Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/2QUhVLq-qunSYiDYRxwfyOTts9A.roa
File:                     2QUhVLq-qunSYiDYRxwfyOTts9A.roa (raw, json)
Hash identifier:          D1zUxpfKGnv1SlGyahBlg+dIothtUOjyZqIRX/Nsk/U=
Subject key identifier:   D9:05:21:54:BA:BE:AA:E9:D2:62:20:D8:47:1C:1F:C8:E4:ED:B3:D0
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       0197581A741A831C49AD6487CB61B82D362D
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/2QUhVLq-qunSYiDYRxwfyOTts9A.roa
Signing time:             Tue 10 Jun 2025 04:30:18 +0000
ROA not before:           Tue 10 Jun 2025 04:30:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12978
IP address blocks:        85.153.160.0/24 maxlen: 24
                          85.153.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 16:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:58:1a:74:1a:83:1c:49:ad:64:87:cb:61:b8:2d:36:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jun 10 04:30:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9052154babeaae9d26220d8471c1fc8e4edb3d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:18:9a:ec:8e:b6:3b:14:87:f6:8a:09:56:d5:
                    e8:48:b4:67:b7:ef:2c:bc:1a:df:b4:49:e2:dd:21:
                    ff:7e:82:ea:57:cd:66:a9:f8:47:4d:fb:e0:21:bc:
                    62:92:13:6c:27:a2:01:ac:81:26:60:5b:82:27:88:
                    b4:b8:18:30:fa:38:4a:0f:17:1e:80:7f:6b:19:19:
                    02:6c:cc:3e:09:1e:b1:18:14:56:fa:47:2e:ea:60:
                    89:85:86:c4:1b:a5:90:4c:c8:3b:43:45:2d:da:84:
                    c4:b1:1d:fd:96:74:80:7f:d4:7e:5b:58:94:a0:d6:
                    e0:cd:10:5b:28:88:19:95:3b:eb:4f:51:8b:cc:c6:
                    fa:81:78:ad:a8:43:4b:8d:dc:27:03:7a:f1:e9:30:
                    2e:92:c1:44:43:52:a0:e2:ea:ee:9d:95:26:fa:ea:
                    b7:8f:91:34:51:1d:f3:af:62:ad:3e:23:dc:57:c1:
                    ba:7f:da:86:b6:91:3a:52:85:75:56:7a:89:aa:55:
                    4b:2f:78:36:f3:25:e4:be:42:c9:82:1f:a4:5b:4c:
                    da:92:6e:f1:19:5b:f0:6b:c7:f7:47:fb:b9:e7:81:
                    b3:35:a1:de:30:8a:f9:b2:db:da:c0:8b:0b:cc:6b:
                    01:7a:65:38:00:c9:d2:e0:35:27:2f:36:88:77:d8:
                    10:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:05:21:54:BA:BE:AA:E9:D2:62:20:D8:47:1C:1F:C8:E4:ED:B3:D0
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/2QUhVLq-qunSYiDYRxwfyOTts9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.153.160.0/24
                  85.153.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:fe:4c:43:21:bd:00:2f:42:c2:2d:87:4a:9e:a2:6a:f2:cb:
         c0:66:55:ed:ec:52:2f:35:71:5c:fe:a4:61:25:49:0a:39:a7:
         46:94:32:21:7a:d3:ba:b0:6f:f9:cd:a0:37:60:45:07:56:59:
         42:b6:86:56:61:3a:7a:e7:c3:f8:91:a0:d5:22:8d:37:aa:23:
         7b:30:41:58:56:6f:4e:14:6e:d8:fc:7b:eb:a3:a6:d6:f6:55:
         d4:94:10:9d:d2:a7:19:c3:e1:44:25:f1:8e:94:bf:34:f9:99:
         cb:de:b0:b8:c5:5c:e1:4a:19:21:eb:6a:98:a7:73:1b:39:8b:
         c0:bc:20:d1:4b:44:99:a5:6e:70:60:5d:71:fd:bb:7e:de:e6:
         72:13:66:89:ba:f9:11:29:3e:22:b7:da:52:c2:30:b0:19:da:
         91:fd:2e:00:1a:b3:6b:53:97:22:6e:b2:3d:e9:8a:f8:5a:21:
         b5:a8:ce:ae:7e:07:d0:cb:94:b6:6a:1a:5c:fb:78:b2:b2:74:
         5a:87:de:71:3d:c7:2b:40:3f:c5:f9:f7:d2:06:60:aa:73:56:
         6f:ae:f6:56:47:de:9f:fd:75:60:6d:c0:43:fd:c9:26:76:17:
         1f:68:83:14:08:c5:24:78:6c:ea:81:12:dc:0e:5a:9a:a2:74:
         11:42:1f:78
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdYGnQagxxJrWSHy2G4LTYtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwNjEwMDQzMDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTA1MjE1NGJhYmVhYWU5ZDI2MjIwZDg0NzFjMWZjOGU0ZWRiM2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Bia7I62OxSH9ooJVtXoSLRnt+8s
vBrftEni3SH/foLqV81mqfhHTfvgIbxikhNsJ6IBrIEmYFuCJ4i0uBgw+jhKDxce
gH9rGRkCbMw+CR6xGBRW+kcu6mCJhYbEG6WQTMg7Q0Ut2oTEsR39lnSAf9R+W1iU
oNbgzRBbKIgZlTvrT1GLzMb6gXitqENLjdwnA3rx6TAuksFEQ1Kg4urunZUm+uq3
j5E0UR3zr2KtPiPcV8G6f9qGtpE6UoV1VnqJqlVLL3g28yXkvkLJgh+kW0zakm7x
GVvwa8f3R/u554GzNaHeMIr5stvawIsLzGsBemU4AMnS4DUnLzaId9gQVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNkFIVS6vqrp0mIg2EccH8jk7bPQMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvMlFVaFZMcS1xdW5TWWlEWVJ4d2Z5T1R0czlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVZmgAwQA
VZnGMA0GCSqGSIb3DQEBCwUAA4IBAQAZ/kxDIb0AL0LCLYdKnqJq8svAZlXt7FIv
NXFc/qRhJUkKOadGlDIhetO6sG/5zaA3YEUHVllCtoZWYTp658P4kaDVIo03qiN7
MEFYVm9OFG7Y/Hvro6bW9lXUlBCd0qcZw+FEJfGOlL80+ZnL3rC4xVzhShkh62qY
p3MbOYvAvCDRS0SZpW5wYF1x/bt+3uZyE2aJuvkRKT4it9pSwjCwGdqR/S4AGrNr
U5cibrI96Yr4WiG1qM6ufgfQy5S2ahpc+3iysnRah95xPccrQD/F+ffSBmCqc1Zv
rvZWR96f/XVgbcBD/ckmdhcfaIMUCMUkeGzqgRLcDlqaonQRQh94
-----END CERTIFICATE-----