Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/SZi8p51yfly3J4tGsTsZp2DJtPM.roa
File:                     SZi8p51yfly3J4tGsTsZp2DJtPM.roa (raw, json)
Hash identifier:          JWm9X55nJTghqQNNbmfRpavH4hOvegAvI5A0Qvy4qPk=
Subject key identifier:   49:98:BC:A7:9D:72:7E:5C:B7:27:8B:46:B1:3B:19:A7:60:C9:B4:F3
Certificate issuer:       /CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
Certificate serial:       019912BB88F4B3E04E79B0B5C2A53D0BBB02
Authority key identifier: 2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/SZi8p51yfly3J4tGsTsZp2DJtPM.roa
Signing time:             Thu 04 Sep 2025 03:18:24 +0000
ROA not before:           Thu 04 Sep 2025 03:18:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.14.237.0/24 maxlen: 24
                          185.14.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 04:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:12:bb:88:f4:b3:e0:4e:79:b0:b5:c2:a5:3d:0b:bb:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
        Validity
            Not Before: Sep  4 03:18:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4998bca79d727e5cb7278b46b13b19a760c9b4f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:10:ec:b3:b7:20:a0:0d:85:b6:b2:3e:6c:c6:
                    32:69:cb:14:66:94:1c:e4:28:17:3e:bd:f4:d8:e7:
                    fa:c1:51:c2:64:5a:00:dd:d0:50:b5:94:1e:82:d5:
                    de:8e:d4:2e:92:f8:e3:1a:54:3c:12:8a:9c:b4:64:
                    86:a9:1e:f8:e6:c2:ea:e0:d9:f8:d8:8d:de:f1:70:
                    56:09:0d:8b:9a:a7:7f:e9:67:49:6d:ed:45:12:15:
                    73:eb:3d:c1:d0:60:ab:25:05:54:1f:9f:93:af:c2:
                    e4:6b:1d:4d:05:08:0a:7e:69:1d:3d:fb:ce:1c:3b:
                    fd:d4:9d:60:d2:67:ee:a9:56:2d:a0:67:60:74:1d:
                    2d:5a:f6:d7:72:28:7f:06:62:78:dc:7d:d6:76:64:
                    45:85:06:a3:c9:88:f9:4e:14:25:a1:53:05:11:c0:
                    03:21:35:ea:0c:94:f9:76:fb:30:3e:9d:fe:70:70:
                    c7:13:73:b8:bc:38:c0:57:ee:75:2d:8e:f0:35:b4:
                    68:c8:57:90:b3:54:82:70:0a:e9:e9:3c:e1:b1:f2:
                    03:97:d3:5e:2b:e2:a8:78:77:bd:0b:39:c1:65:cb:
                    70:d5:01:d8:86:5c:3f:c3:25:9d:ff:6b:cc:d5:2c:
                    7b:d1:1b:5b:8f:a7:bb:c6:f6:56:2d:88:68:26:fe:
                    2e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:98:BC:A7:9D:72:7E:5C:B7:27:8B:46:B1:3B:19:A7:60:C9:B4:F3
            X509v3 Authority Key Identifier:
                keyid:2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/SZi8p51yfly3J4tGsTsZp2DJtPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.237.0/24
                  185.14.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:82:c9:8d:37:b9:55:9b:4f:24:c5:1b:60:e6:f6:c2:36:dc:
         d2:6d:09:dc:80:12:7d:7d:58:3a:49:70:5a:90:ac:a8:bb:bc:
         c9:50:e3:af:7c:82:25:6c:82:93:0e:0f:0d:e8:b6:2a:bd:e3:
         a4:b9:bc:f7:4b:a3:d3:50:09:a4:b2:7e:3a:98:c7:a8:04:fc:
         cd:68:32:22:93:b7:1b:9c:9e:bc:eb:d2:e5:1d:99:a5:1f:b0:
         9e:cf:bc:ae:d4:59:de:79:aa:e3:dd:1d:a8:51:6d:77:7d:c6:
         ae:7f:48:59:8d:0c:8d:b0:e4:30:60:76:47:26:fa:36:da:91:
         31:90:d7:72:5c:45:d3:77:e3:50:a9:72:89:18:52:c5:99:3f:
         d4:58:3c:94:13:44:61:c5:95:5c:66:df:07:18:7b:de:13:c1:
         d8:0b:b0:66:7e:79:1a:87:da:ab:29:79:f7:9c:b7:5f:1c:4a:
         c3:e3:70:31:12:a5:12:7d:a5:3b:ce:25:e4:e1:95:2f:fc:f1:
         07:79:1c:be:00:b4:00:1a:15:b0:b2:fa:8d:fa:07:6e:4e:ed:
         2b:f3:43:6c:c2:99:cf:16:bb:26:93:af:9f:14:00:bb:e7:7a:
         73:47:d0:a8:eb:c3:b0:3e:cc:65:e3:e6:d5:bb:ed:69:1b:0f:
         fe:c5:59:18
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkSu4j0s+BOebC1wqU9C7sCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkYzgxZDI0YzQ1ZGRhYTM0NWY5MDY0ZGUyOWZiY2E3YjEy
OWE1MmMwHhcNMjUwOTA0MDMxODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTk4YmNhNzlkNzI3ZTVjYjcyNzhiNDZiMTNiMTlhNzYwYzliNGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhDss7cgoA2FtrI+bMYyacsUZpQc
5CgXPr302Of6wVHCZFoA3dBQtZQegtXejtQukvjjGlQ8EoqctGSGqR745sLq4Nn4
2I3e8XBWCQ2Lmqd/6WdJbe1FEhVz6z3B0GCrJQVUH5+Tr8Lkax1NBQgKfmkdPfvO
HDv91J1g0mfuqVYtoGdgdB0tWvbXcih/BmJ43H3WdmRFhQajyYj5ThQloVMFEcAD
ITXqDJT5dvswPp3+cHDHE3O4vDjAV+51LY7wNbRoyFeQs1SCcArp6TzhsfIDl9Ne
K+KoeHe9CznBZctw1QHYhlw/wyWd/2vM1Sx70Rtbj6e7xvZWLYhoJv4uFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEmYvKedcn5ctyeLRrE7GadgybTzMB8GA1UdIwQY
MBaAFC3IHSTEXdqjRfkGTeKfvKexKaUsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDkt
MmZjYzBiNzQ5YjMyLzEvU1ppOHA1MXlmbHkzSjR0R3NUc1pwMkRKdFBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDktMmZjYzBiNzQ5YjMy
LzEvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuQ7tAwQA
uQ7vMA0GCSqGSIb3DQEBCwUAA4IBAQB8gsmNN7lVm08kxRtg5vbCNtzSbQncgBJ9
fVg6SXBakKyou7zJUOOvfIIlbIKTDg8N6LYqveOkubz3S6PTUAmksn46mMeoBPzN
aDIik7cbnJ6869LlHZmlH7Cez7yu1Fneearj3R2oUW13fcauf0hZjQyNsOQwYHZH
Jvo22pExkNdyXEXTd+NQqXKJGFLFmT/UWDyUE0RhxZVcZt8HGHveE8HYC7Bmfnka
h9qrKXn3nLdfHErD43AxEqUSfaU7ziXk4ZUv/PEHeRy+ALQAGhWwsvqN+gduTu0r
80NswpnPFrsmk6+fFAC753pzR9Co68OwPsxl4+bVu+1pGw/+xVkY
-----END CERTIFICATE-----