Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/20fca0-04b2-43b0-bd2c-6717b9babb34/1/7_8yBJLyqtyIR9OHFg7LU1M1Onc.roa
File:                     7_8yBJLyqtyIR9OHFg7LU1M1Onc.roa (raw, json)
Hash identifier:          RwjNHeRVHQ2HqUbmJiZCyAxBMEck7wiXEWN73Kexaq4=
Subject key identifier:   EF:FF:32:04:92:F2:AA:DC:88:47:D3:87:16:0E:CB:53:53:35:3A:77
Certificate issuer:       /CN=389c030036756ab8cdac922b1af237bce1367ce0
Certificate serial:       019A2DF55107418E41E1F4AA7E630CCA703C
Authority key identifier: 38:9C:03:00:36:75:6A:B8:CD:AC:92:2B:1A:F2:37:BC:E1:36:7C:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OJwDADZ1arjNrJIrGvI3vOE2fOA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/20fca0-04b2-43b0-bd2c-6717b9babb34/1/7_8yBJLyqtyIR9OHFg7LU1M1Onc.roa
Signing time:             Wed 29 Oct 2025 03:14:02 +0000
ROA not before:           Wed 29 Oct 2025 03:14:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54994
IP address blocks:        185.119.40.0/24 maxlen: 24
                          185.119.41.0/24 maxlen: 24
                          185.119.42.0/24 maxlen: 24
                          185.119.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/20fca0-04b2-43b0-bd2c-6717b9babb34/1/OJwDADZ1arjNrJIrGvI3vOE2fOA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/20fca0-04b2-43b0-bd2c-6717b9babb34/1/OJwDADZ1arjNrJIrGvI3vOE2fOA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OJwDADZ1arjNrJIrGvI3vOE2fOA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 12:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2d:f5:51:07:41:8e:41:e1:f4:aa:7e:63:0c:ca:70:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=389c030036756ab8cdac922b1af237bce1367ce0
        Validity
            Not Before: Oct 29 03:14:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=efff320492f2aadc8847d387160ecb5353353a77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:7f:53:cd:58:b0:6b:d3:a4:9c:05:36:f9:1e:
                    b9:b1:f7:99:2b:bf:63:22:f5:ef:82:12:71:96:ae:
                    14:f7:c3:f3:f6:a3:3c:f2:9f:36:b5:1c:eb:7c:6d:
                    fa:4b:ff:13:59:e7:ff:89:fb:ed:82:05:e6:6a:f5:
                    db:0d:1f:71:97:36:a4:a6:97:1c:21:87:ac:b5:b9:
                    52:58:ca:61:83:79:fd:05:02:d0:cd:cb:67:cc:88:
                    af:f0:96:5f:f5:e8:13:4a:d4:ff:4d:db:ec:7f:42:
                    cd:94:e9:97:93:b7:8b:78:6b:66:ae:f2:ed:af:7c:
                    e4:c8:6d:c3:20:9e:be:ab:96:07:7b:7f:8b:37:6a:
                    8b:ab:bb:99:cc:61:97:13:2c:65:3a:9d:26:23:59:
                    9b:52:88:d6:47:26:f1:14:a7:fb:78:ce:ba:82:11:
                    97:30:6d:ff:b6:5c:79:f4:92:2c:29:5c:f4:a5:0c:
                    cc:bc:e7:e4:d4:1a:d8:f6:fc:18:0e:c9:c9:79:62:
                    de:b8:b5:40:eb:dd:b0:5d:6a:46:67:8f:ea:75:26:
                    1b:84:b3:39:5f:33:87:c9:8b:cf:b1:a8:e2:4a:c7:
                    2a:9a:e8:89:e8:51:8c:ce:02:27:1d:46:8b:f5:a3:
                    80:7c:fa:45:29:dc:75:36:17:58:ea:dc:57:0e:1a:
                    0b:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:FF:32:04:92:F2:AA:DC:88:47:D3:87:16:0E:CB:53:53:35:3A:77
