Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/976925-2551-4b2b-900a-e111f322636a/1/ay2UhLb9gVwOGFcPuT7u3po7GlY.roa
File:                     ay2UhLb9gVwOGFcPuT7u3po7GlY.roa (raw, json)
Hash identifier:          Nc0lcUmEx3NfjhiK/z5Wio+LmihCcurK5+zIFKzkR30=
Subject key identifier:   6B:2D:94:84:B6:FD:81:5C:0E:18:57:0F:B9:3E:EE:DE:9A:3B:1A:56
Certificate issuer:       /CN=cfc4c2ae338845efe7802deec234eae3f7b95f31
Certificate serial:       01985BA7EEDF4E74A2BA909B0CDE067F677D
Authority key identifier: CF:C4:C2:AE:33:88:45:EF:E7:80:2D:EE:C2:34:EA:E3:F7:B9:5F:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z8TCrjOIRe_ngC3uwjTq4_e5XzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/976925-2551-4b2b-900a-e111f322636a/1/ay2UhLb9gVwOGFcPuT7u3po7GlY.roa
Signing time:             Wed 30 Jul 2025 14:06:28 +0000
ROA not before:           Wed 30 Jul 2025 14:06:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        185.244.40.0/24 maxlen: 24
                          185.247.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/976925-2551-4b2b-900a-e111f322636a/1/z8TCrjOIRe_ngC3uwjTq4_e5XzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/976925-2551-4b2b-900a-e111f322636a/1/z8TCrjOIRe_ngC3uwjTq4_e5XzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z8TCrjOIRe_ngC3uwjTq4_e5XzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 20:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5b:a7:ee:df:4e:74:a2:ba:90:9b:0c:de:06:7f:67:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfc4c2ae338845efe7802deec234eae3f7b95f31
        Validity
            Not Before: Jul 30 14:06:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b2d9484b6fd815c0e18570fb93eeede9a3b1a56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:9f:a8:38:51:f8:94:d2:f8:38:2f:a3:98:c0:
                    9e:ff:a5:ee:57:a0:8b:3b:bc:82:39:6b:61:6d:aa:
                    34:5a:5f:59:38:ac:e2:a1:fa:ce:3d:af:5e:48:12:
                    6d:32:79:05:5c:28:1f:0f:cd:b9:39:b4:2c:d6:79:
                    6a:96:59:cc:d5:1b:04:ec:a4:da:b5:48:96:58:9e:
                    ac:d3:2f:fe:b9:17:99:fa:81:c9:ff:01:ec:65:33:
                    16:ea:cf:d9:da:e4:f7:04:95:7d:0b:e6:cb:d6:af:
                    ba:15:f7:6f:ea:75:7c:8e:9e:4f:18:0d:97:df:ef:
                    62:66:98:df:87:2e:5d:67:ce:dd:69:70:d6:0e:0a:
                    14:6f:8d:54:83:5f:d5:57:60:c5:2d:4c:ed:9a:70:
                    05:69:55:85:a6:a4:0e:40:a6:7a:36:cb:91:da:91:
                    64:e6:13:5b:36:74:67:fb:25:98:f0:85:98:ea:5f:
                    71:cf:3b:bd:2b:92:f6:88:35:d8:9d:de:5b:60:b1:
                    ac:6d:4b:6d:25:01:dd:bd:fd:7a:d1:fb:a4:33:a1:
                    2b:de:76:ea:9a:84:62:e2:78:00:02:b2:e7:50:cb:
                    61:f7:fe:3a:ae:8d:4d:aa:d5:50:f0:2d:ff:96:9f:
                    fa:de:36:74:03:37:94:3c:86:33:17:e4:cb:71:7d:
                    53:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:2D:94:84:B6:FD:81:5C:0E:18:57:0F:B9:3E:EE:DE:9A:3B:1A:56
            X509v3 Authority Key Identifier:
                keyid:CF:C4:C2:AE:33:88:45:EF:E7:80:2D:EE:C2:34:EA:E3:F7:B9:5F:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z8TCrjOIRe_ngC3uwjTq4_e5XzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/976925-2551-4b2b-900a-e111f322636a/1/ay2UhLb9gVwOGFcPuT7u3po7GlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/976925-2551-4b2b-900a-e111f322636a/1/z8TCrjOIRe_ngC3uwjTq4_e5XzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.40.0/24
                  185.247.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:88:99:e3:5a:de:e1:58:16:96:b9:93:73:fd:96:7f:32:3a:
         41:d0:3c:fb:72:55:4a:e7:e0:c9:54:ba:a6:7d:4c:58:ad:13:
         93:ce:d5:22:16:85:61:ed:bf:a6:64:3e:e4:7c:24:10:ef:b6:
         bc:0d:52:d0:de:41:60:83:f6:00:a6:d5:13:4d:cb:90:ce:b2:
         0a:63:fa:9b:2d:c1:3f:bd:fc:7e:c1:23:0b:ca:05:89:ed:eb:
         b6:ce:2c:f4:08:c8:d1:1a:1f:a2:41:2a:22:b8:b8:9f:91:49:
         58:cc:ac:4d:91:80:81:8f:55:2e:09:e7:5d:18:6a:ee:7c:7a:
         12:65:d5:58:0d:18:13:b9:40:ca:e0:a3:55:48:ef:9f:48:73:
         b4:33:e8:92:59:7c:11:cc:76:c3:ff:ef:06:c7:a9:8f:cb:94:
         df:fa:0d:2b:8a:fa:bb:17:a5:c3:71:48:da:7f:81:07:94:f0:
         9d:85:da:30:b7:7b:0a:23:6e:9b:ac:4d:f8:f7:cf:9e:fc:51:
         9c:7f:ee:af:a9:08:f5:ff:86:72:d2:eb:94:72:e2:b7:4c:80:
         46:6b:be:6a:b4:4b:f7:ee:81:20:61:78:bf:0d:50:a7:1e:27:
         4c:ab:36:ad:d6:eb:72:86:1b:f0:bd:a0:3d:f3:0c:5a:da:13:
         a3:7b:89:07
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhbp+7fTnSiupCbDN4Gf2d9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmYzRjMmFlMzM4ODQ1ZWZlNzgwMmRlZWMyMzRlYWUzZjdi
OTVmMzEwHhcNMjUwNzMwMTQwNjI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjJkOTQ4NGI2ZmQ4MTVjMGUxODU3MGZiOTNlZWVkZTlhM2IxYTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJ+oOFH4lNL4OC+jmMCe/6XuV6CL
O7yCOWthbao0Wl9ZOKziofrOPa9eSBJtMnkFXCgfD825ObQs1nlqllnM1RsE7KTa
tUiWWJ6s0y/+uReZ+oHJ/wHsZTMW6s/Z2uT3BJV9C+bL1q+6Ffdv6nV8jp5PGA2X
3+9iZpjfhy5dZ87daXDWDgoUb41Ug1/VV2DFLUztmnAFaVWFpqQOQKZ6NsuR2pFk
5hNbNnRn+yWY8IWY6l9xzzu9K5L2iDXYnd5bYLGsbUttJQHdvf160fukM6Er3nbq
moRi4ngAArLnUMth9/46ro1NqtVQ8C3/lp/63jZ0AzeUPIYzF+TLcX1TxQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGstlIS2/YFcDhhXD7k+7t6aOxpWMB8GA1UdIwQY
MBaAFM/Ewq4ziEXv54At7sI06uP3uV8xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejhUQ3JqT0lSZV9uZ0MzdXdqVHE0X2U1WHpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS85NzY5MjUtMjU1MS00YjJiLTkwMGEt
ZTExMWYzMjI2MzZhLzEvYXkyVWhMYjlnVndPR0ZjUHVUN3UzcG83R2xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS85NzY5MjUtMjU1MS00YjJiLTkwMGEtZTExMWYzMjI2MzZh
LzEvejhUQ3JqT0lSZV9uZ0MzdXdqVHE0X2U1WHpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAufQoAwQA
ufePMA0GCSqGSIb3DQEBCwUAA4IBAQCXiJnjWt7hWBaWuZNz/ZZ/MjpB0Dz7clVK
5+DJVLqmfUxYrROTztUiFoVh7b+mZD7kfCQQ77a8DVLQ3kFgg/YAptUTTcuQzrIK
Y/qbLcE/vfx+wSMLygWJ7eu2ziz0CMjRGh+iQSoiuLifkUlYzKxNkYCBj1UuCedd
GGrufHoSZdVYDRgTuUDK4KNVSO+fSHO0M+iSWXwRzHbD/+8Gx6mPy5Tf+g0rivq7
F6XDcUjaf4EHlPCdhdowt3sKI26brE3498+e/FGcf+6vqQj1/4Zy0uuUcuK3TIBG
a75qtEv37oEgYXi/DVCnHidMqzat1utyhhvwvaA98wxa2hOje4kH
-----END CERTIFICATE-----