Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/7dab6a-947b-4a12-8a27-0e1efd5a3746/1/CxgM5umcJQIKAphd4HGRMxjPCiQ.roa
File:                     CxgM5umcJQIKAphd4HGRMxjPCiQ.roa (raw, json)
Hash identifier:          A0nE+ddeI2g2MvTBC556Td71a5D11i+c62doMFlZiC8=
Subject key identifier:   0B:18:0C:E6:E9:9C:25:02:0A:02:98:5D:E0:71:91:33:18:CF:0A:24
Certificate issuer:       /CN=43f06c3698724b37fe1a1711417dbd88ebbf0a91
Certificate serial:       01999A0EC34ED38457A0821318F76E8166DF
Authority key identifier: 43:F0:6C:36:98:72:4B:37:FE:1A:17:11:41:7D:BD:88:EB:BF:0A:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q_BsNphySzf-GhcRQX29iOu_CpE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/7dab6a-947b-4a12-8a27-0e1efd5a3746/1/CxgM5umcJQIKAphd4HGRMxjPCiQ.roa
Signing time:             Tue 30 Sep 2025 09:58:02 +0000
ROA not before:           Tue 30 Sep 2025 09:58:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47543
IP address blocks:        185.29.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/7dab6a-947b-4a12-8a27-0e1efd5a3746/1/Q_BsNphySzf-GhcRQX29iOu_CpE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/7dab6a-947b-4a12-8a27-0e1efd5a3746/1/Q_BsNphySzf-GhcRQX29iOu_CpE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q_BsNphySzf-GhcRQX29iOu_CpE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9a:0e:c3:4e:d3:84:57:a0:82:13:18:f7:6e:81:66:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43f06c3698724b37fe1a1711417dbd88ebbf0a91
        Validity
            Not Before: Sep 30 09:58:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b180ce6e99c25020a02985de071913318cf0a24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d2:c8:e0:54:74:68:6c:62:0c:ad:53:b7:9c:
                    17:9f:26:70:2a:48:5c:89:c3:99:43:4c:5f:dd:c6:
                    f8:20:12:9b:28:d9:a4:5d:8b:af:35:f0:7d:4f:3c:
                    af:90:14:9d:d9:7d:12:7f:d4:1f:25:9f:21:4b:7f:
                    17:a0:2f:29:46:e6:6e:f5:c8:c7:45:4b:39:3a:29:
                    4d:6b:c0:6a:9f:41:67:61:4e:2d:bc:81:cf:aa:9f:
                    bd:e1:0f:d1:d3:12:f9:32:3b:2a:b6:76:92:95:73:
                    5f:f7:24:ef:7f:d2:71:1c:39:6a:25:09:7b:ff:89:
                    23:63:dc:4c:5a:7e:70:aa:66:32:4d:68:9f:90:b2:
                    c5:91:25:a6:02:fe:88:07:44:a3:23:f4:43:bc:66:
                    49:0c:3f:f6:47:37:d5:b5:de:64:40:53:ec:6d:d2:
                    81:61:5f:b6:d9:19:c1:76:78:40:b6:1c:9e:26:eb:
                    c6:d1:b2:ed:80:60:33:c6:bc:f1:ee:af:af:3c:da:
                    d1:c8:e0:51:c5:d9:48:1b:7d:87:2c:a4:ad:98:e2:
                    cf:d6:bf:ee:70:b5:9b:09:a3:c1:dc:cb:af:5e:4c:
                    65:40:1d:47:72:0b:5e:9c:7d:2f:f2:d2:90:e7:41:
                    3f:14:62:60:c6:03:f0:32:b2:73:34:23:5a:90:6e:
                    51:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:18:0C:E6:E9:9C:25:02:0A:02:98:5D:E0:71:91:33:18:CF:0A:24
            X509v3 Authority Key Identifier:
                keyid:43:F0:6C:36:98:72:4B:37:FE:1A:17:11:41:7D:BD:88:EB:BF:0A:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q_BsNphySzf-GhcRQX29iOu_CpE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/7dab6a-947b-4a12-8a27-0e1efd5a3746/1/CxgM5umcJQIKAphd4HGRMxjPCiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/7dab6a-947b-4a12-8a27-0e1efd5a3746/1/Q_BsNphySzf-GhcRQX29iOu_CpE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:61:e9:44:de:9f:77:01:e6:0f:32:30:41:1a:03:37:45:d3:
         e3:5d:67:ec:5f:cb:7e:8e:2d:04:f0:d8:9e:d8:82:dd:8a:b2:
         5a:eb:42:72:9d:8b:74:43:df:17:29:37:f6:06:dc:7d:22:10:
         9a:5f:17:11:1f:92:0c:3d:aa:14:06:bb:14:ad:fe:72:42:ae:
         a7:9f:4f:fe:3f:18:25:12:1e:c8:4d:a6:9c:a9:1a:82:9b:a0:
         d9:56:5c:f7:d4:d0:64:44:a1:30:ed:44:5a:0e:54:18:e2:ca:
         c6:e2:5f:74:df:79:a7:e5:1b:fa:c9:c8:4f:e0:e5:35:c7:59:
         93:5c:16:28:76:37:da:d7:8a:92:6c:09:cf:75:d2:2b:96:dc:
         2c:a5:03:0f:18:12:5b:9a:fa:1d:ad:f3:7e:34:8f:ac:d1:a0:
         00:f6:cf:a0:6b:8f:0b:20:e8:d6:24:dd:0a:22:6b:cf:11:82:
         b7:de:0e:f2:9e:26:d8:9e:08:39:a9:1c:b1:02:f9:7c:9c:36:
         5d:22:8d:51:e5:a9:79:10:52:d2:db:e9:9e:16:57:a5:f6:bd:
         95:5c:6c:f9:6e:1c:32:75:05:e7:a1:67:1e:30:5b:31:ed:1d:
         52:dc:03:32:b9:2a:40:19:00:a9:b1:88:3a:42:28:2a:5e:c6:
         85:f8:29:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmaDsNO04RXoIITGPdugWbfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZjA2YzM2OTg3MjRiMzdmZTFhMTcxMTQxN2RiZDg4ZWJi
ZjBhOTEwHhcNMjUwOTMwMDk1ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjE4MGNlNmU5OWMyNTAyMGEwMjk4NWRlMDcxOTEzMzE4Y2YwYTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltLI4FR0aGxiDK1Tt5wXnyZwKkhc
icOZQ0xf3cb4IBKbKNmkXYuvNfB9TzyvkBSd2X0Sf9QfJZ8hS38XoC8pRuZu9cjH
RUs5OilNa8Bqn0FnYU4tvIHPqp+94Q/R0xL5MjsqtnaSlXNf9yTvf9JxHDlqJQl7
/4kjY9xMWn5wqmYyTWifkLLFkSWmAv6IB0SjI/RDvGZJDD/2RzfVtd5kQFPsbdKB
YV+22RnBdnhAthyeJuvG0bLtgGAzxrzx7q+vPNrRyOBRxdlIG32HLKStmOLP1r/u
cLWbCaPB3MuvXkxlQB1HcgtenH0v8tKQ50E/FGJgxgPwMrJzNCNakG5RuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAsYDObpnCUCCgKYXeBxkTMYzwokMB8GA1UdIwQY
MBaAFEPwbDaYcks3/hoXEUF9vYjrvwqRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUV9Cc05waHlTemYtR2hjUlFYMjlpT3VfQ3BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83ZGFiNmEtOTQ3Yi00YTEyLThhMjct
MGUxZWZkNWEzNzQ2LzEvQ3hnTTV1bWNKUUlLQXBoZDRIR1JNeGpQQ2lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83ZGFiNmEtOTQ3Yi00YTEyLThhMjctMGUxZWZkNWEzNzQ2
LzEvUV9Cc05waHlTemYtR2hjUlFYMjlpT3VfQ3BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuR2FMA0G
CSqGSIb3DQEBCwUAA4IBAQAZYelE3p93AeYPMjBBGgM3RdPjXWfsX8t+ji0E8Nie
2ILdirJa60JynYt0Q98XKTf2Btx9IhCaXxcRH5IMPaoUBrsUrf5yQq6nn0/+Pxgl
Eh7ITaacqRqCm6DZVlz31NBkRKEw7URaDlQY4srG4l9033mn5Rv6ychP4OU1x1mT
XBYodjfa14qSbAnPddIrltwspQMPGBJbmvodrfN+NI+s0aAA9s+ga48LIOjWJN0K
ImvPEYK33g7ynibYngg5qRyxAvl8nDZdIo1R5al5EFLS2+meFlel9r2VXGz5bhwy
dQXnoWceMFsx7R1S3AMyuSpAGQCpsYg6QigqXsaF+Cm2
-----END CERTIFICATE-----