Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/kT-9aZ8PqlfT-VcjyzgIGjoK45k.roa
File:                     kT-9aZ8PqlfT-VcjyzgIGjoK45k.roa (raw, json)
Hash identifier:          GXEy5f6ZMAPtdjysI4zwNtCcC/imdXdb1ZPEUBC58HA=
Subject key identifier:   91:3F:BD:69:9F:0F:AA:57:D3:F9:57:23:CB:38:08:1A:3A:0A:E3:99
Certificate issuer:       /CN=a499903dab85f6a59772b3edfd4bf0e491af57c4
Certificate serial:       0198326830AF85DA0796FA6A23C3E8092208
Authority key identifier: A4:99:90:3D:AB:85:F6:A5:97:72:B3:ED:FD:4B:F0:E4:91:AF:57:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/kT-9aZ8PqlfT-VcjyzgIGjoK45k.roa
Signing time:             Tue 22 Jul 2025 13:52:25 +0000
ROA not before:           Tue 22 Jul 2025 13:52:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1275
IP address blocks:        212.201.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 11:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:32:68:30:af:85:da:07:96:fa:6a:23:c3:e8:09:22:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a499903dab85f6a59772b3edfd4bf0e491af57c4
        Validity
            Not Before: Jul 22 13:52:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=913fbd699f0faa57d3f95723cb38081a3a0ae399
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:48:1f:e1:1c:62:52:45:4a:a7:da:49:83:98:
                    56:23:e1:ee:aa:9b:4a:7c:ec:cd:31:9f:46:3c:9b:
                    8f:54:3e:7d:32:ea:d0:d4:6a:5d:5a:88:43:da:2d:
                    51:7c:79:43:72:a2:9a:1a:b5:23:df:d9:c0:4b:f6:
                    01:e6:c0:11:93:6a:2b:ed:a4:31:55:d8:22:03:13:
                    e6:4d:81:97:95:00:7d:95:d2:e6:c2:49:2a:4f:89:
                    38:c3:6d:bd:24:0f:29:6d:38:f9:85:0c:73:e2:ad:
                    04:15:2f:d0:a6:91:ca:bb:6f:e1:31:64:7c:fa:6b:
                    c1:84:81:e2:9b:5e:64:af:a5:39:fa:53:a7:16:2d:
                    9a:05:c5:b6:d1:ea:05:da:b6:e9:1a:74:92:5c:d8:
                    aa:76:6a:39:3e:7a:da:15:b2:60:20:7c:bd:55:7e:
                    80:97:17:75:bd:fe:ee:52:ce:79:0f:c5:08:7a:92:
                    83:63:ba:da:18:3a:d8:74:2e:65:2d:6e:64:6d:c8:
                    ee:53:0a:90:07:9d:84:a6:9d:fd:91:97:f4:08:b6:
                    7a:02:60:dd:1c:80:7d:02:47:25:99:30:7e:96:9d:
                    98:ca:75:22:69:90:08:c6:be:b4:0a:d2:fe:4f:f5:
                    ac:4d:7d:36:08:dd:1b:34:e0:63:a3:ae:b4:aa:1f:
                    fd:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:3F:BD:69:9F:0F:AA:57:D3:F9:57:23:CB:38:08:1A:3A:0A:E3:99
            X509v3 Authority Key Identifier:
