Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/0c766e-f332-423c-8c86-863147e464b1/1/KI70QEEjKifA49lP9hNEf_ezkqw.roa
File:                     KI70QEEjKifA49lP9hNEf_ezkqw.roa (raw, json)
Hash identifier:          l/PfIL49zHex1c51vTWEEhy6b8NXS0jEYZNGksCQb38=
Subject key identifier:   28:8E:F4:40:41:23:2A:27:C0:E3:D9:4F:F6:13:44:7F:F7:B3:92:AC
Certificate issuer:       /CN=b16c22dd012e2693069864fa9576325c373f164a
Certificate serial:       0199329888905A030D34AB8DA7A6BA856DA2
Authority key identifier: B1:6C:22:DD:01:2E:26:93:06:98:64:FA:95:76:32:5C:37:3F:16:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sWwi3QEuJpMGmGT6lXYyXDc_Fko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/0c766e-f332-423c-8c86-863147e464b1/1/KI70QEEjKifA49lP9hNEf_ezkqw.roa
Signing time:             Wed 10 Sep 2025 07:48:01 +0000
ROA not before:           Wed 10 Sep 2025 07:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207342
IP address blocks:        185.131.212.0/24 maxlen: 24
                          2a06:de47::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/0c766e-f332-423c-8c86-863147e464b1/1/sWwi3QEuJpMGmGT6lXYyXDc_Fko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/0c766e-f332-423c-8c86-863147e464b1/1/sWwi3QEuJpMGmGT6lXYyXDc_Fko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sWwi3QEuJpMGmGT6lXYyXDc_Fko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:32:98:88:90:5a:03:0d:34:ab:8d:a7:a6:ba:85:6d:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b16c22dd012e2693069864fa9576325c373f164a
        Validity
            Not Before: Sep 10 07:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=288ef44041232a27c0e3d94ff613447ff7b392ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:0f:78:c9:a5:f8:fb:97:4d:97:ab:0e:1c:15:
                    cd:60:fd:3d:b5:8e:d4:87:4b:11:51:04:67:53:80:
                    1a:a9:df:e8:6e:10:29:9a:7e:aa:7c:d9:c2:ad:da:
                    2a:84:3f:90:d4:ef:a9:6c:98:18:a5:d2:99:74:cd:
                    83:e0:93:f7:06:5b:93:9a:35:80:b9:00:86:83:4b:
                    bb:a3:de:36:da:41:0c:26:9b:7d:fc:ee:18:0a:31:
                    f5:59:01:15:d0:85:9c:13:84:2c:c0:e4:9a:c3:e2:
                    95:87:e2:74:48:ca:18:f8:3e:e4:f7:c0:72:30:9f:
                    c9:67:d7:c7:00:eb:f3:07:a6:4a:02:e8:2b:58:52:
                    1d:a3:d5:63:52:40:2a:47:cb:6c:f0:9c:13:72:3e:
                    3c:45:40:12:ab:c4:73:7a:70:48:88:34:48:46:00:
                    42:27:5e:d7:2d:aa:2d:58:60:88:9b:48:c2:f4:07:
                    3b:d0:6c:59:83:4f:d6:34:f4:59:33:bc:26:90:66:
                    42:ad:0e:53:e9:f2:b7:d8:65:5e:bc:f3:1d:94:d3:
                    45:1e:41:52:93:e3:06:b9:75:84:2f:e8:22:c5:4e:
                    af:25:9b:44:32:e7:cd:c9:68:7f:e5:55:01:de:0a:
                    10:f7:40:19:b5:c5:cd:aa:4e:e0:b7:25:7e:41:d4:
                    a3:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:8E:F4:40:41:23:2A:27:C0:E3:D9:4F:F6:13:44:7F:F7:B3:92:AC
            X509v3 Authority Key Identifier:
                keyid:B1:6C:22:DD:01:2E:26:93:06:98:64:FA:95:76:32:5C:37:3F:16:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sWwi3QEuJpMGmGT6lXYyXDc_Fko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/0c766e-f332-423c-8c86-863147e464b1/1/KI70QEEjKifA49lP9hNEf_ezkqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/0c766e-f332-423c-8c86-863147e464b1/1/sWwi3QEuJpMGmGT6lXYyXDc_Fko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.212.0/24
                IPv6:
                  2a06:de47::/32

    Signature Algorithm: sha256WithRSAEncryption
         b9:97:5d:29:f0:f7:52:62:2d:3d:28:a7:c2:89:57:c6:3b:7d:
         97:c9:d2:7d:b5:d1:a3:23:02:c2:86:89:bb:98:6b:20:8f:09:
         0a:c6:c2:52:5b:27:4a:dd:bc:4e:e6:ab:5c:53:8b:46:b1:cc:
         11:8a:99:cd:86:ac:b7:4d:ac:5d:1b:bb:be:34:24:2a:04:1a:
         6d:b1:9a:e1:69:0b:6e:19:c1:d0:d3:c3:e0:33:7b:cd:40:4a:
         60:30:64:e3:6d:c6:01:fa:c7:43:ca:79:df:c4:e8:1d:cf:46:
         02:ee:45:84:29:b8:fd:0c:48:d8:be:06:6d:8d:a2:00:5c:b6:
         16:98:db:c6:5c:c5:cb:bb:a1:97:e6:2d:52:4a:66:58:0d:e3:
         3b:52:04:3e:36:dc:91:55:e0:17:15:17:cc:4c:ce:35:c1:f7:
         6c:21:c2:f0:2e:ff:a9:3b:63:00:7e:13:d1:c5:1c:6d:b4:f6:
         73:cf:c0:67:27:4e:1a:96:da:f5:36:21:7b:4e:a9:e1:66:16:
         35:59:73:f5:91:92:a3:d6:ad:81:0f:0b:da:53:1f:70:29:88:
         8e:e8:bf:2a:62:29:42:04:bf:d9:79:b5:f8:8b:cb:50:21:cd:
         9e:d4:6e:40:f0:1a:44:cc:bb:4d:e5:9f:0f:69:7a:76:f4:71:
         b0:84:5a:2e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZkymIiQWgMNNKuNp6a6hW2iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNmMyMmRkMDEyZTI2OTMwNjk4NjRmYTk1NzYzMjVjMzcz
ZjE2NGEwHhcNMjUwOTEwMDc0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODhlZjQ0MDQxMjMyYTI3YzBlM2Q5NGZmNjEzNDQ3ZmY3YjM5MmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsA94yaX4+5dNl6sOHBXNYP09tY7U
h0sRUQRnU4Aaqd/obhApmn6qfNnCrdoqhD+Q1O+pbJgYpdKZdM2D4JP3BluTmjWA
uQCGg0u7o9422kEMJpt9/O4YCjH1WQEV0IWcE4QswOSaw+KVh+J0SMoY+D7k98By
MJ/JZ9fHAOvzB6ZKAugrWFIdo9VjUkAqR8ts8JwTcj48RUASq8RzenBIiDRIRgBC
J17XLaotWGCIm0jC9Ac70GxZg0/WNPRZM7wmkGZCrQ5T6fK32GVevPMdlNNFHkFS
k+MGuXWEL+gixU6vJZtEMufNyWh/5VUB3goQ90AZtcXNqk7gtyV+QdSjAQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCiO9EBBIyonwOPZT/YTRH/3s5KsMB8GA1UdIwQY
MBaAFLFsIt0BLiaTBphk+pV2Mlw3PxZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1d3aTNRRXVKcE1HbUdUNmxYWXlYRGNfRmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8wYzc2NmUtZjMzMi00MjNjLThjODYt
ODYzMTQ3ZTQ2NGIxLzEvS0k3MFFFRWpLaWZBNDlsUDloTkVmX2V6a3F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8wYzc2NmUtZjMzMi00MjNjLThjODYtODYzMTQ3ZTQ2NGIx
LzEvc1d3aTNRRXVKcE1HbUdUNmxYWXlYRGNfRmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuYPUMA0E
AgACMAcDBQAqBt5HMA0GCSqGSIb3DQEBCwUAA4IBAQC5l10p8PdSYi09KKfCiVfG
O32XydJ9tdGjIwLChom7mGsgjwkKxsJSWydK3bxO5qtcU4tGscwRipnNhqy3Taxd
G7u+NCQqBBptsZrhaQtuGcHQ08PgM3vNQEpgMGTjbcYB+sdDynnfxOgdz0YC7kWE
Kbj9DEjYvgZtjaIAXLYWmNvGXMXLu6GX5i1SSmZYDeM7UgQ+NtyRVeAXFRfMTM41
wfdsIcLwLv+pO2MAfhPRxRxttPZzz8BnJ04altr1NiF7TqnhZhY1WXP1kZKj1q2B
DwvaUx9wKYiO6L8qYilCBL/ZebX4i8tQIc2e1G5A8BpEzLtN5Z8PaXp29HGwhFou
-----END CERTIFICATE-----