Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/10Z_4eBi_tsV1OM7YtrqW30ZeK4.roa
File:                     10Z_4eBi_tsV1OM7YtrqW30ZeK4.roa (raw, json)
Hash identifier:          HP3cudr1kJjAEMI9Yjrkvmx9tzTdfL7WZj3frlIYToo=
Subject key identifier:   D7:46:7F:E1:E0:62:FE:DB:15:D4:E3:3B:62:DA:EA:5B:7D:19:78:AE
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0198A3B156FE13B8BC60B232DBF340A4FAAE
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/10Z_4eBi_tsV1OM7YtrqW30ZeK4.roa
Signing time:             Wed 13 Aug 2025 13:49:25 +0000
ROA not before:           Wed 13 Aug 2025 13:49:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401838
IP address blocks:        185.194.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a3:b1:56:fe:13:b8:bc:60:b2:32:db:f3:40:a4:fa:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Aug 13 13:49:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7467fe1e062fedb15d4e33b62daea5b7d1978ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ad:05:23:d6:73:58:8d:88:86:4d:20:ca:c1:
                    71:04:2c:0e:39:2d:d9:0c:3c:6b:c6:1d:4b:01:d6:
                    e1:98:5b:e6:14:8e:89:90:46:51:17:31:20:69:e3:
                    f5:07:22:c0:fe:b6:54:a3:04:ad:ba:d7:ab:22:3d:
                    cd:ea:89:ee:2e:fe:49:69:a9:c0:cb:e1:e5:cc:8a:
                    2f:f9:7d:69:b8:e8:91:48:12:b1:65:83:15:78:45:
                    cf:ac:fe:98:3e:f7:94:76:13:18:ec:56:7b:00:73:
                    1c:13:4d:ff:01:40:14:5a:eb:40:41:e8:0e:63:d6:
                    5e:e8:96:99:92:13:16:e7:61:41:65:b9:20:a4:b4:
                    2a:c3:6a:e3:c4:34:45:3b:fd:84:4b:e7:55:05:4d:
                    26:d6:34:f8:14:34:03:c8:e4:37:83:48:3e:75:32:
                    a3:b8:6a:c2:b5:ac:c3:3f:a2:c2:58:93:c8:39:8b:
                    ea:e2:0b:e4:43:24:4d:ff:0c:2a:e6:d2:d7:19:71:
                    2b:01:b2:d2:69:bb:85:e5:bc:64:db:cc:4e:19:0b:
                    b1:c9:1c:4f:5a:6c:bc:84:f5:63:80:50:b0:32:e5:
                    d5:d1:c9:2b:7e:a3:c9:ed:2c:8b:68:9f:9c:f5:99:
                    fa:db:46:06:4e:6c:93:9f:e0:92:d8:fb:b6:1a:57:
                    e7:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:46:7F:E1:E0:62:FE:DB:15:D4:E3:3B:62:DA:EA:5B:7D:19:78:AE
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/10Z_4eBi_tsV1OM7YtrqW30ZeK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:6d:8c:da:5d:78:1d:dd:9d:43:67:35:9c:d5:28:1a:d5:a5:
         d6:84:02:03:8e:a2:4c:f8:22:3f:5d:51:30:ed:e4:88:82:a8:
         d7:e9:cf:8b:3e:06:b6:d9:81:51:4b:16:f3:7a:ef:05:06:10:
         3c:94:20:36:ea:d1:f9:4f:77:72:3f:85:23:1b:ff:ab:39:a3:
         b4:5d:a4:3c:bb:1c:3e:40:f0:62:8b:8f:4d:44:22:fa:93:5b:
         f3:28:55:86:82:18:d9:d5:c9:00:13:f7:68:1e:22:bc:3c:b5:
         e1:a3:a9:11:05:41:29:b5:21:e5:e3:5b:05:72:74:9c:7d:c5:
         91:b4:c4:df:97:53:8c:18:4a:47:a7:23:58:75:1f:91:1b:5b:
         4c:18:5f:07:7d:18:91:ab:3b:9a:b8:6e:ea:59:7e:7f:22:5f:
         b7:ad:4a:30:b7:c1:3f:29:63:f9:72:b6:ad:71:8b:80:af:a7:
         4e:28:d5:91:57:b3:a4:f8:12:96:5d:d2:47:d9:f1:37:c9:b0:
         5b:0f:97:f0:c9:6c:ef:bb:6c:43:b7:52:60:90:2e:ad:af:6d:
         19:10:c3:28:6d:86:15:3e:22:d6:d2:85:5d:9e:e9:62:7d:86:
         3b:67:9d:0c:81:cb:60:4d:73:00:8a:d4:8a:64:fe:ca:95:24:
         54:f4:14:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZijsVb+E7i8YLIy2/NApPquMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwODEzMTM0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzQ2N2ZlMWUwNjJmZWRiMTVkNGUzM2I2MmRhZWE1YjdkMTk3OGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArK0FI9ZzWI2Ihk0gysFxBCwOOS3Z
DDxrxh1LAdbhmFvmFI6JkEZRFzEgaeP1ByLA/rZUowStuterIj3N6onuLv5JaanA
y+HlzIov+X1puOiRSBKxZYMVeEXPrP6YPveUdhMY7FZ7AHMcE03/AUAUWutAQegO
Y9Ze6JaZkhMW52FBZbkgpLQqw2rjxDRFO/2ES+dVBU0m1jT4FDQDyOQ3g0g+dTKj
uGrCtazDP6LCWJPIOYvq4gvkQyRN/wwq5tLXGXErAbLSabuF5bxk28xOGQuxyRxP
Wmy8hPVjgFCwMuXV0ckrfqPJ7SyLaJ+c9Zn620YGTmyTn+CS2Pu2GlfnQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNdGf+HgYv7bFdTjO2La6lt9GXiuMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvMTBaXzRlQmlfdHNWMU9NN1l0cnFXMzBaZUs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucIdMA0G
CSqGSIb3DQEBCwUAA4IBAQAwbYzaXXgd3Z1DZzWc1Sga1aXWhAIDjqJM+CI/XVEw
7eSIgqjX6c+LPga22YFRSxbzeu8FBhA8lCA26tH5T3dyP4UjG/+rOaO0XaQ8uxw+
QPBii49NRCL6k1vzKFWGghjZ1ckAE/doHiK8PLXho6kRBUEptSHl41sFcnScfcWR
tMTfl1OMGEpHpyNYdR+RG1tMGF8HfRiRqzuauG7qWX5/Il+3rUowt8E/KWP5crat
cYuAr6dOKNWRV7Ok+BKWXdJH2fE3ybBbD5fwyWzvu2xDt1JgkC6tr20ZEMMobYYV
PiLW0oVdnulifYY7Z50MgctgTXMAitSKZP7KlSRU9BTW
-----END CERTIFICATE-----