Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/SkIGUbx66En06tevBwQSnmLFdPI.roa
File:                     SkIGUbx66En06tevBwQSnmLFdPI.roa (raw, json)
Hash identifier:          Y/8AcvS6wU26oWrDcQdSOIH1YpF2LRYLunKo1ajCVD0=
Subject key identifier:   4A:42:06:51:BC:7A:E8:49:F4:EA:D7:AF:07:04:12:9E:62:C5:74:F2
Certificate issuer:       /CN=b9762db1282ffd084761232038f81f5d29e640d5
Certificate serial:       01999E2620C35136D6282F1059FF8625FECA
Authority key identifier: B9:76:2D:B1:28:2F:FD:08:47:61:23:20:38:F8:1F:5D:29:E6:40:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uXYtsSgv_QhHYSMgOPgfXSnmQNU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/SkIGUbx66En06tevBwQSnmLFdPI.roa
Signing time:             Wed 01 Oct 2025 05:02:02 +0000
ROA not before:           Wed 01 Oct 2025 05:02:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        185.139.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/uXYtsSgv_QhHYSMgOPgfXSnmQNU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/uXYtsSgv_QhHYSMgOPgfXSnmQNU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uXYtsSgv_QhHYSMgOPgfXSnmQNU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 Oct 2025 21:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9e:26:20:c3:51:36:d6:28:2f:10:59:ff:86:25:fe:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9762db1282ffd084761232038f81f5d29e640d5
        Validity
            Not Before: Oct  1 05:02:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a420651bc7ae849f4ead7af0704129e62c574f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:e8:24:20:08:77:16:88:97:2c:37:d6:16:d2:
                    51:91:b0:9c:77:66:f5:1f:0c:92:e8:ca:c8:0e:c1:
                    67:9b:53:de:da:31:9d:dc:ee:62:96:c4:48:d5:eb:
                    24:6e:bc:1b:65:49:f5:0e:5c:08:88:a8:43:2b:a2:
                    d7:ac:05:cf:be:33:7a:ab:26:01:36:0e:d2:2e:a8:
                    a8:f8:d4:21:f6:31:bb:f9:37:5e:fb:c3:32:8a:da:
                    62:63:d6:b0:44:c3:c1:9a:8b:26:08:38:00:2f:95:
                    7b:48:67:96:50:87:99:f5:cb:01:bb:c9:a4:76:0c:
                    09:c2:b0:7b:6e:11:20:7a:65:d5:75:fe:ec:90:37:
                    f3:e2:2b:03:91:29:b6:e2:62:b0:55:9a:9b:eb:53:
                    5a:31:df:21:2a:0c:70:19:ea:89:83:e0:6f:5f:eb:
                    ff:a4:ff:b7:b8:55:93:6b:c5:e1:ee:f9:38:63:26:
                    aa:4f:5d:4a:54:5f:ad:87:19:b0:4f:a9:60:9a:c9:
                    fb:7e:5c:34:50:3b:df:c5:6f:1e:e0:a5:39:ec:b3:
                    c1:b6:a9:12:da:b4:a0:97:22:6b:e1:8a:0b:03:50:
                    94:b5:81:f3:9f:f4:b3:db:0a:bd:84:b1:81:20:af:
                    c5:a1:f5:ca:ef:6a:9f:0a:1c:f1:f4:31:5b:27:d1:
                    a1:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:42:06:51:BC:7A:E8:49:F4:EA:D7:AF:07:04:12:9E:62:C5:74:F2
            X509v3 Authority Key Identifier:
                keyid:B9:76:2D:B1:28:2F:FD:08:47:61:23:20:38:F8:1F:5D:29:E6:40:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uXYtsSgv_QhHYSMgOPgfXSnmQNU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/SkIGUbx66En06tevBwQSnmLFdPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/uXYtsSgv_QhHYSMgOPgfXSnmQNU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:ea:13:47:50:6c:8f:1c:5d:03:03:9f:b7:02:7c:51:a8:64:
         76:ca:cf:77:25:0a:7f:57:40:07:76:bc:69:b4:da:9e:96:7d:
         66:17:e7:b0:fd:6b:f5:ad:59:37:bb:c7:10:78:2f:28:15:af:
         5d:17:db:5e:57:29:fb:41:0e:cb:3c:d6:d6:93:9f:ee:b0:96:
         0f:e2:94:10:d3:dd:0b:47:56:ff:64:a4:ef:25:59:2f:4e:7d:
         4f:eb:c3:ed:04:4e:54:98:13:1f:6a:43:dc:72:00:68:b1:3b:
         c1:bf:a5:c4:76:b6:2b:69:6a:d8:0d:c1:a1:88:6a:ab:be:e4:
         9a:2f:b2:f1:1c:ff:fc:b1:49:91:e6:7e:a4:f3:77:de:fd:2f:
         4f:40:64:f2:c9:31:43:f1:6b:9a:41:c4:45:78:3a:d3:3c:12:
         92:1f:cc:cd:d3:27:3e:1c:3c:40:29:f6:7f:1a:a0:f9:74:35:
         3c:cf:e3:ab:8c:03:05:08:f8:1c:24:e5:37:24:a9:71:f4:2d:
         72:2b:d3:88:12:9b:0a:cc:27:1d:20:26:43:66:11:5c:a9:ef:
         f6:2b:f3:8c:1a:14:19:2a:c0:25:ef:a6:35:e7:c3:ef:97:c0:
         1f:cb:60:7b:cf:37:c3:4d:fa:a8:1a:4a:c1:b3:e0:be:e9:5f:
         4b:ca:d3:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmeJiDDUTbWKC8QWf+GJf7KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NzYyZGIxMjgyZmZkMDg0NzYxMjMyMDM4ZjgxZjVkMjll
NjQwZDUwHhcNMjUxMDAxMDUwMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTQyMDY1MWJjN2FlODQ5ZjRlYWQ3YWYwNzA0MTI5ZTYyYzU3NGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+gkIAh3FoiXLDfWFtJRkbCcd2b1
HwyS6MrIDsFnm1Pe2jGd3O5ilsRI1eskbrwbZUn1DlwIiKhDK6LXrAXPvjN6qyYB
Ng7SLqio+NQh9jG7+Tde+8MyitpiY9awRMPBmosmCDgAL5V7SGeWUIeZ9csBu8mk
dgwJwrB7bhEgemXVdf7skDfz4isDkSm24mKwVZqb61NaMd8hKgxwGeqJg+BvX+v/
pP+3uFWTa8Xh7vk4YyaqT11KVF+thxmwT6lgmsn7flw0UDvfxW8e4KU57LPBtqkS
2rSglyJr4YoLA1CUtYHzn/Sz2wq9hLGBIK/FofXK72qfChzx9DFbJ9GhNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEpCBlG8euhJ9OrXrwcEEp5ixXTyMB8GA1UdIwQY
MBaAFLl2LbEoL/0IR2EjIDj4H10p5kDVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVhZdHNTZ3ZfUWhIWVNNZ09QZ2ZYU25tUU5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9mODE5MTUtNDA1ZS00YjU0LTljYjQt
NzBhNTU2YmE4YTExLzEvU2tJR1VieDY2RW4wNnRldkJ3UVNubUxGZFBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9mODE5MTUtNDA1ZS00YjU0LTljYjQtNzBhNTU2YmE4YTEx
LzEvdVhZdHNTZ3ZfUWhIWVNNZ09QZ2ZYU25tUU5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYsiMA0G
CSqGSIb3DQEBCwUAA4IBAQBU6hNHUGyPHF0DA5+3AnxRqGR2ys93JQp/V0AHdrxp
tNqeln1mF+ew/Wv1rVk3u8cQeC8oFa9dF9teVyn7QQ7LPNbWk5/usJYP4pQQ090L
R1b/ZKTvJVkvTn1P68PtBE5UmBMfakPccgBosTvBv6XEdrYraWrYDcGhiGqrvuSa
L7LxHP/8sUmR5n6k83fe/S9PQGTyyTFD8WuaQcRFeDrTPBKSH8zN0yc+HDxAKfZ/
GqD5dDU8z+OrjAMFCPgcJOU3JKlx9C1yK9OIEpsKzCcdICZDZhFcqe/2K/OMGhQZ
KsAl76Y158Pvl8Afy2B7zzfDTfqoGkrBs+C+6V9LytPQ
-----END CERTIFICATE-----