Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/cZLUbnXph6px0pIOSmBIdm0mNFY.roa
File:                     cZLUbnXph6px0pIOSmBIdm0mNFY.roa (raw, json)
Hash identifier:          x+tZe4exoMlRIARp1hM14I6q6eMLv7Hjtp7jv8g/fpo=
Subject key identifier:   71:92:D4:6E:75:E9:87:AA:71:D2:92:0E:4A:60:48:76:6D:26:34:56
Certificate issuer:       /CN=962bd76a5cac283ece0a0f8eab2c97021401fb89
Certificate serial:       0198E250D2EFE335610AA9DEC7A9EE7526C8
Authority key identifier: 96:2B:D7:6A:5C:AC:28:3E:CE:0A:0F:8E:AB:2C:97:02:14:01:FB:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/cZLUbnXph6px0pIOSmBIdm0mNFY.roa
Signing time:             Mon 25 Aug 2025 17:40:04 +0000
ROA not before:           Mon 25 Aug 2025 17:40:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32727
IP address blocks:        85.203.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e2:50:d2:ef:e3:35:61:0a:a9:de:c7:a9:ee:75:26:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=962bd76a5cac283ece0a0f8eab2c97021401fb89
        Validity
            Not Before: Aug 25 17:40:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7192d46e75e987aa71d2920e4a6048766d263456
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:86:70:fc:19:24:ac:43:ed:53:b0:1e:b6:79:
                    f1:d2:e9:85:37:be:0d:9b:ab:5a:bb:cb:cf:7c:14:
                    e0:62:bb:78:d0:3f:43:d0:f3:4e:1e:f6:5e:1e:3e:
                    49:b1:91:ea:82:24:8c:bf:85:a8:fa:9c:28:ed:43:
                    c5:a1:9a:cf:ff:40:4b:15:03:39:d1:5f:c9:5a:b6:
                    cd:f5:25:9c:4e:e9:3e:a6:56:69:1c:5e:af:67:39:
                    fa:8c:15:0c:1d:d7:78:6e:12:64:b9:75:f5:c8:bf:
                    d4:db:5e:79:b8:22:03:91:38:6c:89:86:97:93:05:
                    54:74:03:32:92:aa:8e:d4:35:e3:cf:fc:87:e5:51:
                    fa:9d:5c:d5:46:16:23:2f:63:c9:c7:5b:9e:f7:10:
                    f9:94:d6:d2:f4:e3:44:e4:46:99:30:88:21:67:47:
                    a2:2e:b5:1e:65:c0:77:2c:f1:3d:7d:27:7f:f9:ed:
                    b3:cb:07:35:f9:21:7a:12:d8:9a:c6:51:d9:27:79:
                    9e:df:84:63:33:ad:6e:0e:2c:d7:b0:39:bc:3b:ee:
                    65:b6:20:00:fb:53:6e:a9:0b:a2:f2:7d:02:f9:ff:
                    50:3c:40:9d:99:d4:c7:18:f6:24:f5:66:2e:89:00:
                    a4:6b:4b:93:1f:dc:72:93:e4:ea:50:0b:3d:cf:d6:
                    7e:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:92:D4:6E:75:E9:87:AA:71:D2:92:0E:4A:60:48:76:6D:26:34:56
            X509v3 Authority Key Identifier:
                keyid:96:2B:D7:6A:5C:AC:28:3E:CE:0A:0F:8E:AB:2C:97:02:14:01:FB:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/cZLUbnXph6px0pIOSmBIdm0mNFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:8e:20:87:14:95:71:c3:b4:4f:a8:0b:79:ac:b0:a6:12:8b:
