Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/099e79-16fb-40be-a918-db7c1af3a073/1/f4DoD8P-fxJrVEa5N9Xo0tr0Di8.roa
File:                     f4DoD8P-fxJrVEa5N9Xo0tr0Di8.roa (raw, json)
Hash identifier:          mdyOv1gBNV5vVxgXgKXFAgXeuJeFmNjhF1FTZ4tdHxg=
Subject key identifier:   7F:80:E8:0F:C3:FE:7F:12:6B:54:46:B9:37:D5:E8:D2:DA:F4:0E:2F
Certificate issuer:       /CN=20d4a142d1e31704eb5bcf03a785f6378355b799
Certificate serial:       019A35534E9B6E3780CF2B70E315A027D100
Authority key identifier: 20:D4:A1:42:D1:E3:17:04:EB:5B:CF:03:A7:85:F6:37:83:55:B7:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/INShQtHjFwTrW88Dp4X2N4NVt5k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/099e79-16fb-40be-a918-db7c1af3a073/1/f4DoD8P-fxJrVEa5N9Xo0tr0Di8.roa
Signing time:             Thu 30 Oct 2025 13:34:03 +0000
ROA not before:           Thu 30 Oct 2025 13:34:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207335
IP address blocks:        185.243.64.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/099e79-16fb-40be-a918-db7c1af3a073/1/INShQtHjFwTrW88Dp4X2N4NVt5k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/099e79-16fb-40be-a918-db7c1af3a073/1/INShQtHjFwTrW88Dp4X2N4NVt5k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/INShQtHjFwTrW88Dp4X2N4NVt5k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:35:53:4e:9b:6e:37:80:cf:2b:70:e3:15:a0:27:d1:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20d4a142d1e31704eb5bcf03a785f6378355b799
        Validity
            Not Before: Oct 30 13:34:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f80e80fc3fe7f126b5446b937d5e8d2daf40e2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:b8:10:fd:38:ef:93:8f:51:33:21:33:aa:74:
                    ca:42:49:f0:ca:48:59:a0:8b:83:7a:48:16:73:dc:
                    02:0d:7e:13:d3:e0:9a:e4:ac:48:c2:70:3e:ce:da:
                    11:96:e7:db:8a:94:9b:24:9b:8d:49:bc:67:d9:4e:
                    bb:1c:07:11:e0:6b:f0:b8:8c:26:40:cf:0e:c5:c8:
                    ae:89:3c:75:6d:44:7f:18:d0:11:33:08:24:9e:26:
                    62:5c:53:66:7c:b6:9b:25:e3:00:3b:ae:c6:5e:7d:
                    b0:5b:a6:46:ba:b6:f9:f8:99:b2:02:ff:b5:da:ef:
                    39:5d:84:1a:a0:41:b0:4d:af:f5:65:62:5c:21:01:
                    eb:bc:59:09:34:72:d7:04:ca:bd:1d:5b:cf:9b:c1:
                    9b:07:a6:79:8d:d4:c9:e8:82:fc:56:aa:36:d5:af:
                    d5:ac:e6:19:9a:56:4d:e9:99:a5:34:f5:08:05:81:
                    fa:28:dc:d0:3c:4f:97:5a:9c:73:f4:25:8f:ce:25:
                    e3:9d:27:ac:97:26:48:9e:ef:4f:d1:f7:f6:77:e8:
                    ee:20:da:ad:e9:66:c0:7e:e4:b7:d2:0d:23:14:87:
                    68:b5:9e:2d:97:23:7b:90:14:2b:0e:4b:9c:83:e7:
                    17:43:bc:5a:9a:10:d2:3f:00:14:b5:c4:94:21:eb:
                    29:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:80:E8:0F:C3:FE:7F:12:6B:54:46:B9:37:D5:E8:D2:DA:F4:0E:2F
            X509v3 Authority Key Identifier:
                keyid:20:D4:A1:42:D1:E3:17:04:EB:5B:CF:03:A7:85:F6:37:83:55:B7:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/INShQtHjFwTrW88Dp4X2N4NVt5k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/099e79-16fb-40be-a918-db7c1af3a073/1/f4DoD8P-fxJrVEa5N9Xo0tr0Di8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/099e79-16fb-40be-a918-db7c1af3a073/1/INShQtHjFwTrW88Dp4X2N4NVt5k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:90:e0:2c:29:7b:28:6f:4a:0a:af:9c:76:d8:d0:a5:e2:67:
         78:5b:f4:61:21:52:6e:d6:c6:1a:34:e9:5f:bb:c9:f3:77:b5:
         52:5d:07:aa:5b:e0:f1:b1:af:d9:67:8c:40:4c:c4:8c:97:fd:
         5b:57:c4:39:62:73:56:68:1f:fd:40:55:4e:f8:20:72:90:f2:
         c6:e5:36:0f:8a:0b:ae:d9:e1:4d:2b:c7:47:b7:84:4f:f9:29:
         aa:19:a5:b6:58:59:46:bb:7c:c6:a3:ef:b1:05:de:4e:df:70:
         b8:ab:e2:3a:f7:f9:ee:70:60:43:77:33:3f:aa:28:f9:bb:85:
         5f:ba:9d:80:91:4d:c6:70:a9:1d:fe:b7:50:e2:0c:26:8a:5a:
         ef:7e:f8:76:99:86:a0:e8:85:0a:5e:27:9c:2d:fb:79:73:61:
         29:4b:d1:fa:5e:90:2a:7b:33:8a:60:c4:f1:df:3f:8a:b8:3b:
         b8:9f:be:91:84:0b:a3:61:ac:8f:4c:ed:66:81:be:c8:66:5a:
         75:ea:03:a6:d3:99:2e:4a:9c:a1:a7:f4:2e:9b:d6:a1:ca:87:
         41:ad:77:4d:0b:cb:46:f3:51:51:31:52:c3:c7:3d:19:a1:d3:
         e1:fc:0c:03:76:44:88:4a:b1:23:03:3f:31:f7:56:14:a4:d6:
         9c:0d:fc:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZo1U06bbjeAzytw4xWgJ9EAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZDRhMTQyZDFlMzE3MDRlYjViY2YwM2E3ODVmNjM3ODM1
NWI3OTkwHhcNMjUxMDMwMTMzNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjgwZTgwZmMzZmU3ZjEyNmI1NDQ2YjkzN2Q1ZThkMmRhZjQwZTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbgQ/Tjvk49RMyEzqnTKQknwykhZ
oIuDekgWc9wCDX4T0+Ca5KxIwnA+ztoRlufbipSbJJuNSbxn2U67HAcR4GvwuIwm
QM8OxciuiTx1bUR/GNARMwgkniZiXFNmfLabJeMAO67GXn2wW6ZGurb5+JmyAv+1
2u85XYQaoEGwTa/1ZWJcIQHrvFkJNHLXBMq9HVvPm8GbB6Z5jdTJ6IL8Vqo21a/V
rOYZmlZN6ZmlNPUIBYH6KNzQPE+XWpxz9CWPziXjnSeslyZInu9P0ff2d+juINqt
6WbAfuS30g0jFIdotZ4tlyN7kBQrDkucg+cXQ7xamhDSPwAUtcSUIespIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH+A6A/D/n8Sa1RGuTfV6NLa9A4vMB8GA1UdIwQY
MBaAFCDUoULR4xcE61vPA6eF9jeDVbeZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU5TaFF0SGpGd1RyVzg4RHA0WDJONE5WdDVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8wOTllNzktMTZmYi00MGJlLWE5MTgt
ZGI3YzFhZjNhMDczLzEvZjREb0Q4UC1meEpyVkVhNU45WG8wdHIwRGk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8wOTllNzktMTZmYi00MGJlLWE5MTgtZGI3YzFhZjNhMDcz
LzEvSU5TaFF0SGpGd1RyVzg4RHA0WDJONE5WdDVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufNAMA0G
CSqGSIb3DQEBCwUAA4IBAQCFkOAsKXsob0oKr5x22NCl4md4W/RhIVJu1sYaNOlf
u8nzd7VSXQeqW+Dxsa/ZZ4xATMSMl/1bV8Q5YnNWaB/9QFVO+CBykPLG5TYPiguu
2eFNK8dHt4RP+SmqGaW2WFlGu3zGo++xBd5O33C4q+I69/nucGBDdzM/qij5u4Vf
up2AkU3GcKkd/rdQ4gwmilrvfvh2mYag6IUKXiecLft5c2EpS9H6XpAqezOKYMTx
3z+KuDu4n76RhAujYayPTO1mgb7IZlp16gOm05kuSpyhp/Qum9ahyodBrXdNC8tG
81FRMVLDxz0ZodPh/AwDdkSISrEjAz8x91YUpNacDfzB
-----END CERTIFICATE-----