Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/c5dd3e-937b-434f-bbb8-80cc86e51822/1/mNeWff71JBlu_711hQE_pDJJqWY.roa
File:                     mNeWff71JBlu_711hQE_pDJJqWY.roa (raw, json)
Hash identifier:          sTWxhEvJ0wu3OQU/YQdLA13MJUmx0ec59XmwGow7zF8=
Subject key identifier:   98:D7:96:7D:FE:F5:24:19:6E:FF:BD:75:85:01:3F:A4:32:49:A9:66
Certificate issuer:       /CN=cfc0f99d79793a6f01e9ad627d1f968b0c2d0f3b
Certificate serial:       0199E33A1429CA1E0A9CBFD271F5561C6C07
Authority key identifier: CF:C0:F9:9D:79:79:3A:6F:01:E9:AD:62:7D:1F:96:8B:0C:2D:0F:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z8D5nXl5Om8B6a1ifR-WiwwtDzs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/c5dd3e-937b-434f-bbb8-80cc86e51822/1/mNeWff71JBlu_711hQE_pDJJqWY.roa
Signing time:             Tue 14 Oct 2025 14:57:38 +0000
ROA not before:           Tue 14 Oct 2025 14:57:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211603
IP address blocks:        185.156.148.0/24 maxlen: 24
                          185.156.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/c5dd3e-937b-434f-bbb8-80cc86e51822/1/z8D5nXl5Om8B6a1ifR-WiwwtDzs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/c5dd3e-937b-434f-bbb8-80cc86e51822/1/z8D5nXl5Om8B6a1ifR-WiwwtDzs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z8D5nXl5Om8B6a1ifR-WiwwtDzs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e3:3a:14:29:ca:1e:0a:9c:bf:d2:71:f5:56:1c:6c:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfc0f99d79793a6f01e9ad627d1f968b0c2d0f3b
        Validity
            Not Before: Oct 14 14:57:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98d7967dfef524196effbd7585013fa43249a966
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:13:5b:ce:43:0b:8a:9b:ac:95:91:6e:46:b3:
                    1f:c8:2d:86:c6:8e:04:3d:36:47:72:18:6a:7a:cd:
                    26:e0:3c:8b:e4:2a:3c:00:4f:c7:d3:e8:8f:b9:bc:
                    ed:4c:72:6d:3d:d0:a8:9f:c0:03:f1:25:20:35:b9:
                    07:e7:c6:de:3a:98:9a:a8:97:ee:60:31:07:79:d2:
                    92:ed:36:26:b4:5d:60:11:af:fa:dc:8b:cd:9e:1f:
                    8a:91:e9:2d:61:f8:09:a2:c5:79:76:34:e1:f4:cc:
                    7d:8e:02:ac:29:71:60:bd:3e:20:d5:fd:fc:39:ad:
                    dd:4c:f7:55:6c:20:90:70:e2:4d:46:6f:91:ef:50:
                    0d:7e:3c:bb:7e:78:13:e7:51:f9:f2:a4:ed:f8:f0:
                    34:27:df:2b:25:3d:13:f8:4d:89:b1:c0:b0:f8:d5:
                    b2:ef:83:55:b0:0e:99:1d:2e:89:17:5b:98:31:a5:
                    76:33:ab:a6:03:4e:62:17:45:ee:6b:9d:31:41:86:
                    88:26:94:94:f5:a0:e8:0d:9b:9a:49:c9:d0:a6:dd:
                    f8:a6:32:1a:89:fd:cc:4f:1e:c9:42:20:49:4b:d5:
                    fd:c5:52:3f:0b:90:4c:61:d8:21:b1:8d:c2:c7:f5:
                    a9:49:fc:9f:99:14:a5:a9:7b:c3:27:f0:dc:70:9f:
                    35:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:D7:96:7D:FE:F5:24:19:6E:FF:BD:75:85:01:3F:A4:32:49:A9:66
            X509v3 Authority Key Identifier:
                keyid:CF:C0:F9:9D:79:79:3A:6F:01:E9:AD:62:7D:1F:96:8B:0C:2D:0F:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z8D5nXl5Om8B6a1ifR-WiwwtDzs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/c5dd3e-937b-434f-bbb8-80cc86e51822/1/mNeWff71JBlu_711hQE_pDJJqWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/c5dd3e-937b-434f-bbb8-80cc86e51822/1/z8D5nXl5Om8B6a1ifR-WiwwtDzs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:e0:52:e1:46:aa:3c:c2:97:2e:4b:4a:04:28:8b:73:b2:a3:
         f1:e9:57:a9:61:17:ab:f9:ad:37:cd:63:58:8f:c3:18:d6:ef:
         46:ad:ec:d1:a6:02:37:ee:b2:88:35:d6:f6:17:2c:7a:9e:bd:
         e2:2f:c7:7d:47:45:78:64:f6:9d:e7:87:32:eb:bf:8c:70:e5:
         0a:82:62:4f:e7:56:64:91:8f:38:8b:a9:1d:7b:b2:88:6a:28:
         18:da:96:4d:f4:7f:b8:cd:da:69:a7:d9:24:82:55:cc:0d:b4:
         fe:b0:6f:a3:16:cf:12:78:f5:58:85:ec:f6:9f:4f:95:34:bd:
         1e:a8:55:d0:57:53:0b:7a:b4:b0:f5:a1:00:24:35:f6:aa:a5:
         ef:51:25:53:48:0a:dd:97:2f:3e:97:7a:de:b4:d0:9d:9e:f7:
         cc:20:b6:36:5f:b9:6a:70:bb:03:94:13:71:b7:f4:4f:ca:e7:
         cb:b2:df:50:fd:f4:16:0b:3c:ba:d6:a3:da:5e:1a:fa:f3:15:
         37:0d:7c:eb:78:51:93:cf:1a:af:16:7f:74:3e:ad:52:e0:0c:
         6f:52:ab:ec:7d:04:66:c8:08:12:81:d0:9c:66:07:6a:23:fd:
         64:27:c9:f1:59:c5:c0:c2:d2:cf:8a:44:22:51:27:78:ed:ad:
         e5:17:18:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnjOhQpyh4KnL/ScfVWHGwHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmYzBmOTlkNzk3OTNhNmYwMWU5YWQ2MjdkMWY5NjhiMGMy
ZDBmM2IwHhcNMjUxMDE0MTQ1NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGQ3OTY3ZGZlZjUyNDE5NmVmZmJkNzU4NTAxM2ZhNDMyNDlhOTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5xNbzkMLipuslZFuRrMfyC2Gxo4E
PTZHchhqes0m4DyL5Co8AE/H0+iPubztTHJtPdCon8AD8SUgNbkH58beOpiaqJfu
YDEHedKS7TYmtF1gEa/63IvNnh+KkektYfgJosV5djTh9Mx9jgKsKXFgvT4g1f38
Oa3dTPdVbCCQcOJNRm+R71ANfjy7fngT51H58qTt+PA0J98rJT0T+E2JscCw+NWy
74NVsA6ZHS6JF1uYMaV2M6umA05iF0Xua50xQYaIJpSU9aDoDZuaScnQpt34pjIa
if3MTx7JQiBJS9X9xVI/C5BMYdghsY3Cx/WpSfyfmRSlqXvDJ/DccJ81aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJjXln3+9SQZbv+9dYUBP6QySalmMB8GA1UdIwQY
MBaAFM/A+Z15eTpvAemtYn0flosMLQ87MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejhENW5YbDVPbThCNmExaWZSLVdpd3d0RHpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9jNWRkM2UtOTM3Yi00MzRmLWJiYjgt
ODBjYzg2ZTUxODIyLzEvbU5lV2ZmNzFKQmx1XzcxMWhRRV9wREpKcVdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9jNWRkM2UtOTM3Yi00MzRmLWJiYjgtODBjYzg2ZTUxODIy
LzEvejhENW5YbDVPbThCNmExaWZSLVdpd3d0RHpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuZyUMA0G
CSqGSIb3DQEBCwUAA4IBAQA04FLhRqo8wpcuS0oEKItzsqPx6VepYRer+a03zWNY
j8MY1u9GrezRpgI37rKINdb2Fyx6nr3iL8d9R0V4ZPad54cy67+McOUKgmJP51Zk
kY84i6kde7KIaigY2pZN9H+4zdppp9kkglXMDbT+sG+jFs8SePVYhez2n0+VNL0e
qFXQV1MLerSw9aEAJDX2qqXvUSVTSArdly8+l3retNCdnvfMILY2X7lqcLsDlBNx
t/RPyufLst9Q/fQWCzy61qPaXhr68xU3DXzreFGTzxqvFn90Pq1S4AxvUqvsfQRm
yAgSgdCcZgdqI/1kJ8nxWcXAwtLPikQiUSd47a3lFxj3
-----END CERTIFICATE-----