Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/a477e9-5ad0-443e-a742-8190dd7c21c4/1/jQYNkPm-7PL8fW0UL9FVZuPtO60.roa
File:                     jQYNkPm-7PL8fW0UL9FVZuPtO60.roa (raw, json)
Hash identifier:          KBWJmS4cybTN+ONWvg4jGPD1GVeVDhS/4yiWvoMcO6c=
Subject key identifier:   8D:06:0D:90:F9:BE:EC:F2:FC:7D:6D:14:2F:D1:55:66:E3:ED:3B:AD
Certificate issuer:       /CN=7dfc901d4a307bda0f3b0bf65d310468220dc5e1
Certificate serial:       0197AC67A2EB664DB54EF6780EC63ACDF8FA
Authority key identifier: 7D:FC:90:1D:4A:30:7B:DA:0F:3B:0B:F6:5D:31:04:68:22:0D:C5:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffyQHUowe9oPOwv2XTEEaCINxeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/a477e9-5ad0-443e-a742-8190dd7c21c4/1/jQYNkPm-7PL8fW0UL9FVZuPtO60.roa
Signing time:             Thu 26 Jun 2025 13:22:42 +0000
ROA not before:           Thu 26 Jun 2025 13:22:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57212
IP address blocks:        185.212.28.0/24 maxlen: 24
                          185.212.29.0/24 maxlen: 24
                          185.212.30.0/24 maxlen: 24
                          185.212.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/a477e9-5ad0-443e-a742-8190dd7c21c4/1/ffyQHUowe9oPOwv2XTEEaCINxeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/a477e9-5ad0-443e-a742-8190dd7c21c4/1/ffyQHUowe9oPOwv2XTEEaCINxeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffyQHUowe9oPOwv2XTEEaCINxeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 07:42:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ac:67:a2:eb:66:4d:b5:4e:f6:78:0e:c6:3a:cd:f8:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7dfc901d4a307bda0f3b0bf65d310468220dc5e1
        Validity
            Not Before: Jun 26 13:22:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d060d90f9beecf2fc7d6d142fd15566e3ed3bad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:98:ec:b0:85:21:98:81:7f:88:0d:69:b7:e4:
                    8e:0c:1f:5d:d7:0f:45:2d:ae:a4:27:9a:00:a3:da:
                    8a:8a:c8:b4:a6:f2:ca:a0:60:8f:fe:d5:8e:23:37:
                    7b:2e:7c:a5:dd:8f:18:3e:a6:b2:93:17:75:16:ea:
                    f4:22:39:4e:41:bf:9b:0a:c4:ff:b1:8d:6d:7a:f5:
                    52:3a:da:14:0d:d8:7c:f1:01:2a:35:14:90:c9:fb:
                    26:78:79:b7:fb:f6:a2:d4:31:8d:a9:78:6b:a8:51:
                    7d:5e:54:d9:2f:ad:8f:3b:c0:bc:45:de:cd:3d:18:
                    a7:99:3a:bf:9d:c5:d5:e2:31:48:6b:ae:2d:83:d0:
                    c2:28:6d:66:75:f0:37:cd:a6:46:43:14:d3:78:e1:
                    c6:1d:7b:db:89:9d:78:31:ab:c5:22:fa:f2:a5:46:
                    17:b0:5f:62:b4:0a:74:05:21:4c:4c:58:7e:c1:c9:
                    36:88:03:bd:91:92:af:6a:85:03:0d:ce:dd:ee:0d:
                    6b:15:59:0d:76:81:03:a3:1b:21:1c:8e:44:da:cb:
                    c5:5f:63:08:9f:74:32:8c:98:91:a9:a4:51:fd:4c:
                    28:e2:aa:28:2a:4d:05:54:3c:f5:06:2e:b2:9a:2a:
                    04:95:00:56:5c:c2:f0:24:d8:ed:9b:85:f5:e9:d0:
                    a2:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:06:0D:90:F9:BE:EC:F2:FC:7D:6D:14:2F:D1:55:66:E3:ED:3B:AD
