Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/443f87-4ae0-4198-bcb8-104a33437665/1/U9_szKR8srbhSHiXME0hISvB9zk.roa
File:                     U9_szKR8srbhSHiXME0hISvB9zk.roa (raw, json)
Hash identifier:          Zqb60PKOf5F6hXcN+4+/4uUqXILXd/JHdWXXHL4XlcM=
Subject key identifier:   53:DF:EC:CC:A4:7C:B2:B6:E1:48:78:97:30:4D:21:21:2B:C1:F7:39
Certificate issuer:       /CN=13a0f7143ffa22113442dc8589ee1352ebe3daa3
Certificate serial:       0198853D9DFA9BC41CEA879BC7258518E13E
Authority key identifier: 13:A0:F7:14:3F:FA:22:11:34:42:DC:85:89:EE:13:52:EB:E3:DA:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E6D3FD_6IhE0QtyFie4TUuvj2qM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/443f87-4ae0-4198-bcb8-104a33437665/1/U9_szKR8srbhSHiXME0hISvB9zk.roa
Signing time:             Thu 07 Aug 2025 15:54:24 +0000
ROA not before:           Thu 07 Aug 2025 15:54:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        80.250.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/443f87-4ae0-4198-bcb8-104a33437665/1/E6D3FD_6IhE0QtyFie4TUuvj2qM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/443f87-4ae0-4198-bcb8-104a33437665/1/E6D3FD_6IhE0QtyFie4TUuvj2qM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E6D3FD_6IhE0QtyFie4TUuvj2qM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 Aug 2025 13:39:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:85:3d:9d:fa:9b:c4:1c:ea:87:9b:c7:25:85:18:e1:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13a0f7143ffa22113442dc8589ee1352ebe3daa3
        Validity
            Not Before: Aug  7 15:54:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53dfeccca47cb2b6e1487897304d21212bc1f739
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b1:4d:4c:34:97:20:06:6f:d2:cf:50:2b:15:
                    ee:c2:30:fe:6f:d4:35:69:74:f0:ae:fb:55:85:b0:
                    54:c2:4c:bc:b8:fe:12:17:67:d8:ce:a2:50:ff:d5:
                    5b:d8:5e:de:04:cf:71:45:3c:fc:27:78:f3:a1:d2:
                    d0:2d:d5:b0:95:c3:9b:1a:89:4d:5e:1d:36:80:ea:
                    f7:77:49:9d:89:d3:d4:33:f0:65:f7:d0:eb:19:b3:
                    41:e7:7c:b9:ca:c9:c8:65:ec:7d:d9:15:60:3f:70:
                    1d:f1:c5:11:49:03:d6:50:2b:25:8d:55:78:f1:63:
                    1f:3d:dd:ff:63:48:6e:f1:b2:ca:4e:d8:ee:20:aa:
                    29:b1:4f:92:17:21:d9:66:9d:66:c1:df:cc:52:d2:
                    15:b7:52:de:a0:2c:dd:a0:20:93:b5:c6:55:a9:a7:
                    78:df:92:01:9d:05:7c:e8:0a:4c:b1:4a:d0:ae:d5:
                    bc:ec:9c:46:7b:72:9f:1b:5c:76:67:0f:9e:ee:55:
                    13:c3:4d:b5:eb:ab:fe:4f:b0:c7:6e:19:10:06:d2:
                    9b:ee:47:12:86:3b:56:70:8d:1f:f0:25:bc:9a:aa:
                    3c:f8:1f:58:eb:66:14:0f:8b:02:af:b2:7c:38:48:
                    4e:85:01:38:ae:e0:1e:c4:0d:4b:b1:92:0f:10:c7:
                    76:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:DF:EC:CC:A4:7C:B2:B6:E1:48:78:97:30:4D:21:21:2B:C1:F7:39
            X509v3 Authority Key Identifier:
                keyid:13:A0:F7:14:3F:FA:22:11:34:42:DC:85:89:EE:13:52:EB:E3:DA:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E6D3FD_6IhE0QtyFie4TUuvj2qM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/443f87-4ae0-4198-bcb8-104a33437665/1/U9_szKR8srbhSHiXME0hISvB9zk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/443f87-4ae0-4198-bcb8-104a33437665/1/E6D3FD_6IhE0QtyFie4TUuvj2qM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.250.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:16:f7:02:8b:e6:17:7e:ba:2a:8a:a5:33:6f:c4:a2:73:27:
         5b:a2:63:a6:c3:0f:87:54:c7:c3:5c:d9:e5:9b:c7:0f:24:e6:
         75:62:43:a7:5e:b4:98:d6:d3:98:29:5e:0d:73:7b:d3:97:e6:
         17:ba:a8:94:0e:50:35:47:1e:6b:75:54:90:61:48:64:8c:9a:
         4a:6d:63:b9:bb:87:05:b2:d3:31:4e:e5:25:08:c2:b5:44:ce:
         d6:a0:d4:da:8f:ce:d1:f3:01:c2:6e:b3:f4:fc:9b:0e:d0:e0:
         98:78:76:bb:77:db:1e:36:e2:fa:6d:63:86:38:89:10:bf:4e:
         ec:0b:af:75:81:10:dc:f6:87:2e:c7:4f:c0:b3:c1:6b:bb:28:
         04:19:e8:51:77:b5:af:0d:ad:56:08:a9:6b:e3:ed:07:41:95:
         53:9a:05:fa:0c:9c:41:be:65:41:3d:a6:c7:e8:16:f1:db:c5:
         73:42:52:b3:a3:fd:6e:58:6b:44:fb:54:a5:0f:dd:5e:71:ad:
         c3:30:2a:69:2d:54:76:ae:ba:32:f1:2a:cd:ee:bf:68:b7:c9:
         ba:ac:ce:47:ec:5d:f0:cf:18:66:f9:08:de:6d:cf:11:30:5c:
         16:8e:9d:dc:8b:78:50:8f:b2:7a:77:2b:88:7e:a3:98:9a:44:
         fa:5e:7b:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiFPZ36m8Qc6oebxyWFGOE+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzYTBmNzE0M2ZmYTIyMTEzNDQyZGM4NTg5ZWUxMzUyZWJl
M2RhYTMwHhcNMjUwODA3MTU1NDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2RmZWNjY2E0N2NiMmI2ZTE0ODc4OTczMDRkMjEyMTJiYzFmNzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbFNTDSXIAZv0s9QKxXuwjD+b9Q1
aXTwrvtVhbBUwky8uP4SF2fYzqJQ/9Vb2F7eBM9xRTz8J3jzodLQLdWwlcObGolN
Xh02gOr3d0mdidPUM/Bl99DrGbNB53y5ysnIZex92RVgP3Ad8cURSQPWUCsljVV4
8WMfPd3/Y0hu8bLKTtjuIKopsU+SFyHZZp1mwd/MUtIVt1LeoCzdoCCTtcZVqad4
35IBnQV86ApMsUrQrtW87JxGe3KfG1x2Zw+e7lUTw02166v+T7DHbhkQBtKb7kcS
hjtWcI0f8CW8mqo8+B9Y62YUD4sCr7J8OEhOhQE4ruAexA1LsZIPEMd2GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPf7MykfLK24Uh4lzBNISErwfc5MB8GA1UdIwQY
MBaAFBOg9xQ/+iIRNELchYnuE1Lr49qjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTZEM0ZEXzZJaEUwUXR5RmllNFRVdXZqMnFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi80NDNmODctNGFlMC00MTk4LWJjYjgt
MTA0YTMzNDM3NjY1LzEvVTlfc3pLUjhzcmJoU0hpWE1FMGhJU3ZCOXprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi80NDNmODctNGFlMC00MTk4LWJjYjgtMTA0YTMzNDM3NjY1
LzEvRTZEM0ZEXzZJaEUwUXR5RmllNFRVdXZqMnFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPpvMA0G
CSqGSIb3DQEBCwUAA4IBAQAVFvcCi+YXfroqiqUzb8SicydbomOmww+HVMfDXNnl
m8cPJOZ1YkOnXrSY1tOYKV4Nc3vTl+YXuqiUDlA1Rx5rdVSQYUhkjJpKbWO5u4cF
stMxTuUlCMK1RM7WoNTaj87R8wHCbrP0/JsO0OCYeHa7d9seNuL6bWOGOIkQv07s
C691gRDc9ocux0/As8FruygEGehRd7WvDa1WCKlr4+0HQZVTmgX6DJxBvmVBPabH
6Bbx28VzQlKzo/1uWGtE+1SlD91eca3DMCppLVR2rroy8SrN7r9ot8m6rM5H7F3w
zxhm+Qjebc8RMFwWjp3ci3hQj7J6dyuIfqOYmkT6Xnvw
-----END CERTIFICATE-----