Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/UyMnXCzERFHuMfG9nOWN2JfyXW8.roa
File:                     UyMnXCzERFHuMfG9nOWN2JfyXW8.roa (raw, json)
Hash identifier:          EQ7hm2P0BQiEP7hNsHxFIlwQPko0e6zROHrzHeJDMiU=
Subject key identifier:   53:23:27:5C:2C:C4:44:51:EE:31:F1:BD:9C:E5:8D:D8:97:F2:5D:6F
Certificate issuer:       /CN=55fad96dd05af8c2d26192c841131f2f97459fed
Certificate serial:       019904865477AEFF12E5B7E7FDCB2CC0C503
Authority key identifier: 55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/UyMnXCzERFHuMfG9nOWN2JfyXW8.roa
Signing time:             Mon 01 Sep 2025 09:05:36 +0000
ROA not before:           Mon 01 Sep 2025 09:05:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203008
IP address blocks:        185.175.95.0/24 maxlen: 24
                          2a0e:3302::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:04:86:54:77:ae:ff:12:e5:b7:e7:fd:cb:2c:c0:c5:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55fad96dd05af8c2d26192c841131f2f97459fed
        Validity
            Not Before: Sep  1 09:05:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5323275c2cc44451ee31f1bd9ce58dd897f25d6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f6:1d:34:44:78:a8:f6:9a:0c:75:58:44:5c:
                    d8:20:01:53:16:d7:f0:4e:cb:78:70:2e:e9:1f:ca:
                    b0:8e:db:4d:79:9d:43:7f:8a:86:0e:c9:67:80:0c:
                    30:0d:12:d9:06:9d:ce:31:ab:c5:06:04:04:22:a0:
                    0a:24:d2:07:12:aa:91:c8:73:5b:36:d3:1c:c6:67:
                    54:d9:d7:50:16:9a:a5:0e:69:6c:2f:59:6d:58:be:
                    e5:73:0c:45:d4:fb:c0:2c:1b:3c:95:da:69:e8:8b:
                    8e:3e:12:9a:85:84:82:33:2e:37:60:1a:c5:89:6b:
                    46:df:da:94:31:ba:28:54:84:21:ae:d5:46:f6:e4:
                    01:32:64:8e:fa:c5:ac:9a:0a:b4:d9:cb:56:4e:0a:
                    90:0f:2c:75:50:a8:f8:61:0b:69:31:7d:09:37:66:
                    12:1a:d8:3b:02:12:73:d5:e6:86:00:19:42:d1:19:
                    ea:2e:a7:46:3b:b6:0f:8c:79:08:9f:f0:24:1b:e3:
                    a9:e6:73:01:02:3d:c0:08:d2:c2:a9:c4:fc:b1:0a:
                    80:d8:48:12:93:4a:e6:90:92:3b:17:e2:f6:de:ad:
                    5d:ea:15:96:df:80:70:e4:9c:fd:e3:a4:63:61:5d:
                    cd:e6:8d:51:c4:09:a8:fa:87:a2:41:99:68:33:81:
                    25:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:23:27:5C:2C:C4:44:51:EE:31:F1:BD:9C:E5:8D:D8:97:F2:5D:6F
            X509v3 Authority Key Identifier:
                keyid:55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/UyMnXCzERFHuMfG9nOWN2JfyXW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.175.95.0/24