            X509v3 Authority Key Identifier:
                keyid:38:9C:03:00:36:75:6A:B8:CD:AC:92:2B:1A:F2:37:BC:E1:36:7C:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OJwDADZ1arjNrJIrGvI3vOE2fOA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/20fca0-04b2-43b0-bd2c-6717b9babb34/1/7_8yBJLyqtyIR9OHFg7LU1M1Onc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/20fca0-04b2-43b0-bd2c-6717b9babb34/1/OJwDADZ1arjNrJIrGvI3vOE2fOA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:d0:f5:20:d5:7d:9d:2e:9a:d4:bb:04:c4:4e:9c:eb:38:05:
         32:eb:26:de:d1:07:0f:a4:e7:b7:43:a5:7e:60:99:a4:fc:7b:
         c1:12:4a:f5:6f:67:b6:5c:1f:ee:53:b0:81:bb:bd:2a:da:d9:
         7e:e3:a7:d2:ac:b2:2b:45:81:00:c0:13:d4:d2:77:9a:b9:e9:
         0f:c3:07:85:f2:97:b5:0e:db:3c:07:49:02:3c:10:0a:0a:3b:
         48:95:69:df:8e:de:0e:0c:46:59:5b:de:52:1b:57:d0:f4:3e:
         f7:69:79:47:bd:07:d4:54:39:8a:3a:b0:64:1e:2c:cd:23:df:
         95:c1:63:62:1a:14:14:eb:01:32:55:d6:3f:8c:dc:a0:fc:05:
         3c:43:ec:d4:2a:97:c5:63:54:ce:49:37:dd:a6:3c:c2:a1:3d:
         10:02:f8:dc:da:bc:de:6b:a1:5e:10:d2:23:f3:67:1a:09:79:
         0c:71:03:60:fd:9d:cb:1d:ec:73:62:38:25:5e:f8:49:76:99:
         78:00:ac:39:4d:c5:77:16:72:18:a3:f1:62:cd:86:28:d7:a2:
         35:2a:c0:4c:aa:79:59:cc:32:6f:48:8d:38:95:dd:a3:e5:57:
         9e:7e:48:07:7b:7a:73:3d:0f:d4:4f:41:c5:55:69:d4:7d:1a:
         60:60:e7:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZot9VEHQY5B4fSqfmMMynA8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4OWMwMzAwMzY3NTZhYjhjZGFjOTIyYjFhZjIzN2JjZTEz
NjdjZTAwHhcNMjUxMDI5MDMxNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmZmMzIwNDkyZjJhYWRjODg0N2QzODcxNjBlY2I1MzUzMzUzYTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk39TzViwa9OknAU2+R65sfeZK79j
IvXvghJxlq4U98Pz9qM88p82tRzrfG36S/8TWef/ifvtggXmavXbDR9xlzakppcc
IYestblSWMphg3n9BQLQzctnzIiv8JZf9egTStT/Tdvsf0LNlOmXk7eLeGtmrvLt
r3zkyG3DIJ6+q5YHe3+LN2qLq7uZzGGXEyxlOp0mI1mbUojWRybxFKf7eM66ghGX
MG3/tlx59JIsKVz0pQzMvOfk1BrY9vwYDsnJeWLeuLVA692wXWpGZ4/qdSYbhLM5
XzOHyYvPsajiSscqmuiJ6FGMzgInHUaL9aOAfPpFKdx1NhdY6txXDhoLuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO//MgSS8qrciEfThxYOy1NTNTp3MB8GA1UdIwQY
MBaAFDicAwA2dWq4zaySKxryN7zhNnzgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0p3REFEWjFhcmpOckpJckd2STN2T0UyZk9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8yMGZjYTAtMDRiMi00M2IwLWJkMmMt
NjcxN2I5YmFiYjM0LzEvN184eUJKTHlxdHlJUjlPSEZnN0xVMU0xT25jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8yMGZjYTAtMDRiMi00M2IwLWJkMmMtNjcxN2I5YmFiYjM0
LzEvT0p3REFEWjFhcmpOckpJckd2STN2T0UyZk9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXcoMA0G
CSqGSIb3DQEBCwUAA4IBAQBH0PUg1X2dLprUuwTETpzrOAUy6ybe0QcPpOe3Q6V+
YJmk/HvBEkr1b2e2XB/uU7CBu70q2tl+46fSrLIrRYEAwBPU0neauekPwweF8pe1
Dts8B0kCPBAKCjtIlWnfjt4ODEZZW95SG1fQ9D73aXlHvQfUVDmKOrBkHizNI9+V
wWNiGhQU6wEyVdY/jNyg/AU8Q+zUKpfFY1TOSTfdpjzCoT0QAvjc2rzea6FeENIj
82caCXkMcQNg/Z3LHexzYjglXvhJdpl4AKw5TcV3FnIYo/FizYYo16I1KsBMqnlZ
zDJvSI04ld2j5VeefkgHe3pzPQ/UT0HFVWnUfRpgYOfD
-----END CERTIFICATE-----