         8f:eb:80:32:b3:73:7f:c4:e2:be:bc:d7:e7:e2:0e:9c:b2:2b:
         16:7d:7f:9b:0a:97:15:d4:26:d5:3d:86:e4:fe:bb:f5:73:a4:
         6a:5f:44:32:75:88:8e:b2:6e:ea:7b:f2:7a:5a:43:e2:85:73:
         3e:87:f5:2f:3b:02:28:0a:17:4b:82:46:a3:1e:fa:94:2d:dc:
         6a:83:29:0b:3f:16:95:2b:ff:48:96:c7:4b:a8:61:3e:5f:57:
         f3:f6:e3:da:c7:75:c8:41:78:93:4a:24:26:73:d9:f1:e6:5f:
         87:29:cf:6b:0d:05:d7:c9:69:63:43:1e:b5:47:74:59:30:c5:
         1d:ca:38:aa:9f:4b:01:f1:22:d9:91:cc:3e:f0:78:d0:d9:69:
         9a:54:13:45:30:e5:77:2a:af:a4:10:c0:f4:7e:33:90:c3:6d:
         5d:ba:ad:02:92:52:82:20:21:3b:a9:9d:16:45:cc:39:b7:0c:
         61:b6:bc:77:67:17:48:8b:d5:4f:c6:d8:90:48:8f:df:76:76:
         f8:c9:37:ed:9d:ab:a2:dc:08:47:29:86:c1:85:76:0e:f7:e0:
         5b:a1:35:8f:db:77:e0:c4:c5:83:38:c9:52:f3:09:6d:67:b2:
         ca:08:7e:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjiUNLv4zVhCqnex6nudSbIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MmJkNzZhNWNhYzI4M2VjZTBhMGY4ZWFiMmM5NzAyMTQw
MWZiODkwHhcNMjUwODI1MTc0MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTkyZDQ2ZTc1ZTk4N2FhNzFkMjkyMGU0YTYwNDg3NjZkMjYzNDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYZw/BkkrEPtU7Aetnnx0umFN74N
m6tau8vPfBTgYrt40D9D0PNOHvZeHj5JsZHqgiSMv4Wo+pwo7UPFoZrP/0BLFQM5
0V/JWrbN9SWcTuk+plZpHF6vZzn6jBUMHdd4bhJkuXX1yL/U2155uCIDkThsiYaX
kwVUdAMykqqO1DXjz/yH5VH6nVzVRhYjL2PJx1ue9xD5lNbS9ONE5EaZMIghZ0ei
LrUeZcB3LPE9fSd/+e2zywc1+SF6EtiaxlHZJ3me34RjM61uDizXsDm8O+5ltiAA
+1NuqQui8n0C+f9QPECdmdTHGPYk9WYuiQCka0uTH9xyk+TqUAs9z9Z+RwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHGS1G516YeqcdKSDkpgSHZtJjRWMB8GA1UdIwQY
MBaAFJYr12pcrCg+zgoPjqsslwIUAfuJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGl2WGFseXNLRDdPQ2ctT3F5eVhBaFFCLTRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8wNDY0NjAtMTAyYy00OTMwLTg0MmMt
NmFiMTExNTVmNmZiLzEvY1pMVWJuWHBoNnB4MHBJT1NtQklkbTBtTkZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8wNDY0NjAtMTAyYy00OTMwLTg0MmMtNmFiMTExNTVmNmZi
LzEvbGl2WGFseXNLRDdPQ2ctT3F5eVhBaFFCLTRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcs2MA0G
CSqGSIb3DQEBCwUAA4IBAQAQjiCHFJVxw7RPqAt5rLCmEouP64Ays3N/xOK+vNfn
4g6csisWfX+bCpcV1CbVPYbk/rv1c6RqX0QydYiOsm7qe/J6WkPihXM+h/UvOwIo
ChdLgkajHvqULdxqgykLPxaVK/9IlsdLqGE+X1fz9uPax3XIQXiTSiQmc9nx5l+H
Kc9rDQXXyWljQx61R3RZMMUdyjiqn0sB8SLZkcw+8HjQ2WmaVBNFMOV3Kq+kEMD0
fjOQw21duq0CklKCICE7qZ0WRcw5twxhtrx3ZxdIi9VPxtiQSI/fdnb4yTftnaui
3AhHKYbBhXYO9+BboTWP23fgxMWDOMlS8wltZ7LKCH5u
-----END CERTIFICATE-----