Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/iYjj4YqAYkDaJ9eptskKUPFJFTk.roa
File:                     iYjj4YqAYkDaJ9eptskKUPFJFTk.roa (raw, json)
Hash identifier:          ZJZirU9LjNKyBMjTuKlZGLz5q49ZAFYRK8BpWP4E6Qs=
Subject key identifier:   89:88:E3:E1:8A:80:62:40:DA:27:D7:A9:B6:C9:0A:50:F1:49:15:39
Certificate issuer:       /CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
Certificate serial:       0199DFFE70CAD725503C72E2FFF4FC87AD24
Authority key identifier: 7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/iYjj4YqAYkDaJ9eptskKUPFJFTk.roa
Signing time:             Mon 13 Oct 2025 23:53:38 +0000
ROA not before:           Mon 13 Oct 2025 23:53:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28721
IP address blocks:        185.88.128.0/24 maxlen: 24
                          185.88.130.0/24 maxlen: 24
                          194.149.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:df:fe:70:ca:d7:25:50:3c:72:e2:ff:f4:fc:87:ad:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
        Validity
            Not Before: Oct 13 23:53:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8988e3e18a806240da27d7a9b6c90a50f1491539
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:24:82:72:3c:29:57:53:97:ed:e3:f0:63:00:
                    cc:20:ea:0b:5a:db:30:23:37:db:8c:44:c7:e6:bd:
                    b4:83:30:d1:79:d2:f5:9e:d2:d8:ea:fb:41:a7:35:
                    50:de:45:c1:69:00:60:dc:0e:38:de:44:f1:d4:3a:
                    03:fd:bf:ac:3f:13:6f:ab:27:e7:21:e9:89:7e:8a:
                    8d:9b:26:1c:ee:f3:f4:54:53:78:3d:e5:e9:b5:25:
                    e0:29:9e:48:32:7d:bd:0f:92:25:bf:7e:3d:84:87:
                    36:88:f3:ef:d7:ba:0f:be:36:11:82:ad:52:80:dd:
                    31:81:05:e7:6d:c2:51:78:71:cb:5c:dc:0a:a9:d7:
                    83:2e:9a:5a:a8:3b:7a:fa:b9:a2:c9:1e:1f:89:a2:
                    38:f3:d6:36:79:f8:3a:d7:96:05:cd:7a:7a:de:3f:
                    33:00:84:96:21:41:b8:5b:91:72:c1:af:4d:06:21:
                    29:c0:41:bc:ed:c0:ab:52:10:a5:70:45:7e:39:8c:
                    2a:b2:0d:15:84:79:2a:40:a9:ff:f1:c8:23:02:db:
                    bd:fb:7c:7f:eb:53:09:14:ac:63:c6:bb:05:05:1b:
                    17:32:dc:10:44:c9:df:ec:a7:03:d2:e0:3b:81:28:
                    ff:e4:b5:6b:c1:15:c0:87:1f:56:2e:b2:af:49:b8:
                    c9:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:88:E3:E1:8A:80:62:40:DA:27:D7:A9:B6:C9:0A:50:F1:49:15:39
            X509v3 Authority Key Identifier:
                keyid:7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/iYjj4YqAYkDaJ9eptskKUPFJFTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.128.0/24
                  185.88.130.0/24
                  194.149.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:09:4b:72:21:6f:a4:49:0b:2b:07:64:3c:2f:e6:9b:f8:8c:
         ba:d7:86:77:33:bc:12:62:37:a5:bb:d1:b1:38:27:4b:f6:03:
         3b:7d:a3:c2:4e:f8:46:79:d4:e4:55:d0:22:2d:65:f6:ea:83:
         b7:a1:5c:78:5e:d4:20:5e:57:4a:1f:02:36:dc:fa:ea:b7:12:
         87:02:3d:78:42:49:04:6d:da:6c:ac:f1:4f:20:93:fe:bb:00:
         99:23:69:86:07:1f:a5:46:36:4f:dd:1b:68:f2:42:9e:b1:fd:
         cd:c7:fb:1a:78:15:c5:d9:bf:cd:23:9f:7b:2f:74:21:12:04:
         39:a6:24:59:5a:6c:28:f4:e6:2e:ce:54:91:6d:6f:0e:54:1f:
         7f:18:75:e2:36:42:10:68:50:9a:c2:da:b4:e3:28:9f:00:3c:
         36:3d:ac:07:87:c3:b3:7a:74:3c:ff:ef:cf:d8:3c:03:cd:d1:
         69:32:51:db:a0:1a:90:99:8b:dd:70:49:b7:d0:5e:49:cb:d7:
         58:8f:e5:a2:95:bc:30:1c:0b:8e:61:0b:96:9d:aa:c9:9a:c0:
         bf:bd:be:d9:c4:0b:2d:cc:c2:55:ca:df:f0:b9:a3:b5:0d:ea:
         3f:41:34:3e:27:12:10:18:97:26:c8:77:48:67:a6:9c:f2:22:
         ae:bf:7f:be
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZnf/nDK1yVQPHLi//T8h60kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZWYwNjllN2UzZWQ1YmY3MGY2ODJjZTQwYzU4MTBmZjNl
NWUzNzgwHhcNMjUxMDEzMjM1MzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTg4ZTNlMThhODA2MjQwZGEyN2Q3YTliNmM5MGE1MGYxNDkxNTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3iSCcjwpV1OX7ePwYwDMIOoLWtsw
IzfbjETH5r20gzDRedL1ntLY6vtBpzVQ3kXBaQBg3A443kTx1DoD/b+sPxNvqyfn
IemJfoqNmyYc7vP0VFN4PeXptSXgKZ5IMn29D5Ilv349hIc2iPPv17oPvjYRgq1S
gN0xgQXnbcJReHHLXNwKqdeDLppaqDt6+rmiyR4fiaI489Y2efg615YFzXp63j8z
AISWIUG4W5Fywa9NBiEpwEG87cCrUhClcEV+OYwqsg0VhHkqQKn/8cgjAtu9+3x/
61MJFKxjxrsFBRsXMtwQRMnf7KcD0uA7gSj/5LVrwRXAhx9WLrKvSbjJdQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFImI4+GKgGJA2ifXqbbJClDxSRU5MB8GA1UdIwQY
MBaAFHrvBp5+PtW/cPaCzkDFgQ/z5eN4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmIt
OTAwMDM0ZjAwZDllLzEvaVlqajRZcUFZa0RhSjllcHRza0tVUEZKRlRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmItOTAwMDM0ZjAwZDll
LzEvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuViAAwQA
uViCAwQAwpX1MA0GCSqGSIb3DQEBCwUAA4IBAQBvCUtyIW+kSQsrB2Q8L+ab+Iy6
14Z3M7wSYjelu9GxOCdL9gM7faPCTvhGedTkVdAiLWX26oO3oVx4XtQgXldKHwI2
3PrqtxKHAj14QkkEbdpsrPFPIJP+uwCZI2mGBx+lRjZP3Rto8kKesf3Nx/saeBXF
2b/NI597L3QhEgQ5piRZWmwo9OYuzlSRbW8OVB9/GHXiNkIQaFCawtq04yifADw2
PawHh8OzenQ8/+/P2DwDzdFpMlHboBqQmYvdcEm30F5Jy9dYj+WilbwwHAuOYQuW
narJmsC/vb7ZxAstzMJVyt/wuaO1Deo/QTQ+JxIQGJcmyHdIZ6ac8iKuv3++
-----END CERTIFICATE-----