Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/b428e7-653c-46c7-973f-9db614cb127a/1/Cch2VifmQnrl3ySCO9FpJWyP-jY.roa
File:                     Cch2VifmQnrl3ySCO9FpJWyP-jY.roa (raw, json)
Hash identifier:          2g5UoC4Ft4ADLPnKCU1ruihX3luMvHq35SeKVhY1no4=
Subject key identifier:   09:C8:76:56:27:E6:42:7A:E5:DF:24:82:3B:D1:69:25:6C:8F:FA:36
Certificate issuer:       /CN=04bec7578450f945d4f334df600c61a6f47232f2
Certificate serial:       0199E1B8A31E33C719F74F13DF0E727C444A
Authority key identifier: 04:BE:C7:57:84:50:F9:45:D4:F3:34:DF:60:0C:61:A6:F4:72:32:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BL7HV4RQ-UXU8zTfYAxhpvRyMvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/b428e7-653c-46c7-973f-9db614cb127a/1/Cch2VifmQnrl3ySCO9FpJWyP-jY.roa
Signing time:             Tue 14 Oct 2025 07:56:37 +0000
ROA not before:           Tue 14 Oct 2025 07:56:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58321
IP address blocks:        185.243.29.0/24 maxlen: 24
                          185.243.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/b428e7-653c-46c7-973f-9db614cb127a/1/BL7HV4RQ-UXU8zTfYAxhpvRyMvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/b428e7-653c-46c7-973f-9db614cb127a/1/BL7HV4RQ-UXU8zTfYAxhpvRyMvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BL7HV4RQ-UXU8zTfYAxhpvRyMvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e1:b8:a3:1e:33:c7:19:f7:4f:13:df:0e:72:7c:44:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04bec7578450f945d4f334df600c61a6f47232f2
        Validity
            Not Before: Oct 14 07:56:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=09c8765627e6427ae5df24823bd169256c8ffa36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:1d:91:ea:d2:39:5f:e1:4a:ed:00:4f:2b:79:
                    90:19:0a:b8:d5:61:31:d5:5a:26:d5:41:f9:d5:b9:
                    fc:43:02:7f:cd:47:b9:b1:98:f4:1c:d8:dc:53:d2:
                    81:ef:24:68:7e:e8:36:84:e2:9f:d8:bd:5d:66:8e:
                    35:c8:ea:85:9b:3d:fd:b6:6d:96:b7:7d:07:4e:f3:
                    36:52:2e:16:3e:5c:b2:ac:a3:ea:d4:7a:99:de:55:
                    a9:d3:3c:2a:d0:58:04:60:5e:44:c2:ef:57:c1:ac:
                    92:6a:82:3e:85:29:b0:33:11:ff:3e:d0:0d:9b:05:
                    cc:69:c1:14:a6:52:a5:f2:65:be:a6:38:93:ae:b6:
                    d3:dd:ee:73:6e:0f:9f:5a:46:7e:42:f0:0c:be:f6:
                    ec:0e:1f:7c:c8:c5:b5:89:bd:4c:0f:59:b7:d8:fe:
                    0f:7a:33:ed:26:ad:12:b3:dc:6d:ac:ab:96:f0:fc:
                    d1:bf:c7:4a:c1:f6:3c:87:a2:3c:4e:31:41:a4:28:
                    9d:e6:44:f8:7b:e9:d4:e8:c6:85:fc:dd:47:d0:d2:
                    94:37:7c:01:42:6e:a5:66:1a:b5:b7:02:d9:fb:1b:
                    0c:a1:8f:81:a6:b7:16:ed:c3:8a:e8:df:fb:c3:c0:
                    c4:3d:ef:8a:1b:87:17:d6:54:27:72:95:c7:ba:63:
                    56:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:C8:76:56:27:E6:42:7A:E5:DF:24:82:3B:D1:69:25:6C:8F:FA:36
            X509v3 Authority Key Identifier:
                keyid:04:BE:C7:57:84:50:F9:45:D4:F3:34:DF:60:0C:61:A6:F4:72:32:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BL7HV4RQ-UXU8zTfYAxhpvRyMvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/b428e7-653c-46c7-973f-9db614cb127a/1/Cch2VifmQnrl3ySCO9FpJWyP-jY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/b428e7-653c-46c7-973f-9db614cb127a/1/BL7HV4RQ-UXU8zTfYAxhpvRyMvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.29.0-185.243.30.255

    Signature Algorithm: sha256WithRSAEncryption
         38:66:99:7f:2e:2a:a1:81:2f:31:ec:90:58:cd:fc:31:23:f0:
         45:48:0c:2c:de:cf:af:74:ee:fb:e5:b8:2d:e5:c6:41:53:40:
         32:8c:b6:c9:aa:22:b5:25:ea:7b:0b:ee:b2:40:50:e3:a1:22:
         29:38:a5:82:a1:0e:bf:9a:7e:cc:b8:8b:0a:a9:a6:27:e8:3e:
         d3:59:45:81:0d:27:b5:fc:41:ef:7e:65:45:41:87:80:bf:36:
         3e:96:0c:a1:79:b2:7f:7a:af:ce:c7:9c:97:e9:6d:03:04:9e:
         5c:be:b9:90:93:ea:0b:4e:2f:d4:7c:44:1e:b5:70:b7:93:a6:
         9f:ad:15:cd:a1:84:9a:83:8a:c7:b5:45:4d:8f:ec:34:e9:03:
         8c:d3:d0:8e:76:65:7a:c4:20:c9:2f:e3:2f:5a:24:1b:1b:4a:
         8d:ae:4d:0f:80:5a:53:33:6c:e2:01:a2:c5:7e:95:2a:e0:2e:
         27:ca:43:bc:eb:f3:85:a1:ce:98:18:7b:9f:66:47:27:c1:71:
         df:fa:67:f8:c6:44:2a:55:05:c1:31:be:3c:e9:78:1f:8c:7a:
         ea:f5:5b:42:99:3b:68:67:f8:ca:5d:47:f6:4e:49:87:06:7a:
         c0:8b:42:e4:ed:f7:32:e6:e2:53:a9:bb:b1:50:ae:c8:3c:86:
         69:00:80:ca
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZnhuKMeM8cZ908T3w5yfERKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YmVjNzU3ODQ1MGY5NDVkNGYzMzRkZjYwMGM2MWE2ZjQ3
MjMyZjIwHhcNMjUxMDE0MDc1NjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWM4NzY1NjI3ZTY0MjdhZTVkZjI0ODIzYmQxNjkyNTZjOGZmYTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3R2R6tI5X+FK7QBPK3mQGQq41WEx
1Vom1UH51bn8QwJ/zUe5sZj0HNjcU9KB7yRofug2hOKf2L1dZo41yOqFmz39tm2W
t30HTvM2Ui4WPlyyrKPq1HqZ3lWp0zwq0FgEYF5Ewu9XwaySaoI+hSmwMxH/PtAN
mwXMacEUplKl8mW+pjiTrrbT3e5zbg+fWkZ+QvAMvvbsDh98yMW1ib1MD1m32P4P
ejPtJq0Ss9xtrKuW8PzRv8dKwfY8h6I8TjFBpCid5kT4e+nU6MaF/N1H0NKUN3wB
Qm6lZhq1twLZ+xsMoY+BprcW7cOK6N/7w8DEPe+KG4cX1lQncpXHumNW/QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAnIdlYn5kJ65d8kgjvRaSVsj/o2MB8GA1UdIwQY
MBaAFAS+x1eEUPlF1PM032AMYab0cjLyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkw3SFY0UlEtVVhVOHpUZllBeGhwdlJ5TXZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9iNDI4ZTctNjUzYy00NmM3LTk3M2Yt
OWRiNjE0Y2IxMjdhLzEvQ2NoMlZpZm1RbnJsM3lTQ085RnBKV3lQLWpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9iNDI4ZTctNjUzYy00NmM3LTk3M2YtOWRiNjE0Y2IxMjdh
LzEvQkw3SFY0UlEtVVhVOHpUZllBeGhwdlJ5TXZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC58x0D
BAC58x4wDQYJKoZIhvcNAQELBQADggEBADhmmX8uKqGBLzHskFjN/DEj8EVIDCze
z6907vvluC3lxkFTQDKMtsmqIrUl6nsL7rJAUOOhIik4pYKhDr+afsy4iwqppifo
PtNZRYENJ7X8Qe9+ZUVBh4C/Nj6WDKF5sn96r87HnJfpbQMEnly+uZCT6gtOL9R8
RB61cLeTpp+tFc2hhJqDise1RU2P7DTpA4zT0I52ZXrEIMkv4y9aJBsbSo2uTQ+A
WlMzbOIBosV+lSrgLifKQ7zr84WhzpgYe59mRyfBcd/6Z/jGRCpVBcExvjzpeB+M
eur1W0KZO2hn+MpdR/ZOSYcGesCLQuTt9zLm4lOpu7FQrsg8hmkAgMo=
-----END CERTIFICATE-----