Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/cB6_dqDkGm0horqNuxQyDYUnIqU.roa
File:                     cB6_dqDkGm0horqNuxQyDYUnIqU.roa (raw, json)
Hash identifier:          q3CLYq9eWKAdWNRwww5i4XqHOK10EWh8bmYx4jG625g=
Subject key identifier:   70:1E:BF:76:A0:E4:1A:6D:21:A2:BA:8D:BB:14:32:0D:85:27:22:A5
Certificate issuer:       /CN=7eeb0aec63949f4125c73aa6177ea0b721d527bb
Certificate serial:       0199ED0431443308F346CB727131EAFE3787
Authority key identifier: 7E:EB:0A:EC:63:94:9F:41:25:C7:3A:A6:17:7E:A0:B7:21:D5:27:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fusK7GOUn0ElxzqmF36gtyHVJ7s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/cB6_dqDkGm0horqNuxQyDYUnIqU.roa
Signing time:             Thu 16 Oct 2025 12:34:58 +0000
ROA not before:           Thu 16 Oct 2025 12:34:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        185.16.97.0/24 maxlen: 24
                          185.16.98.0/24 maxlen: 24
                          185.16.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/fusK7GOUn0ElxzqmF36gtyHVJ7s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/fusK7GOUn0ElxzqmF36gtyHVJ7s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fusK7GOUn0ElxzqmF36gtyHVJ7s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ed:04:31:44:33:08:f3:46:cb:72:71:31:ea:fe:37:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7eeb0aec63949f4125c73aa6177ea0b721d527bb
        Validity
            Not Before: Oct 16 12:34:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=701ebf76a0e41a6d21a2ba8dbb14320d852722a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:44:b8:34:3b:13:cb:ce:26:f9:60:6f:1c:17:
                    f5:97:1b:67:8b:21:a7:c8:b1:a2:00:46:1f:e0:d7:
                    2a:7c:a3:87:21:2b:bc:6a:ee:4e:1b:0d:e4:9f:c4:
                    ba:a8:9f:73:3b:6f:b5:8a:6e:1e:66:92:37:8d:d3:
                    91:9a:81:aa:c8:0e:bf:1d:08:44:a5:8d:ee:ab:34:
                    b8:50:20:97:99:ba:9e:07:0b:ff:3e:43:57:60:e1:
                    d9:09:32:3e:f6:48:8c:76:4e:42:4d:c7:1b:d1:71:
                    1b:72:ed:82:f9:bc:c7:96:0c:f3:15:85:12:3f:a2:
                    cb:91:29:68:00:93:d9:50:96:6a:c8:f4:42:7e:32:
                    a6:23:d3:09:46:80:28:69:fb:f5:2e:3b:49:00:67:
                    4e:f0:35:c2:39:8a:0e:ce:49:a2:d4:46:9c:be:9a:
                    cd:03:44:1f:bd:1e:f1:c5:f4:4a:ef:df:d6:fb:96:
                    41:42:25:b9:ae:5c:cb:fb:eb:a2:41:ba:56:69:1f:
                    da:3f:9d:01:f3:53:0e:ab:1e:85:31:56:28:56:1e:
                    64:bf:ab:3d:b1:9e:6b:86:93:22:30:69:6a:a1:9d:
                    79:7e:29:04:ea:0d:c9:44:52:9f:c9:30:49:b8:8a:
                    5b:a5:f6:54:d1:85:f7:4f:81:ed:f0:2e:b7:61:a4:
                    1b:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:1E:BF:76:A0:E4:1A:6D:21:A2:BA:8D:BB:14:32:0D:85:27:22:A5
            X509v3 Authority Key Identifier:
