Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/ZEpBx_pqGr84wqpYQB2_R7Wzf4I.roa
File:                     ZEpBx_pqGr84wqpYQB2_R7Wzf4I.roa (raw, json)
Hash identifier:          pofieL/tOay6rzAbvvC7d8nXeIB4Ylc0fSvUYi+Npbo=
Subject key identifier:   64:4A:41:C7:FA:6A:1A:BF:38:C2:AA:58:40:1D:BF:47:B5:B3:7F:82
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       0198313F8F15892FF8ED32E25A5C7D6C5CED
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/ZEpBx_pqGr84wqpYQB2_R7Wzf4I.roa
Signing time:             Tue 22 Jul 2025 08:28:25 +0000
ROA not before:           Tue 22 Jul 2025 08:28:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34918
IP address blocks:        85.133.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 02:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:31:3f:8f:15:89:2f:f8:ed:32:e2:5a:5c:7d:6c:5c:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Jul 22 08:28:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=644a41c7fa6a1abf38c2aa58401dbf47b5b37f82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:48:25:b9:77:03:8a:05:3d:d1:39:87:1e:0d:
                    2c:57:ac:de:a3:41:3e:4c:e7:90:bb:a0:b9:bb:4b:
                    fd:56:79:01:38:ad:4f:a5:df:44:66:fb:2d:50:4f:
                    98:ca:ce:76:43:8c:4a:94:f3:66:c6:b5:91:d7:03:
                    68:1a:d2:d6:f6:ea:c4:97:c2:71:a3:36:77:05:0a:
                    1d:32:18:45:a6:2c:ed:c1:69:89:49:7e:d9:a3:26:
                    71:9f:4e:3b:8c:07:7c:80:d0:86:4a:99:e7:93:dc:
                    e5:55:d7:86:5a:1d:c6:7b:05:1b:fe:77:80:52:60:
                    f2:fc:2a:cf:3e:2a:8c:87:39:aa:72:cd:60:0c:86:
                    ad:0d:44:69:13:b4:35:ee:42:8b:73:0a:c3:5f:2e:
                    c7:64:35:6f:a1:eb:a9:79:9c:0d:5f:f2:f3:31:8b:
                    99:b9:ce:bf:11:11:03:d1:4b:bb:4b:18:2c:6c:26:
                    67:82:77:c3:ef:d6:5a:bf:5f:95:0e:12:12:91:3f:
                    0b:49:61:be:9e:bf:2d:dc:2b:6d:9a:cf:72:5f:c1:
                    8e:a3:d7:f6:63:f2:57:77:b3:86:a2:7a:fa:91:f2:
                    90:df:f5:99:97:ee:22:d1:8b:da:0b:4d:a2:07:54:
                    3e:83:bb:d6:5b:35:5f:e1:ae:f7:b0:3f:01:6e:eb:
                    f2:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:4A:41:C7:FA:6A:1A:BF:38:C2:AA:58:40:1D:BF:47:B5:B3:7F:82
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/ZEpBx_pqGr84wqpYQB2_R7Wzf4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:a9:58:32:5e:60:aa:d3:0d:64:6f:0b:9e:11:60:24:23:b2:
         57:12:46:23:62:f3:2e:0c:3c:b6:5f:f2:aa:56:e8:6d:1f:75:
         b7:f6:af:49:4f:a1:d5:b2:5b:37:31:5d:7c:bd:f2:d0:fc:e0:
         4b:cb:4b:8c:ca:21:89:50:7f:92:81:23:23:52:c6:d3:68:41:
         93:1f:34:52:03:7f:ed:37:6c:ef:6e:2a:15:5c:32:1b:e2:0d:
         ba:e5:8f:97:d9:c1:80:42:90:d4:06:a5:e1:f1:34:1a:2d:3b:
         10:af:51:31:de:ef:50:51:cb:0a:68:df:6a:95:17:a4:70:bd:
         67:6c:d0:a4:a9:f8:8e:62:f4:d1:0a:92:24:6c:81:84:3c:73:
         90:ba:1b:03:68:63:df:12:2e:69:64:82:f6:c7:96:1d:d7:46:
         ef:63:34:25:30:ec:b3:f0:fb:3d:a6:bb:c0:5a:cf:95:da:01:
         22:fc:fc:8d:0c:24:0c:00:63:db:c0:f9:d4:cf:72:c3:af:4f:
         25:2b:8d:56:b0:b3:c8:43:a5:cf:54:f9:fb:ba:4e:4c:b3:a0:
         74:ca:17:3b:0e:1a:27:ea:01:5c:8b:bb:57:7c:7f:be:a3:2a:
         09:b6:80:62:c5:21:22:0f:17:82:09:4d:63:66:9b:ee:ad:d5:
         e2:b6:b9:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgxP48ViS/47TLiWlx9bFztMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjUwNzIyMDgyODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDRhNDFjN2ZhNmExYWJmMzhjMmFhNTg0MDFkYmY0N2I1YjM3ZjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0gluXcDigU90TmHHg0sV6zeo0E+
TOeQu6C5u0v9VnkBOK1Ppd9EZvstUE+Yys52Q4xKlPNmxrWR1wNoGtLW9urEl8Jx
ozZ3BQodMhhFpiztwWmJSX7ZoyZxn047jAd8gNCGSpnnk9zlVdeGWh3GewUb/neA
UmDy/CrPPiqMhzmqcs1gDIatDURpE7Q17kKLcwrDXy7HZDVvoeupeZwNX/LzMYuZ
uc6/ERED0Uu7SxgsbCZngnfD79Zav1+VDhISkT8LSWG+nr8t3Cttms9yX8GOo9f2
Y/JXd7OGonr6kfKQ3/WZl+4i0YvaC02iB1Q+g7vWWzVf4a73sD8BbuvyowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGRKQcf6ahq/OMKqWEAdv0e1s3+CMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvWkVwQnhfcHFHcjg0d3FwWVFCMl9SN1d6ZjRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVYX5MA0G
CSqGSIb3DQEBCwUAA4IBAQA+qVgyXmCq0w1kbwueEWAkI7JXEkYjYvMuDDy2X/Kq
VuhtH3W39q9JT6HVsls3MV18vfLQ/OBLy0uMyiGJUH+SgSMjUsbTaEGTHzRSA3/t
N2zvbioVXDIb4g265Y+X2cGAQpDUBqXh8TQaLTsQr1Ex3u9QUcsKaN9qlRekcL1n
bNCkqfiOYvTRCpIkbIGEPHOQuhsDaGPfEi5pZIL2x5Yd10bvYzQlMOyz8Ps9prvA
Ws+V2gEi/PyNDCQMAGPbwPnUz3LDr08lK41WsLPIQ6XPVPn7uk5Ms6B0yhc7Dhon
6gFci7tXfH++oyoJtoBixSEiDxeCCU1jZpvurdXitrkq
-----END CERTIFICATE-----