Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/MkpuHlRFeXINy7SEDa2LV04onKw.roa
File:                     MkpuHlRFeXINy7SEDa2LV04onKw.roa (raw, json)
Hash identifier:          X0Zsw3yhNAPz8F6U1Ym4lWPzkmaxW3raaydI0FX0eOA=
Subject key identifier:   32:4A:6E:1E:54:45:79:72:0D:CB:B4:84:0D:AD:8B:57:4E:28:9C:AC
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       01984B57DA59546633FC5F6937331B2D1118
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/MkpuHlRFeXINy7SEDa2LV04onKw.roa
Signing time:             Sun 27 Jul 2025 10:05:05 +0000
ROA not before:           Sun 27 Jul 2025 10:05:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214526
IP address blocks:        85.133.194.0/24 maxlen: 24
                          85.133.195.0/24 maxlen: 24
                          85.133.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:4b:57:da:59:54:66:33:fc:5f:69:37:33:1b:2d:11:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Jul 27 10:05:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=324a6e1e544579720dcbb4840dad8b574e289cac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:16:7f:62:9d:e3:99:08:35:79:9b:92:df:78:
                    74:8f:72:69:f1:c0:e9:6b:e6:37:6c:96:f6:aa:e4:
                    69:d8:e2:ea:86:8f:f6:af:01:4a:fb:d1:b5:12:3b:
                    9b:07:df:70:a7:7b:18:e4:b7:c4:24:1d:ec:89:5b:
                    e2:18:8e:cf:cb:bf:9f:9f:de:ce:9a:f3:24:f7:68:
                    01:72:44:9a:72:93:ce:af:8a:75:d6:7f:31:33:3f:
                    be:8a:30:32:3b:49:50:0e:f1:00:e2:a9:56:12:3e:
                    30:12:f8:21:34:d5:8e:19:d9:e9:1c:dc:b7:c5:e5:
                    23:bf:08:28:24:fc:55:13:df:38:c0:43:8d:a3:af:
                    d1:4b:2d:5e:ea:30:e8:5b:7d:75:d0:3e:9f:01:16:
                    a8:27:46:b6:58:13:4a:d7:51:12:ad:da:19:ef:e8:
                    16:38:09:0a:d1:65:c1:94:7b:5d:80:9a:b9:9c:6c:
                    7c:42:4e:13:a9:3f:e5:f0:3f:e1:76:c8:9c:9d:17:
                    a6:ee:17:ee:2a:67:98:cc:54:af:1f:2c:2d:4b:45:
                    4e:c5:f1:f8:f2:84:e1:19:a7:56:1b:07:91:e8:0b:
                    aa:8d:82:ca:ca:bc:f8:ed:dc:eb:1c:0b:0c:29:ea:
                    f7:80:22:9f:44:9d:9c:0b:87:c9:5d:57:12:c8:84:
                    59:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:4A:6E:1E:54:45:79:72:0D:CB:B4:84:0D:AD:8B:57:4E:28:9C:AC
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/MkpuHlRFeXINy7SEDa2LV04onKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.194.0/23
                  85.133.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:e0:a5:a4:71:8d:2b:91:a2:0a:50:8c:4e:be:41:02:66:78:
         1f:d7:0f:f8:53:f7:5d:88:da:51:c8:84:52:15:6d:a5:75:fb:
         d3:ca:cb:51:da:27:b7:12:b0:86:7a:59:5d:8b:69:e2:1d:76:
         8f:02:29:45:f6:ac:02:8e:c4:1d:76:fd:67:f1:35:0c:f3:d2:
         7e:18:b0:c6:e0:5d:66:16:7f:b4:6c:a8:81:96:6e:e1:35:25:
         cd:6e:98:3d:6e:43:92:95:84:5c:db:cc:89:e3:1f:64:f6:5b:
         1c:80:51:0f:f4:b7:0b:cd:17:2c:d0:83:a6:be:cb:53:8d:00:
         f1:ec:dd:de:10:9e:20:61:d3:fd:35:3f:6e:04:0a:13:83:e0:
         c2:c1:31:84:63:0a:10:a4:e6:02:43:1a:ce:f7:7b:d9:ee:d1:
         28:14:20:77:83:34:2d:d4:2b:48:4f:b9:ff:80:41:d8:c0:a9:
         04:76:81:2e:63:e4:cd:e9:75:a7:99:cb:21:ac:95:2f:06:d0:
         a9:ee:63:58:a7:db:e1:ea:8b:a2:95:ec:3b:9c:b3:af:9e:1c:
         d8:7b:25:22:fc:fd:2f:8b:1a:cd:87:18:c6:d7:7a:97:cc:b9:
         73:8f:1d:e1:c4:24:41:aa:2e:a0:ca:f5:47:eb:99:a9:e5:86:
         13:37:84:90
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhLV9pZVGYz/F9pNzMbLREYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjUwNzI3MTAwNTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjRhNmUxZTU0NDU3OTcyMGRjYmI0ODQwZGFkOGI1NzRlMjg5Y2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBZ/Yp3jmQg1eZuS33h0j3Jp8cDp
a+Y3bJb2quRp2OLqho/2rwFK+9G1EjubB99wp3sY5LfEJB3siVviGI7Py7+fn97O
mvMk92gBckSacpPOr4p11n8xMz++ijAyO0lQDvEA4qlWEj4wEvghNNWOGdnpHNy3
xeUjvwgoJPxVE984wEONo6/RSy1e6jDoW3110D6fARaoJ0a2WBNK11ESrdoZ7+gW
OAkK0WXBlHtdgJq5nGx8Qk4TqT/l8D/hdsicnRem7hfuKmeYzFSvHywtS0VOxfH4
8oThGadWGweR6AuqjYLKyrz47dzrHAsMKer3gCKfRJ2cC4fJXVcSyIRZGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDJKbh5URXlyDcu0hA2ti1dOKJysMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvTWtwdUhsUkZlWElOeTdTRURhMkxWMDRvbkt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBVYXCAwQA
VYX8MA0GCSqGSIb3DQEBCwUAA4IBAQCq4KWkcY0rkaIKUIxOvkECZngf1w/4U/dd
iNpRyIRSFW2ldfvTystR2ie3ErCGelldi2niHXaPAilF9qwCjsQddv1n8TUM89J+
GLDG4F1mFn+0bKiBlm7hNSXNbpg9bkOSlYRc28yJ4x9k9lscgFEP9LcLzRcs0IOm
vstTjQDx7N3eEJ4gYdP9NT9uBAoTg+DCwTGEYwoQpOYCQxrO93vZ7tEoFCB3gzQt
1CtIT7n/gEHYwKkEdoEuY+TN6XWnmcshrJUvBtCp7mNYp9vh6ouilew7nLOvnhzY
eyUi/P0vixrNhxjG13qXzLlzjx3hxCRBqi6gyvVH65mp5YYTN4SQ
-----END CERTIFICATE-----