Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/528b31-42c9-4629-a45d-f6567552605e/1/2sWQgR33TzocGlZC9LAJFvio6pQ.roa
File:                     2sWQgR33TzocGlZC9LAJFvio6pQ.roa (raw, json)
Hash identifier:          ghm3pG3ll1j938a4CO1Ecgfgj8Ej4t0d/k3Ds22y8nU=
Subject key identifier:   DA:C5:90:81:1D:F7:4F:3A:1C:1A:56:42:F4:B0:09:16:F8:A8:EA:94
Certificate issuer:       /CN=2d78e4ae0eb9dcac625d9106ce885c5b498075d7
Certificate serial:       0199DCB5FD346054DDDB59F5294D53D9C710
Authority key identifier: 2D:78:E4:AE:0E:B9:DC:AC:62:5D:91:06:CE:88:5C:5B:49:80:75:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LXjkrg653KxiXZEGzohcW0mAddc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/528b31-42c9-4629-a45d-f6567552605e/1/2sWQgR33TzocGlZC9LAJFvio6pQ.roa
Signing time:             Mon 13 Oct 2025 08:35:38 +0000
ROA not before:           Mon 13 Oct 2025 08:35:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203556
IP address blocks:        185.130.180.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/528b31-42c9-4629-a45d-f6567552605e/1/LXjkrg653KxiXZEGzohcW0mAddc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/528b31-42c9-4629-a45d-f6567552605e/1/LXjkrg653KxiXZEGzohcW0mAddc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LXjkrg653KxiXZEGzohcW0mAddc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 04:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:dc:b5:fd:34:60:54:dd:db:59:f5:29:4d:53:d9:c7:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d78e4ae0eb9dcac625d9106ce885c5b498075d7
        Validity
            Not Before: Oct 13 08:35:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dac590811df74f3a1c1a5642f4b00916f8a8ea94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:80:9b:7b:e4:c9:d8:f5:f3:c0:c7:47:89:ee:
                    16:4c:58:e2:d9:a6:ec:09:bc:f1:c9:bf:e1:d1:dd:
                    49:db:c4:35:8b:18:60:87:2a:85:68:ad:d7:a3:05:
                    b2:18:a5:bf:aa:fd:06:21:b0:59:16:2e:e1:3f:42:
                    32:10:54:48:1a:d8:67:7b:67:41:ed:fa:8c:9d:90:
                    0e:f5:62:c3:5a:73:fb:8e:d6:3f:df:12:58:f3:3b:
                    9b:90:1f:91:b5:ec:b6:51:d5:aa:f8:46:da:8f:9c:
                    a5:ad:b6:8c:2c:39:e5:e5:27:52:3f:5c:09:b8:8c:
                    a5:73:39:1b:e4:a5:33:79:98:28:8c:33:69:78:0e:
                    c8:c1:2e:0b:40:0e:f5:ce:0c:ea:03:cf:cf:4a:0f:
                    44:60:ea:ee:3d:e4:ee:20:c5:40:2e:d3:ed:48:9b:
                    f8:83:8b:6f:fa:7c:a2:d5:d8:ec:96:d9:9a:50:3a:
                    ea:1a:5e:a3:4f:f0:dd:0e:d8:d9:0d:e4:a1:b4:06:
                    70:b4:cb:97:f8:ce:ae:2c:6c:6d:e0:7a:06:02:54:
                    b0:a7:c2:8b:9f:f5:73:9a:77:bb:7d:75:0d:69:da:
                    8f:b3:43:21:d0:fc:95:45:87:63:d9:a0:fc:1f:f4:
                    f5:5b:eb:77:a3:9d:ad:2a:b2:ec:63:70:11:23:21:
                    65:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:C5:90:81:1D:F7:4F:3A:1C:1A:56:42:F4:B0:09:16:F8:A8:EA:94
            X509v3 Authority Key Identifier:
                keyid:2D:78:E4:AE:0E:B9:DC:AC:62:5D:91:06:CE:88:5C:5B:49:80:75:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LXjkrg653KxiXZEGzohcW0mAddc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/528b31-42c9-4629-a45d-f6567552605e/1/2sWQgR33TzocGlZC9LAJFvio6pQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/528b31-42c9-4629-a45d-f6567552605e/1/LXjkrg653KxiXZEGzohcW0mAddc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.130.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         78:47:e6:66:63:1b:7c:d7:b9:6a:e1:70:c1:29:0e:b1:23:24:
         85:67:dd:1e:78:79:6a:94:2e:4c:35:ab:9f:0a:ae:2c:7a:8b:
         ee:ef:49:d5:8d:7c:f1:ae:71:75:35:f8:d5:e6:77:4c:d9:e2:
         ae:8c:3d:9c:0f:77:29:95:d1:76:f0:d9:4d:fd:23:5c:f3:45:
         d8:8e:ef:12:0b:7f:65:93:49:15:79:96:fd:56:76:00:8e:bc:
         a1:6a:9c:9c:c0:3e:20:bf:90:90:72:3d:6b:06:57:92:e3:aa:
         5b:f7:04:b2:2b:01:66:00:58:5e:e4:8c:13:5b:69:85:c2:de:
         c1:33:9f:0e:9d:b2:07:1a:2e:cb:bc:e1:5a:4b:4b:9f:38:4c:
         2c:a7:75:6c:1a:9e:f0:b3:58:35:0d:00:2c:78:96:65:72:9f:
         33:da:6f:3c:14:bb:cd:21:c8:ae:ea:c6:38:45:42:56:ea:0b:
         bd:52:5f:90:52:03:c4:4e:c2:11:0c:ee:d5:ee:13:c4:89:ec:
         4e:78:57:48:9e:25:e7:d1:b7:53:aa:a1:35:c8:2d:31:72:90:
         d1:c4:17:9c:d9:27:e7:2e:70:24:78:13:0c:aa:3a:e4:85:d3:
         45:b8:f0:86:87:fa:65:29:b2:19:66:47:44:c8:b4:36:09:5d:
         bb:a3:e3:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnctf00YFTd21n1KU1T2ccQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkNzhlNGFlMGViOWRjYWM2MjVkOTEwNmNlODg1YzViNDk4
MDc1ZDcwHhcNMjUxMDEzMDgzNTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWM1OTA4MTFkZjc0ZjNhMWMxYTU2NDJmNGIwMDkxNmY4YThlYTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4Cbe+TJ2PXzwMdHie4WTFji2abs
Cbzxyb/h0d1J28Q1ixhghyqFaK3XowWyGKW/qv0GIbBZFi7hP0IyEFRIGthne2dB
7fqMnZAO9WLDWnP7jtY/3xJY8zubkB+Rtey2UdWq+Ebaj5ylrbaMLDnl5SdSP1wJ
uIylczkb5KUzeZgojDNpeA7IwS4LQA71zgzqA8/PSg9EYOruPeTuIMVALtPtSJv4
g4tv+nyi1djsltmaUDrqGl6jT/DdDtjZDeShtAZwtMuX+M6uLGxt4HoGAlSwp8KL
n/Vzmne7fXUNadqPs0Mh0PyVRYdj2aD8H/T1W+t3o52tKrLsY3ARIyFlQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNrFkIEd9086HBpWQvSwCRb4qOqUMB8GA1UdIwQY
MBaAFC145K4OudysYl2RBs6IXFtJgHXXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFhqa3JnNjUzS3hpWFpFR3pvaGNXMG1BZGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81MjhiMzEtNDJjOS00NjI5LWE0NWQt
ZjY1Njc1NTI2MDVlLzEvMnNXUWdSMzNUem9jR2xaQzlMQUpGdmlvNnBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81MjhiMzEtNDJjOS00NjI5LWE0NWQtZjY1Njc1NTI2MDVl
LzEvTFhqa3JnNjUzS3hpWFpFR3pvaGNXMG1BZGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYK0MA0G
CSqGSIb3DQEBCwUAA4IBAQB4R+ZmYxt817lq4XDBKQ6xIySFZ90eeHlqlC5MNauf
Cq4seovu70nVjXzxrnF1NfjV5ndM2eKujD2cD3cpldF28NlN/SNc80XYju8SC39l
k0kVeZb9VnYAjryhapycwD4gv5CQcj1rBleS46pb9wSyKwFmAFhe5IwTW2mFwt7B
M58OnbIHGi7LvOFaS0ufOEwsp3VsGp7ws1g1DQAseJZlcp8z2m88FLvNIciu6sY4
RUJW6gu9Ul+QUgPETsIRDO7V7hPEiexOeFdIniXn0bdTqqE1yC0xcpDRxBec2Sfn
LnAkeBMMqjrkhdNFuPCGh/plKbIZZkdEyLQ2CV27o+P9
-----END CERTIFICATE-----