Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/7dab6a-947b-4a12-8a27-0e1efd5a3746/1/JknyP3Ybin2U1sEXva4KCDR1c1I.roa
File:                     JknyP3Ybin2U1sEXva4KCDR1c1I.roa (raw, json)
Hash identifier:          O0vUT6Dy38kn7d3i/5/I+631QCA6tRSEMUbIaeBWKKg=
Subject key identifier:   26:49:F2:3F:76:1B:8A:7D:94:D6:C1:17:BD:AE:0A:08:34:75:73:52
Certificate issuer:       /CN=43f06c3698724b37fe1a1711417dbd88ebbf0a91
Certificate serial:       01999A02DC55DFC3493C33C3F1DBF765C120
Authority key identifier: 43:F0:6C:36:98:72:4B:37:FE:1A:17:11:41:7D:BD:88:EB:BF:0A:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q_BsNphySzf-GhcRQX29iOu_CpE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/7dab6a-947b-4a12-8a27-0e1efd5a3746/1/JknyP3Ybin2U1sEXva4KCDR1c1I.roa
Signing time:             Tue 30 Sep 2025 09:45:02 +0000
ROA not before:           Tue 30 Sep 2025 09:45:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213374
IP address blocks:        185.29.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/7dab6a-947b-4a12-8a27-0e1efd5a3746/1/Q_BsNphySzf-GhcRQX29iOu_CpE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/7dab6a-947b-4a12-8a27-0e1efd5a3746/1/Q_BsNphySzf-GhcRQX29iOu_CpE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q_BsNphySzf-GhcRQX29iOu_CpE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9a:02:dc:55:df:c3:49:3c:33:c3:f1:db:f7:65:c1:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43f06c3698724b37fe1a1711417dbd88ebbf0a91
        Validity
            Not Before: Sep 30 09:45:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2649f23f761b8a7d94d6c117bdae0a0834757352
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c6:38:04:90:1a:cf:70:8a:fa:40:8b:f4:c9:
                    46:51:32:60:d6:42:ce:68:dd:a5:ae:f7:11:04:db:
                    eb:07:51:42:b7:02:33:0e:08:92:99:6b:30:21:9b:
                    e3:f1:18:92:3b:ca:49:26:22:d5:cc:03:28:a7:05:
                    43:cd:1d:8f:9a:1d:c2:9d:fc:75:92:28:c8:0a:25:
                    d5:8c:83:30:2c:3c:d6:a5:40:f2:a4:b3:86:f8:f8:
                    0a:e4:54:e7:d6:4c:4e:48:44:14:01:ca:60:fa:48:
                    01:b8:22:56:cd:ce:a9:26:dd:c0:62:4b:9f:d2:97:
                    46:40:40:93:5e:d9:d4:a1:ef:81:e8:36:3a:63:a2:
                    5a:1c:23:d9:8e:bc:cd:32:9a:a4:15:12:55:59:e9:
                    a9:51:32:c1:cf:c4:be:32:58:82:8a:c2:96:79:55:
                    10:d3:61:b5:5a:e0:07:ad:44:40:04:4e:08:e8:52:
                    42:32:b5:a5:ee:e2:72:89:d4:a6:1d:59:70:d3:61:
                    98:c2:5e:a5:b6:b0:2f:a0:e7:22:c5:a3:01:f3:9d:
                    9b:47:4e:1d:30:1f:b0:6e:29:81:32:9e:be:b9:68:
                    53:5c:44:e6:cd:01:35:fc:c4:1b:95:37:19:d6:d6:
                    78:41:a8:c0:6f:9d:32:70:8c:ce:a4:8a:ad:71:09:
                    be:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:49:F2:3F:76:1B:8A:7D:94:D6:C1:17:BD:AE:0A:08:34:75:73:52
            X509v3 Authority Key Identifier:
                keyid:43:F0:6C:36:98:72:4B:37:FE:1A:17:11:41:7D:BD:88:EB:BF:0A:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q_BsNphySzf-GhcRQX29iOu_CpE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/7dab6a-947b-4a12-8a27-0e1efd5a3746/1/JknyP3Ybin2U1sEXva4KCDR1c1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/7dab6a-947b-4a12-8a27-0e1efd5a3746/1/Q_BsNphySzf-GhcRQX29iOu_CpE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:db:56:22:c4:3a:4c:af:f0:9a:37:38:f0:35:b5:46:95:8d:
         51:0a:19:c2:d0:75:d6:8a:55:f3:51:3d:c5:76:68:47:ea:ed:
         c8:d7:f2:be:3b:3d:9a:3f:5a:9a:c1:06:f9:f7:5a:04:af:c8:
         e8:92:86:b5:ba:65:32:3d:a9:af:ac:16:dc:1d:2e:2a:03:35:
         63:5d:cd:2d:0e:ad:3e:c3:df:42:08:c7:d5:a0:a7:0f:d7:6d:
         51:7f:53:5d:63:27:87:cf:51:8b:a1:40:42:2d:bd:24:bb:bf:
         01:7e:13:bb:d2:f0:b5:11:a1:31:79:5d:47:b0:b7:90:1c:b7:
         e7:03:52:11:a5:70:97:f8:56:de:5e:49:e2:e1:6e:77:ab:cc:
         95:5e:7f:60:b9:97:94:98:a7:0a:74:d8:3a:4b:78:76:9b:1a:
         97:66:01:77:a8:0d:b7:ad:f6:84:4c:95:b5:e6:7b:25:6c:88:
         07:db:a6:c3:1a:79:ed:13:80:28:23:3b:93:c7:38:b6:f8:d7:
         85:69:3b:6a:4b:4c:22:48:9d:ec:e0:a8:5c:83:99:1a:cf:9f:
         80:d2:61:88:0a:b2:f6:e4:c3:d7:8d:ed:11:72:66:c7:ae:ad:
         05:90:8d:cc:8d:78:8f:6a:82:10:26:49:dd:81:37:1e:6f:56:
         88:d9:32:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmaAtxV38NJPDPD8dv3ZcEgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZjA2YzM2OTg3MjRiMzdmZTFhMTcxMTQxN2RiZDg4ZWJi
ZjBhOTEwHhcNMjUwOTMwMDk0NTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjQ5ZjIzZjc2MWI4YTdkOTRkNmMxMTdiZGFlMGEwODM0NzU3MzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMY4BJAaz3CK+kCL9MlGUTJg1kLO
aN2lrvcRBNvrB1FCtwIzDgiSmWswIZvj8RiSO8pJJiLVzAMopwVDzR2Pmh3Cnfx1
kijICiXVjIMwLDzWpUDypLOG+PgK5FTn1kxOSEQUAcpg+kgBuCJWzc6pJt3AYkuf
0pdGQECTXtnUoe+B6DY6Y6JaHCPZjrzNMpqkFRJVWempUTLBz8S+MliCisKWeVUQ
02G1WuAHrURABE4I6FJCMrWl7uJyidSmHVlw02GYwl6ltrAvoOcixaMB852bR04d
MB+wbimBMp6+uWhTXETmzQE1/MQblTcZ1tZ4QajAb50ycIzOpIqtcQm+8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCZJ8j92G4p9lNbBF72uCgg0dXNSMB8GA1UdIwQY
MBaAFEPwbDaYcks3/hoXEUF9vYjrvwqRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUV9Cc05waHlTemYtR2hjUlFYMjlpT3VfQ3BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83ZGFiNmEtOTQ3Yi00YTEyLThhMjct
MGUxZWZkNWEzNzQ2LzEvSmtueVAzWWJpbjJVMXNFWHZhNEtDRFIxYzFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83ZGFiNmEtOTQ3Yi00YTEyLThhMjctMGUxZWZkNWEzNzQ2
LzEvUV9Cc05waHlTemYtR2hjUlFYMjlpT3VfQ3BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuR2FMA0G
CSqGSIb3DQEBCwUAA4IBAQBy21YixDpMr/CaNzjwNbVGlY1RChnC0HXWilXzUT3F
dmhH6u3I1/K+Oz2aP1qawQb591oEr8jokoa1umUyPamvrBbcHS4qAzVjXc0tDq0+
w99CCMfVoKcP121Rf1NdYyeHz1GLoUBCLb0ku78BfhO70vC1EaExeV1HsLeQHLfn
A1IRpXCX+FbeXkni4W53q8yVXn9guZeUmKcKdNg6S3h2mxqXZgF3qA23rfaETJW1
5nslbIgH26bDGnntE4AoIzuTxzi2+NeFaTtqS0wiSJ3s4Khcg5kaz5+A0mGICrL2
5MPXje0RcmbHrq0FkI3MjXiPaoIQJkndgTceb1aI2TJC
-----END CERTIFICATE-----