8XJdWrtPPAbec1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhYjZkN2M0NjhkMDkyYzkyMTMxNGQ2NjQ3M2NmYTUzODUx
Y2Q2ODYwHhcNMjUwOTA0MTQ0NzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWJkYjdhZjk3NTMzMGZjYTFlM2M5NWZmODA0NDNiM2Y4N2NmNTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uTSd8LVdAkmeFQsYnJcUkCshYcp
b1YWhKBtXT8yHW0GoPg6EpKZ0q5AlvWOMKWqUU07u6/d2mc5DZx6nun5MkJ9r4y/
Y+jXjXkKTyfqwNDDvFbgpU8FXRJdCVrpM9cw+PEUfmvxeVNCv/VzWZT7SyTqJLGv
pwb2uUm6eDlkHfrDxKtqdPG2r/hIswaPguet+ymVXgftjfqmKqRoGxk+AoQlkqhx
1aUZoc+JkZ1wTijm6t8W8gbwNImQ1VkcnGd5hCUlHE1PyG6xUF+nrB9TypRtOZ1B
D7BzNf/zzFAX7Mm1kviAhO/6hOOzNRVGc3irP5YLHA6/0UBJLHt0nDklgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPW9t6+XUzD8oePJX/gEQ7P4fPUMMB8GA1UdIwQY
MBaAFEq218Ro0JLJITFNZkc8+lOFHNaGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3JiWHhHalFrc2toTVUxbVJ6ejZVNFVjMW9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy81MGYwOGYtZjkwNy00NGRlLWJlOTQt
MDU3NjRjN2VkYWE3LzEvOWIyM3I1ZFRNUHloNDhsZi1BUkRzX2g4OVF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy81MGYwOGYtZjkwNy00NGRlLWJlOTQtMDU3NjRjN2VkYWE3
LzEvU3JiWHhHalFrc2toTVUxbVJ6ejZVNFVjMW9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTeUMA0G
CSqGSIb3DQEBCwUAA4IBAQBuv8H6BA22o1gprBl5pNuPp6TtcHlptCv4AGa3ZCd+
LrcN6sa5LZ0VA74HAZFopbcgbQ1tL3UsekWX5ubHAwQTOBzftqhExjcPCLASzKYw
fIcRuRCPWpHJIFIeiC1g3esJQ8jfrG2VN36wKKIrq57WJ2JMAnTRIIET3y2bjJsL
BYESguYmFRDRdzX8BUDZCM0n5TPH74RPA2S07f1T+Jcvi6e+I9V1QWPWO7M6u2Y5
99+P4V76nrmH2wwrKpDnZP9IU2/wiweyBdpiuGzMOhxNIWJXoioqTGvQapEnA6Dl
hPweFyhLNOaEy2i1CpufXeg6Xyk+npn9ULYoiG2NX7n7
-----END CERTIFICATE-----