Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/dvkQi7LJcacPEnavAtPM4pCT8P4.roa
File:                     dvkQi7LJcacPEnavAtPM4pCT8P4.roa (raw, json)
Hash identifier:          yFRSaO/fFZoaoBkddBRpfu8JA7wvlMaSX8s3o33YjCY=
Subject key identifier:   76:F9:10:8B:B2:C9:71:A7:0F:12:76:AF:02:D3:CC:E2:90:93:F0:FE
Certificate issuer:       /CN=7eeb0aec63949f4125c73aa6177ea0b721d527bb
Certificate serial:       0199ED034719B7D9A76C943E3937AAA5BF3E
Authority key identifier: 7E:EB:0A:EC:63:94:9F:41:25:C7:3A:A6:17:7E:A0:B7:21:D5:27:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fusK7GOUn0ElxzqmF36gtyHVJ7s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/dvkQi7LJcacPEnavAtPM4pCT8P4.roa
Signing time:             Thu 16 Oct 2025 12:33:58 +0000
ROA not before:           Thu 16 Oct 2025 12:33:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61177
IP address blocks:        185.16.96.0/24 maxlen: 24
                          185.16.98.0/24 maxlen: 24
                          185.16.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/fusK7GOUn0ElxzqmF36gtyHVJ7s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/fusK7GOUn0ElxzqmF36gtyHVJ7s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fusK7GOUn0ElxzqmF36gtyHVJ7s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 06:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ed:03:47:19:b7:d9:a7:6c:94:3e:39:37:aa:a5:bf:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7eeb0aec63949f4125c73aa6177ea0b721d527bb
        Validity
            Not Before: Oct 16 12:33:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=76f9108bb2c971a70f1276af02d3cce29093f0fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:5e:84:e2:6e:35:d4:cb:d6:a4:37:16:62:00:
                    15:76:66:0d:48:38:c4:79:3e:eb:1c:47:06:d8:f5:
                    37:de:a5:a0:69:a7:9f:33:ff:1b:aa:21:87:42:0c:
                    9c:2f:96:78:8b:cf:dd:61:50:a9:07:0e:35:00:af:
                    bc:99:92:85:23:88:ec:aa:78:1b:c1:6e:1d:64:16:
                    29:da:10:ff:87:a9:08:63:fa:11:0b:6e:cc:e0:38:
                    6f:b8:3e:48:66:d9:98:f6:44:d9:08:9f:7d:a9:1c:
                    17:73:01:01:83:6b:12:af:cb:3d:15:d0:d3:66:cc:
                    7c:b6:83:0d:09:cc:eb:0a:b5:c2:2d:92:98:42:08:
                    6a:29:15:23:15:7b:0f:49:61:22:af:75:f9:3c:7c:
                    ae:b2:5a:cf:16:1e:ea:ee:ea:60:02:c4:fb:4a:1b:
                    84:e8:73:72:cb:07:58:9a:92:b0:df:87:23:dc:ab:
                    dd:93:e3:9c:34:45:a6:6c:48:c4:f2:89:3a:32:a3:
                    99:8c:e6:4b:b5:52:d6:94:f2:07:47:ea:c6:13:0f:
                    2c:7b:58:4d:36:70:d2:07:c4:a4:84:8c:c1:8b:ba:
                    fd:43:fe:e7:82:f6:fd:07:c9:89:93:a2:f5:47:1e:
                    a5:ae:2e:0c:45:f6:50:15:08:96:db:74:4c:93:d0:
                    ca:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:F9:10:8B:B2:C9:71:A7:0F:12:76:AF:02:D3:CC:E2:90:93:F0:FE
            X509v3 Authority Key Identifier:
