Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/qkhoG-olXseOo6aVlwIpG2rKuK0.roa
File:                     qkhoG-olXseOo6aVlwIpG2rKuK0.roa (raw, json)
Hash identifier:          m7Ky1+mzd7wlW0R4oXPlbMGFi5L0ZX0hi49Rah9TI/w=
Subject key identifier:   AA:48:68:1B:EA:25:5E:C7:8E:A3:A6:95:97:02:29:1B:6A:CA:B8:AD
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019822A74C1530473587D7835446C236FFA3
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/qkhoG-olXseOo6aVlwIpG2rKuK0.roa
Signing time:             Sat 19 Jul 2025 12:27:26 +0000
ROA not before:           Sat 19 Jul 2025 12:27:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51431
IP address blocks:        85.133.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 02:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:22:a7:4c:15:30:47:35:87:d7:83:54:46:c2:36:ff:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Jul 19 12:27:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa48681bea255ec78ea3a6959702291b6acab8ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:9d:be:bf:2c:3c:c4:a3:37:93:00:6a:48:3c:
                    d0:5a:43:95:d3:d8:6a:a9:6b:1d:83:5e:92:f2:8b:
                    f7:88:9c:96:f7:3d:2d:b6:18:40:d5:e7:89:90:41:
                    5a:2d:fb:d6:1e:f6:58:fa:1e:0d:d5:06:ca:c0:75:
                    d4:1e:52:55:d6:0a:30:3e:df:73:ce:95:75:2a:64:
                    97:c2:4a:0e:ef:2a:01:80:e7:86:13:a2:90:fa:42:
                    7a:cf:71:fc:a9:c9:5d:88:5d:43:b5:a4:0f:7d:52:
                    73:7e:2d:e2:f3:97:43:46:de:ed:e6:6d:04:9a:5f:
                    20:84:31:99:d8:ac:9d:0d:7a:47:d4:c9:89:bb:43:
                    1d:46:56:0e:17:1d:52:68:7a:da:9c:f5:e7:88:6c:
                    3a:28:64:3f:62:49:46:61:0b:76:19:34:f7:55:f7:
                    b1:ac:e3:51:81:cc:89:13:03:98:ec:9c:8a:87:ea:
                    63:86:f5:09:6e:a7:74:ec:b9:84:fe:e5:26:a2:ef:
                    38:7b:3b:8b:69:56:92:ca:57:bd:de:5c:b9:54:fa:
                    ef:b1:49:02:75:f9:4f:95:22:a5:f8:a1:26:3d:4f:
                    12:45:39:00:c4:00:c2:4a:64:44:80:4f:19:b3:a6:
                    5d:21:88:10:dc:7e:22:22:4c:cb:04:f0:b1:6a:49:
                    d0:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:48:68:1B:EA:25:5E:C7:8E:A3:A6:95:97:02:29:1B:6A:CA:B8:AD
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/qkhoG-olXseOo6aVlwIpG2rKuK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:cd:0c:6d:6c:1a:a8:43:64:60:65:4a:14:9b:2b:22:8e:66:
         4b:2d:e5:cc:04:33:55:0d:38:a0:4e:29:c7:eb:a6:83:5c:49:
         07:4d:04:62:f1:4a:a6:16:42:ea:70:be:d9:f1:5b:cb:6b:aa:
         ff:30:8e:2c:a4:32:9b:4d:cf:75:a5:14:53:4b:1e:ac:5c:5b:
         36:e4:ab:9c:57:99:72:91:46:dd:32:6c:88:52:bd:de:fd:f5:
         63:59:f2:c6:2e:ab:88:34:4e:9c:89:27:30:8b:3b:41:38:99:
         ff:41:3c:db:bf:3a:4a:9a:13:a7:8c:5d:e8:3b:4f:d9:a8:2d:
         d3:71:ac:02:88:50:f8:f3:2d:f2:2d:dc:a5:88:5f:df:03:4e:
         31:2a:fc:b5:38:90:b7:33:c2:6c:5b:a9:88:94:0e:cf:7d:a6:
         84:12:0c:7a:2f:c7:9d:7e:ed:c4:86:6a:79:d7:20:3a:76:91:
         bd:31:28:2e:19:a9:c6:92:fb:7a:c1:c6:71:1b:c7:55:75:bd:
         d5:ff:d4:8d:2f:52:95:e8:eb:f4:80:b4:21:f0:fc:c2:f3:37:
         8c:b5:21:2e:1a:af:ef:ea:09:49:55:98:31:f0:fb:03:58:d3:
         2e:ac:b6:bd:e7:1c:88:c8:fa:84:70:f1:38:62:24:a6:4a:0d:
         80:31:5a:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgip0wVMEc1h9eDVEbCNv+jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjUwNzE5MTIyNzI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTQ4NjgxYmVhMjU1ZWM3OGVhM2E2OTU5NzAyMjkxYjZhY2FiOGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9J2+vyw8xKM3kwBqSDzQWkOV09hq
qWsdg16S8ov3iJyW9z0tthhA1eeJkEFaLfvWHvZY+h4N1QbKwHXUHlJV1gowPt9z
zpV1KmSXwkoO7yoBgOeGE6KQ+kJ6z3H8qcldiF1DtaQPfVJzfi3i85dDRt7t5m0E
ml8ghDGZ2KydDXpH1MmJu0MdRlYOFx1SaHranPXniGw6KGQ/YklGYQt2GTT3Vfex
rONRgcyJEwOY7JyKh+pjhvUJbqd07LmE/uUmou84ezuLaVaSyle93ly5VPrvsUkC
dflPlSKl+KEmPU8SRTkAxADCSmREgE8Zs6ZdIYgQ3H4iIkzLBPCxaknQwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKpIaBvqJV7HjqOmlZcCKRtqyritMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvcWtob0ctb2xYc2VPbzZhVmx3SXBHMnJLdUswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVYX8MA0G
CSqGSIb3DQEBCwUAA4IBAQBjzQxtbBqoQ2RgZUoUmysijmZLLeXMBDNVDTigTinH
66aDXEkHTQRi8UqmFkLqcL7Z8VvLa6r/MI4spDKbTc91pRRTSx6sXFs25KucV5ly
kUbdMmyIUr3e/fVjWfLGLquINE6ciScwiztBOJn/QTzbvzpKmhOnjF3oO0/ZqC3T
cawCiFD48y3yLdyliF/fA04xKvy1OJC3M8JsW6mIlA7PfaaEEgx6L8edfu3Ehmp5
1yA6dpG9MSguGanGkvt6wcZxG8dVdb3V/9SNL1KV6Ov0gLQh8PzC8zeMtSEuGq/v
6glJVZgx8PsDWNMurLa95xyIyPqEcPE4YiSmSg2AMVrz
-----END CERTIFICATE-----