Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/uSGbtJMHWJutuA9vH1gOdS7S0eU.roa
File:                     uSGbtJMHWJutuA9vH1gOdS7S0eU.roa (raw, json)
Hash identifier:          5PlDy2Du9IlJ8ehfUSZu1672c585XBGDNCL6o97TiWA=
Subject key identifier:   B9:21:9B:B4:93:07:58:9B:AD:B8:0F:6F:1F:58:0E:75:2E:D2:D1:E5
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       019933EADB89DBCCD2EBC3CC88D983DA44AB
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/uSGbtJMHWJutuA9vH1gOdS7S0eU.roa
Signing time:             Wed 10 Sep 2025 13:57:33 +0000
ROA not before:           Wed 10 Sep 2025 13:57:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        81.22.142.0/23 maxlen: 24
                          89.185.0.0/22 maxlen: 22
                          109.72.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 21:38:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:33:ea:db:89:db:cc:d2:eb:c3:cc:88:d9:83:da:44:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Sep 10 13:57:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b9219bb49307589badb80f6f1f580e752ed2d1e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f4:8d:3c:66:ea:c1:f3:9b:08:ed:67:a8:ba:
                    c5:3d:3f:b6:97:fb:85:1f:c2:c5:2e:96:3f:dc:07:
                    e6:f4:cc:99:cc:7d:25:27:91:a4:97:a4:80:5c:3c:
                    d6:a8:bb:a7:cb:13:f8:7e:be:17:e9:be:75:c2:d7:
                    3f:ae:a0:60:79:b3:fc:c4:c9:57:91:4c:b8:c8:d8:
                    b2:1f:f4:b5:b6:9c:5a:5d:d2:69:04:8a:c0:4f:5b:
                    44:14:c7:83:03:8f:84:40:29:36:8b:30:8b:48:34:
                    f1:60:fa:23:58:7b:ad:36:ac:4a:1c:fb:7e:3d:26:
                    d5:93:72:4c:a1:5b:81:ac:9f:67:53:46:e8:3b:b2:
                    22:f6:94:a2:8b:1e:b9:f0:d5:a5:15:64:7b:27:90:
                    25:94:f6:05:f7:41:d5:c0:94:2c:fb:c6:40:c8:fe:
                    5f:0a:8a:2f:5b:35:7f:1c:ce:53:01:f7:c4:6f:2e:
                    76:18:5e:8c:b9:92:8b:02:3e:fa:d9:c2:63:10:37:
                    a1:02:15:13:ce:1a:74:c3:d5:02:ca:8d:53:52:33:
                    09:bc:87:28:5d:05:32:2f:c0:ec:9b:8f:f8:5a:60:
                    e4:95:37:df:f2:a4:ad:11:96:4e:85:9f:69:ba:a1:
                    55:79:88:c8:5b:fa:f4:95:23:94:19:39:04:4a:7d:
                    98:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:21:9B:B4:93:07:58:9B:AD:B8:0F:6F:1F:58:0E:75:2E:D2:D1:E5
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/uSGbtJMHWJutuA9vH1gOdS7S0eU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.142.0/23
                  89.185.0.0/22
                  109.72.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:93:4f:c2:c3:1e:0c:29:88:ed:d3:a2:f2:d3:e6:1c:d7:0d:
         dd:5f:cf:80:7c:b6:57:d7:ea:3c:e1:28:ca:26:90:b4:57:86:
         cf:19:29:66:d9:75:f6:bc:3a:37:62:ea:b9:e3:ca:7a:57:9c:
         cc:7a:0e:8d:c4:d2:02:aa:69:fb:25:9d:37:a8:ad:f0:67:57:
         24:1e:04:dc:11:f9:18:e5:d8:66:af:ad:bb:08:e1:98:46:de:
         6f:45:2c:b4:4e:96:90:ed:8b:09:92:98:cc:32:c3:1f:57:9a:
         e3:29:29:91:a3:9f:ed:4b:28:b6:f1:cd:e1:6b:d5:2c:c4:7e:
         e8:34:d2:64:ae:ac:ec:d0:5c:98:2f:5a:cd:a2:5d:35:e3:a4:
         29:d4:10:92:c4:62:ad:a6:59:ab:7f:d7:97:aa:01:c4:2a:3b:
         8c:1c:e5:30:d5:6c:58:39:24:83:7f:3c:21:b3:89:2c:94:5d:
         f8:4d:43:e6:45:36:26:fb:c6:0a:84:5b:fa:b1:6f:96:eb:3c:
         a8:c5:4b:34:34:63:96:02:f4:37:11:a3:20:39:4e:d2:23:7e:
         66:c9:20:da:d5:e3:26:3d:41:5a:0e:0f:2a:a7:52:dd:d5:92:
         d8:59:f0:39:fd:d0:92:ff:62:03:a4:4c:13:ae:97:20:ea:8c:
         ef:ea:97:2f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZkz6tuJ28zS68PMiNmD2kSrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjUwOTEwMTM1NzMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTIxOWJiNDkzMDc1ODliYWRiODBmNmYxZjU4MGU3NTJlZDJkMWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvSNPGbqwfObCO1nqLrFPT+2l/uF
H8LFLpY/3Afm9MyZzH0lJ5Gkl6SAXDzWqLunyxP4fr4X6b51wtc/rqBgebP8xMlX
kUy4yNiyH/S1tpxaXdJpBIrAT1tEFMeDA4+EQCk2izCLSDTxYPojWHutNqxKHPt+
PSbVk3JMoVuBrJ9nU0boO7Ii9pSiix658NWlFWR7J5AllPYF90HVwJQs+8ZAyP5f
CoovWzV/HM5TAffEby52GF6MuZKLAj762cJjEDehAhUTzhp0w9UCyo1TUjMJvIco
XQUyL8Dsm4/4WmDklTff8qStEZZOhZ9puqFVeYjIW/r0lSOUGTkESn2Y6wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLkhm7STB1ibrbgPbx9YDnUu0tHlMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvdVNHYnRKTUhXSnV0dUE5dkgxZ09kUzdTMGVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBURaOAwQC
WbkAAwQCbUh0MA0GCSqGSIb3DQEBCwUAA4IBAQBsk0/Cwx4MKYjt06Ly0+Yc1w3d
X8+AfLZX1+o84SjKJpC0V4bPGSlm2XX2vDo3Yuq548p6V5zMeg6NxNICqmn7JZ03
qK3wZ1ckHgTcEfkY5dhmr627COGYRt5vRSy0TpaQ7YsJkpjMMsMfV5rjKSmRo5/t
Syi28c3ha9UsxH7oNNJkrqzs0FyYL1rNol0146Qp1BCSxGKtplmrf9eXqgHEKjuM
HOUw1WxYOSSDfzwhs4kslF34TUPmRTYm+8YKhFv6sW+W6zyoxUs0NGOWAvQ3EaMg
OU7SI35mySDa1eMmPUFaDg8qp1Ld1ZLYWfA5/dCS/2IDpEwTrpcg6ozv6pcv
-----END CERTIFICATE-----