Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/d3e9bd-446b-4116-8453-d467cc6e7d8f/1/q4kKsYZfOGon2mT-Eapypp72_Ec.roa
File:                     q4kKsYZfOGon2mT-Eapypp72_Ec.roa (raw, json)
Hash identifier:          w/Ifs9Hdm+PYXiSZpAXsafh4R7xPHRN+zAgqDILsgeQ=
Subject key identifier:   AB:89:0A:B1:86:5F:38:6A:27:DA:64:FE:11:AA:72:A6:9E:F6:FC:47
Certificate issuer:       /CN=077a0fb99e52ae4fa1d66faad93f42e6d07886a6
Certificate serial:       0199168F25E977A07DB6EFC56F6EE3780116
Authority key identifier: 07:7A:0F:B9:9E:52:AE:4F:A1:D6:6F:AA:D9:3F:42:E6:D0:78:86:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B3oPuZ5Srk-h1m-q2T9C5tB4hqY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/d3e9bd-446b-4116-8453-d467cc6e7d8f/1/q4kKsYZfOGon2mT-Eapypp72_Ec.roa
Signing time:             Thu 04 Sep 2025 21:08:23 +0000
ROA not before:           Thu 04 Sep 2025 21:08:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59817
IP address blocks:        185.70.56.0/22 maxlen: 24
                          185.70.59.0/24 maxlen: 24
                          2a03:34a0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/d3e9bd-446b-4116-8453-d467cc6e7d8f/1/B3oPuZ5Srk-h1m-q2T9C5tB4hqY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/d3e9bd-446b-4116-8453-d467cc6e7d8f/1/B3oPuZ5Srk-h1m-q2T9C5tB4hqY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B3oPuZ5Srk-h1m-q2T9C5tB4hqY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:16:8f:25:e9:77:a0:7d:b6:ef:c5:6f:6e:e3:78:01:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=077a0fb99e52ae4fa1d66faad93f42e6d07886a6
        Validity
            Not Before: Sep  4 21:08:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab890ab1865f386a27da64fe11aa72a69ef6fc47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:4e:bd:b1:56:39:60:31:51:2d:9a:38:73:27:
                    c5:fc:b1:0b:b7:c5:54:ef:29:44:4d:84:9b:df:ca:
                    f7:0e:f9:a4:c5:bd:ca:79:8b:bd:83:5c:32:34:87:
                    df:15:b2:10:65:36:d1:d5:4c:66:5b:9a:87:34:cb:
                    37:64:5b:01:07:dc:a6:e4:38:2b:27:d8:4c:67:fa:
                    c4:8e:75:55:4e:b7:3e:db:eb:4d:db:ee:25:31:25:
                    f7:5d:e9:11:1f:2d:08:81:8f:ec:89:2e:37:4c:6f:
                    15:f5:21:66:82:2e:8b:a5:7c:67:7c:3a:63:63:d4:
                    82:a0:2a:80:8d:5d:65:59:e2:22:51:18:a1:31:17:
                    2c:85:96:d6:e7:22:19:ad:c7:43:65:9c:d5:b1:b5:
                    26:39:12:5f:8b:67:e7:62:37:f1:e7:e4:b9:f7:59:
                    05:5a:37:58:4a:fc:63:7b:1f:f7:64:75:2d:e6:5d:
                    87:c8:df:7e:d9:5e:08:f4:28:ac:84:c9:e3:81:6a:
                    1b:c9:65:a7:54:8f:78:b6:79:77:2b:c0:80:77:95:
                    1d:95:3a:49:a5:13:da:1b:89:f5:3b:a9:f7:00:b3:
                    02:0e:17:32:7e:77:12:27:25:a1:99:24:a7:db:33:
                    7c:3c:42:be:90:01:85:54:26:7a:d4:48:aa:55:39:
                    a6:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:89:0A:B1:86:5F:38:6A:27:DA:64:FE:11:AA:72:A6:9E:F6:FC:47
            X509v3 Authority Key Identifier:
