Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/9e884e-17e4-4271-ac89-cb3fa407e0f4/1/U08W2KflM_3EvK4hUoGMDawSFr8.roa
File:                     U08W2KflM_3EvK4hUoGMDawSFr8.roa (raw, json)
Hash identifier:          O5Hds9IXa1qN2RUUFQrPf5uOEOZLuUsI3gxYVdP8ubA=
Subject key identifier:   53:4F:16:D8:A7:E5:33:FD:C4:BC:AE:21:52:81:8C:0D:AC:12:16:BF
Certificate issuer:       /CN=13b4f6b90167b71bd663fa0391e038a0155bb939
Certificate serial:       0197E9E4B2C40F6E5CE342F8A8308EA57ADD
Authority key identifier: 13:B4:F6:B9:01:67:B7:1B:D6:63:FA:03:91:E0:38:A0:15:5B:B9:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E7T2uQFntxvWY_oDkeA4oBVbuTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/9e884e-17e4-4271-ac89-cb3fa407e0f4/1/U08W2KflM_3EvK4hUoGMDawSFr8.roa
Signing time:             Tue 08 Jul 2025 11:56:08 +0000
ROA not before:           Tue 08 Jul 2025 11:56:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        85.31.40.0/24 maxlen: 24
                          85.31.41.0/24 maxlen: 24
                          85.31.42.0/24 maxlen: 24
                          85.31.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/9e884e-17e4-4271-ac89-cb3fa407e0f4/1/E7T2uQFntxvWY_oDkeA4oBVbuTk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/9e884e-17e4-4271-ac89-cb3fa407e0f4/1/E7T2uQFntxvWY_oDkeA4oBVbuTk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E7T2uQFntxvWY_oDkeA4oBVbuTk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 02:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e9:e4:b2:c4:0f:6e:5c:e3:42:f8:a8:30:8e:a5:7a:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13b4f6b90167b71bd663fa0391e038a0155bb939
        Validity
            Not Before: Jul  8 11:56:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=534f16d8a7e533fdc4bcae2152818c0dac1216bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:44:5e:d5:e1:b9:2b:74:17:c9:dd:9d:a9:9e:
                    88:ee:47:85:d4:9e:e1:95:78:3a:f2:59:71:ce:af:
                    f7:9c:1a:c4:12:f4:7e:10:9d:f7:a1:e8:54:11:b5:
                    36:fc:37:fb:23:a9:fb:bc:1d:48:5d:8d:29:bf:db:
                    a5:86:80:e1:9a:16:86:37:58:13:c2:54:8e:d9:e3:
                    e0:e7:39:37:af:44:94:d2:be:37:09:86:94:cd:9a:
                    13:98:5f:fb:28:f1:9a:2f:3d:dc:8e:78:57:21:e0:
                    0a:ae:cc:8a:56:1c:27:63:e1:91:54:b1:93:f9:ce:
                    71:88:ee:12:50:1e:87:8f:5c:37:25:a1:74:d1:79:
                    f9:dc:33:54:07:12:fe:df:d0:dd:ee:30:5f:de:d2:
                    f1:9c:87:2a:e0:34:9b:72:73:99:ca:f4:e8:20:06:
                    a5:4e:1c:16:14:7f:09:49:37:11:55:41:00:b9:18:
                    2b:e4:74:20:4a:45:4c:ab:c3:0d:82:39:b7:e4:b5:
                    f0:90:2b:46:28:67:5c:4d:da:78:83:b9:b9:7e:2d:
                    40:36:5d:f6:f9:15:f8:c1:26:0c:19:d2:72:0c:d6:
                    ad:be:61:03:b4:d7:dc:a8:c6:c5:1e:2e:f1:a2:e5:
                    11:c7:d7:96:a7:ea:dd:df:22:10:b6:d7:0e:0e:e1:
                    c2:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:4F:16:D8:A7:E5:33:FD:C4:BC:AE:21:52:81:8C:0D:AC:12:16:BF
