Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/n2vcpbDZB6xrxLYvzTHCKhSNz7E.roa
File:                     n2vcpbDZB6xrxLYvzTHCKhSNz7E.roa (raw, json)
Hash identifier:          5XRyQTD9tl7LBp5vTwaP2Vb/AmIajhXwhSGXa4ngEUA=
Subject key identifier:   9F:6B:DC:A5:B0:D9:07:AC:6B:C4:B6:2F:CD:31:C2:2A:14:8D:CF:B1
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       01989D17452D7424EFB971E0676F7CA10BC6
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/n2vcpbDZB6xrxLYvzTHCKhSNz7E.roa
Signing time:             Tue 12 Aug 2025 07:03:24 +0000
ROA not before:           Tue 12 Aug 2025 07:03:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216169
IP address blocks:        85.133.197.0/24 maxlen: 24
                          85.133.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9d:17:45:2d:74:24:ef:b9:71:e0:67:6f:7c:a1:0b:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Aug 12 07:03:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f6bdca5b0d907ac6bc4b62fcd31c22a148dcfb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:5a:63:95:68:a5:dd:79:91:41:34:4e:07:de:
                    36:0d:3f:eb:f3:c8:52:98:7f:b4:54:d2:00:70:11:
                    aa:44:01:b8:4e:32:4c:b3:df:a5:1f:76:52:76:ed:
                    93:b1:4d:ce:c7:0d:88:e6:52:19:ae:22:2d:f5:be:
                    9a:f4:7d:58:06:39:df:75:a7:0c:f7:02:c2:c1:e7:
                    c5:2f:55:5b:d6:0a:c8:b6:81:b1:83:94:79:14:d3:
                    45:b1:34:0a:e1:91:5c:63:e0:83:14:85:50:90:9b:
                    cc:b7:1f:b2:32:d0:82:f3:b4:c3:42:9c:70:10:2a:
                    e2:e2:55:47:5c:e9:bb:5f:ed:a5:d6:29:ea:d6:9e:
                    e5:de:50:5a:76:40:66:15:d5:e9:32:a6:dd:00:42:
                    09:69:18:b0:04:d6:b8:34:3a:08:b2:05:0a:1b:0b:
                    68:5c:7a:4a:ab:39:b4:74:0b:1d:54:a9:e7:ba:79:
                    05:b7:ff:b0:68:bd:22:d8:e6:fb:ea:55:73:03:49:
                    cb:6a:80:0b:e6:a1:ec:01:c6:30:e2:49:9e:77:9b:
                    b6:84:7b:32:7d:2d:c4:f5:93:25:2a:b6:41:12:f9:
                    42:ab:39:89:8d:27:e1:94:8f:84:8e:c9:bf:ee:46:
                    c0:51:66:06:47:5e:75:9b:69:7f:c6:73:db:42:e3:
                    55:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:6B:DC:A5:B0:D9:07:AC:6B:C4:B6:2F:CD:31:C2:2A:14:8D:CF:B1
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/n2vcpbDZB6xrxLYvzTHCKhSNz7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.197.0/24
                  85.133.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:ee:59:69:88:34:03:07:3f:d5:93:ad:4c:5e:59:96:38:34:
         3f:6f:2d:12:80:af:89:4e:53:6f:4a:b6:b8:11:db:a0:77:8e:
         65:3b:81:d2:a4:88:b8:67:07:47:5f:e9:6e:c0:e1:ef:13:6c:
         4c:c8:41:91:57:70:73:00:5e:f8:64:54:6d:ed:97:4d:5b:21:
         fd:05:51:ed:79:33:76:cc:85:f9:e6:b4:d8:93:0f:02:ff:ad:
         d7:ce:a6:9e:a9:88:03:40:d5:12:bf:15:04:90:1c:d3:c5:70:
         c5:be:bc:c7:47:54:5d:03:4d:4f:aa:e9:66:d2:ec:b9:a6:36:
         df:97:4b:1b:f0:a7:0c:c7:49:a4:76:e8:b5:93:35:55:4a:21:
         7e:c9:96:04:fe:39:ad:71:71:fc:f6:99:df:16:46:d3:24:bc:
         55:27:87:11:9f:7a:e0:d8:b2:4c:b5:4c:5c:5b:73:ca:af:ba:
         e0:82:66:39:0e:68:72:2b:cf:39:22:b2:28:8c:c0:a1:b8:5a:
         b2:8c:36:8a:0b:24:07:ce:79:21:8c:16:ab:11:53:97:1a:0d:
         01:b5:64:71:0e:e3:35:6a:f7:8e:d3:87:0e:80:71:26:da:ea:
         03:dd:fc:8f:c7:b6:cb:85:9b:6b:3b:e0:7c:3d:c9:ea:3a:4a:
         ba:d2:86:44
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZidF0UtdCTvuXHgZ298oQvGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjUwODEyMDcwMzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjZiZGNhNWIwZDkwN2FjNmJjNGI2MmZjZDMxYzIyYTE0OGRjZmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1VpjlWil3XmRQTROB942DT/r88hS
mH+0VNIAcBGqRAG4TjJMs9+lH3ZSdu2TsU3Oxw2I5lIZriIt9b6a9H1YBjnfdacM
9wLCwefFL1Vb1grItoGxg5R5FNNFsTQK4ZFcY+CDFIVQkJvMtx+yMtCC87TDQpxw
ECri4lVHXOm7X+2l1inq1p7l3lBadkBmFdXpMqbdAEIJaRiwBNa4NDoIsgUKGwto
XHpKqzm0dAsdVKnnunkFt/+waL0i2Ob76lVzA0nLaoAL5qHsAcYw4kmed5u2hHsy
fS3E9ZMlKrZBEvlCqzmJjSfhlI+Ejsm/7kbAUWYGR151m2l/xnPbQuNVdQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ9r3KWw2Qesa8S2L80xwioUjc+xMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvbjJ2Y3BiRFpCNnhyeExZdnpUSENLaFNOejdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVYXFAwQA
VYX5MA0GCSqGSIb3DQEBCwUAA4IBAQB37llpiDQDBz/Vk61MXlmWODQ/by0SgK+J
TlNvSra4Edugd45lO4HSpIi4ZwdHX+luwOHvE2xMyEGRV3BzAF74ZFRt7ZdNWyH9
BVHteTN2zIX55rTYkw8C/63XzqaeqYgDQNUSvxUEkBzTxXDFvrzHR1RdA01Pqulm
0uy5pjbfl0sb8KcMx0mkdui1kzVVSiF+yZYE/jmtcXH89pnfFkbTJLxVJ4cRn3rg
2LJMtUxcW3PKr7rggmY5DmhyK885IrIojMChuFqyjDaKCyQHznkhjBarEVOXGg0B
tWRxDuM1aveO04cOgHEm2uoD3fyPx7bLhZtrO+B8PcnqOkq60oZE
-----END CERTIFICATE-----