            X509v3 Authority Key Identifier:
                keyid:7D:FC:90:1D:4A:30:7B:DA:0F:3B:0B:F6:5D:31:04:68:22:0D:C5:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffyQHUowe9oPOwv2XTEEaCINxeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/a477e9-5ad0-443e-a742-8190dd7c21c4/1/jQYNkPm-7PL8fW0UL9FVZuPtO60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/a477e9-5ad0-443e-a742-8190dd7c21c4/1/ffyQHUowe9oPOwv2XTEEaCINxeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:1e:4a:c1:bc:97:a2:88:74:93:3d:02:1c:16:4a:96:03:5c:
         a2:5e:dd:4b:c8:c5:f1:53:ba:1d:1c:b0:76:4b:51:da:d9:3f:
         b8:dc:98:a2:15:17:6c:88:15:67:79:cf:e7:f2:19:a3:70:e7:
         58:7d:4b:dc:56:85:a6:91:60:78:a3:6c:4b:a1:cb:f2:07:22:
         36:37:32:38:98:fd:e5:93:bc:cc:3a:dc:d6:b9:94:40:5d:c3:
         60:d4:a0:1b:e3:4d:70:9e:34:05:d9:37:dc:ba:ef:0b:1b:0f:
         68:50:68:38:7f:9a:d8:44:5e:02:62:c6:9d:f5:45:36:ba:df:
         0c:e7:d6:83:87:2c:b5:f9:9a:2f:8f:5c:4c:0a:98:af:9a:35:
         08:17:ac:35:4d:ed:ad:4a:97:45:a2:53:d3:65:9a:e9:a1:6f:
         60:56:e2:43:75:20:4b:64:2c:f6:bc:9e:0b:28:82:88:8e:c8:
         b4:6f:75:e3:54:38:40:4b:04:eb:cc:e2:18:fa:8a:fd:38:7c:
         ef:bb:f9:41:3b:cd:90:93:de:a3:73:dd:1b:00:b7:d5:48:a9:
         ab:92:be:8a:d4:da:19:95:90:c8:a1:b9:93:1c:d9:ce:d9:17:
         42:ed:bd:48:01:da:2f:f0:b2:80:07:9b:a0:d1:ef:a5:47:de:
         68:fa:a3:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZesZ6LrZk21TvZ4DsY6zfj6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZmM5MDFkNGEzMDdiZGEwZjNiMGJmNjVkMzEwNDY4MjIw
ZGM1ZTEwHhcNMjUwNjI2MTMyMjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDA2MGQ5MGY5YmVlY2YyZmM3ZDZkMTQyZmQxNTU2NmUzZWQzYmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJjssIUhmIF/iA1pt+SODB9d1w9F
La6kJ5oAo9qKisi0pvLKoGCP/tWOIzd7Lnyl3Y8YPqaykxd1Fur0IjlOQb+bCsT/
sY1tevVSOtoUDdh88QEqNRSQyfsmeHm3+/ai1DGNqXhrqFF9XlTZL62PO8C8Rd7N
PRinmTq/ncXV4jFIa64tg9DCKG1mdfA3zaZGQxTTeOHGHXvbiZ14MavFIvrypUYX
sF9itAp0BSFMTFh+wck2iAO9kZKvaoUDDc7d7g1rFVkNdoEDoxshHI5E2svFX2MI
n3QyjJiRqaRR/Uwo4qooKk0FVDz1Bi6ymioElQBWXMLwJNjtm4X16dCiFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI0GDZD5vuzy/H1tFC/RVWbj7TutMB8GA1UdIwQY
MBaAFH38kB1KMHvaDzsL9l0xBGgiDcXhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZ5UUhVb3dlOW9QT3d2MlhURUVhQ0lOeGVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9hNDc3ZTktNWFkMC00NDNlLWE3NDIt
ODE5MGRkN2MyMWM0LzEvalFZTmtQbS03UEw4ZlcwVUw5RlZadVB0TzYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9hNDc3ZTktNWFkMC00NDNlLWE3NDItODE5MGRkN2MyMWM0
LzEvZmZ5UUhVb3dlOW9QT3d2MlhURUVhQ0lOeGVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudQcMA0G
CSqGSIb3DQEBCwUAA4IBAQBNHkrBvJeiiHSTPQIcFkqWA1yiXt1LyMXxU7odHLB2
S1Ha2T+43JiiFRdsiBVnec/n8hmjcOdYfUvcVoWmkWB4o2xLocvyByI2NzI4mP3l
k7zMOtzWuZRAXcNg1KAb401wnjQF2Tfcuu8LGw9oUGg4f5rYRF4CYsad9UU2ut8M
59aDhyy1+Zovj1xMCpivmjUIF6w1Te2tSpdFolPTZZrpoW9gVuJDdSBLZCz2vJ4L
KIKIjsi0b3XjVDhASwTrzOIY+or9OHzvu/lBO82Qk96jc90bALfVSKmrkr6K1NoZ
lZDIobmTHNnO2RdC7b1IAdov8LKAB5ug0e+lR95o+qOT
-----END CERTIFICATE-----