                keyid:07:7A:0F:B9:9E:52:AE:4F:A1:D6:6F:AA:D9:3F:42:E6:D0:78:86:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B3oPuZ5Srk-h1m-q2T9C5tB4hqY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/d3e9bd-446b-4116-8453-d467cc6e7d8f/1/q4kKsYZfOGon2mT-Eapypp72_Ec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/d3e9bd-446b-4116-8453-d467cc6e7d8f/1/B3oPuZ5Srk-h1m-q2T9C5tB4hqY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.70.56.0/22
                IPv6:
                  2a03:34a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:ef:57:ba:ad:07:3b:11:52:93:1e:6b:d0:e0:2d:ad:88:85:
         1f:59:9b:af:06:49:b2:06:0c:aa:cf:4c:f3:64:08:97:1d:54:
         56:22:34:0f:93:c8:78:66:cd:8a:e3:32:a9:fe:e6:42:0e:d7:
         49:e4:51:7f:2a:87:c4:39:dd:af:60:4a:81:49:70:a7:08:8e:
         8d:ba:1b:bc:33:24:3d:ad:e1:b5:7f:a9:76:89:2a:77:4a:18:
         a5:ad:90:f6:f0:40:7a:c0:65:09:ef:58:c7:f9:51:0e:83:5d:
         7b:95:9f:86:c9:70:1e:73:f0:f2:9a:b5:14:4d:a2:23:65:95:
         72:7f:b9:65:e0:76:b7:4d:d2:97:d7:07:09:11:9d:85:bd:60:
         82:d6:13:ca:7b:a8:ca:5c:1c:c0:85:58:f1:12:db:cd:e6:1c:
         ac:ae:2b:a2:0b:5c:37:f3:de:ea:e4:5e:7c:72:9c:ec:d9:32:
         19:6b:81:ff:e5:6b:96:ce:c8:b8:30:5d:74:27:9e:82:d5:a7:
         81:cb:4f:0b:0e:4b:b8:8b:93:97:db:e5:e0:5d:34:d4:16:44:
         fc:be:ff:51:df:6c:0c:b8:a8:6c:b1:df:46:c0:dc:8e:74:59:
         34:a6:f8:88:6e:c6:82:57:c5:4e:f1:11:2a:13:d9:4d:0e:54:
         9b:64:6f:38
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZkWjyXpd6B9tu/Fb27jeAEWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3N2EwZmI5OWU1MmFlNGZhMWQ2NmZhYWQ5M2Y0MmU2ZDA3
ODg2YTYwHhcNMjUwOTA0MjEwODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjg5MGFiMTg2NWYzODZhMjdkYTY0ZmUxMWFhNzJhNjllZjZmYzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqk69sVY5YDFRLZo4cyfF/LELt8VU
7ylETYSb38r3Dvmkxb3KeYu9g1wyNIffFbIQZTbR1UxmW5qHNMs3ZFsBB9ym5Dgr
J9hMZ/rEjnVVTrc+2+tN2+4lMSX3XekRHy0IgY/siS43TG8V9SFmgi6LpXxnfDpj
Y9SCoCqAjV1lWeIiURihMRcshZbW5yIZrcdDZZzVsbUmORJfi2fnYjfx5+S591kF
WjdYSvxjex/3ZHUt5l2HyN9+2V4I9CishMnjgWobyWWnVI94tnl3K8CAd5UdlTpJ
pRPaG4n1O6n3ALMCDhcyfncSJyWhmSSn2zN8PEK+kAGFVCZ61EiqVTmmowIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKuJCrGGXzhqJ9pk/hGqcqae9vxHMB8GA1UdIwQY
MBaAFAd6D7meUq5PodZvqtk/QubQeIamMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjNvUHVaNVNyay1oMW0tcTJUOUM1dEI0aHFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9kM2U5YmQtNDQ2Yi00MTE2LTg0NTMt
ZDQ2N2NjNmU3ZDhmLzEvcTRrS3NZWmZPR29uMm1ULUVhcHlwcDcyX0VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9kM2U5YmQtNDQ2Yi00MTE2LTg0NTMtZDQ2N2NjNmU3ZDhm
LzEvQjNvUHVaNVNyay1oMW0tcTJUOUM1dEI0aHFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUY4MA0E
AgACMAcDBQAqAzSgMA0GCSqGSIb3DQEBCwUAA4IBAQBo71e6rQc7EVKTHmvQ4C2t
iIUfWZuvBkmyBgyqz0zzZAiXHVRWIjQPk8h4Zs2K4zKp/uZCDtdJ5FF/KofEOd2v
YEqBSXCnCI6Nuhu8MyQ9reG1f6l2iSp3ShilrZD28EB6wGUJ71jH+VEOg117lZ+G
yXAec/DymrUUTaIjZZVyf7ll4Ha3TdKX1wcJEZ2FvWCC1hPKe6jKXBzAhVjxEtvN
5hysriuiC1w3897q5F58cpzs2TIZa4H/5WuWzsi4MF10J56C1aeBy08LDku4i5OX
2+XgXTTUFkT8vv9R32wMuKhssd9GwNyOdFk0pviIbsaCV8VO8REqE9lNDlSbZG84
-----END CERTIFICATE-----