Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/7yqIFIv2yxEPvcb51-Nfk4z4cqo.roa
File:                     7yqIFIv2yxEPvcb51-Nfk4z4cqo.roa (raw, json)
Hash identifier:          1UwyFTbO0Hxsl9Ed2pKgYVa15gwfDfFs8Od2Fp9qEdc=
Subject key identifier:   EF:2A:88:14:8B:F6:CB:11:0F:BD:C6:F9:D7:E3:5F:93:8C:F8:72:AA
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       0197AD666433E148155C4FC65CDA6C07235D
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/7yqIFIv2yxEPvcb51-Nfk4z4cqo.roa
Signing time:             Thu 26 Jun 2025 18:00:58 +0000
ROA not before:           Thu 26 Jun 2025 18:00:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3170
IP address blocks:        167.160.13.0/24 maxlen: 24
                          185.161.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ad:66:64:33:e1:48:15:5c:4f:c6:5c:da:6c:07:23:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jun 26 18:00:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef2a88148bf6cb110fbdc6f9d7e35f938cf872aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:fd:eb:96:8d:8b:d7:73:f3:d5:1d:33:42:d7:
                    b3:a7:97:e6:fc:77:b9:dc:70:79:4b:15:99:3c:19:
                    14:58:8e:ed:d8:a8:ec:57:65:44:44:6b:da:d9:4c:
                    0b:e1:3e:ec:94:ed:5c:25:8b:28:8e:fd:87:96:02:
                    b4:9a:f2:fe:49:6e:91:39:40:08:20:df:bf:d4:a2:
                    71:e2:03:1c:32:7b:c9:bb:dd:ba:40:68:f5:97:33:
                    c6:0a:8f:f5:3b:db:51:34:12:d6:a6:51:99:89:73:
                    11:1d:c5:4b:ed:01:e8:86:d1:1b:b0:4d:94:82:c1:
                    b8:41:4b:d2:a1:34:53:e8:ac:5e:b9:c7:da:80:2c:
                    00:6e:74:ff:08:67:68:d5:c8:03:62:6a:9d:f0:f3:
                    bb:47:ae:1d:97:3f:d1:d0:a4:49:b0:b1:90:57:f1:
                    a7:bb:d7:64:d3:66:a1:da:c3:8d:26:fd:b0:32:ea:
                    18:4e:4d:68:d4:cd:9a:a8:78:2e:ac:ef:b1:a5:8f:
                    28:b7:91:04:cc:4b:35:6b:ca:15:1c:2d:69:49:7a:
                    5b:b4:7c:33:a5:6e:28:80:c5:3b:9a:2f:86:6b:39:
                    44:a0:b8:df:f6:19:a5:53:3a:08:cd:43:92:cc:e4:
                    49:f6:ee:22:82:50:7d:12:af:81:b8:1b:70:ae:d9:
                    29:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:2A:88:14:8B:F6:CB:11:0F:BD:C6:F9:D7:E3:5F:93:8C:F8:72:AA
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/7yqIFIv2yxEPvcb51-Nfk4z4cqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.160.13.0/24
                  185.161.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:28:cf:bf:17:3f:63:65:78:a7:4f:ad:44:1d:56:92:b1:83:
         eb:b2:b7:ac:6f:b5:c2:c5:03:a8:e8:f2:6f:84:aa:9f:b1:f2:
         81:cc:c8:01:d2:c1:3f:7e:2a:fa:58:1f:84:af:ad:42:e5:55:
         d9:47:58:0f:7c:3f:11:1e:fb:ea:f3:21:23:4c:b6:39:5d:3c:
         82:b8:4a:c1:4a:52:52:52:8e:94:7a:cd:e9:32:b1:c3:4a:6a:
         8b:09:3b:a4:a4:4b:09:3d:ca:c0:37:35:ee:5d:d0:b4:0b:84:
         f8:57:d4:ad:6d:15:96:e3:26:04:4c:69:49:a4:29:25:0b:90:
         24:b1:46:79:13:fd:92:8d:a0:8f:b2:e2:78:9b:77:82:90:96:
         f0:43:ef:47:6a:25:ad:44:91:24:be:38:5f:7c:2a:45:29:5f:
         be:23:80:7f:15:b4:b3:8f:ca:34:8b:17:74:f7:65:e8:49:c9:
         74:85:11:67:f4:35:f6:48:48:5d:23:11:49:7a:7b:18:40:ac:
         1d:60:b8:36:0e:9d:97:c4:23:96:27:8b:63:60:69:26:4c:ca:
         58:75:79:94:39:49:58:98:8e:dc:5b:6c:93:a7:a9:fd:62:3b:
         69:86:ef:dc:24:cf:d2:92:44:5f:9d:68:26:18:b0:1a:ae:40:
         d8:31:b5:1c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZetZmQz4UgVXE/GXNpsByNdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwNjI2MTgwMDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjJhODgxNDhiZjZjYjExMGZiZGM2ZjlkN2UzNWY5MzhjZjg3MmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuv3rlo2L13Pz1R0zQtezp5fm/He5
3HB5SxWZPBkUWI7t2KjsV2VERGva2UwL4T7slO1cJYsojv2HlgK0mvL+SW6ROUAI
IN+/1KJx4gMcMnvJu926QGj1lzPGCo/1O9tRNBLWplGZiXMRHcVL7QHohtEbsE2U
gsG4QUvSoTRT6KxeucfagCwAbnT/CGdo1cgDYmqd8PO7R64dlz/R0KRJsLGQV/Gn
u9dk02ah2sONJv2wMuoYTk1o1M2aqHgurO+xpY8ot5EEzEs1a8oVHC1pSXpbtHwz
pW4ogMU7mi+GazlEoLjf9hmlUzoIzUOSzORJ9u4iglB9Eq+BuBtwrtkpbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO8qiBSL9ssRD73G+dfjX5OM+HKqMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvN3lxSUZJdjJ5eEVQdmNiNTEtTmZrNHo0Y3FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAp6ANAwQA
uaFuMA0GCSqGSIb3DQEBCwUAA4IBAQAeKM+/Fz9jZXinT61EHVaSsYPrsresb7XC
xQOo6PJvhKqfsfKBzMgB0sE/fir6WB+Er61C5VXZR1gPfD8RHvvq8yEjTLY5XTyC
uErBSlJSUo6Ues3pMrHDSmqLCTukpEsJPcrANzXuXdC0C4T4V9StbRWW4yYETGlJ
pCklC5AksUZ5E/2SjaCPsuJ4m3eCkJbwQ+9HaiWtRJEkvjhffCpFKV++I4B/FbSz
j8o0ixd092XoScl0hRFn9DX2SEhdIxFJensYQKwdYLg2Dp2XxCOWJ4tjYGkmTMpY
dXmUOUlYmI7cW2yTp6n9Yjtphu/cJM/SkkRfnWgmGLAarkDYMbUc
-----END CERTIFICATE-----