Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/dAJ7EV2-0wM2syKGtdtiKZGFSxY.roa
File:                     dAJ7EV2-0wM2syKGtdtiKZGFSxY.roa (raw, json)
Hash identifier:          8X6rxRDZGWidyjx2bJzLL6eg9RecFd9QR4ICdZS+Q20=
Subject key identifier:   74:02:7B:11:5D:BE:D3:03:36:B3:22:86:B5:DB:62:29:91:85:4B:16
Certificate issuer:       /CN=c7b623bbc54e9846748cd77b2b8b343827e5aeaa
Certificate serial:       0199CE26DF97C3D18191ECFA85FDB31E2C50
Authority key identifier: C7:B6:23:BB:C5:4E:98:46:74:8C:D7:7B:2B:8B:34:38:27:E5:AE:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x7Yju8VOmEZ0jNd7K4s0OCflrqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/dAJ7EV2-0wM2syKGtdtiKZGFSxY.roa
Signing time:             Fri 10 Oct 2025 12:44:38 +0000
ROA not before:           Fri 10 Oct 2025 12:44:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54252
IP address blocks:        185.233.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/x7Yju8VOmEZ0jNd7K4s0OCflrqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/x7Yju8VOmEZ0jNd7K4s0OCflrqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x7Yju8VOmEZ0jNd7K4s0OCflrqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ce:26:df:97:c3:d1:81:91:ec:fa:85:fd:b3:1e:2c:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7b623bbc54e9846748cd77b2b8b343827e5aeaa
        Validity
            Not Before: Oct 10 12:44:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74027b115dbed30336b32286b5db622991854b16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:51:f1:42:05:e6:ae:c8:c9:98:81:33:93:5e:
                    d3:12:23:42:8d:21:cd:1d:7a:f4:8d:89:43:9d:47:
                    31:e5:36:1d:57:79:a7:48:70:08:db:2c:69:03:84:
                    cc:1c:24:39:5f:d7:a8:58:9f:67:85:25:9e:1a:6a:
                    5e:3a:82:57:2a:37:89:91:2f:46:70:5d:4a:4e:aa:
                    da:58:fd:89:a2:e7:f8:3c:c6:9e:69:99:92:b4:13:
                    c6:54:8c:68:a2:a6:5f:cc:da:eb:91:48:28:37:06:
                    6a:0c:74:3b:c6:6e:09:95:94:9d:b1:04:7a:9f:4b:
                    e7:96:8c:c0:20:b2:a9:88:fa:ae:52:ce:6a:09:5b:
                    27:ba:38:76:2c:08:f8:08:e6:d0:25:c1:43:9d:9e:
                    dd:15:dc:5b:71:7b:87:03:95:97:c6:a2:01:61:9f:
                    5e:e1:a8:e4:3a:66:45:0d:f9:a6:78:91:5d:be:72:
                    1e:dd:40:63:1b:a6:ad:53:22:5f:72:d1:96:fe:b1:
                    74:34:97:9c:73:71:4c:6f:cb:7b:7b:8d:38:16:42:
                    83:aa:20:41:e3:98:a4:f3:cb:15:f9:c8:98:c8:29:
                    25:a2:42:e0:64:5f:3b:c2:8f:56:7d:bf:b5:3e:e5:
                    45:9c:d6:c3:40:43:5d:18:49:0d:17:d0:aa:4a:57:
                    62:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:02:7B:11:5D:BE:D3:03:36:B3:22:86:B5:DB:62:29:91:85:4B:16
            X509v3 Authority Key Identifier:
                keyid:C7:B6:23:BB:C5:4E:98:46:74:8C:D7:7B:2B:8B:34:38:27:E5:AE:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x7Yju8VOmEZ0jNd7K4s0OCflrqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/dAJ7EV2-0wM2syKGtdtiKZGFSxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/ed879b-e3c4-4b7a-bd0c-34e4e0679333/1/x7Yju8VOmEZ0jNd7K4s0OCflrqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.233.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:af:e6:bf:ea:49:44:e6:f4:b4:d4:b7:c2:92:92:d1:7e:f7:
         c0:66:b6:42:37:d8:80:9c:29:cb:cc:fb:02:07:6e:44:a4:e8:
         41:b8:f8:ab:42:96:dd:ab:cf:f8:c0:16:aa:06:75:c7:ff:2d:
         5f:60:d3:61:a3:78:6d:4b:ed:bb:2f:3e:1a:66:50:ff:5c:03:
         57:66:c5:3e:4c:12:bb:d7:65:70:66:9b:4a:11:86:72:e0:29:
         26:87:d5:b6:58:95:ed:5c:0a:d3:53:83:1f:e7:8b:74:e7:e9:
         f9:2d:b7:df:f5:5c:34:78:b7:15:d8:94:c4:fd:dd:eb:0f:3b:
         1c:6c:6b:50:0e:86:80:79:f6:14:e1:a2:2e:14:69:c2:ed:12:
         1b:84:a8:f0:d0:87:da:88:ec:8e:86:a9:20:e7:0e:e1:5b:52:
         42:49:b3:1b:c0:58:b7:53:88:7b:a2:a3:72:0e:cc:9d:94:d4:
         54:b1:a2:61:7f:27:fd:39:4b:b6:61:46:53:a9:23:be:b6:00:
         0d:70:aa:09:fe:65:ff:98:c4:f9:0b:63:f2:41:97:3c:69:0b:
         1e:b6:79:29:76:6e:7d:2f:fc:91:98:d7:63:f1:ce:db:08:3b:
         9a:d4:29:d3:1c:85:3c:94:14:fa:e3:20:c8:f8:83:a1:11:18:
         2f:d1:7e:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnOJt+Xw9GBkez6hf2zHixQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3YjYyM2JiYzU0ZTk4NDY3NDhjZDc3YjJiOGIzNDM4Mjdl
NWFlYWEwHhcNMjUxMDEwMTI0NDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDAyN2IxMTVkYmVkMzAzMzZiMzIyODZiNWRiNjIyOTkxODU0YjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxlHxQgXmrsjJmIEzk17TEiNCjSHN
HXr0jYlDnUcx5TYdV3mnSHAI2yxpA4TMHCQ5X9eoWJ9nhSWeGmpeOoJXKjeJkS9G
cF1KTqraWP2Jouf4PMaeaZmStBPGVIxooqZfzNrrkUgoNwZqDHQ7xm4JlZSdsQR6
n0vnlozAILKpiPquUs5qCVsnujh2LAj4CObQJcFDnZ7dFdxbcXuHA5WXxqIBYZ9e
4ajkOmZFDfmmeJFdvnIe3UBjG6atUyJfctGW/rF0NJecc3FMb8t7e404FkKDqiBB
45ik88sV+ciYyCklokLgZF87wo9Wfb+1PuVFnNbDQENdGEkNF9CqSldiewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHQCexFdvtMDNrMihrXbYimRhUsWMB8GA1UdIwQY
MBaAFMe2I7vFTphGdIzXeyuLNDgn5a6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDdZanU4Vk9tRVowak5kN0s0czBPQ2ZscnFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9lZDg3OWItZTNjNC00YjdhLWJkMGMt
MzRlNGUwNjc5MzMzLzEvZEFKN0VWMi0wd00yc3lLR3RkdGlLWkdGU3hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9lZDg3OWItZTNjNC00YjdhLWJkMGMtMzRlNGUwNjc5MzMz
LzEveDdZanU4Vk9tRVowak5kN0s0czBPQ2ZscnFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuemlMA0G
CSqGSIb3DQEBCwUAA4IBAQBIr+a/6klE5vS01LfCkpLRfvfAZrZCN9iAnCnLzPsC
B25EpOhBuPirQpbdq8/4wBaqBnXH/y1fYNNho3htS+27Lz4aZlD/XANXZsU+TBK7
12VwZptKEYZy4Ckmh9W2WJXtXArTU4Mf54t05+n5Lbff9Vw0eLcV2JTE/d3rDzsc
bGtQDoaAefYU4aIuFGnC7RIbhKjw0IfaiOyOhqkg5w7hW1JCSbMbwFi3U4h7oqNy
DsydlNRUsaJhfyf9OUu2YUZTqSO+tgANcKoJ/mX/mMT5C2PyQZc8aQsetnkpdm59
L/yRmNdj8c7bCDua1CnTHIU8lBT64yDI+IOhERgv0X5L
-----END CERTIFICATE-----