            X509v3 Authority Key Identifier:
                keyid:13:B4:F6:B9:01:67:B7:1B:D6:63:FA:03:91:E0:38:A0:15:5B:B9:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E7T2uQFntxvWY_oDkeA4oBVbuTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/9e884e-17e4-4271-ac89-cb3fa407e0f4/1/U08W2KflM_3EvK4hUoGMDawSFr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/9e884e-17e4-4271-ac89-cb3fa407e0f4/1/E7T2uQFntxvWY_oDkeA4oBVbuTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:ca:ae:11:a9:9b:90:6f:8b:13:72:aa:91:9f:ff:b7:9c:29:
         b2:d0:ea:46:5c:90:96:41:ab:c9:50:63:ee:86:de:ea:ba:7f:
         76:12:f9:17:21:ed:6a:a5:c4:41:b1:b6:4e:a9:fb:99:50:b2:
         39:79:35:30:f0:f7:04:db:37:23:9a:87:94:0e:4f:08:ef:22:
         3a:67:81:05:07:77:53:3b:95:78:28:ab:7d:00:a7:10:5a:bf:
         ad:00:c7:f4:de:78:d5:91:13:3a:af:07:20:2b:c7:0d:a5:6c:
         83:66:ab:21:6f:7d:2e:1c:08:70:65:79:87:11:a9:dd:a0:8b:
         92:57:0f:0c:09:f8:76:ef:cc:1c:29:24:1e:d7:0b:0a:93:95:
         d9:70:c2:cd:3e:0c:22:c9:b2:6e:ff:6f:03:b3:d8:2b:80:3e:
         bf:6d:21:73:08:49:c9:7d:ea:2c:29:a1:81:27:e0:ea:e8:e9:
         76:f3:21:df:b7:01:15:04:b9:ac:e4:70:ea:a8:1f:8a:b1:34:
         f0:fe:9f:f4:6b:d2:02:e5:37:4d:1c:74:2d:a7:53:04:f0:13:
         80:1f:b7:40:3d:25:1e:f1:86:5f:58:60:ff:b9:73:e5:97:8d:
         92:bc:77:24:8c:06:d5:fb:61:b9:7b:25:e4:38:da:f9:68:3f:
         05:9a:21:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfp5LLED25c40L4qDCOpXrdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzYjRmNmI5MDE2N2I3MWJkNjYzZmEwMzkxZTAzOGEwMTU1
YmI5MzkwHhcNMjUwNzA4MTE1NjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzRmMTZkOGE3ZTUzM2ZkYzRiY2FlMjE1MjgxOGMwZGFjMTIxNmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokRe1eG5K3QXyd2dqZ6I7keF1J7h
lXg68llxzq/3nBrEEvR+EJ33oehUEbU2/Df7I6n7vB1IXY0pv9ulhoDhmhaGN1gT
wlSO2ePg5zk3r0SU0r43CYaUzZoTmF/7KPGaLz3cjnhXIeAKrsyKVhwnY+GRVLGT
+c5xiO4SUB6Hj1w3JaF00Xn53DNUBxL+39Dd7jBf3tLxnIcq4DSbcnOZyvToIAal
ThwWFH8JSTcRVUEAuRgr5HQgSkVMq8MNgjm35LXwkCtGKGdcTdp4g7m5fi1ANl32
+RX4wSYMGdJyDNatvmEDtNfcqMbFHi7xouURx9eWp+rd3yIQttcODuHCqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFNPFtin5TP9xLyuIVKBjA2sEha/MB8GA1UdIwQY
MBaAFBO09rkBZ7cb1mP6A5HgOKAVW7k5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTdUMnVRRm50eHZXWV9vRGtlQTRvQlZidVRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC85ZTg4NGUtMTdlNC00MjcxLWFjODkt
Y2IzZmE0MDdlMGY0LzEvVTA4VzJLZmxNXzNFdks0aFVvR01EYXdTRnI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC85ZTg4NGUtMTdlNC00MjcxLWFjODktY2IzZmE0MDdlMGY0
LzEvRTdUMnVRRm50eHZXWV9vRGtlQTRvQlZidVRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVR8oMA0G
CSqGSIb3DQEBCwUAA4IBAQCVyq4RqZuQb4sTcqqRn/+3nCmy0OpGXJCWQavJUGPu
ht7qun92EvkXIe1qpcRBsbZOqfuZULI5eTUw8PcE2zcjmoeUDk8I7yI6Z4EFB3dT
O5V4KKt9AKcQWr+tAMf03njVkRM6rwcgK8cNpWyDZqshb30uHAhwZXmHEandoIuS
Vw8MCfh278wcKSQe1wsKk5XZcMLNPgwiybJu/28Ds9grgD6/bSFzCEnJfeosKaGB
J+Dq6Ol28yHftwEVBLms5HDqqB+KsTTw/p/0a9IC5TdNHHQtp1ME8BOAH7dAPSUe
8YZfWGD/uXPll42SvHckjAbV+2G5eyXkONr5aD8FmiEF
-----END CERTIFICATE-----