Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/7dab6a-947b-4a12-8a27-0e1efd5a3746/1/hraQuSPXm_BKduHB1VDVz3ZUcQY.roa
File:                     hraQuSPXm_BKduHB1VDVz3ZUcQY.roa (raw, json)
Hash identifier:          WS2hCjy7E85ll6h/ANkIKpGGT1mve9bfebhKK3l26Xw=
Subject key identifier:   86:B6:90:B9:23:D7:9B:F0:4A:76:E1:C1:D5:50:D5:CF:76:54:71:06
Certificate issuer:       /CN=43f06c3698724b37fe1a1711417dbd88ebbf0a91
Certificate serial:       01999A0EC30FBEF2F572921D54A7FB9EC968
Authority key identifier: 43:F0:6C:36:98:72:4B:37:FE:1A:17:11:41:7D:BD:88:EB:BF:0A:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q_BsNphySzf-GhcRQX29iOu_CpE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/7dab6a-947b-4a12-8a27-0e1efd5a3746/1/hraQuSPXm_BKduHB1VDVz3ZUcQY.roa
Signing time:             Tue 30 Sep 2025 09:58:02 +0000
ROA not before:           Tue 30 Sep 2025 09:58:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8455
IP address blocks:        185.29.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/7dab6a-947b-4a12-8a27-0e1efd5a3746/1/Q_BsNphySzf-GhcRQX29iOu_CpE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/7dab6a-947b-4a12-8a27-0e1efd5a3746/1/Q_BsNphySzf-GhcRQX29iOu_CpE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q_BsNphySzf-GhcRQX29iOu_CpE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9a:0e:c3:0f:be:f2:f5:72:92:1d:54:a7:fb:9e:c9:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43f06c3698724b37fe1a1711417dbd88ebbf0a91
        Validity
            Not Before: Sep 30 09:58:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86b690b923d79bf04a76e1c1d550d5cf76547106
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:7f:79:84:1d:43:cc:3c:78:c9:50:9b:68:b0:
                    bd:ec:f5:ce:e3:a3:5b:8b:0f:e2:a6:d4:d1:7a:02:
                    ac:68:46:2b:05:07:47:70:4c:f1:c7:66:0e:e2:a5:
                    c2:2a:95:cc:fa:d4:11:fd:a4:19:4a:db:ba:ff:4c:
                    ee:84:41:22:7d:47:74:f4:8d:e5:19:eb:bd:5f:a9:
                    80:31:0c:9e:f8:50:99:26:98:e0:5e:a8:c5:9f:63:
                    5f:b8:38:5e:21:c7:f6:b5:6a:e9:89:11:94:ea:90:
                    5c:41:fa:fd:89:66:48:35:88:8f:46:26:58:47:a7:
                    38:64:a2:26:48:ff:b3:dd:ff:cb:18:c4:f3:8c:e9:
                    72:ad:c3:03:6d:d2:32:a0:9a:16:d0:97:05:43:26:
                    5c:4f:b7:c0:ec:55:84:06:07:71:b0:af:9d:34:d9:
                    46:d6:63:a0:32:90:2b:f1:84:93:b1:66:39:bd:89:
                    9c:f0:1b:f4:db:9a:b5:af:69:cd:75:40:43:4b:e6:
                    4f:b0:c5:2e:b1:42:6a:3d:dc:a7:d0:da:df:b8:f8:
                    a6:71:4e:8e:4e:b3:3d:34:6d:1f:62:a8:b7:d1:eb:
                    d3:e1:19:a2:69:11:ef:76:26:b6:75:6f:cd:55:39:
                    24:f5:d7:52:d4:c4:64:39:e0:5d:5f:83:c8:da:1a:
                    97:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:B6:90:B9:23:D7:9B:F0:4A:76:E1:C1:D5:50:D5:CF:76:54:71:06
            X509v3 Authority Key Identifier:
                keyid:43:F0:6C:36:98:72:4B:37:FE:1A:17:11:41:7D:BD:88:EB:BF:0A:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q_BsNphySzf-GhcRQX29iOu_CpE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/7dab6a-947b-4a12-8a27-0e1efd5a3746/1/hraQuSPXm_BKduHB1VDVz3ZUcQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/7dab6a-947b-4a12-8a27-0e1efd5a3746/1/Q_BsNphySzf-GhcRQX29iOu_CpE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:9a:3e:a4:9d:2a:b9:01:01:30:af:d0:b2:a5:37:61:28:6c:
         6c:c6:a7:f1:53:8d:1c:d8:7d:c5:d6:4a:a6:6e:2c:4d:e1:e4:
         32:23:b8:4a:84:2e:95:40:b0:15:b0:ee:07:50:f8:1a:23:47:
         96:85:1a:f9:9b:22:fd:42:bd:22:64:6e:d7:e8:4e:00:e3:c6:
         13:2a:67:6e:39:8c:6e:81:67:84:a5:01:ef:75:e5:8f:ca:00:
         cb:57:36:e8:56:bb:4f:40:a4:bb:90:94:b2:1e:19:02:33:ab:
         a0:2d:ab:9c:31:31:c4:48:22:06:c8:80:ec:23:5b:c1:5f:2f:
         cb:c5:f3:c6:f1:7f:25:91:77:3f:20:7a:d6:b2:b9:08:4a:fa:
         98:e4:7f:5c:c4:35:56:07:b9:cb:aa:ac:4e:9c:89:6a:7e:d6:
         6d:0d:e2:7c:d3:89:2c:76:d3:dd:fd:61:a7:3b:28:fa:fc:82:
         09:ce:93:0b:99:bb:9f:4b:ff:55:8b:38:f3:b7:38:89:1b:d6:
         f1:86:76:fd:bf:eb:26:99:10:22:06:33:fb:bd:6f:4e:35:c7:
         e0:b6:b7:d4:4a:64:17:d5:62:f6:12:0d:c7:ab:9e:ee:95:d6:
         c1:3b:1f:83:e5:1d:c9:44:30:a7:db:11:bc:83:40:f1:3b:42:
         06:8f:4d:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmaDsMPvvL1cpIdVKf7nsloMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZjA2YzM2OTg3MjRiMzdmZTFhMTcxMTQxN2RiZDg4ZWJi
ZjBhOTEwHhcNMjUwOTMwMDk1ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmI2OTBiOTIzZDc5YmYwNGE3NmUxYzFkNTUwZDVjZjc2NTQ3MTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqn95hB1DzDx4yVCbaLC97PXO46Nb
iw/iptTRegKsaEYrBQdHcEzxx2YO4qXCKpXM+tQR/aQZStu6/0zuhEEifUd09I3l
Geu9X6mAMQye+FCZJpjgXqjFn2NfuDheIcf2tWrpiRGU6pBcQfr9iWZINYiPRiZY
R6c4ZKImSP+z3f/LGMTzjOlyrcMDbdIyoJoW0JcFQyZcT7fA7FWEBgdxsK+dNNlG
1mOgMpAr8YSTsWY5vYmc8Bv025q1r2nNdUBDS+ZPsMUusUJqPdyn0NrfuPimcU6O
TrM9NG0fYqi30evT4RmiaRHvdia2dW/NVTkk9ddS1MRkOeBdX4PI2hqXQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIa2kLkj15vwSnbhwdVQ1c92VHEGMB8GA1UdIwQY
MBaAFEPwbDaYcks3/hoXEUF9vYjrvwqRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUV9Cc05waHlTemYtR2hjUlFYMjlpT3VfQ3BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83ZGFiNmEtOTQ3Yi00YTEyLThhMjct
MGUxZWZkNWEzNzQ2LzEvaHJhUXVTUFhtX0JLZHVIQjFWRFZ6M1pVY1FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83ZGFiNmEtOTQ3Yi00YTEyLThhMjctMGUxZWZkNWEzNzQ2
LzEvUV9Cc05waHlTemYtR2hjUlFYMjlpT3VfQ3BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuR2FMA0G
CSqGSIb3DQEBCwUAA4IBAQBymj6knSq5AQEwr9CypTdhKGxsxqfxU40c2H3F1kqm
bixN4eQyI7hKhC6VQLAVsO4HUPgaI0eWhRr5myL9Qr0iZG7X6E4A48YTKmduOYxu
gWeEpQHvdeWPygDLVzboVrtPQKS7kJSyHhkCM6ugLaucMTHESCIGyIDsI1vBXy/L
xfPG8X8lkXc/IHrWsrkISvqY5H9cxDVWB7nLqqxOnIlqftZtDeJ804ksdtPd/WGn
Oyj6/IIJzpMLmbufS/9VizjztziJG9bxhnb9v+smmRAiBjP7vW9ONcfgtrfUSmQX
1WL2Eg3Hq57uldbBOx+D5R3JRDCn2xG8g0DxO0IGj03J
-----END CERTIFICATE-----