                keyid:7E:EB:0A:EC:63:94:9F:41:25:C7:3A:A6:17:7E:A0:B7:21:D5:27:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fusK7GOUn0ElxzqmF36gtyHVJ7s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/dvkQi7LJcacPEnavAtPM4pCT8P4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/fusK7GOUn0ElxzqmF36gtyHVJ7s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.16.96.0/24
                  185.16.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:d9:3a:5e:ed:2b:db:86:ad:aa:a4:66:0a:e7:cf:b6:83:ca:
         1e:9f:4d:34:ba:36:d6:06:8d:54:96:98:40:ad:9c:1b:4c:3d:
         e3:ee:c7:d1:8d:5b:b9:a3:2a:66:4a:b9:9c:fc:04:91:6e:59:
         aa:3a:6f:a3:01:c2:5d:c1:dc:bd:d4:91:92:b4:b8:bc:7d:6c:
         af:dd:03:5d:dc:11:c5:b8:56:fe:ce:86:f2:cb:0b:62:a1:f9:
         bc:9d:38:8f:25:c3:17:cc:ab:77:83:ea:26:e9:97:d5:9d:b2:
         13:b4:02:57:7d:88:d0:e9:42:b7:33:07:e5:3f:7c:45:9b:d4:
         9c:c6:bd:83:5f:95:e1:6e:7d:07:4c:5e:dc:d2:2b:9c:a2:fa:
         5f:53:9d:37:df:b1:c3:99:01:cd:ac:84:98:d2:77:ad:82:93:
         ad:cf:f9:f2:55:ea:fe:5a:e6:f9:57:7d:ce:a4:72:a1:11:5a:
         45:02:32:fa:f3:11:41:89:f6:64:bd:b4:12:48:a2:6c:09:a9:
         ee:90:0e:66:07:3b:8d:9f:23:a9:19:54:89:db:c9:e2:05:3d:
         e6:b7:33:68:d0:00:3a:1e:e6:1a:e4:73:0e:ef:21:ff:6f:4f:
         e5:d2:c2:c3:e3:ba:ef:7c:29:30:c2:13:66:47:44:06:af:d7:
         cf:49:5b:fc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZntA0cZt9mnbJQ+OTeqpb8+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlZWIwYWVjNjM5NDlmNDEyNWM3M2FhNjE3N2VhMGI3MjFk
NTI3YmIwHhcNMjUxMDE2MTIzMzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmY5MTA4YmIyYzk3MWE3MGYxMjc2YWYwMmQzY2NlMjkwOTNmMGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkl6E4m411MvWpDcWYgAVdmYNSDjE
eT7rHEcG2PU33qWgaaefM/8bqiGHQgycL5Z4i8/dYVCpBw41AK+8mZKFI4jsqngb
wW4dZBYp2hD/h6kIY/oRC27M4DhvuD5IZtmY9kTZCJ99qRwXcwEBg2sSr8s9FdDT
Zsx8toMNCczrCrXCLZKYQghqKRUjFXsPSWEir3X5PHyuslrPFh7q7upgAsT7ShuE
6HNyywdYmpKw34cj3Kvdk+OcNEWmbEjE8ok6MqOZjOZLtVLWlPIHR+rGEw8se1hN
NnDSB8SkhIzBi7r9Q/7ngvb9B8mJk6L1Rx6lri4MRfZQFQiW23RMk9DK3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHb5EIuyyXGnDxJ2rwLTzOKQk/D+MB8GA1UdIwQY
MBaAFH7rCuxjlJ9BJcc6phd+oLch1Se7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnVzSzdHT1VuMEVseHpxbUYzNmd0eUhWSjdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8wMDFlZGYtYmZmYy00OTYwLWEwMmMt
ZDI2ZDdkNGMyNTA1LzEvZHZrUWk3TEpjYWNQRW5hdkF0UE00cENUOFA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8wMDFlZGYtYmZmYy00OTYwLWEwMmMtZDI2ZDdkNGMyNTA1
LzEvZnVzSzdHT1VuMEVseHpxbUYzNmd0eUhWSjdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuRBgAwQB
uRBiMA0GCSqGSIb3DQEBCwUAA4IBAQAC2Tpe7Svbhq2qpGYK58+2g8oen000ujbW
Bo1UlphArZwbTD3j7sfRjVu5oypmSrmc/ASRblmqOm+jAcJdwdy91JGStLi8fWyv
3QNd3BHFuFb+zobyywtiofm8nTiPJcMXzKt3g+om6ZfVnbITtAJXfYjQ6UK3Mwfl
P3xFm9Scxr2DX5Xhbn0HTF7c0iucovpfU50337HDmQHNrISY0netgpOtz/nyVer+
Wub5V33OpHKhEVpFAjL68xFBifZkvbQSSKJsCanukA5mBzuNnyOpGVSJ28niBT3m
tzNo0AA6HuYa5HMO7yH/b0/l0sLD47rvfCkwwhNmR0QGr9fPSVv8
-----END CERTIFICATE-----