Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2e2c8e-4c2b-48e9-afd5-235aba19d9f9/1/zxt5ioQXS4YKJLP4ilCQM5v8g2Y.roa
File:                     zxt5ioQXS4YKJLP4ilCQM5v8g2Y.roa (raw, json)
Hash identifier:          RY5SWWwhf3VR6uGt8AADVTrl85kwmlR4e1dP9tOTtrg=
Subject key identifier:   CF:1B:79:8A:84:17:4B:86:0A:24:B3:F8:8A:50:90:33:9B:FC:83:66
Certificate issuer:       /CN=40aa71157e20d98036bbd693b8ecbb2b99f0f03c
Certificate serial:       0198187F31C2264B9BD7D2EF910A810B51EF
Authority key identifier: 40:AA:71:15:7E:20:D9:80:36:BB:D6:93:B8:EC:BB:2B:99:F0:F0:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QKpxFX4g2YA2u9aTuOy7K5nw8Dw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2e2c8e-4c2b-48e9-afd5-235aba19d9f9/1/zxt5ioQXS4YKJLP4ilCQM5v8g2Y.roa
Signing time:             Thu 17 Jul 2025 13:07:25 +0000
ROA not before:           Thu 17 Jul 2025 13:07:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6872
IP address blocks:        185.122.156.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2e2c8e-4c2b-48e9-afd5-235aba19d9f9/1/QKpxFX4g2YA2u9aTuOy7K5nw8Dw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2e2c8e-4c2b-48e9-afd5-235aba19d9f9/1/QKpxFX4g2YA2u9aTuOy7K5nw8Dw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QKpxFX4g2YA2u9aTuOy7K5nw8Dw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:18:7f:31:c2:26:4b:9b:d7:d2:ef:91:0a:81:0b:51:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40aa71157e20d98036bbd693b8ecbb2b99f0f03c
        Validity
            Not Before: Jul 17 13:07:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf1b798a84174b860a24b3f88a5090339bfc8366
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:a2:50:e1:f2:dc:66:6d:4c:72:c6:78:bd:6b:
                    83:d6:64:11:07:35:1f:e4:a9:a6:39:da:5a:ff:45:
                    87:fb:9a:9d:d0:15:ab:e0:6e:28:0c:a0:7f:19:8c:
                    75:1a:a2:a0:90:e6:e8:99:c8:29:26:c0:7f:1a:1f:
                    5f:f5:8a:5d:13:6f:0a:ac:1e:e2:28:b2:17:85:75:
                    73:7d:ab:41:6d:3e:ab:d5:93:31:f3:d0:e3:7a:7c:
                    81:16:f0:31:0d:d6:ca:8f:7b:8d:71:83:eb:eb:16:
                    4e:fe:40:aa:c3:39:f1:f9:f2:c0:5f:9e:86:69:32:
                    d3:14:cc:a3:c0:6f:dd:59:0c:b7:38:6b:aa:6d:c9:
                    bb:70:3b:85:d8:1d:0e:87:a4:e0:8f:c5:f3:85:ae:
                    7d:9a:d1:86:14:7c:80:c6:50:39:ea:6b:70:c8:63:
                    5b:69:4d:e1:3f:6d:df:34:6d:77:a6:47:7a:41:c6:
                    8e:15:90:59:ee:6e:f2:81:2f:d3:5f:3d:34:4d:01:
                    4a:27:f4:dd:22:0c:cc:a2:b4:c1:a2:89:2b:7f:0c:
                    89:91:35:82:0e:16:aa:d9:0b:ca:5e:bd:b3:22:a3:
                    07:7f:e4:a1:55:6d:62:c8:98:0c:0a:1d:4c:c6:75:
                    56:46:36:d2:3d:dc:1c:c5:f8:6b:45:67:bc:f5:a2:
                    16:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:1B:79:8A:84:17:4B:86:0A:24:B3:F8:8A:50:90:33:9B:FC:83:66
            X509v3 Authority Key Identifier:
                keyid:40:AA:71:15:7E:20:D9:80:36:BB:D6:93:B8:EC:BB:2B:99:F0:F0:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QKpxFX4g2YA2u9aTuOy7K5nw8Dw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2e2c8e-4c2b-48e9-afd5-235aba19d9f9/1/zxt5ioQXS4YKJLP4ilCQM5v8g2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2e2c8e-4c2b-48e9-afd5-235aba19d9f9/1/QKpxFX4g2YA2u9aTuOy7K5nw8Dw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.122.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:f3:b2:4e:59:61:cc:bc:4e:aa:6f:4d:c1:66:40:d8:b2:5b:
         24:b1:dd:54:2f:33:8a:45:de:be:91:cc:1f:cf:a6:eb:62:2d:
         29:30:56:8c:b8:de:8b:dd:08:1b:4b:e9:ca:31:8a:e4:62:11:
         ca:16:63:8d:28:8a:fa:0b:d8:d1:b1:95:c9:3c:10:91:ad:1d:
         ff:53:1e:b6:2a:cc:7d:85:9f:7c:83:47:90:fc:e8:d4:7a:a3:
         35:aa:e6:90:58:ea:80:83:dd:18:5f:42:70:1f:67:e1:69:65:
         0e:32:8b:bf:e1:b3:31:f4:df:3f:37:a1:24:22:20:50:0a:d5:
         b3:a2:ec:f7:49:11:4d:aa:13:58:dc:dc:3b:0c:91:16:b2:82:
         83:f0:d6:d6:57:26:4d:ea:0a:16:27:88:c9:60:c3:39:6a:4f:
         1f:84:ea:25:3b:ef:e2:ce:50:2c:c7:ab:9a:a7:81:f3:41:7e:
         fc:73:7c:33:73:10:2e:ae:06:18:49:9f:35:fd:03:d7:8e:93:
         b9:4e:ab:6d:98:77:8e:78:ee:d9:33:8e:b9:10:45:84:24:17:
         16:55:cf:ec:5f:5c:37:95:52:4a:39:7b:d2:28:73:7e:02:5a:
         e8:60:b6:b4:5b:4b:ce:b0:32:5b:66:bb:f8:4d:f8:4d:ea:45:
         56:24:f0:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgYfzHCJkub19LvkQqBC1HvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwYWE3MTE1N2UyMGQ5ODAzNmJiZDY5M2I4ZWNiYjJiOTlm
MGYwM2MwHhcNMjUwNzE3MTMwNzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjFiNzk4YTg0MTc0Yjg2MGEyNGIzZjg4YTUwOTAzMzliZmM4MzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqJQ4fLcZm1McsZ4vWuD1mQRBzUf
5KmmOdpa/0WH+5qd0BWr4G4oDKB/GYx1GqKgkObomcgpJsB/Gh9f9YpdE28KrB7i
KLIXhXVzfatBbT6r1ZMx89DjenyBFvAxDdbKj3uNcYPr6xZO/kCqwznx+fLAX56G
aTLTFMyjwG/dWQy3OGuqbcm7cDuF2B0Oh6Tgj8Xzha59mtGGFHyAxlA56mtwyGNb
aU3hP23fNG13pkd6QcaOFZBZ7m7ygS/TXz00TQFKJ/TdIgzMorTBookrfwyJkTWC
Dhaq2QvKXr2zIqMHf+ShVW1iyJgMCh1MxnVWRjbSPdwcxfhrRWe89aIWEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM8beYqEF0uGCiSz+IpQkDOb/INmMB8GA1UdIwQY
MBaAFECqcRV+INmANrvWk7jsuyuZ8PA8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUtweEZYNGcyWUEydTlhVHVPeTdLNW53OER3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yZTJjOGUtNGMyYi00OGU5LWFmZDUt
MjM1YWJhMTlkOWY5LzEvenh0NWlvUVhTNFlLSkxQNGlsQ1FNNXY4ZzJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yZTJjOGUtNGMyYi00OGU5LWFmZDUtMjM1YWJhMTlkOWY5
LzEvUUtweEZYNGcyWUEydTlhVHVPeTdLNW53OER3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXqcMA0G
CSqGSIb3DQEBCwUAA4IBAQAA87JOWWHMvE6qb03BZkDYslsksd1ULzOKRd6+kcwf
z6brYi0pMFaMuN6L3QgbS+nKMYrkYhHKFmONKIr6C9jRsZXJPBCRrR3/Ux62Ksx9
hZ98g0eQ/OjUeqM1quaQWOqAg90YX0JwH2fhaWUOMou/4bMx9N8/N6EkIiBQCtWz
ouz3SRFNqhNY3Nw7DJEWsoKD8NbWVyZN6goWJ4jJYMM5ak8fhOolO+/izlAsx6ua
p4HzQX78c3wzcxAurgYYSZ81/QPXjpO5TqttmHeOeO7ZM465EEWEJBcWVc/sX1w3
lVJKOXvSKHN+AlroYLa0W0vOsDJbZrv4TfhN6kVWJPCe
-----END CERTIFICATE-----