Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/TpdQHtnm2mQIlhZU-IuyrTQH0u4.roa
File:                     TpdQHtnm2mQIlhZU-IuyrTQH0u4.roa (raw, json)
Hash identifier:          wgzm5iPKYf1gv2aiPMi32vbnCED/v4DbGge4RgpdAR4=
Subject key identifier:   4E:97:50:1E:D9:E6:DA:64:08:96:16:54:F8:8B:B2:AD:34:07:D2:EE
Certificate issuer:       /CN=c7b623bbc54e9846748cd77b2b8b343827e5aeaa
Certificate serial:       0199CAA2E9D85B0CE84605CBCAAB2CFF1BE2
Authority key identifier: C7:B6:23:BB:C5:4E:98:46:74:8C:D7:7B:2B:8B:34:38:27:E5:AE:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x7Yju8VOmEZ0jNd7K4s0OCflrqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/TpdQHtnm2mQIlhZU-IuyrTQH0u4.roa
Signing time:             Thu 09 Oct 2025 20:21:38 +0000
ROA not before:           Thu 09 Oct 2025 20:21:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215898
IP address blocks:        185.233.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/x7Yju8VOmEZ0jNd7K4s0OCflrqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/x7Yju8VOmEZ0jNd7K4s0OCflrqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x7Yju8VOmEZ0jNd7K4s0OCflrqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ca:a2:e9:d8:5b:0c:e8:46:05:cb:ca:ab:2c:ff:1b:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7b623bbc54e9846748cd77b2b8b343827e5aeaa
        Validity
            Not Before: Oct  9 20:21:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e97501ed9e6da6408961654f88bb2ad3407d2ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:82:70:b8:0a:f3:93:d4:34:e0:de:a9:81:8a:
                    61:53:cd:d5:1f:79:31:c2:1c:2b:cc:89:f9:1d:c4:
                    13:0e:12:36:88:36:70:f0:eb:22:0f:4a:bf:e1:3b:
                    5b:78:28:b6:9e:99:84:b5:6d:58:e0:ca:fc:38:f3:
                    67:20:47:fa:e6:62:9b:c1:9a:00:c6:a8:40:91:be:
                    df:95:35:12:68:27:87:eb:c4:ba:32:28:9b:a5:79:
                    b9:9e:fe:ae:9d:89:c4:7b:c6:b4:02:87:cb:d1:4d:
                    2d:3a:50:1c:b9:e7:ff:a7:90:55:3e:25:e0:a9:cb:
                    ab:0a:18:74:62:ed:3f:3f:75:95:fa:ad:d2:5d:f5:
                    c7:f2:1e:f2:1b:2d:9b:23:c0:28:8e:74:95:ef:64:
                    33:94:e5:96:ed:57:19:eb:51:a7:24:cf:77:42:f4:
                    91:dd:cf:a8:8d:d8:71:27:94:78:9d:ca:36:50:6a:
                    32:4f:8a:e1:69:f6:fb:cc:5a:0a:e4:36:f2:c2:d7:
                    f0:53:23:5b:6d:0d:4b:f1:69:b2:85:fa:6d:53:26:
                    59:ee:89:1f:2b:33:4d:6f:9d:12:b8:77:c1:0d:25:
                    ad:b4:19:40:10:20:24:d7:1d:ef:b2:21:87:c0:89:
                    61:39:fa:f2:24:5a:97:db:67:4b:60:f3:00:45:74:
                    9a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:97:50:1E:D9:E6:DA:64:08:96:16:54:F8:8B:B2:AD:34:07:D2:EE
            X509v3 Authority Key Identifier:
                keyid:C7:B6:23:BB:C5:4E:98:46:74:8C:D7:7B:2B:8B:34:38:27:E5:AE:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x7Yju8VOmEZ0jNd7K4s0OCflrqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/TpdQHtnm2mQIlhZU-IuyrTQH0u4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/x7Yju8VOmEZ0jNd7K4s0OCflrqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.233.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:17:0d:cf:1b:d9:dd:10:54:20:dc:b4:84:0c:ae:c9:54:61:
         3b:1e:d2:39:f7:ac:d6:1e:8a:ee:8d:45:54:d5:e7:f7:f6:4a:
         ca:3a:c2:d0:c7:58:d9:eb:a2:ee:b9:dd:de:a1:e9:08:50:f7:
         d4:e3:d1:d4:29:8d:65:fc:74:4d:9d:ca:c0:48:64:0f:68:57:
         2c:9f:a9:40:d0:78:7a:5d:43:7e:3d:4d:98:77:12:7b:44:44:
         9f:d0:16:62:c6:54:ab:c1:c9:ea:59:2f:67:0a:a0:be:94:2e:
         bb:46:ed:5f:62:89:fc:84:64:20:76:39:bd:77:e5:62:11:bb:
         fa:b3:b3:0c:54:e3:52:c1:25:87:69:d5:cb:9d:b5:86:58:a9:
         82:8f:43:1e:db:b9:ee:97:66:2a:d3:39:b8:1a:05:6c:64:4e:
         1e:6d:d6:d8:91:9c:2a:68:1c:00:5d:66:aa:16:f6:4a:36:7a:
         32:50:d7:07:90:21:39:55:eb:3b:4f:0a:91:83:47:f0:dd:81:
         64:5e:98:e7:42:8d:f8:21:70:03:64:da:3c:44:2b:75:5c:bf:
         3f:75:23:4b:3a:a1:c6:b4:eb:e6:be:8b:5a:bd:54:a4:3f:45:
         fc:63:36:71:89:6c:ca:d9:aa:ba:bb:9f:6a:d7:ee:c1:ff:1d:
         a3:eb:9a:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnKounYWwzoRgXLyqss/xviMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3YjYyM2JiYzU0ZTk4NDY3NDhjZDc3YjJiOGIzNDM4Mjdl
NWFlYWEwHhcNMjUxMDA5MjAyMTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTk3NTAxZWQ5ZTZkYTY0MDg5NjE2NTRmODhiYjJhZDM0MDdkMmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5IJwuArzk9Q04N6pgYphU83VH3kx
whwrzIn5HcQTDhI2iDZw8OsiD0q/4TtbeCi2npmEtW1Y4Mr8OPNnIEf65mKbwZoA
xqhAkb7flTUSaCeH68S6MiibpXm5nv6unYnEe8a0AofL0U0tOlAcuef/p5BVPiXg
qcurChh0Yu0/P3WV+q3SXfXH8h7yGy2bI8AojnSV72QzlOWW7VcZ61GnJM93QvSR
3c+ojdhxJ5R4nco2UGoyT4rhafb7zFoK5DbywtfwUyNbbQ1L8WmyhfptUyZZ7okf
KzNNb50SuHfBDSWttBlAECAk1x3vsiGHwIlhOfryJFqX22dLYPMARXSahwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE6XUB7Z5tpkCJYWVPiLsq00B9LuMB8GA1UdIwQY
MBaAFMe2I7vFTphGdIzXeyuLNDgn5a6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDdZanU4Vk9tRVowak5kN0s0czBPQ2ZscnFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9lZDg3OWItZTNjNC00YjdhLWJkMGMt
MzRlNGUwNjc5MzMzLzEvVHBkUUh0bm0ybVFJbGhaVS1JdXlyVFFIMHU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9lZDg3OWItZTNjNC00YjdhLWJkMGMtMzRlNGUwNjc5MzMz
LzEveDdZanU4Vk9tRVowak5kN0s0czBPQ2ZscnFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuemkMA0G
CSqGSIb3DQEBCwUAA4IBAQB3Fw3PG9ndEFQg3LSEDK7JVGE7HtI596zWHorujUVU
1ef39krKOsLQx1jZ66Luud3eoekIUPfU49HUKY1l/HRNncrASGQPaFcsn6lA0Hh6
XUN+PU2YdxJ7RESf0BZixlSrwcnqWS9nCqC+lC67Ru1fYon8hGQgdjm9d+ViEbv6
s7MMVONSwSWHadXLnbWGWKmCj0Me27nul2Yq0zm4GgVsZE4ebdbYkZwqaBwAXWaq
FvZKNnoyUNcHkCE5Ves7TwqRg0fw3YFkXpjnQo34IXADZNo8RCt1XL8/dSNLOqHG
tOvmvotavVSkP0X8YzZxiWzK2aq6u59q1+7B/x2j65rT
-----END CERTIFICATE-----