                keyid:7E:EB:0A:EC:63:94:9F:41:25:C7:3A:A6:17:7E:A0:B7:21:D5:27:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fusK7GOUn0ElxzqmF36gtyHVJ7s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/cB6_dqDkGm0horqNuxQyDYUnIqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/fusK7GOUn0ElxzqmF36gtyHVJ7s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.16.97.0-185.16.99.255

    Signature Algorithm: sha256WithRSAEncryption
         6d:7e:33:13:db:2b:38:b8:c7:b1:88:1b:26:e0:29:30:a8:09:
         4c:7a:79:db:35:0f:8a:23:54:6d:28:b9:32:09:07:ec:36:04:
         da:fe:9c:81:83:51:e0:40:de:3a:10:61:e1:81:81:e0:90:12:
         53:ac:91:44:fa:d7:b9:c6:7b:6f:80:b8:ae:57:ce:ac:6a:c4:
         5a:28:a0:b2:ea:eb:40:48:2e:f2:85:1f:73:c5:94:99:bf:e3:
         97:66:17:52:a5:8e:47:f6:65:f8:87:fc:d4:8a:d0:53:df:93:
         48:39:a1:9d:c9:45:9a:b2:9e:a4:87:08:0e:54:96:8d:b9:ba:
         9b:0e:31:01:32:73:a5:b5:06:35:dd:d6:05:bf:17:68:fa:9e:
         89:50:24:48:e9:09:11:15:d1:1b:a4:71:c0:8f:c1:67:e8:a6:
         be:f3:69:5b:9f:a4:22:b5:a9:58:ad:2c:08:45:31:79:f2:b5:
         30:39:be:f7:db:f1:db:c4:7c:05:e7:bf:52:e2:42:70:e5:1a:
         2a:5a:83:27:60:a2:6e:0f:72:73:e7:cb:59:c2:97:5c:cd:9f:
         e4:fc:9e:71:f2:08:15:6c:3a:0c:fa:7c:7f:46:89:b3:54:a5:
         6a:6d:ba:06:3b:af:09:9f:d6:16:5d:e8:40:56:cc:d3:80:c5:
         76:6a:99:37
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZntBDFEMwjzRstycTHq/jeHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlZWIwYWVjNjM5NDlmNDEyNWM3M2FhNjE3N2VhMGI3MjFk
NTI3YmIwHhcNMjUxMDE2MTIzNDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDFlYmY3NmEwZTQxYTZkMjFhMmJhOGRiYjE0MzIwZDg1MjcyMmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUS4NDsTy84m+WBvHBf1lxtniyGn
yLGiAEYf4NcqfKOHISu8au5OGw3kn8S6qJ9zO2+1im4eZpI3jdORmoGqyA6/HQhE
pY3uqzS4UCCXmbqeBwv/PkNXYOHZCTI+9kiMdk5CTccb0XEbcu2C+bzHlgzzFYUS
P6LLkSloAJPZUJZqyPRCfjKmI9MJRoAoafv1LjtJAGdO8DXCOYoOzkmi1EacvprN
A0QfvR7xxfRK79/W+5ZBQiW5rlzL++uiQbpWaR/aP50B81MOqx6FMVYoVh5kv6s9
sZ5rhpMiMGlqoZ15fikE6g3JRFKfyTBJuIpbpfZU0YX3T4Ht8C63YaQbVwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHAev3ag5BptIaK6jbsUMg2FJyKlMB8GA1UdIwQY
MBaAFH7rCuxjlJ9BJcc6phd+oLch1Se7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnVzSzdHT1VuMEVseHpxbUYzNmd0eUhWSjdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8wMDFlZGYtYmZmYy00OTYwLWEwMmMt
ZDI2ZDdkNGMyNTA1LzEvY0I2X2RxRGtHbTBob3JxTnV4UXlEWVVuSXFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8wMDFlZGYtYmZmYy00OTYwLWEwMmMtZDI2ZDdkNGMyNTA1
LzEvZnVzSzdHT1VuMEVseHpxbUYzNmd0eUhWSjdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5EGED
BAK5EGAwDQYJKoZIhvcNAQELBQADggEBAG1+MxPbKzi4x7GIGybgKTCoCUx6eds1
D4ojVG0ouTIJB+w2BNr+nIGDUeBA3joQYeGBgeCQElOskUT617nGe2+AuK5Xzqxq
xFoooLLq60BILvKFH3PFlJm/45dmF1Kljkf2ZfiH/NSK0FPfk0g5oZ3JRZqynqSH
CA5Ulo25upsOMQEyc6W1BjXd1gW/F2j6nolQJEjpCREV0RukccCPwWfopr7zaVuf
pCK1qVitLAhFMXnytTA5vvfb8dvEfAXnv1LiQnDlGipagydgom4PcnPny1nCl1zN
n+T8nnHyCBVsOgz6fH9GibNUpWptugY7rwmf1hZd6EBWzNOAxXZqmTc=
-----END CERTIFICATE-----