Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/pR8X201cE488GDij0jEDtJgNAT4.roa
File:                     pR8X201cE488GDij0jEDtJgNAT4.roa (raw, json)
Hash identifier:          55G0ARH5uqyYFb+VPNX9cf5T1AwygrlThtDL14wWHjY=
Subject key identifier:   A5:1F:17:DB:4D:5C:13:8F:3C:18:38:A3:D2:31:03:B4:98:0D:01:3E
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       0198A2BFA3275CFE867990C48605851352EE
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/pR8X201cE488GDij0jEDtJgNAT4.roa
Signing time:             Wed 13 Aug 2025 09:25:24 +0000
ROA not before:           Wed 13 Aug 2025 09:25:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215350
IP address blocks:        85.133.207.0/24 maxlen: 24
                          85.133.215.0/24 maxlen: 24
                          85.133.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a2:bf:a3:27:5c:fe:86:79:90:c4:86:05:85:13:52:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Aug 13 09:25:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a51f17db4d5c138f3c1838a3d23103b4980d013e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:1c:fb:ab:8f:f9:16:a3:83:3b:9f:33:80:50:
                    93:b4:21:c6:72:5f:3f:9c:eb:a8:a9:a1:98:a1:53:
                    15:0f:8e:27:1b:9a:c4:8a:8b:bb:f2:7d:f5:bd:1a:
                    46:98:eb:41:7c:07:84:21:69:91:34:21:e1:cf:d7:
                    b6:d4:2e:4b:16:05:78:ae:19:6f:9d:c8:ba:e5:51:
                    5b:cb:e8:11:b6:ec:71:0b:1c:f6:3c:78:1b:df:3c:
                    c6:c6:26:05:fc:95:5a:48:ce:b3:f4:b5:ff:05:8c:
                    01:6b:e6:c8:51:7b:a9:7d:68:d6:2d:80:8f:3f:43:
                    11:9e:d5:de:ce:03:7f:03:98:bb:0b:11:ec:d3:c8:
                    4c:fb:80:90:5f:4d:07:32:07:84:19:78:de:88:f2:
                    21:63:bb:d5:f7:fe:03:5f:25:96:ec:d6:c6:a4:10:
                    fd:81:24:01:5e:35:ba:37:ad:51:99:9d:fc:22:49:
                    d6:5f:f4:19:0a:a8:01:45:70:dd:5c:04:2a:13:f2:
                    85:4d:57:04:e8:95:43:90:ca:c7:be:03:c0:64:a2:
                    9d:8b:0d:69:6f:46:e4:a1:86:08:5e:09:2f:18:5b:
                    86:45:bd:a9:19:13:14:e6:54:d0:81:1f:87:89:8e:
                    a9:90:d9:5b:af:c2:4f:d2:4d:4d:3d:9e:68:ef:51:
                    2c:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:1F:17:DB:4D:5C:13:8F:3C:18:38:A3:D2:31:03:B4:98:0D:01:3E
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/pR8X201cE488GDij0jEDtJgNAT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.207.0/24
                  85.133.215.0/24
                  85.133.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:ad:98:1f:f2:ca:3b:e9:72:41:4d:7b:9f:87:cb:ef:ca:aa:
         d4:1c:ae:5e:b4:30:c7:80:28:4b:ce:07:3a:b4:ab:41:13:37:
         3e:8f:34:c4:06:76:e3:c9:21:c6:c8:c1:fe:37:42:3b:7f:25:
         73:4c:e7:97:5e:0b:ec:92:3a:10:cd:5e:69:32:0b:85:cf:11:
         9f:a8:90:75:b1:41:42:d4:6d:88:0f:89:38:10:91:3e:eb:a8:
         d2:fb:8d:b0:4d:b5:63:40:07:3d:c7:4f:16:54:73:84:b0:1a:
         a2:62:62:cc:c6:6a:45:e2:81:88:13:20:39:d9:72:14:20:ce:
         bc:51:dd:cb:39:c1:8c:bc:55:ac:3f:82:af:d6:a7:e8:c1:56:
         27:78:4c:90:4d:80:5c:7c:b7:b5:42:ae:43:c6:38:2f:af:53:
         1b:40:8c:b2:51:0d:9d:11:a4:e6:be:b0:0d:45:45:9e:1f:8f:
         27:15:c6:9c:3f:6a:77:d3:09:89:16:94:4f:b3:00:da:86:e9:
         8f:57:df:d4:37:c4:a5:07:9c:52:56:dc:ee:c9:df:87:fc:c8:
         6f:2e:f7:b8:0a:df:e4:89:9d:29:fc:78:45:63:7f:78:74:00:
         96:73:83:01:02:d7:18:3d:2c:7c:d9:18:d3:ee:3e:4b:fe:b6:
         e8:e4:5a:4f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZiiv6MnXP6GeZDEhgWFE1LuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjUwODEzMDkyNTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTFmMTdkYjRkNWMxMzhmM2MxODM4YTNkMjMxMDNiNDk4MGQwMTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Bz7q4/5FqODO58zgFCTtCHGcl8/
nOuoqaGYoVMVD44nG5rEiou78n31vRpGmOtBfAeEIWmRNCHhz9e21C5LFgV4rhlv
nci65VFby+gRtuxxCxz2PHgb3zzGxiYF/JVaSM6z9LX/BYwBa+bIUXupfWjWLYCP
P0MRntXezgN/A5i7CxHs08hM+4CQX00HMgeEGXjeiPIhY7vV9/4DXyWW7NbGpBD9
gSQBXjW6N61RmZ38IknWX/QZCqgBRXDdXAQqE/KFTVcE6JVDkMrHvgPAZKKdiw1p
b0bkoYYIXgkvGFuGRb2pGRMU5lTQgR+HiY6pkNlbr8JP0k1NPZ5o71EsPwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKUfF9tNXBOPPBg4o9IxA7SYDQE+MB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvcFI4WDIwMWNFNDg4R0RpajBqRUR0SmdOQVQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVYXPAwQA
VYXXAwQAVYXcMA0GCSqGSIb3DQEBCwUAA4IBAQArrZgf8so76XJBTXufh8vvyqrU
HK5etDDHgChLzgc6tKtBEzc+jzTEBnbjySHGyMH+N0I7fyVzTOeXXgvskjoQzV5p
MguFzxGfqJB1sUFC1G2ID4k4EJE+66jS+42wTbVjQAc9x08WVHOEsBqiYmLMxmpF
4oGIEyA52XIUIM68Ud3LOcGMvFWsP4Kv1qfowVYneEyQTYBcfLe1Qq5Dxjgvr1Mb
QIyyUQ2dEaTmvrANRUWeH48nFcacP2p30wmJFpRPswDahumPV9/UN8SlB5xSVtzu
yd+H/MhvLve4Ct/kiZ0p/HhFY394dACWc4MBAtcYPSx82RjT7j5L/rbo5FpP
-----END CERTIFICATE-----