Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/U1SDk5T7p6egxIx1JRfuo7OCdls.roa
File:                     U1SDk5T7p6egxIx1JRfuo7OCdls.roa (raw, json)
Hash identifier:          iyjWX/m6G5Id9Wvaphs/kB6FqhArm6Rvb9cBh2phwZ0=
Subject key identifier:   53:54:83:93:94:FB:A7:A7:A0:C4:8C:75:25:17:EE:A3:B3:82:76:5B
Certificate issuer:       /CN=962bd76a5cac283ece0a0f8eab2c97021401fb89
Certificate serial:       0198E250D4A3B35AB157A21E64BDC7515EEF
Authority key identifier: 96:2B:D7:6A:5C:AC:28:3E:CE:0A:0F:8E:AB:2C:97:02:14:01:FB:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/U1SDk5T7p6egxIx1JRfuo7OCdls.roa
Signing time:             Mon 25 Aug 2025 17:40:04 +0000
ROA not before:           Mon 25 Aug 2025 17:40:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211043
IP address blocks:        85.203.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 17:17:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e2:50:d4:a3:b3:5a:b1:57:a2:1e:64:bd:c7:51:5e:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=962bd76a5cac283ece0a0f8eab2c97021401fb89
        Validity
            Not Before: Aug 25 17:40:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5354839394fba7a7a0c48c752517eea3b382765b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:27:c1:ba:98:86:02:9b:8b:4e:0c:62:ab:ca:
                    67:00:c5:db:5b:7d:b4:5f:ba:71:ee:76:77:f2:a0:
                    db:98:fb:1b:e3:21:98:dc:20:48:1f:b3:1d:89:8c:
                    a7:35:c1:21:92:3e:1b:3a:96:b9:03:58:46:7d:a9:
                    f4:b2:d1:22:5a:36:44:20:5b:76:48:a1:2b:bc:00:
                    a8:8a:d8:e0:3c:bc:dd:b9:17:44:6f:a5:50:ce:07:
                    c8:56:bf:33:ad:b3:78:29:fe:3b:af:ee:95:00:54:
                    6c:cc:09:33:e1:d6:90:5a:05:b0:b0:65:eb:cb:47:
                    3c:4c:9b:a2:b2:92:14:5c:3c:e1:68:d1:d1:fd:cc:
                    94:63:75:99:35:bb:b6:c8:c5:14:3a:9e:7e:b7:ed:
                    e0:4b:3d:d9:b5:e5:20:2c:96:63:7f:d1:6d:88:ad:
                    60:eb:79:3d:ae:6e:2d:b5:d4:2f:c6:2b:19:93:47:
                    3f:46:8b:f7:94:14:a6:3a:e0:cb:ed:7f:d6:d8:f9:
                    fa:bb:95:7f:32:97:3b:e4:75:3e:ce:81:0d:d3:3b:
                    8c:1f:f9:90:d9:88:86:60:b8:00:aa:be:39:59:94:
                    8e:c1:f3:ad:97:93:da:af:66:93:30:08:b4:4c:8d:
                    f1:ad:e6:76:0a:c4:4c:63:c5:75:84:5a:79:ed:57:
                    fe:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:54:83:93:94:FB:A7:A7:A0:C4:8C:75:25:17:EE:A3:B3:82:76:5B
            X509v3 Authority Key Identifier:
                keyid:96:2B:D7:6A:5C:AC:28:3E:CE:0A:0F:8E:AB:2C:97:02:14:01:FB:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/U1SDk5T7p6egxIx1JRfuo7OCdls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:b4:9d:94:b6:8a:a0:9c:5e:7a:de:c9:c1:0b:ac:b3:e5:83:
         4c:fb:28:83:94:5b:70:b1:ab:1e:61:12:a8:af:4b:ab:a7:8b:
         7d:43:51:2b:f2:a7:b3:b8:15:74:10:24:38:eb:94:3c:a4:a9:
         36:49:f1:10:3f:a5:47:7b:dd:2b:f6:98:b1:04:a6:b4:31:3d:
         58:50:fd:ff:11:bc:ae:42:cc:f3:b0:12:e8:33:a1:89:e7:33:
         42:64:46:d4:c4:54:22:00:75:e9:54:ed:f3:d8:27:2e:ba:63:
         96:bd:42:3c:10:53:65:f3:23:ea:46:73:de:2f:bc:0c:8b:b1:
         17:06:b6:1f:70:bb:0f:db:58:0e:4a:7e:a5:f9:10:22:ab:68:
         34:2b:5d:95:66:6b:e2:82:8c:20:b7:63:55:ab:01:58:e0:7e:
         6f:45:c7:46:65:28:47:0a:75:40:a6:33:93:11:0f:61:5c:58:
         ea:a7:cf:39:f5:74:a5:01:fb:5a:1c:de:97:31:02:7a:dd:2d:
         a2:ef:50:eb:62:22:9e:d6:8d:3f:12:f8:48:e7:ae:17:f7:4c:
         91:92:b7:ea:4a:f8:8c:a9:6f:5e:53:fd:88:31:8c:ab:43:fd:
         a4:5f:7b:bc:58:57:77:40:5c:2f:d5:ad:1e:ed:b5:4a:2f:31:
         3c:fe:02:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjiUNSjs1qxV6IeZL3HUV7vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MmJkNzZhNWNhYzI4M2VjZTBhMGY4ZWFiMmM5NzAyMTQw
MWZiODkwHhcNMjUwODI1MTc0MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzU0ODM5Mzk0ZmJhN2E3YTBjNDhjNzUyNTE3ZWVhM2IzODI3NjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSfBupiGApuLTgxiq8pnAMXbW320
X7px7nZ38qDbmPsb4yGY3CBIH7MdiYynNcEhkj4bOpa5A1hGfan0stEiWjZEIFt2
SKErvACoitjgPLzduRdEb6VQzgfIVr8zrbN4Kf47r+6VAFRszAkz4daQWgWwsGXr
y0c8TJuispIUXDzhaNHR/cyUY3WZNbu2yMUUOp5+t+3gSz3ZteUgLJZjf9FtiK1g
63k9rm4ttdQvxisZk0c/Rov3lBSmOuDL7X/W2Pn6u5V/Mpc75HU+zoEN0zuMH/mQ
2YiGYLgAqr45WZSOwfOtl5Par2aTMAi0TI3xreZ2CsRMY8V1hFp57Vf+mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFNUg5OU+6enoMSMdSUX7qOzgnZbMB8GA1UdIwQY
MBaAFJYr12pcrCg+zgoPjqsslwIUAfuJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGl2WGFseXNLRDdPQ2ctT3F5eVhBaFFCLTRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8wNDY0NjAtMTAyYy00OTMwLTg0MmMt
NmFiMTExNTVmNmZiLzEvVTFTRGs1VDdwNmVneEl4MUpSZnVvN09DZGxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8wNDY0NjAtMTAyYy00OTMwLTg0MmMtNmFiMTExNTVmNmZi
LzEvbGl2WGFseXNLRDdPQ2ctT3F5eVhBaFFCLTRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcs0MA0G
CSqGSIb3DQEBCwUAA4IBAQCjtJ2UtoqgnF563snBC6yz5YNM+yiDlFtwsaseYRKo
r0urp4t9Q1Er8qezuBV0ECQ465Q8pKk2SfEQP6VHe90r9pixBKa0MT1YUP3/Ebyu
QszzsBLoM6GJ5zNCZEbUxFQiAHXpVO3z2CcuumOWvUI8EFNl8yPqRnPeL7wMi7EX
BrYfcLsP21gOSn6l+RAiq2g0K12VZmvigowgt2NVqwFY4H5vRcdGZShHCnVApjOT
EQ9hXFjqp8859XSlAftaHN6XMQJ63S2i71DrYiKe1o0/EvhI564X90yRkrfqSviM
qW9eU/2IMYyrQ/2kX3u8WFd3QFwv1a0e7bVKLzE8/gLS
-----END CERTIFICATE-----