Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/ffTvs6YF_hXAEglDFhneoTAWA7Y.roa
File:                     ffTvs6YF_hXAEglDFhneoTAWA7Y.roa (raw, json)
Hash identifier:          McS9n7bcKq8O21qZ8IIp3IHODw/eCLO/50XCpVXjy20=
Subject key identifier:   7D:F4:EF:B3:A6:05:FE:15:C0:12:09:43:16:19:DE:A1:30:16:03:B6
Certificate issuer:       /CN=767c1766fbbdcff68bbc34a3c6be69a0c8a03ab9
Certificate serial:       0197C4EF3D123FE4453813795DFC745479C3
Authority key identifier: 76:7C:17:66:FB:BD:CF:F6:8B:BC:34:A3:C6:BE:69:A0:C8:A0:3A:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dnwXZvu9z_aLvDSjxr5poMigOrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/ffTvs6YF_hXAEglDFhneoTAWA7Y.roa
Signing time:             Tue 01 Jul 2025 07:41:42 +0000
ROA not before:           Tue 01 Jul 2025 07:41:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49110
IP address blocks:        185.143.40.0/24 maxlen: 24
                          185.143.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/dnwXZvu9z_aLvDSjxr5poMigOrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/dnwXZvu9z_aLvDSjxr5poMigOrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dnwXZvu9z_aLvDSjxr5poMigOrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c4:ef:3d:12:3f:e4:45:38:13:79:5d:fc:74:54:79:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=767c1766fbbdcff68bbc34a3c6be69a0c8a03ab9
        Validity
            Not Before: Jul  1 07:41:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7df4efb3a605fe15c01209431619dea1301603b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:1e:10:58:d4:57:c7:47:be:36:8f:5e:77:c4:
                    35:46:aa:3b:d9:13:99:df:b4:ac:dc:b4:bc:f6:ae:
                    27:2f:b3:40:87:9b:bb:01:d6:ae:70:e9:68:f9:f1:
                    5b:e1:01:97:44:27:01:7c:ac:b6:01:a6:84:94:c1:
                    5a:c1:dd:76:06:d6:db:49:8e:e9:4d:b7:cc:b8:87:
                    8e:e4:78:da:5b:d7:ef:e9:52:d0:79:77:da:6e:07:
                    c0:3e:10:17:a8:84:6c:4a:4d:72:04:f8:7f:11:f4:
                    40:09:ef:1b:a9:a9:b4:97:f1:e0:4c:c1:ef:ce:6e:
                    20:ba:80:c0:96:ce:e3:af:3a:b1:75:6b:22:f4:49:
                    f0:a8:f1:59:c8:54:ce:31:4a:99:5f:51:d0:db:8d:
                    05:8d:fa:46:78:6f:5d:81:0d:c3:49:fd:40:3a:0e:
                    69:8a:b3:07:c0:5c:0a:32:2b:73:ae:4c:de:c4:c3:
                    cc:07:01:1a:84:ff:ca:6b:ee:43:2e:ba:42:8c:3a:
                    94:ac:2b:e1:cb:db:6e:a0:b5:3d:9e:f0:5f:97:d8:
                    45:a5:d4:a0:93:a4:9a:a7:f1:7a:c2:99:dd:5c:82:
                    e6:17:a9:c3:33:8f:19:37:92:4d:15:19:27:a8:72:
                    06:cd:7c:0e:02:7c:23:07:a5:ac:bb:ae:ba:32:2b:
                    5e:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:F4:EF:B3:A6:05:FE:15:C0:12:09:43:16:19:DE:A1:30:16:03:B6
            X509v3 Authority Key Identifier:
                keyid:76:7C:17:66:FB:BD:CF:F6:8B:BC:34:A3:C6:BE:69:A0:C8:A0:3A:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dnwXZvu9z_aLvDSjxr5poMigOrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/ffTvs6YF_hXAEglDFhneoTAWA7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/dnwXZvu9z_aLvDSjxr5poMigOrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:93:f6:1d:34:5c:79:e7:fa:51:94:e2:ce:ce:5f:5d:56:65:
         7d:80:47:ff:1e:8b:f9:5d:48:d8:aa:05:f6:5b:ee:6d:ac:3d:
         c3:3b:05:3d:0d:76:6e:56:84:dd:70:62:5b:12:5f:62:3c:05:
         50:3a:80:7f:c2:5e:63:cf:8d:2d:ff:9f:78:18:18:d7:97:80:
         bd:03:3d:5d:b7:77:e3:a9:17:fb:31:3d:d8:c7:79:f1:47:78:
         41:37:9e:8b:46:a0:02:b3:ef:25:95:af:fc:a7:90:77:8c:7d:
         aa:84:e2:f8:0f:03:5c:fb:4a:b4:ad:97:20:05:f1:f5:a0:85:
         8c:d6:a1:2e:76:2b:90:81:90:7b:32:a8:8a:1c:36:ca:e7:19:
         25:78:1f:17:c5:86:e5:cf:d2:9f:0c:b2:60:29:ae:34:17:dc:
         bb:58:30:bd:34:77:27:ba:d8:95:f0:68:64:90:26:4a:d5:5d:
         ff:92:79:71:46:77:e5:97:b1:ba:17:a5:2b:9e:9d:4f:68:f3:
         74:42:ba:9b:4d:e1:b0:98:81:38:3a:b0:57:3e:ac:0b:91:60:
         f3:55:1c:d5:58:a3:a5:bb:82:7f:e4:37:d5:63:a1:4f:77:18:
         df:68:cf:c1:62:8d:b4:6e:c7:20:6f:03:3f:a8:7b:fd:17:47:
         95:1a:6a:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfE7z0SP+RFOBN5Xfx0VHnDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2N2MxNzY2ZmJiZGNmZjY4YmJjMzRhM2M2YmU2OWEwYzhh
MDNhYjkwHhcNMjUwNzAxMDc0MTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGY0ZWZiM2E2MDVmZTE1YzAxMjA5NDMxNjE5ZGVhMTMwMTYwM2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzB4QWNRXx0e+No9ed8Q1Rqo72ROZ
37Ss3LS89q4nL7NAh5u7AdaucOlo+fFb4QGXRCcBfKy2AaaElMFawd12BtbbSY7p
TbfMuIeO5HjaW9fv6VLQeXfabgfAPhAXqIRsSk1yBPh/EfRACe8bqam0l/HgTMHv
zm4guoDAls7jrzqxdWsi9EnwqPFZyFTOMUqZX1HQ240FjfpGeG9dgQ3DSf1AOg5p
irMHwFwKMitzrkzexMPMBwEahP/Ka+5DLrpCjDqUrCvhy9tuoLU9nvBfl9hFpdSg
k6Sap/F6wpndXILmF6nDM48ZN5JNFRknqHIGzXwOAnwjB6Wsu666MitezwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH3077OmBf4VwBIJQxYZ3qEwFgO2MB8GA1UdIwQY
MBaAFHZ8F2b7vc/2i7w0o8a+aaDIoDq5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG53WFp2dTl6X2FMdkRTanhyNXBvTWlnT3JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS84ODQzNTYtN2UyYS00YzJhLThmZjQt
MzU2OGUxZDI5ZDRhLzEvZmZUdnM2WUZfaFhBRWdsREZobmVvVEFXQTdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS84ODQzNTYtN2UyYS00YzJhLThmZjQtMzU2OGUxZDI5ZDRh
LzEvZG53WFp2dTl6X2FMdkRTanhyNXBvTWlnT3JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuY8oMA0G
CSqGSIb3DQEBCwUAA4IBAQBjk/YdNFx55/pRlOLOzl9dVmV9gEf/Hov5XUjYqgX2
W+5trD3DOwU9DXZuVoTdcGJbEl9iPAVQOoB/wl5jz40t/594GBjXl4C9Az1dt3fj
qRf7MT3Yx3nxR3hBN56LRqACs+8lla/8p5B3jH2qhOL4DwNc+0q0rZcgBfH1oIWM
1qEudiuQgZB7MqiKHDbK5xkleB8XxYblz9KfDLJgKa40F9y7WDC9NHcnutiV8Ghk
kCZK1V3/knlxRnfll7G6F6Urnp1PaPN0QrqbTeGwmIE4OrBXPqwLkWDzVRzVWKOl
u4J/5DfVY6FPdxjfaM/BYo20bscgbwM/qHv9F0eVGmpu
-----END CERTIFICATE-----