                keyid:A4:99:90:3D:AB:85:F6:A5:97:72:B3:ED:FD:4B:F0:E4:91:AF:57:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/kT-9aZ8PqlfT-VcjyzgIGjoK45k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.201.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:c2:50:b1:0f:e6:f3:a6:79:38:19:ad:ff:70:05:84:94:62:
         f1:42:53:77:6b:88:ae:4a:8b:da:e4:e0:28:b1:db:12:f9:aa:
         39:7f:f7:c1:eb:29:88:18:a0:6b:e3:e5:6c:cf:14:1e:15:3c:
         21:7c:37:fa:4a:0f:4b:ed:b7:9b:34:37:77:b4:9a:c9:d6:79:
         81:70:08:98:c2:a2:f0:2e:c8:91:3b:18:d6:3a:7a:8d:5c:d6:
         ae:e8:a4:2f:0f:32:d7:29:47:2c:4e:b9:99:08:8e:0f:b9:0f:
         af:54:b6:3f:fd:58:f8:b2:2e:69:30:e8:8a:d8:83:bd:e3:d9:
         9d:59:c6:5f:3f:b7:eb:7e:39:ec:eb:a1:e8:5f:79:dd:75:43:
         42:04:5f:ac:fe:c4:77:42:38:ef:a3:9b:38:df:3d:a0:c3:16:
         a8:65:25:23:ec:ca:31:2b:c0:b0:d6:50:9d:8b:48:31:ff:7f:
         cb:a2:d0:f1:77:75:e5:e0:7b:42:f9:0d:f1:22:9c:97:87:cf:
         08:6c:38:08:e0:66:04:65:2a:31:20:b0:43:07:28:f2:66:66:
         ae:dd:2d:9a:e0:82:88:df:d3:fb:2c:ec:2f:65:2a:87:f5:04:
         6a:89:7e:0d:2e:50:68:b5:52:c6:69:ac:3e:f9:96:10:73:d7:
         d0:23:4d:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgyaDCvhdoHlvpqI8PoCSIIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0OTk5MDNkYWI4NWY2YTU5NzcyYjNlZGZkNGJmMGU0OTFh
ZjU3YzQwHhcNMjUwNzIyMTM1MjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTNmYmQ2OTlmMGZhYTU3ZDNmOTU3MjNjYjM4MDgxYTNhMGFlMzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00gf4RxiUkVKp9pJg5hWI+HuqptK
fOzNMZ9GPJuPVD59MurQ1GpdWohD2i1RfHlDcqKaGrUj39nAS/YB5sARk2or7aQx
VdgiAxPmTYGXlQB9ldLmwkkqT4k4w229JA8pbTj5hQxz4q0EFS/QppHKu2/hMWR8
+mvBhIHim15kr6U5+lOnFi2aBcW20eoF2rbpGnSSXNiqdmo5PnraFbJgIHy9VX6A
lxd1vf7uUs55D8UIepKDY7raGDrYdC5lLW5kbcjuUwqQB52Epp39kZf0CLZ6AmDd
HIB9AkclmTB+lp2YynUiaZAIxr60CtL+T/WsTX02CN0bNOBjo660qh/9mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJE/vWmfD6pX0/lXI8s4CBo6CuOZMB8GA1UdIwQY
MBaAFKSZkD2rhfall3Kz7f1L8OSRr1fEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEptUVBhdUY5cVdYY3JQdF9Vdnc1Skd2VjhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC84ZWRhOWEtZDEzYy00NDMwLThjZjQt
NTdlYzEyZTg2NDFlLzEva1QtOWFaOFBxbGZULVZjanl6Z0lHam9LNDVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC84ZWRhOWEtZDEzYy00NDMwLThjZjQtNTdlYzEyZTg2NDFl
LzEvcEptUVBhdUY5cVdYY3JQdF9Vdnc1Skd2VjhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Mn/MA0G
CSqGSIb3DQEBCwUAA4IBAQBnwlCxD+bzpnk4Ga3/cAWElGLxQlN3a4iuSova5OAo
sdsS+ao5f/fB6ymIGKBr4+VszxQeFTwhfDf6Sg9L7bebNDd3tJrJ1nmBcAiYwqLw
LsiROxjWOnqNXNau6KQvDzLXKUcsTrmZCI4PuQ+vVLY//Vj4si5pMOiK2IO949md
WcZfP7frfjns66HoX3nddUNCBF+s/sR3Qjjvo5s43z2gwxaoZSUj7MoxK8Cw1lCd
i0gx/3/LotDxd3Xl4HtC+Q3xIpyXh88IbDgI4GYEZSoxILBDByjyZmau3S2a4IKI
39P7LOwvZSqH9QRqiX4NLlBotVLGaaw++ZYQc9fQI01I
-----END CERTIFICATE-----