                IPv6:
                  2a0e:3302::/32

    Signature Algorithm: sha256WithRSAEncryption
         8a:92:a2:63:d9:5d:c2:f3:2d:33:6e:71:68:1d:8e:b3:be:dc:
         4d:04:c4:89:5b:8a:e5:36:d6:98:0c:3c:c4:84:dc:6a:d7:01:
         34:bc:e7:9e:79:de:d4:56:d7:d7:19:dd:44:4a:59:dc:e4:50:
         e3:25:d9:d1:76:66:af:3a:16:d6:a1:60:02:65:87:bc:de:e6:
         d7:bc:2d:36:f6:95:52:02:8e:aa:dc:4b:6f:b7:ef:4f:1c:f5:
         07:e6:a7:c4:8f:43:6f:24:dd:30:15:67:37:48:b5:ed:bf:3b:
         d0:40:69:93:97:6e:e1:bb:22:81:ec:7c:ab:7d:70:16:c8:05:
         60:9f:ec:5d:c0:9e:5e:1f:4f:73:16:c8:4c:61:5b:5d:68:97:
         3d:c3:64:df:78:7a:5d:64:e3:02:1f:30:5f:d6:42:a2:1e:ef:
         8c:2b:07:44:a4:b1:a4:ec:bb:33:8f:5b:96:bd:ef:0d:04:05:
         e0:ca:6d:40:3d:82:0b:79:00:f1:3d:4f:10:f0:f8:74:d8:b9:
         d1:62:f7:9b:9f:a6:c2:41:21:e5:7c:68:02:16:cd:72:55:5e:
         8a:46:8c:b8:80:86:54:9b:ef:f1:40:80:a2:c6:8c:69:e0:d3:
         a2:ee:16:d0:26:44:52:bd:b7:24:e3:0d:8d:11:8c:9f:23:9a:
         fd:4a:9d:21
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZkEhlR3rv8S5bfn/csswMUDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ZmFkOTZkZDA1YWY4YzJkMjYxOTJjODQxMTMxZjJmOTc0
NTlmZWQwHhcNMjUwOTAxMDkwNTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzIzMjc1YzJjYzQ0NDUxZWUzMWYxYmQ5Y2U1OGRkODk3ZjI1ZDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvYdNER4qPaaDHVYRFzYIAFTFtfw
Tst4cC7pH8qwjttNeZ1Df4qGDslngAwwDRLZBp3OMavFBgQEIqAKJNIHEqqRyHNb
NtMcxmdU2ddQFpqlDmlsL1ltWL7lcwxF1PvALBs8ldpp6IuOPhKahYSCMy43YBrF
iWtG39qUMbooVIQhrtVG9uQBMmSO+sWsmgq02ctWTgqQDyx1UKj4YQtpMX0JN2YS
Gtg7AhJz1eaGABlC0RnqLqdGO7YPjHkIn/AkG+Op5nMBAj3ACNLCqcT8sQqA2EgS
k0rmkJI7F+L23q1d6hWW34Bw5Jz946RjYV3N5o1RxAmo+oeiQZloM4ElkQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFMjJ1wsxERR7jHxvZzljdiX8l1vMB8GA1UdIwQY
MBaAFFX62W3QWvjC0mGSyEETHy+XRZ/tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAt
MzBmZjJjODNmMDAxLzEvVXlNblhDekVSRkh1TWZHOW5PV04ySmZ5WFc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAtMzBmZjJjODNmMDAx
LzEvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAua9fMA0E
AgACMAcDBQAqDjMCMA0GCSqGSIb3DQEBCwUAA4IBAQCKkqJj2V3C8y0zbnFoHY6z
vtxNBMSJW4rlNtaYDDzEhNxq1wE0vOeeed7UVtfXGd1ESlnc5FDjJdnRdmavOhbW
oWACZYe83ubXvC029pVSAo6q3Etvt+9PHPUH5qfEj0NvJN0wFWc3SLXtvzvQQGmT
l27huyKB7HyrfXAWyAVgn+xdwJ5eH09zFshMYVtdaJc9w2TfeHpdZOMCHzBf1kKi
Hu+MKwdEpLGk7Lszj1uWve8NBAXgym1APYILeQDxPU8Q8Ph02LnRYvebn6bCQSHl
fGgCFs1yVV6KRoy4gIZUm+/xQICixoxp4NOi7hbQJkRSvbck4w2NEYyfI5r9Sp0h
-----END CERTIFICATE-----