Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7FPmotCR-R9wzv_XbMtnjpG5dwQ.roa
File:                     7FPmotCR-R9wzv_XbMtnjpG5dwQ.roa (raw, json)
Hash identifier:          wZrYOUuRAIwSPFEINw7jG0Anj/wWBpx6jCtbZE+QjZE=
Subject key identifier:   EC:53:E6:A2:D0:91:F9:1F:70:CE:FF:D7:6C:CB:67:8E:91:B9:77:04
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0199CE608DCC5F290A5BDB0469E2CB0358FD
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7FPmotCR-R9wzv_XbMtnjpG5dwQ.roa
Signing time:             Fri 10 Oct 2025 13:47:38 +0000
ROA not before:           Fri 10 Oct 2025 13:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54252
IP address blocks:        88.209.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ce:60:8d:cc:5f:29:0a:5b:db:04:69:e2:cb:03:58:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Oct 10 13:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec53e6a2d091f91f70ceffd76ccb678e91b97704
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:4f:26:92:db:af:32:ef:19:d5:e5:fc:6d:c5:
                    2c:2d:2c:f3:8c:8c:60:1b:11:9c:cc:79:c2:6d:5d:
                    21:c3:4f:f2:4a:dc:9a:76:1c:41:2e:4a:e4:04:cb:
                    b1:49:e4:19:35:2f:ee:b8:78:c5:0b:7b:4e:70:44:
                    8e:3d:c0:cb:56:1b:51:eb:45:e1:7c:ac:b3:fd:e3:
                    fa:4d:4a:dd:a3:0f:83:76:85:b7:1d:c1:14:31:68:
                    f0:8b:15:35:fe:65:e3:00:4b:2d:18:14:c4:10:b4:
                    f2:0e:af:56:6d:02:0e:a1:44:78:ce:0f:66:09:2b:
                    fc:ca:4e:b9:1d:c8:cb:be:73:67:38:46:21:45:15:
                    7f:4c:d8:e4:69:6f:bc:41:9c:84:5b:19:94:6a:13:
                    b6:c7:75:69:7c:af:d1:43:5e:71:f4:d6:80:51:5c:
                    a9:f6:0e:da:68:6c:15:5d:e2:c1:ab:67:eb:e9:f5:
                    47:cf:1c:d0:cd:4b:5a:ba:f5:81:d3:ca:6d:fc:38:
                    47:85:44:9b:f9:20:01:71:15:78:5a:dd:a4:58:97:
                    31:60:74:84:1a:ab:a5:8d:30:93:ba:89:98:b0:da:
                    41:f1:f5:af:7d:5b:cb:49:7a:60:20:31:16:7e:02:
                    b7:b5:a8:94:61:90:0d:07:ce:e8:81:74:54:a8:ac:
                    25:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:53:E6:A2:D0:91:F9:1F:70:CE:FF:D7:6C:CB:67:8E:91:B9:77:04
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7FPmotCR-R9wzv_XbMtnjpG5dwQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:2d:79:9b:3f:be:4d:ab:4c:9a:73:94:4c:41:1c:92:69:4f:
         64:87:70:d7:8b:6f:9b:5f:5d:96:be:7a:ea:13:e2:7e:d6:5a:
         ac:9e:70:53:ea:9d:fb:7c:5f:19:78:63:62:65:8d:46:6c:c6:
         54:70:5f:95:a7:89:ef:5d:16:cc:1a:01:db:1c:28:f9:d7:af:
         07:88:47:0d:cf:c2:14:6d:c6:fc:c5:66:67:55:0f:24:87:b3:
         f6:1d:1d:1d:5f:2e:1c:49:03:7e:e4:a8:b0:c5:f5:1e:00:3c:
         a3:d3:47:bc:18:a0:1e:09:30:bc:eb:ff:f8:60:57:7a:b4:77:
         aa:75:00:67:76:6e:9b:8a:6a:68:23:99:8f:61:da:ae:4a:aa:
         ac:96:ad:63:c7:8d:be:e9:1c:7d:ef:29:02:95:3e:ba:eb:18:
         fa:fa:f9:85:94:c1:a9:77:96:ea:5a:37:23:2c:a7:0f:bf:01:
         d6:43:a5:1c:8f:ac:65:1d:ac:a6:68:44:c9:0f:c4:7d:e5:b9:
         d8:81:d7:ef:a5:f4:0f:c0:39:6b:87:5d:a5:4a:55:dc:96:3d:
         30:b8:8b:3a:5b:bc:10:06:b2:40:40:85:6c:9f:86:47:8b:15:
         de:2d:b6:73:89:02:ee:46:67:d9:2c:cf:89:03:a3:c8:eb:80:
         6a:1b:4e:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnOYI3MXykKW9sEaeLLA1j9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUxMDEwMTM0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzUzZTZhMmQwOTFmOTFmNzBjZWZmZDc2Y2NiNjc4ZTkxYjk3NzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArk8mktuvMu8Z1eX8bcUsLSzzjIxg
GxGczHnCbV0hw0/yStyadhxBLkrkBMuxSeQZNS/uuHjFC3tOcESOPcDLVhtR60Xh
fKyz/eP6TUrdow+DdoW3HcEUMWjwixU1/mXjAEstGBTEELTyDq9WbQIOoUR4zg9m
CSv8yk65HcjLvnNnOEYhRRV/TNjkaW+8QZyEWxmUahO2x3VpfK/RQ15x9NaAUVyp
9g7aaGwVXeLBq2fr6fVHzxzQzUtauvWB08pt/DhHhUSb+SABcRV4Wt2kWJcxYHSE
GquljTCTuomYsNpB8fWvfVvLSXpgIDEWfgK3taiUYZANB87ogXRUqKwl+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOxT5qLQkfkfcM7/12zLZ46RuXcEMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvN0ZQbW90Q1ItUjl3enZfWGJNdG5qcEc1ZHdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNHPMA0G
CSqGSIb3DQEBCwUAA4IBAQB5LXmbP75Nq0yac5RMQRySaU9kh3DXi2+bX12Wvnrq
E+J+1lqsnnBT6p37fF8ZeGNiZY1GbMZUcF+Vp4nvXRbMGgHbHCj5168HiEcNz8IU
bcb8xWZnVQ8kh7P2HR0dXy4cSQN+5KiwxfUeADyj00e8GKAeCTC86//4YFd6tHeq
dQBndm6bimpoI5mPYdquSqqslq1jx42+6Rx97ykClT666xj6+vmFlMGpd5bqWjcj
LKcPvwHWQ6Ucj6xlHaymaETJD8R95bnYgdfvpfQPwDlrh12lSlXclj0wuIs6W7wQ
BrJAQIVsn4ZHixXeLbZziQLuRmfZLM+JA6PI64BqG07v
-----END CERTIFICATE-----