Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c14a62-aa6a-486d-b9e6-bc004649ee99/1/kqDek8H-nDrW1Zbe8JT5Vc5TRHo.roa
File:                     kqDek8H-nDrW1Zbe8JT5Vc5TRHo.roa (raw, json)
Hash identifier:          nO5OjxTeZircSn1tyTNcEKWJ6F7KhmQpyf8WHUeT9FU=
Subject key identifier:   92:A0:DE:93:C1:FE:9C:3A:D6:D5:96:DE:F0:94:F9:55:CE:53:44:7A
Certificate issuer:       /CN=b96e8b6d73f2f38548996f66621330a8d7108529
Certificate serial:       01992869751405FBDE690B0823530D59136D
Authority key identifier: B9:6E:8B:6D:73:F2:F3:85:48:99:6F:66:62:13:30:A8:D7:10:85:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uW6LbXPy84VImW9mYhMwqNcQhSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c14a62-aa6a-486d-b9e6-bc004649ee99/1/kqDek8H-nDrW1Zbe8JT5Vc5TRHo.roa
Signing time:             Mon 08 Sep 2025 08:20:23 +0000
ROA not before:           Mon 08 Sep 2025 08:20:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202120
IP address blocks:        185.159.127.0/24 maxlen: 24
                          185.214.128.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c14a62-aa6a-486d-b9e6-bc004649ee99/1/uW6LbXPy84VImW9mYhMwqNcQhSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c14a62-aa6a-486d-b9e6-bc004649ee99/1/uW6LbXPy84VImW9mYhMwqNcQhSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uW6LbXPy84VImW9mYhMwqNcQhSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Sep 2025 05:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:28:69:75:14:05:fb:de:69:0b:08:23:53:0d:59:13:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b96e8b6d73f2f38548996f66621330a8d7108529
        Validity
            Not Before: Sep  8 08:20:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92a0de93c1fe9c3ad6d596def094f955ce53447a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:61:e5:1e:c9:1c:db:32:0c:f2:12:99:7a:2d:
                    54:7e:cd:16:2f:b3:77:0b:62:52:31:16:07:bc:89:
                    23:22:8f:da:13:cc:a2:ad:91:6f:5d:3e:1d:99:d1:
                    e6:08:f4:4a:bf:4d:d9:92:2a:85:e5:b2:a4:6d:ec:
                    c6:ac:01:42:7d:b8:a8:ab:da:c4:27:f3:30:0d:bf:
                    11:7e:ac:4c:7c:15:8c:f7:ad:7b:4c:c2:1c:15:79:
                    69:b4:ca:4c:1a:68:e2:a8:10:2f:78:5f:e8:a9:88:
                    74:8e:ef:c6:a1:04:14:27:cd:e4:17:71:97:a7:1d:
                    59:a1:5f:dd:3a:bc:f1:30:9d:ff:89:a8:8d:22:ea:
                    26:44:1c:93:3b:52:16:d2:7a:b6:0c:77:2c:ae:3b:
                    8f:ff:6b:be:a6:43:db:79:77:91:94:d4:3c:59:05:
                    1c:c8:d6:25:e4:83:ba:02:00:cf:31:fc:2c:d6:bd:
                    a0:83:e7:9b:b0:e2:77:67:2f:1e:f3:90:7c:67:ba:
                    a8:90:66:ea:7e:80:df:fb:5d:87:7f:f0:75:13:9c:
                    36:f1:f3:e8:dc:a7:53:8c:a4:eb:de:88:06:fb:a8:
                    70:23:74:6b:1a:8c:08:50:38:b0:0b:12:80:47:10:
                    24:ab:1e:45:15:42:b0:1b:8c:35:ca:8b:b2:39:bd:
                    c6:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:A0:DE:93:C1:FE:9C:3A:D6:D5:96:DE:F0:94:F9:55:CE:53:44:7A
            X509v3 Authority Key Identifier:
                keyid:B9:6E:8B:6D:73:F2:F3:85:48:99:6F:66:62:13:30:A8:D7:10:85:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uW6LbXPy84VImW9mYhMwqNcQhSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c14a62-aa6a-486d-b9e6-bc004649ee99/1/kqDek8H-nDrW1Zbe8JT5Vc5TRHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c14a62-aa6a-486d-b9e6-bc004649ee99/1/uW6LbXPy84VImW9mYhMwqNcQhSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.127.0/24
                  185.214.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:dd:f4:68:4d:81:71:67:ce:38:c8:42:18:67:ec:ce:07:17:
         b2:c2:85:29:3a:2f:ab:73:8f:fa:c1:5e:e1:f9:26:b7:6b:cb:
         08:ff:f5:f9:58:05:ce:b7:2b:5a:77:ff:0b:c6:e9:5e:2e:e3:
         78:e9:35:f2:48:a1:99:9f:fd:9d:68:4e:67:d4:03:ad:4e:36:
         f6:4a:4a:bb:6a:a5:ee:30:b4:f1:37:4a:eb:8e:8d:17:fb:55:
         69:76:e6:e8:b5:d4:c5:ae:b2:1c:0b:f6:22:7d:0b:a6:fb:1c:
         cf:f4:7d:77:68:f1:be:36:90:17:71:8d:69:48:09:e0:c1:ab:
         14:c7:d4:08:de:18:7d:1f:e9:ea:7b:65:53:63:72:b0:1c:6c:
         68:e5:dc:c6:24:e0:9c:ec:40:fe:a1:1c:31:93:aa:f0:54:8d:
         bf:d3:ac:2a:ef:32:63:60:5f:c1:64:61:5f:98:69:71:11:5f:
         c8:c4:16:ae:60:7f:46:74:7e:f4:45:f1:d1:00:cf:58:ce:20:
         53:27:ee:39:44:22:69:aa:92:c1:a5:f9:80:73:f2:a1:c1:7f:
         1f:74:cf:39:72:cd:7d:19:3e:da:6e:18:1b:6f:b4:dd:cf:bf:
         37:4d:5d:b3:35:61:7b:5a:68:70:dd:03:e3:0a:5b:db:7d:d2:
         10:f6:0d:19
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkoaXUUBfveaQsII1MNWRNtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NmU4YjZkNzNmMmYzODU0ODk5NmY2NjYyMTMzMGE4ZDcx
MDg1MjkwHhcNMjUwOTA4MDgyMDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmEwZGU5M2MxZmU5YzNhZDZkNTk2ZGVmMDk0Zjk1NWNlNTM0NDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGHlHskc2zIM8hKZei1Ufs0WL7N3
C2JSMRYHvIkjIo/aE8yirZFvXT4dmdHmCPRKv03ZkiqF5bKkbezGrAFCfbioq9rE
J/MwDb8RfqxMfBWM9617TMIcFXlptMpMGmjiqBAveF/oqYh0ju/GoQQUJ83kF3GX
px1ZoV/dOrzxMJ3/iaiNIuomRByTO1IW0nq2DHcsrjuP/2u+pkPbeXeRlNQ8WQUc
yNYl5IO6AgDPMfws1r2gg+ebsOJ3Zy8e85B8Z7qokGbqfoDf+12Hf/B1E5w28fPo
3KdTjKTr3ogG+6hwI3RrGowIUDiwCxKARxAkqx5FFUKwG4w1youyOb3GhQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJKg3pPB/pw61tWW3vCU+VXOU0R6MB8GA1UdIwQY
MBaAFLlui21z8vOFSJlvZmITMKjXEIUpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVc2TGJYUHk4NFZJbVc5bVloTXdxTmNRaFNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jMTRhNjItYWE2YS00ODZkLWI5ZTYt
YmMwMDQ2NDllZTk5LzEva3FEZWs4SC1uRHJXMVpiZThKVDVWYzVUUkhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jMTRhNjItYWE2YS00ODZkLWI5ZTYtYmMwMDQ2NDllZTk5
LzEvdVc2TGJYUHk4NFZJbVc5bVloTXdxTmNRaFNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuZ9/AwQC
udaAMA0GCSqGSIb3DQEBCwUAA4IBAQBX3fRoTYFxZ844yEIYZ+zOBxeywoUpOi+r
c4/6wV7h+Sa3a8sI//X5WAXOtytad/8LxuleLuN46TXySKGZn/2daE5n1AOtTjb2
Skq7aqXuMLTxN0rrjo0X+1VpdubotdTFrrIcC/YifQum+xzP9H13aPG+NpAXcY1p
SAngwasUx9QI3hh9H+nqe2VTY3KwHGxo5dzGJOCc7ED+oRwxk6rwVI2/06wq7zJj
YF/BZGFfmGlxEV/IxBauYH9GdH70RfHRAM9YziBTJ+45RCJpqpLBpfmAc/KhwX8f
dM85cs19GT7abhgbb7Tdz783TV2zNWF7Wmhw3QPjClvbfdIQ9g0Z
-----END CERTIFICATE-----