Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/cUxNuuncWZfarme1cI14yQnQNsg.roa
File:                     cUxNuuncWZfarme1cI14yQnQNsg.roa (raw, json)
Hash identifier:          PonhIqEq+HlR25qBRv/lgkjVfu5bq061Uc+5tUF57MQ=
Subject key identifier:   71:4C:4D:BA:E9:DC:59:97:DA:AE:67:B5:70:8D:78:C9:09:D0:36:C8
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       019826FDD3DBF4025CA72C0F448347FDBF9B
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/cUxNuuncWZfarme1cI14yQnQNsg.roa
Signing time:             Sun 20 Jul 2025 08:40:25 +0000
ROA not before:           Sun 20 Jul 2025 08:40:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200436
IP address blocks:        185.3.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 16:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:26:fd:d3:db:f4:02:5c:a7:2c:0f:44:83:47:fd:bf:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Jul 20 08:40:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=714c4dbae9dc5997daae67b5708d78c909d036c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:75:a2:89:da:69:e9:df:d7:dc:b6:c0:87:ed:
                    e4:b1:fe:7c:ce:27:e2:2f:15:6f:55:3a:69:da:e9:
                    06:c2:c3:57:d5:86:0a:8c:57:17:f5:e7:e8:4d:bc:
                    c4:9b:5a:ef:01:3e:47:50:8f:91:ba:6c:3a:c0:c3:
                    fa:d8:37:c0:47:3a:bf:fe:ce:a6:b3:ae:7d:41:a0:
                    9f:49:bb:ce:d4:b8:64:c1:c7:40:8d:a8:58:a2:19:
                    f4:11:aa:66:74:8b:67:20:01:35:25:f0:50:17:25:
                    b6:3a:39:61:8b:02:f6:d9:8b:59:db:7b:ee:bb:e9:
                    61:7f:79:a9:a3:ac:96:dc:2a:c1:9e:09:e3:6c:f8:
                    d7:87:be:4d:7b:12:a0:85:6d:23:82:9b:af:12:bd:
                    7f:4c:ae:ae:4d:45:91:0c:56:6c:7d:a7:0c:80:4f:
                    7c:45:5c:4c:98:e2:de:cd:93:0a:e7:da:02:f4:fc:
                    5d:23:40:e9:90:68:52:d5:4a:92:26:14:f1:59:25:
                    08:8a:d9:ba:6e:38:dd:32:f3:da:1d:60:f2:2b:18:
                    26:0f:76:01:a1:72:71:35:93:98:f8:e0:a2:70:2a:
                    b6:92:57:e4:6a:ea:bd:92:60:a6:41:99:b4:5b:57:
                    43:17:8d:ba:af:aa:09:1e:9c:4b:3e:c3:54:21:3b:
                    0b:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:4C:4D:BA:E9:DC:59:97:DA:AE:67:B5:70:8D:78:C9:09:D0:36:C8
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/cUxNuuncWZfarme1cI14yQnQNsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.3.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:d7:2e:24:b2:d7:69:bd:ea:70:c0:eb:50:87:17:6d:af:cd:
         a7:ae:ab:6f:62:74:6d:28:9d:5e:5f:09:4d:88:d9:02:aa:e7:
         ac:ad:2e:bb:17:d8:ac:28:97:5c:5a:b1:0b:41:37:1a:b3:f5:
         a1:87:fd:67:96:7b:08:af:7b:1c:24:e2:54:ad:39:6b:2e:64:
         81:54:41:c3:a0:1a:66:06:62:19:86:71:ee:dc:a5:72:3d:9e:
         81:ae:7f:f3:81:5b:45:44:69:8e:e3:67:04:13:fa:f4:ed:b5:
         19:fe:5a:96:e9:8a:ab:b8:3b:1a:3b:c5:37:47:75:75:32:58:
         af:8b:1d:48:64:d7:83:b2:d1:25:c8:00:dd:db:60:71:4c:99:
         57:d3:8e:a0:ab:64:d9:80:ba:82:4e:e9:be:c5:00:e3:62:c2:
         a1:bc:f5:6f:e7:d1:9d:24:ba:f8:51:07:f8:82:13:fc:35:ab:
         fa:07:2f:1e:45:d3:f2:08:41:61:ff:c6:c1:5e:92:4f:6e:d3:
         25:d2:95:cf:89:a9:76:26:53:d4:41:34:2b:0a:29:e7:a8:50:
         97:3c:fd:58:46:ca:44:54:75:ec:f0:ed:37:bc:2e:09:05:36:
         30:24:ca:ca:01:10:da:5c:31:69:e2:51:99:7d:ed:57:b8:5c:
         52:63:5c:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgm/dPb9AJcpywPRINH/b+bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjUwNzIwMDg0MDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTRjNGRiYWU5ZGM1OTk3ZGFhZTY3YjU3MDhkNzhjOTA5ZDAzNmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+HWiidpp6d/X3LbAh+3ksf58zifi
LxVvVTpp2ukGwsNX1YYKjFcX9efoTbzEm1rvAT5HUI+Rumw6wMP62DfARzq//s6m
s659QaCfSbvO1LhkwcdAjahYohn0EapmdItnIAE1JfBQFyW2OjlhiwL22YtZ23vu
u+lhf3mpo6yW3CrBngnjbPjXh75NexKghW0jgpuvEr1/TK6uTUWRDFZsfacMgE98
RVxMmOLezZMK59oC9PxdI0DpkGhS1UqSJhTxWSUIitm6bjjdMvPaHWDyKxgmD3YB
oXJxNZOY+OCicCq2klfkauq9kmCmQZm0W1dDF426r6oJHpxLPsNUITsLIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHFMTbrp3FmX2q5ntXCNeMkJ0DbIMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvY1V4TnV1bmNXWmZhcm1lMWNJMTR5UW5RTnNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQPIMA0G
CSqGSIb3DQEBCwUAA4IBAQCk1y4kstdpvepwwOtQhxdtr82nrqtvYnRtKJ1eXwlN
iNkCquesrS67F9isKJdcWrELQTcas/Whh/1nlnsIr3scJOJUrTlrLmSBVEHDoBpm
BmIZhnHu3KVyPZ6Brn/zgVtFRGmO42cEE/r07bUZ/lqW6YqruDsaO8U3R3V1Mliv
ix1IZNeDstElyADd22BxTJlX046gq2TZgLqCTum+xQDjYsKhvPVv59GdJLr4UQf4
ghP8Nav6By8eRdPyCEFh/8bBXpJPbtMl0pXPial2JlPUQTQrCinnqFCXPP1YRspE
VHXs8O03vC4JBTYwJMrKARDaXDFp4lGZfe1XuFxSY1z4
-----END CERTIFICATE-----