Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/2X7s8TB-SC5DPBb5a49yVuMD8Vc.roa
File:                     2X7s8TB-SC5DPBb5a49yVuMD8Vc.roa (raw, json)
Hash identifier:          o9vS/CgL8A73ayZmUkW92/Htjnl1tx7/20AUiAOBnsI=
Subject key identifier:   D9:7E:EC:F1:30:7E:48:2E:43:3C:16:F9:6B:8F:72:56:E3:03:F1:57
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019854A9B5E28BD98831CCF74480A07B4C0C
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/2X7s8TB-SC5DPBb5a49yVuMD8Vc.roa
Signing time:             Tue 29 Jul 2025 05:31:05 +0000
ROA not before:           Tue 29 Jul 2025 05:31:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211043
IP address blocks:        185.102.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:54:a9:b5:e2:8b:d9:88:31:cc:f7:44:80:a0:7b:4c:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jul 29 05:31:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d97eecf1307e482e433c16f96b8f7256e303f157
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:cd:e7:bd:31:9f:8b:e5:27:7b:7c:c8:13:a2:
                    b4:be:49:c0:55:8f:cc:cc:3e:34:47:1b:b5:55:ad:
                    8a:b8:1e:07:6c:06:90:ce:96:7b:85:18:21:f9:61:
                    45:1e:48:9a:51:7e:fe:1a:e0:ce:55:8c:43:ac:09:
                    ef:53:96:5e:66:ae:a9:54:b8:37:b0:c5:9b:63:78:
                    31:9f:78:10:da:85:d1:3d:b9:ba:10:ec:da:1a:f8:
                    01:1e:2b:cf:62:42:bf:76:a8:23:91:ab:38:71:c3:
                    a5:32:02:b9:d5:00:35:1a:92:7d:0b:d1:99:89:be:
                    41:f3:37:66:48:d6:78:1a:48:9d:f7:47:24:31:af:
                    e4:c7:9a:0f:5d:1e:4c:4b:cf:8b:c5:1e:ef:95:da:
                    11:c2:45:e6:63:7d:1c:27:1c:fe:89:40:32:ee:6a:
                    fc:fe:a2:18:00:16:c2:4d:ca:95:98:4e:78:33:f5:
                    58:77:eb:75:96:68:95:6a:ed:14:99:d7:d0:29:11:
                    9d:ed:f8:c4:d2:41:68:f2:7d:41:db:fb:6e:62:6c:
                    1d:0c:55:6c:d8:cc:fa:8f:aa:83:b4:9e:a0:d6:41:
                    6d:53:69:d2:17:b7:31:1f:fd:95:d6:af:eb:d5:56:
                    f6:54:66:82:d6:86:d2:47:52:50:7b:f9:8d:28:e8:
                    7e:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:7E:EC:F1:30:7E:48:2E:43:3C:16:F9:6B:8F:72:56:E3:03:F1:57
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/2X7s8TB-SC5DPBb5a49yVuMD8Vc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:6b:b7:da:7f:8d:57:b4:92:f7:05:2c:ca:2b:47:98:80:0f:
         b0:e0:fa:a4:22:cf:1b:6d:b6:e4:f8:83:a9:a2:f1:61:52:97:
         3a:fb:91:ba:fc:30:f4:08:30:07:08:bb:f5:06:a9:0a:99:3b:
         d6:14:e4:69:75:a8:c6:32:49:99:a9:a2:dd:55:b9:28:ba:5c:
         4e:ec:02:b0:72:a2:84:94:44:b0:fd:24:29:98:b6:4a:1b:7f:
         13:e3:46:0c:e8:ca:fd:91:c2:04:db:32:97:5d:a8:dc:a0:59:
         b3:de:31:e1:d5:24:5d:40:e3:e6:a9:d0:95:c8:3b:5d:b3:a1:
         f3:c7:59:8e:54:4d:ab:a0:28:57:b2:aa:4e:ae:52:bb:a0:39:
         9a:ae:c8:7d:5c:37:82:c4:1c:b9:d1:7d:24:47:11:87:65:fc:
         1d:ed:5b:97:f4:b2:39:d7:66:d9:e0:54:b2:f8:28:cb:c5:9e:
         01:81:23:61:ad:b6:55:24:8f:d9:4a:93:25:5b:a7:65:8d:ff:
         84:89:2b:a1:d0:d6:5b:cf:8c:4c:b9:58:db:87:69:8c:63:7c:
         3e:15:f9:56:ac:52:e0:e4:5a:cf:43:3b:d1:1a:ee:3b:cc:38:
         e7:1b:b6:6c:b9:19:ac:6c:5f:f3:85:1c:6b:fd:fa:74:ec:0b:
         aa:ca:12:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhUqbXii9mIMcz3RICge0wMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwNzI5MDUzMTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTdlZWNmMTMwN2U0ODJlNDMzYzE2Zjk2YjhmNzI1NmUzMDNmMTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApM3nvTGfi+Une3zIE6K0vknAVY/M
zD40Rxu1Va2KuB4HbAaQzpZ7hRgh+WFFHkiaUX7+GuDOVYxDrAnvU5ZeZq6pVLg3
sMWbY3gxn3gQ2oXRPbm6EOzaGvgBHivPYkK/dqgjkas4ccOlMgK51QA1GpJ9C9GZ
ib5B8zdmSNZ4Gkid90ckMa/kx5oPXR5MS8+LxR7vldoRwkXmY30cJxz+iUAy7mr8
/qIYABbCTcqVmE54M/VYd+t1lmiVau0UmdfQKRGd7fjE0kFo8n1B2/tuYmwdDFVs
2Mz6j6qDtJ6g1kFtU2nSF7cxH/2V1q/r1Vb2VGaC1obSR1JQe/mNKOh+ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNl+7PEwfkguQzwW+WuPclbjA/FXMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvMlg3czhUQi1TQzVEUEJiNWE0OXlWdU1EOFZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWarMA0G
CSqGSIb3DQEBCwUAA4IBAQCpa7faf41XtJL3BSzKK0eYgA+w4PqkIs8bbbbk+IOp
ovFhUpc6+5G6/DD0CDAHCLv1BqkKmTvWFORpdajGMkmZqaLdVbkoulxO7AKwcqKE
lESw/SQpmLZKG38T40YM6Mr9kcIE2zKXXajcoFmz3jHh1SRdQOPmqdCVyDtds6Hz
x1mOVE2roChXsqpOrlK7oDmarsh9XDeCxBy50X0kRxGHZfwd7VuX9LI512bZ4FSy
+CjLxZ4BgSNhrbZVJI/ZSpMlW6dljf+EiSuh0NZbz4xMuVjbh2mMY3w+FflWrFLg
5FrPQzvRGu47zDjnG7ZsuRmsbF/zhRxr/fp07AuqyhI9
-----END CERTIFICATE-----