Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/204509-8a32-4b28-97c8-e56e738380de/1/uU_Epbh4k-iNlfIsi_aGVBuYX3E.roa
File:                     uU_Epbh4k-iNlfIsi_aGVBuYX3E.roa (raw, json)
Hash identifier:          oN88HQNaxlS+SnkVrt2tuPqyaZ78GSR116CcNBSWxWg=
Subject key identifier:   B9:4F:C4:A5:B8:78:93:E8:8D:95:F2:2C:8B:F6:86:54:1B:98:5F:71
Certificate issuer:       /CN=429b1cf21d20f8c6f94641e3327e4555e2e41102
Certificate serial:       0198759AFFD01B8D0807B0C510ABE4FF3CC1
Authority key identifier: 42:9B:1C:F2:1D:20:F8:C6:F9:46:41:E3:32:7E:45:55:E2:E4:11:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qpsc8h0g-Mb5RkHjMn5FVeLkEQI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/204509-8a32-4b28-97c8-e56e738380de/1/uU_Epbh4k-iNlfIsi_aGVBuYX3E.roa
Signing time:             Mon 04 Aug 2025 15:02:28 +0000
ROA not before:           Mon 04 Aug 2025 15:02:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        185.8.140.0/24 maxlen: 24
                          185.8.141.0/24 maxlen: 24
                          185.8.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/204509-8a32-4b28-97c8-e56e738380de/1/Qpsc8h0g-Mb5RkHjMn5FVeLkEQI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/204509-8a32-4b28-97c8-e56e738380de/1/Qpsc8h0g-Mb5RkHjMn5FVeLkEQI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qpsc8h0g-Mb5RkHjMn5FVeLkEQI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 09:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:75:9a:ff:d0:1b:8d:08:07:b0:c5:10:ab:e4:ff:3c:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=429b1cf21d20f8c6f94641e3327e4555e2e41102
        Validity
            Not Before: Aug  4 15:02:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b94fc4a5b87893e88d95f22c8bf686541b985f71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:82:64:cd:5d:f2:47:f0:3c:51:df:f0:40:24:
                    33:02:9c:1d:f9:89:e6:38:29:63:0f:78:03:d3:be:
                    03:cd:ea:5c:be:35:be:88:f6:68:6a:e5:41:a2:23:
                    d7:a3:d8:7b:be:3d:ed:35:aa:3c:19:a4:df:ba:67:
                    74:72:41:aa:04:bf:93:ea:ae:71:65:27:08:22:50:
                    9c:b8:5e:68:24:28:e6:0e:66:e9:3c:a4:43:af:9c:
                    87:65:e1:7a:7c:d5:68:b7:72:bb:b5:b2:9c:76:40:
                    42:2a:ee:82:0f:0a:bc:37:75:1d:c5:4e:ae:54:5b:
                    87:ea:3e:72:db:e0:ad:ec:52:c0:33:c7:e1:9d:d2:
                    dc:62:aa:91:32:26:0f:cf:9d:89:fa:a7:7d:aa:4e:
                    41:e2:56:e3:1e:ef:96:08:5e:f5:2b:bd:8c:6c:ce:
                    7c:5a:25:7e:90:37:7b:72:d8:88:f1:9c:76:12:3d:
                    a1:98:80:32:8b:db:03:75:41:1f:4c:aa:a0:d4:bb:
                    a2:c1:f6:db:16:26:69:17:fe:53:e6:0d:a1:06:ab:
                    e7:7f:12:7c:25:b3:6f:70:0f:1e:bd:0e:40:ab:2e:
                    7b:12:2e:cb:ad:70:b0:12:53:7a:0a:b2:6b:13:46:
                    fd:c2:53:ee:7d:e3:1e:3b:a9:ed:48:30:13:f6:c3:
                    14:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:4F:C4:A5:B8:78:93:E8:8D:95:F2:2C:8B:F6:86:54:1B:98:5F:71
            X509v3 Authority Key Identifier:
                keyid:42:9B:1C:F2:1D:20:F8:C6:F9:46:41:E3:32:7E:45:55:E2:E4:11:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qpsc8h0g-Mb5RkHjMn5FVeLkEQI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/204509-8a32-4b28-97c8-e56e738380de/1/uU_Epbh4k-iNlfIsi_aGVBuYX3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/204509-8a32-4b28-97c8-e56e738380de/1/Qpsc8h0g-Mb5RkHjMn5FVeLkEQI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.8.140.0/23
                  185.8.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:68:e0:d0:68:38:5d:d7:57:aa:15:84:ec:bb:9b:0e:52:ad:
         44:d8:db:96:c1:93:41:db:e9:76:ed:26:2c:7d:1f:e0:c7:68:
         80:77:ef:e3:31:18:66:f1:7a:b6:a9:b8:ee:71:40:bc:36:78:
         ae:08:67:e9:00:66:6d:00:71:9a:af:89:c8:6a:50:95:8d:85:
         e8:52:f6:78:ea:49:81:56:f2:d0:44:a9:f8:8a:bd:46:53:48:
         3b:08:e4:8b:7d:9e:75:d7:76:7c:03:e3:b6:49:d0:fb:d6:d0:
         1b:ca:2b:61:62:d5:82:c9:b2:c4:ee:1f:5d:ef:be:02:73:f3:
         48:a6:a6:b2:b1:92:6b:6c:a5:74:77:a4:d0:d6:81:13:d8:4f:
         da:d2:71:25:73:fd:7e:ec:30:ff:43:c4:df:ba:be:91:96:a4:
         67:dd:cc:0f:fa:06:5a:b0:0b:a2:43:a6:fc:f6:5d:cd:fa:00:
         cc:4c:2f:bf:0f:1c:b5:d0:60:ef:07:e9:88:bb:df:f5:09:80:
         eb:a5:40:55:3d:42:3f:2e:07:58:a7:ef:94:a5:c5:32:e7:95:
         61:42:03:be:7f:6f:b1:c8:61:81:78:69:6d:44:52:e4:42:92:
         e0:51:5b:f9:a6:bf:b2:8e:4e:88:02:03:a2:71:44:5f:74:83:
         31:c5:f2:65
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZh1mv/QG40IB7DFEKvk/zzBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOWIxY2YyMWQyMGY4YzZmOTQ2NDFlMzMyN2U0NTU1ZTJl
NDExMDIwHhcNMjUwODA0MTUwMjI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTRmYzRhNWI4Nzg5M2U4OGQ5NWYyMmM4YmY2ODY1NDFiOTg1ZjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIJkzV3yR/A8Ud/wQCQzApwd+Ynm
OCljD3gD074DzepcvjW+iPZoauVBoiPXo9h7vj3tNao8GaTfumd0ckGqBL+T6q5x
ZScIIlCcuF5oJCjmDmbpPKRDr5yHZeF6fNVot3K7tbKcdkBCKu6CDwq8N3UdxU6u
VFuH6j5y2+Ct7FLAM8fhndLcYqqRMiYPz52J+qd9qk5B4lbjHu+WCF71K72MbM58
WiV+kDd7ctiI8Zx2Ej2hmIAyi9sDdUEfTKqg1LuiwfbbFiZpF/5T5g2hBqvnfxJ8
JbNvcA8evQ5Aqy57Ei7LrXCwElN6CrJrE0b9wlPufeMeO6ntSDAT9sMU9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLlPxKW4eJPojZXyLIv2hlQbmF9xMB8GA1UdIwQY
MBaAFEKbHPIdIPjG+UZB4zJ+RVXi5BECMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBzYzhoMGctTWI1UmtIak1uNUZWZUxrRVFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMDQ1MDktOGEzMi00YjI4LTk3Yzgt
ZTU2ZTczODM4MGRlLzEvdVVfRXBiaDRrLWlObGZJc2lfYUdWQnVZWDNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMDQ1MDktOGEzMi00YjI4LTk3YzgtZTU2ZTczODM4MGRl
LzEvUXBzYzhoMGctTWI1UmtIak1uNUZWZUxrRVFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuQiMAwQA
uQiPMA0GCSqGSIb3DQEBCwUAA4IBAQBSaODQaDhd11eqFYTsu5sOUq1E2NuWwZNB
2+l27SYsfR/gx2iAd+/jMRhm8Xq2qbjucUC8NniuCGfpAGZtAHGar4nIalCVjYXo
UvZ46kmBVvLQRKn4ir1GU0g7COSLfZ5113Z8A+O2SdD71tAbyithYtWCybLE7h9d
774Cc/NIpqaysZJrbKV0d6TQ1oET2E/a0nElc/1+7DD/Q8Tfur6RlqRn3cwP+gZa
sAuiQ6b89l3N+gDMTC+/Dxy10GDvB+mIu9/1CYDrpUBVPUI/LgdYp++UpcUy55Vh
QgO+f2+xyGGBeGltRFLkQpLgUVv5pr+yjk6IAgOicURfdIMxxfJl
-----END CERTIFICATE-----