Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/d43085-d94e-469d-9778-3b8ec1a65880/1/7EHgO3PucIIBrDXTf3unAqcCVmM.roa
File:                     7EHgO3PucIIBrDXTf3unAqcCVmM.roa (raw, json)
Hash identifier:          xo4Z+bj09YwXVnD23gXzeCAhnM1Vgv1JkS4OxDZhKZ8=
Subject key identifier:   EC:41:E0:3B:73:EE:70:82:01:AC:35:D3:7F:7B:A7:02:A7:02:56:63
Certificate issuer:       /CN=718b138ba935234f11ca1025d667f133f07d55fd
Certificate serial:       019A1022BBA91910D45E818BB256AA046C18
Authority key identifier: 71:8B:13:8B:A9:35:23:4F:11:CA:10:25:D6:67:F1:33:F0:7D:55:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cYsTi6k1I08RyhAl1mfxM_B9Vf0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/d43085-d94e-469d-9778-3b8ec1a65880/1/7EHgO3PucIIBrDXTf3unAqcCVmM.roa
Signing time:             Thu 23 Oct 2025 08:15:03 +0000
ROA not before:           Thu 23 Oct 2025 08:15:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202282
IP address blocks:        194.62.184.0/22 maxlen: 24
                          195.72.52.0/22 maxlen: 24
                          2a07:e400::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/d43085-d94e-469d-9778-3b8ec1a65880/1/cYsTi6k1I08RyhAl1mfxM_B9Vf0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/d43085-d94e-469d-9778-3b8ec1a65880/1/cYsTi6k1I08RyhAl1mfxM_B9Vf0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cYsTi6k1I08RyhAl1mfxM_B9Vf0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 08:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:10:22:bb:a9:19:10:d4:5e:81:8b:b2:56:aa:04:6c:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=718b138ba935234f11ca1025d667f133f07d55fd
        Validity
            Not Before: Oct 23 08:15:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec41e03b73ee708201ac35d37f7ba702a7025663
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:72:7e:f1:7b:15:f1:21:12:2f:2e:5d:a4:44:
                    f3:8d:c1:c2:9e:99:04:78:99:c0:21:0a:8e:81:c4:
                    3f:ea:1c:7d:9b:61:f1:f5:a8:b7:6c:c3:5a:4b:b2:
                    24:ca:a9:77:1d:44:0a:7b:84:3d:1c:00:1a:6f:cc:
                    4b:37:b2:69:62:7c:e5:78:f0:29:c8:e1:bc:60:10:
                    bc:4b:a6:ff:2f:d4:74:d6:33:f7:80:55:65:64:70:
                    81:d2:71:cc:7e:fe:65:47:73:69:0e:30:c1:72:36:
                    fe:d6:ab:4e:ac:bf:d8:ad:2a:45:3c:9a:cf:5a:a0:
                    70:48:ad:fa:95:95:4f:70:25:aa:ad:2f:f1:ca:b5:
                    33:2f:55:2c:1e:bd:b9:1e:58:65:50:3e:7c:5a:3d:
                    56:f5:35:1c:b7:91:26:ae:af:53:a9:06:a1:48:3d:
                    ef:5d:44:65:40:33:b2:14:b6:e1:75:c3:05:13:0d:
                    b4:5d:fb:1c:a5:d4:06:12:23:4a:eb:ce:13:67:c0:
                    38:f5:60:7f:d8:dd:8b:47:3d:71:9d:4f:c0:85:df:
                    6c:cd:bd:71:42:ca:a5:b9:b8:0e:4a:a9:cb:5d:71:
                    8d:62:51:85:8b:ff:20:54:86:60:11:28:2a:4c:2c:
                    5c:ce:14:57:1e:67:73:7d:95:e4:19:00:93:66:f5:
                    78:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:41:E0:3B:73:EE:70:82:01:AC:35:D3:7F:7B:A7:02:A7:02:56:63
            X509v3 Authority Key Identifier:
                keyid:71:8B:13:8B:A9:35:23:4F:11:CA:10:25:D6:67:F1:33:F0:7D:55:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cYsTi6k1I08RyhAl1mfxM_B9Vf0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/d43085-d94e-469d-9778-3b8ec1a65880/1/7EHgO3PucIIBrDXTf3unAqcCVmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/d43085-d94e-469d-9778-3b8ec1a65880/1/cYsTi6k1I08RyhAl1mfxM_B9Vf0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.184.0/22
                  195.72.52.0/22
                IPv6:
                  2a07:e400::/29

    Signature Algorithm: sha256WithRSAEncryption
         05:4c:2b:09:d7:cf:52:86:29:40:7b:ad:5e:71:17:1d:ac:60:
         fc:c3:c5:d3:99:fd:47:b8:c2:41:32:4a:db:61:7a:2f:08:b3:
         dd:bf:f0:06:6d:8c:ae:5b:11:8d:b3:6d:ee:c6:50:fe:b3:96:
         60:c6:18:05:7b:15:52:ef:fe:b6:42:72:5f:e0:cf:e2:ca:7f:
         00:5a:0e:fd:fa:33:f1:92:2e:8d:43:ed:cd:d7:94:3f:6c:b0:
         94:c5:07:86:80:34:65:de:84:c0:3a:d9:15:2f:a6:20:dc:74:
         c4:8b:15:61:b2:cd:d1:d5:d5:f5:e1:de:f4:99:73:99:26:03:
         10:6e:72:7c:71:2a:59:58:6c:18:42:ed:8a:d9:2f:c6:65:fa:
         48:0d:fe:3b:6a:b3:b9:27:26:ad:e5:3b:5a:44:26:6f:43:c7:
         1b:9f:68:24:88:25:ba:91:6d:13:d7:c2:5f:09:2e:26:a3:91:
         39:9a:24:1f:50:2f:65:11:44:a2:0b:e9:6c:2b:86:77:76:aa:
         15:25:e9:cc:6e:d3:27:52:42:4e:3c:71:6e:e2:4b:fe:5c:67:
         98:93:dc:a3:e6:e9:bf:85:86:5f:51:47:84:8d:af:d5:68:f5:
         56:3f:71:ed:ca:c3:92:cd:f4:5e:32:bc:2a:ff:f1:fa:7a:80:
         bd:46:05:3a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZoQIrupGRDUXoGLslaqBGwYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxOGIxMzhiYTkzNTIzNGYxMWNhMTAyNWQ2NjdmMTMzZjA3
ZDU1ZmQwHhcNMjUxMDIzMDgxNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzQxZTAzYjczZWU3MDgyMDFhYzM1ZDM3ZjdiYTcwMmE3MDI1NjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4nJ+8XsV8SESLy5dpETzjcHCnpkE
eJnAIQqOgcQ/6hx9m2Hx9ai3bMNaS7Ikyql3HUQKe4Q9HAAab8xLN7JpYnzlePAp
yOG8YBC8S6b/L9R01jP3gFVlZHCB0nHMfv5lR3NpDjDBcjb+1qtOrL/YrSpFPJrP
WqBwSK36lZVPcCWqrS/xyrUzL1UsHr25HlhlUD58Wj1W9TUct5Emrq9TqQahSD3v
XURlQDOyFLbhdcMFEw20XfscpdQGEiNK684TZ8A49WB/2N2LRz1xnU/Ahd9szb1x
QsqlubgOSqnLXXGNYlGFi/8gVIZgESgqTCxczhRXHmdzfZXkGQCTZvV4vwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOxB4Dtz7nCCAaw10397pwKnAlZjMB8GA1UdIwQY
MBaAFHGLE4upNSNPEcoQJdZn8TPwfVX9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1lzVGk2azFJMDhSeWhBbDFtZnhNX0I5VmYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9kNDMwODUtZDk0ZS00NjlkLTk3Nzgt
M2I4ZWMxYTY1ODgwLzEvN0VIZ08zUHVjSUlCckRYVGYzdW5BcWNDVm1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9kNDMwODUtZDk0ZS00NjlkLTk3NzgtM2I4ZWMxYTY1ODgw
LzEvY1lzVGk2azFJMDhSeWhBbDFtZnhNX0I5VmYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCwj64AwQC
w0g0MA0EAgACMAcDBQMqB+QAMA0GCSqGSIb3DQEBCwUAA4IBAQAFTCsJ189ShilA
e61ecRcdrGD8w8XTmf1HuMJBMkrbYXovCLPdv/AGbYyuWxGNs23uxlD+s5ZgxhgF
exVS7/62QnJf4M/iyn8AWg79+jPxki6NQ+3N15Q/bLCUxQeGgDRl3oTAOtkVL6Yg
3HTEixVhss3R1dX14d70mXOZJgMQbnJ8cSpZWGwYQu2K2S/GZfpIDf47arO5Jyat
5TtaRCZvQ8cbn2gkiCW6kW0T18JfCS4mo5E5miQfUC9lEUSiC+lsK4Z3dqoVJenM
btMnUkJOPHFu4kv+XGeYk9yj5um/hYZfUUeEja/VaPVWP3HtysOSzfReMrwq//H6
eoC9RgU6
-----END CERTIFICATE-----