Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/Kruvgpwuqm6sINlu2g0UdxGTt40.roa
File:                     Kruvgpwuqm6sINlu2g0UdxGTt40.roa (raw, json)
Hash identifier:          B1Hb3yrdIOl2N6zpO7c45xw8rxyA6hHtaoJIQXik8Xg=
Subject key identifier:   2A:BB:AF:82:9C:2E:AA:6E:AC:20:D9:6E:DA:0D:14:77:11:93:B7:8D
Certificate issuer:       /CN=50182bee9aa010c1ffd2d804f6aa7b14bddb91f7
Certificate serial:       0198F00A9E8E20DC59B0E76F316B60B426AD
Authority key identifier: 50:18:2B:EE:9A:A0:10:C1:FF:D2:D8:04:F6:AA:7B:14:BD:DB:91:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UBgr7pqgEMH_0tgE9qp7FL3bkfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/Kruvgpwuqm6sINlu2g0UdxGTt40.roa
Signing time:             Thu 28 Aug 2025 09:38:04 +0000
ROA not before:           Thu 28 Aug 2025 09:38:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        81.199.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/UBgr7pqgEMH_0tgE9qp7FL3bkfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/UBgr7pqgEMH_0tgE9qp7FL3bkfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UBgr7pqgEMH_0tgE9qp7FL3bkfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f0:0a:9e:8e:20:dc:59:b0:e7:6f:31:6b:60:b4:26:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50182bee9aa010c1ffd2d804f6aa7b14bddb91f7
        Validity
            Not Before: Aug 28 09:38:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2abbaf829c2eaa6eac20d96eda0d14771193b78d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:66:20:08:9d:95:08:18:04:2f:dc:c1:bd:56:
                    83:64:47:71:5b:c4:4f:35:4f:df:cd:58:80:02:55:
                    63:25:f8:0c:99:df:fe:7b:63:92:f0:92:8e:0a:55:
                    45:92:33:76:ac:71:ef:0c:66:ea:54:bb:6f:ad:aa:
                    7e:ea:05:ab:d6:03:31:0e:e5:0b:a5:1a:87:ad:08:
                    a3:24:ad:82:21:f8:c8:0a:70:4b:a3:a2:65:89:d6:
                    e5:28:b7:6e:c1:b9:57:b3:f4:99:bb:5a:6e:ff:af:
                    ec:59:d3:af:6e:24:e7:97:cb:ed:44:50:41:29:e0:
                    0d:fb:d8:97:69:67:55:ae:e6:11:e0:d5:8c:23:e8:
                    3e:fe:16:00:c4:a9:86:d3:ae:10:47:32:16:2b:6b:
                    bb:06:c8:0e:9b:ac:c3:83:5b:28:a5:bb:61:98:a5:
                    55:08:28:4e:0d:e1:8d:f8:80:a4:a4:f3:36:7c:dd:
                    21:a5:2c:3d:14:e3:56:9f:36:ff:69:9b:1d:31:4a:
                    dd:43:79:86:24:53:b2:f9:cc:26:5d:e8:95:c4:e1:
                    a2:93:a1:0f:21:48:02:aa:12:9f:55:3f:5e:0f:6d:
                    8f:f0:49:5a:c8:7d:69:7a:d9:e7:62:12:3e:c2:15:
                    4b:6c:b6:e1:c5:ab:97:25:73:e1:61:0e:8b:a0:52:
                    b0:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:BB:AF:82:9C:2E:AA:6E:AC:20:D9:6E:DA:0D:14:77:11:93:B7:8D
            X509v3 Authority Key Identifier:
                keyid:50:18:2B:EE:9A:A0:10:C1:FF:D2:D8:04:F6:AA:7B:14:BD:DB:91:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UBgr7pqgEMH_0tgE9qp7FL3bkfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/Kruvgpwuqm6sINlu2g0UdxGTt40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/UBgr7pqgEMH_0tgE9qp7FL3bkfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.199.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:b5:06:25:7e:ac:1c:39:e7:16:1d:8a:9f:13:92:5f:63:04:
         6c:ad:03:c4:92:f3:70:a0:68:61:d7:6e:cc:87:5f:45:35:5a:
         8e:1b:97:46:50:7d:0a:0c:41:32:30:be:e3:c9:bd:33:5a:67:
         02:c4:29:b6:86:d7:e8:7c:55:65:c3:ec:e2:c4:c0:52:aa:2e:
         3a:98:43:e2:28:9f:5d:1c:57:49:a1:03:d8:61:ca:08:f7:f1:
         40:a3:3a:86:1f:c6:57:ba:df:07:7e:eb:64:5e:4a:1a:3a:b1:
         6b:bb:5b:a4:e3:32:3b:45:34:d6:27:03:2b:3c:eb:8a:c1:de:
         83:8e:8d:ff:fd:5a:7f:17:8c:65:c5:e8:e4:4f:76:dd:86:e4:
         5e:a7:2e:0d:ab:92:a6:3b:5d:83:c2:b6:14:7b:cf:91:d8:c5:
         40:c6:42:55:52:8c:11:ca:e9:83:da:1a:19:0e:ae:70:0f:27:
         0f:97:6b:e2:7a:98:86:65:89:05:2d:bc:84:8a:67:c1:a4:57:
         14:7c:f1:d9:2b:2e:8d:8c:de:25:2b:c6:9e:fc:1e:2e:a6:cd:
         fd:30:c9:b7:40:b6:12:60:ff:27:72:ee:f2:90:41:b0:e5:7e:
         6d:0d:54:29:01:55:27:c7:8c:d7:b7:3a:2c:c5:5a:d8:05:76:
         0f:92:12:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjwCp6OINxZsOdvMWtgtCatMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMTgyYmVlOWFhMDEwYzFmZmQyZDgwNGY2YWE3YjE0YmRk
YjkxZjcwHhcNMjUwODI4MDkzODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWJiYWY4MjljMmVhYTZlYWMyMGQ5NmVkYTBkMTQ3NzExOTNiNzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2WYgCJ2VCBgEL9zBvVaDZEdxW8RP
NU/fzViAAlVjJfgMmd/+e2OS8JKOClVFkjN2rHHvDGbqVLtvrap+6gWr1gMxDuUL
pRqHrQijJK2CIfjICnBLo6JlidblKLduwblXs/SZu1pu/6/sWdOvbiTnl8vtRFBB
KeAN+9iXaWdVruYR4NWMI+g+/hYAxKmG064QRzIWK2u7BsgOm6zDg1sopbthmKVV
CChODeGN+ICkpPM2fN0hpSw9FONWnzb/aZsdMUrdQ3mGJFOy+cwmXeiVxOGik6EP
IUgCqhKfVT9eD22P8ElayH1petnnYhI+whVLbLbhxauXJXPhYQ6LoFKw8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCq7r4KcLqpurCDZbtoNFHcRk7eNMB8GA1UdIwQY
MBaAFFAYK+6aoBDB/9LYBPaqexS925H3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUJncjdwcWdFTUhfMHRnRTlxcDdGTDNia2ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9iZDQ1NjYtYWMyNy00NmY4LTk0Zjkt
MTlkMWJiNjFkOWE3LzEvS3J1dmdwd3VxbTZzSU5sdTJnMFVkeEdUdDQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9iZDQ1NjYtYWMyNy00NmY4LTk0ZjktMTlkMWJiNjFkOWE3
LzEvVUJncjdwcWdFTUhfMHRnRTlxcDdGTDNia2ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUcdyMA0G
CSqGSIb3DQEBCwUAA4IBAQCNtQYlfqwcOecWHYqfE5JfYwRsrQPEkvNwoGhh127M
h19FNVqOG5dGUH0KDEEyML7jyb0zWmcCxCm2htfofFVlw+zixMBSqi46mEPiKJ9d
HFdJoQPYYcoI9/FAozqGH8ZXut8HfutkXkoaOrFru1uk4zI7RTTWJwMrPOuKwd6D
jo3//Vp/F4xlxejkT3bdhuRepy4Nq5KmO12DwrYUe8+R2MVAxkJVUowRyumD2hoZ
Dq5wDycPl2viepiGZYkFLbyEimfBpFcUfPHZKy6NjN4lK8ae/B4ups39MMm3QLYS
YP8ncu7ykEGw5X5tDVQpAVUnx4zXtzosxVrYBXYPkhJw
-----END CERTIFICATE-----