Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/mPHUXJDW583E2vAwkv2iL3m79GU.roa
File:                     mPHUXJDW583E2vAwkv2iL3m79GU.roa (raw, json)
Hash identifier:          3qcXCiOlm1axfBu5hIRkCTlR8vnI9rxhlxjIiv6/uxo=
Subject key identifier:   98:F1:D4:5C:90:D6:E7:CD:C4:DA:F0:30:92:FD:A2:2F:79:BB:F4:65
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       01994E3BF33D9E7E37596BB8E648A39C4210
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/mPHUXJDW583E2vAwkv2iL3m79GU.roa
Signing time:             Mon 15 Sep 2025 16:36:15 +0000
ROA not before:           Mon 15 Sep 2025 16:36:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        85.208.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 20:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4e:3b:f3:3d:9e:7e:37:59:6b:b8:e6:48:a3:9c:42:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Sep 15 16:36:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98f1d45c90d6e7cdc4daf03092fda22f79bbf465
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:2d:1d:a5:57:b3:6c:36:dd:b0:af:5a:58:b3:
                    51:21:9a:0c:87:dd:73:dc:86:22:41:72:0e:d7:86:
                    ee:ae:03:5c:b8:6a:51:2d:4c:4a:3a:d9:d4:53:4b:
                    8c:22:7e:fd:2a:cf:9c:e2:26:6a:b3:8c:e5:52:64:
                    f3:33:91:cc:34:20:07:0b:00:93:ab:7c:aa:a7:05:
                    d1:1a:21:91:b2:30:a3:0d:a7:74:6e:9e:1a:ce:f7:
                    cc:82:e0:5d:a5:6b:38:65:10:71:1a:13:f2:b6:21:
                    dc:43:48:b6:fb:d9:92:1d:b7:6b:0b:98:fe:a9:49:
                    58:1c:8e:45:1a:a5:1b:00:ff:1b:7c:e5:35:80:15:
                    89:14:e4:9e:45:ae:f6:de:e0:73:6e:73:83:54:bb:
                    78:ba:1e:8c:23:73:5b:de:fa:9c:d1:02:11:7b:ba:
                    c9:71:c0:fa:76:b6:1d:e9:63:c9:44:59:14:5e:fc:
                    7a:7d:71:a7:a4:c4:43:15:b8:8b:7c:c2:54:4a:87:
                    3a:f3:3b:9a:c6:88:bb:18:04:52:cf:95:c3:7f:3e:
                    9d:5e:56:e9:cf:80:8c:8d:54:32:23:a8:82:87:f4:
                    4b:e1:ed:df:f9:5d:13:c9:0b:45:a0:36:d5:d8:f5:
                    c5:a9:a8:3e:f5:54:2a:da:38:15:b7:2d:59:ee:77:
                    ba:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:F1:D4:5C:90:D6:E7:CD:C4:DA:F0:30:92:FD:A2:2F:79:BB:F4:65
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/mPHUXJDW583E2vAwkv2iL3m79GU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:f9:a7:a2:7b:d1:d0:6d:8d:80:08:fd:5e:08:02:74:f5:a6:
         c9:1c:e4:9f:71:13:8d:07:ea:3e:d3:25:37:4f:77:49:a9:fc:
         a9:fa:55:c4:69:b0:86:e9:e6:45:7d:34:b5:3e:07:5d:75:1a:
         db:13:33:d0:40:71:57:e7:4b:f0:5c:a6:66:19:19:31:95:06:
         93:ae:8d:cc:cb:b8:9a:60:ba:c8:cf:88:78:21:03:43:17:1c:
         d8:14:e4:de:70:a0:fc:92:b0:84:41:61:33:3e:a4:5a:f9:e2:
         3b:4b:41:94:af:4f:c0:81:6d:67:e8:9b:55:2a:ba:d7:5a:88:
         43:10:29:bc:49:8b:18:9f:04:5b:5c:33:b3:82:62:cb:93:95:
         5e:a6:fc:a3:af:86:ba:18:5b:33:f3:e2:3c:62:ea:4d:5e:15:
         9e:fe:87:8f:42:50:a7:e5:50:f3:1f:0f:98:aa:86:dc:1e:a3:
         a6:c4:0f:df:23:2e:53:35:94:11:45:d1:d3:75:25:33:5f:c5:
         34:7e:9b:cd:fd:fa:00:ba:d5:ab:39:47:11:6e:28:4b:46:2b:
         61:01:7e:aa:5e:d5:c2:e1:8f:fa:b2:de:02:e2:a4:6e:29:ba:
         93:73:f4:66:f1:33:39:57:41:46:5b:3a:0a:de:3e:1a:73:5f:
         9c:e8:38:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlOO/M9nn43WWu45kijnEIQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUwOTE1MTYzNjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGYxZDQ1YzkwZDZlN2NkYzRkYWYwMzA5MmZkYTIyZjc5YmJmNDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnS0dpVezbDbdsK9aWLNRIZoMh91z
3IYiQXIO14burgNcuGpRLUxKOtnUU0uMIn79Ks+c4iZqs4zlUmTzM5HMNCAHCwCT
q3yqpwXRGiGRsjCjDad0bp4azvfMguBdpWs4ZRBxGhPytiHcQ0i2+9mSHbdrC5j+
qUlYHI5FGqUbAP8bfOU1gBWJFOSeRa723uBzbnODVLt4uh6MI3Nb3vqc0QIRe7rJ
ccD6drYd6WPJRFkUXvx6fXGnpMRDFbiLfMJUSoc68zuaxoi7GARSz5XDfz6dXlbp
z4CMjVQyI6iCh/RL4e3f+V0TyQtFoDbV2PXFqag+9VQq2jgVty1Z7ne64wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJjx1FyQ1ufNxNrwMJL9oi95u/RlMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvbVBIVVhKRFc1ODNFMnZBd2t2MmlMM203OUdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdBwMA0G
CSqGSIb3DQEBCwUAA4IBAQDG+aeie9HQbY2ACP1eCAJ09abJHOSfcRONB+o+0yU3
T3dJqfyp+lXEabCG6eZFfTS1PgdddRrbEzPQQHFX50vwXKZmGRkxlQaTro3My7ia
YLrIz4h4IQNDFxzYFOTecKD8krCEQWEzPqRa+eI7S0GUr0/AgW1n6JtVKrrXWohD
ECm8SYsYnwRbXDOzgmLLk5Vepvyjr4a6GFsz8+I8YupNXhWe/oePQlCn5VDzHw+Y
qobcHqOmxA/fIy5TNZQRRdHTdSUzX8U0fpvN/foAutWrOUcRbihLRithAX6qXtXC
4Y/6st4C4qRuKbqTc/Rm8TM5V0FGWzoK3j4ac1+c6Dgc
-----END CERTIFICATE-----