Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/e44dea-8d51-440a-bc02-bab576e20393/1/ZlJWr-hEOqUqxRC1ufvh4DxAuDM.roa
File:                     ZlJWr-hEOqUqxRC1ufvh4DxAuDM.roa (raw, json)
Hash identifier:          jx78O4mw6UZw+ac2ij3Kg6QoCkl1hgwVf80ooqVUn5Q=
Subject key identifier:   66:52:56:AF:E8:44:3A:A5:2A:C5:10:B5:B9:FB:E1:E0:3C:40:B8:33
Certificate issuer:       /CN=31d4ee4afff55e67444d47d49b512a8368bf9ef6
Certificate serial:       019812691B02555574E953B06249B7B2450B
Authority key identifier: 31:D4:EE:4A:FF:F5:5E:67:44:4D:47:D4:9B:51:2A:83:68:BF:9E:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdTuSv_1XmdETUfUm1Eqg2i_nvY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/e44dea-8d51-440a-bc02-bab576e20393/1/ZlJWr-hEOqUqxRC1ufvh4DxAuDM.roa
Signing time:             Wed 16 Jul 2025 08:45:34 +0000
ROA not before:           Wed 16 Jul 2025 08:45:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.50.140.0/24 maxlen: 24
                          185.50.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/e44dea-8d51-440a-bc02-bab576e20393/1/MdTuSv_1XmdETUfUm1Eqg2i_nvY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/e44dea-8d51-440a-bc02-bab576e20393/1/MdTuSv_1XmdETUfUm1Eqg2i_nvY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdTuSv_1XmdETUfUm1Eqg2i_nvY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:12:69:1b:02:55:55:74:e9:53:b0:62:49:b7:b2:45:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d4ee4afff55e67444d47d49b512a8368bf9ef6
        Validity
            Not Before: Jul 16 08:45:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=665256afe8443aa52ac510b5b9fbe1e03c40b833
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:9a:bc:5b:42:0b:3f:04:6f:00:38:b3:41:0e:
                    d3:51:b1:da:cc:c3:59:e6:69:e4:71:d2:43:89:eb:
                    42:c5:65:41:e2:3e:f8:fd:0a:ff:9c:af:36:70:44:
                    f5:dc:5e:23:af:a4:5c:51:d4:1d:0b:92:b2:62:41:
                    7b:cd:41:40:d3:2f:4c:a0:9b:4f:0b:04:4d:b2:a9:
                    97:17:84:cf:b5:1f:e8:36:ee:8b:7f:4e:d5:cd:ef:
                    81:25:55:c8:32:b2:a7:0e:50:24:32:ee:bf:6d:5a:
                    7c:5b:ed:de:7f:2f:c3:05:94:fe:ba:c4:eb:0f:a3:
                    27:0b:f5:93:ae:4b:bb:30:95:39:ab:43:c1:b5:ff:
                    c0:9e:d4:f8:93:4b:16:4b:f5:18:42:bf:9f:eb:c8:
                    55:4d:3e:ef:d5:10:70:9c:08:78:ba:18:f2:3e:05:
                    6d:ba:a7:c3:ae:c6:76:72:be:d6:0d:9c:20:00:3e:
                    34:7f:68:be:b9:9a:ad:e3:1c:57:c9:75:79:33:33:
                    42:04:80:88:9a:1a:fd:c0:7a:a2:26:d3:e9:ad:27:
                    9a:07:b1:f0:47:98:3b:c9:56:6f:4a:22:ad:54:b1:
                    31:b0:47:76:84:af:54:de:84:4d:37:79:00:ad:33:
                    d2:b8:c7:62:47:d9:6d:d8:6f:89:9b:f8:74:58:2c:
                    4f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:52:56:AF:E8:44:3A:A5:2A:C5:10:B5:B9:FB:E1:E0:3C:40:B8:33
            X509v3 Authority Key Identifier:
                keyid:31:D4:EE:4A:FF:F5:5E:67:44:4D:47:D4:9B:51:2A:83:68:BF:9E:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdTuSv_1XmdETUfUm1Eqg2i_nvY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/e44dea-8d51-440a-bc02-bab576e20393/1/ZlJWr-hEOqUqxRC1ufvh4DxAuDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/e44dea-8d51-440a-bc02-bab576e20393/1/MdTuSv_1XmdETUfUm1Eqg2i_nvY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.50.140.0/24
                  185.50.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:88:a2:fc:de:91:e0:96:6d:92:01:a8:4a:38:97:12:cf:a9:
         99:ab:8a:07:06:e3:2b:14:02:14:4a:99:14:16:cc:a4:92:6b:
         4e:8e:25:80:b5:b8:28:c6:82:69:d7:41:93:5b:63:1c:0d:c3:
         c1:0a:71:e5:64:10:71:43:b6:38:4c:b5:48:2c:61:a1:fc:8a:
         23:d6:72:ca:ad:90:ef:3b:fc:87:0d:d5:19:5f:98:df:de:cb:
         66:55:50:01:2e:cc:af:95:96:c8:49:53:04:ed:02:8a:d6:55:
         2d:80:7a:a0:aa:f8:a5:26:7f:97:4d:3f:f8:a9:0d:e2:a6:79:
         1c:b2:f8:3e:fa:15:3a:52:19:59:cf:8b:3f:b1:9d:fd:9d:25:
         c0:d5:c9:c2:a0:6f:95:ca:a1:17:eb:c3:73:31:2e:f6:37:f2:
         98:03:7e:4c:a8:4e:1b:3e:4e:8a:27:4e:dd:48:d8:e5:dc:c1:
         9d:8d:ae:0c:f6:31:af:aa:43:a6:9b:e8:b6:d6:69:8e:c4:c8:
         fc:16:20:5b:ec:62:c0:41:a9:bb:45:e4:5a:52:42:25:46:12:
         9d:7b:81:f3:80:bf:43:23:2c:41:63:15:c9:db:2a:b3:12:86:
         7e:5c:da:bb:59:c2:12:b5:fa:4e:31:1e:c4:69:01:7a:31:94:
         70:4c:ec:58
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgSaRsCVVV06VOwYkm3skULMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDRlZTRhZmZmNTVlNjc0NDRkNDdkNDliNTEyYTgzNjhi
ZjllZjYwHhcNMjUwNzE2MDg0NTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjUyNTZhZmU4NDQzYWE1MmFjNTEwYjViOWZiZTFlMDNjNDBiODMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Zq8W0ILPwRvADizQQ7TUbHazMNZ
5mnkcdJDietCxWVB4j74/Qr/nK82cET13F4jr6RcUdQdC5KyYkF7zUFA0y9MoJtP
CwRNsqmXF4TPtR/oNu6Lf07Vze+BJVXIMrKnDlAkMu6/bVp8W+3efy/DBZT+usTr
D6MnC/WTrku7MJU5q0PBtf/AntT4k0sWS/UYQr+f68hVTT7v1RBwnAh4uhjyPgVt
uqfDrsZ2cr7WDZwgAD40f2i+uZqt4xxXyXV5MzNCBICImhr9wHqiJtPprSeaB7Hw
R5g7yVZvSiKtVLExsEd2hK9U3oRNN3kArTPSuMdiR9lt2G+Jm/h0WCxPIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGZSVq/oRDqlKsUQtbn74eA8QLgzMB8GA1UdIwQY
MBaAFDHU7kr/9V5nRE1H1JtRKoNov572MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRUdVN2XzFYbWRFVFVmVW0xRXFnMmlfbnZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9lNDRkZWEtOGQ1MS00NDBhLWJjMDIt
YmFiNTc2ZTIwMzkzLzEvWmxKV3ItaEVPcVVxeFJDMXVmdmg0RHhBdURNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9lNDRkZWEtOGQ1MS00NDBhLWJjMDItYmFiNTc2ZTIwMzkz
LzEvTWRUdVN2XzFYbWRFVFVmVW0xRXFnMmlfbnZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuTKMAwQA
uTKOMA0GCSqGSIb3DQEBCwUAA4IBAQCliKL83pHglm2SAahKOJcSz6mZq4oHBuMr
FAIUSpkUFsykkmtOjiWAtbgoxoJp10GTW2McDcPBCnHlZBBxQ7Y4TLVILGGh/Ioj
1nLKrZDvO/yHDdUZX5jf3stmVVABLsyvlZbISVME7QKK1lUtgHqgqvilJn+XTT/4
qQ3ipnkcsvg++hU6UhlZz4s/sZ39nSXA1cnCoG+VyqEX68NzMS72N/KYA35MqE4b
Pk6KJ07dSNjl3MGdja4M9jGvqkOmm+i21mmOxMj8FiBb7GLAQam7ReRaUkIlRhKd
e4HzgL9DIyxBYxXJ2yqzEoZ+XNq7WcIStfpOMR7EaQF6MZRwTOxY
-----END CERTIFICATE-----