Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/r4nHiqtwOQfQMtpt6yMCk8DVGhs.roa
File:                     r4nHiqtwOQfQMtpt6yMCk8DVGhs.roa (raw, json)
Hash identifier:          DyLJrxNKuKwmIEjTlRH4/2whgviSbwHHfYKUbWkMxH8=
Subject key identifier:   AF:89:C7:8A:AB:70:39:07:D0:32:DA:6D:EB:23:02:93:C0:D5:1A:1B
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       0199ADF4B9A073C40BA768CAB2765F783059
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/r4nHiqtwOQfQMtpt6yMCk8DVGhs.roa
Signing time:             Sat 04 Oct 2025 06:42:00 +0000
ROA not before:           Sat 04 Oct 2025 06:42:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204992
IP address blocks:        85.120.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ad:f4:b9:a0:73:c4:0b:a7:68:ca:b2:76:5f:78:30:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Oct  4 06:42:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af89c78aab703907d032da6deb230293c0d51a1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:33:5c:5e:d4:a2:f3:86:a7:00:5d:2a:1b:50:
                    a0:e4:bf:d7:3a:b9:a5:71:02:99:01:42:e9:8c:42:
                    ae:05:ce:9f:24:a5:e0:e6:4f:89:c5:8c:76:59:9a:
                    41:8f:a4:d9:2e:77:5a:7a:ac:e0:c4:12:d2:72:e3:
                    36:40:8d:55:90:f4:8d:91:26:2f:a5:62:32:be:20:
                    30:72:08:5b:f3:ae:5c:29:c3:30:6e:7b:a5:27:74:
                    67:03:79:03:5f:9a:41:71:58:bc:d6:39:a8:a9:96:
                    fa:f0:76:8c:97:34:70:8c:26:5b:fe:de:2d:15:dd:
                    53:5f:e8:de:22:22:45:e7:d7:73:bd:97:de:74:f2:
                    b6:81:66:42:ed:d5:6d:b5:67:97:ab:f3:a0:13:03:
                    b0:19:5e:81:f4:9a:7f:a0:b9:6a:e6:5a:3a:bb:c5:
                    95:7f:3c:33:04:e7:70:08:28:fb:28:82:55:68:4f:
                    e5:f5:0c:4a:7c:cc:e9:e2:d6:2d:d2:cd:1a:eb:fd:
                    a9:26:24:db:2f:ea:cd:9f:11:74:2f:7d:6a:03:d2:
                    89:09:ba:cd:dd:7d:04:f3:21:48:25:e2:54:40:bc:
                    2b:12:8b:36:ab:87:f9:51:ae:97:37:1a:5a:e4:c2:
                    51:ab:78:a3:3d:d6:57:aa:3d:ad:f8:0e:27:d5:58:
                    a7:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:89:C7:8A:AB:70:39:07:D0:32:DA:6D:EB:23:02:93:C0:D5:1A:1B
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/r4nHiqtwOQfQMtpt6yMCk8DVGhs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.120.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:d2:b0:b3:cc:f3:72:85:08:7e:88:e0:01:75:a1:37:3e:ed:
         5f:4f:e6:41:08:af:e1:be:d5:b9:45:ad:87:ad:58:6b:ed:26:
         35:e8:68:70:79:fc:04:3c:3c:ca:36:79:e1:22:c9:10:bc:02:
         78:25:0e:11:39:47:9a:b7:81:3f:f0:86:02:28:2d:b5:ff:d8:
         ae:97:d0:14:d0:f1:bc:08:62:63:fb:8e:0d:6a:91:b7:6c:2e:
         6f:61:97:49:8d:0d:1f:0e:f5:5f:32:8d:a7:bf:f1:47:b4:0b:
         bc:c3:28:1c:c0:32:45:37:18:54:9c:d1:d2:24:bf:b7:64:3e:
         f5:73:ac:9a:78:24:ed:a7:68:63:03:6c:57:4b:b5:65:6a:6b:
         12:f9:e3:20:88:41:21:5b:c7:ad:ef:05:e8:98:73:33:d9:8f:
         50:c1:65:ea:e2:95:8f:92:46:68:d3:2a:85:2d:f3:bb:7e:84:
         21:01:0d:6d:4a:54:64:5d:40:e7:98:26:94:2c:52:3b:e5:0b:
         b1:7f:6b:11:99:61:50:82:c9:5e:0b:d2:c3:3a:28:e2:c2:36:
         4f:02:a8:d4:55:e1:33:0d:62:5e:cb:15:9a:46:2c:1b:f5:53:
         ed:29:ed:83:b0:ec:a9:43:fe:de:fd:3f:79:97:4d:70:bf:8d:
         27:89:23:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmt9Lmgc8QLp2jKsnZfeDBZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUxMDA0MDY0MjAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjg5Yzc4YWFiNzAzOTA3ZDAzMmRhNmRlYjIzMDI5M2MwZDUxYTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2DNcXtSi84anAF0qG1Cg5L/XOrml
cQKZAULpjEKuBc6fJKXg5k+JxYx2WZpBj6TZLndaeqzgxBLScuM2QI1VkPSNkSYv
pWIyviAwcghb865cKcMwbnulJ3RnA3kDX5pBcVi81jmoqZb68HaMlzRwjCZb/t4t
Fd1TX+jeIiJF59dzvZfedPK2gWZC7dVttWeXq/OgEwOwGV6B9Jp/oLlq5lo6u8WV
fzwzBOdwCCj7KIJVaE/l9QxKfMzp4tYt0s0a6/2pJiTbL+rNnxF0L31qA9KJCbrN
3X0E8yFIJeJUQLwrEos2q4f5Ua6XNxpa5MJRq3ijPdZXqj2t+A4n1Vin6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK+Jx4qrcDkH0DLabesjApPA1RobMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvcjRuSGlxdHdPUWZRTXRwdDZ5TUNrOERWR2hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXhWMA0G
CSqGSIb3DQEBCwUAA4IBAQAs0rCzzPNyhQh+iOABdaE3Pu1fT+ZBCK/hvtW5Ra2H
rVhr7SY16GhwefwEPDzKNnnhIskQvAJ4JQ4ROUeat4E/8IYCKC21/9iul9AU0PG8
CGJj+44NapG3bC5vYZdJjQ0fDvVfMo2nv/FHtAu8wygcwDJFNxhUnNHSJL+3ZD71
c6yaeCTtp2hjA2xXS7VlamsS+eMgiEEhW8et7wXomHMz2Y9QwWXq4pWPkkZo0yqF
LfO7foQhAQ1tSlRkXUDnmCaULFI75Quxf2sRmWFQgsleC9LDOijiwjZPAqjUVeEz
DWJeyxWaRiwb9VPtKe2DsOypQ/7e/T95l01wv40niSN2
-----END CERTIFICATE-----