Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/c7c83f-fac2-4551-8f78-91a77ea05df1/1/biU2dVHDkmW3ggJsKp9Y0Y3icgc.roa
File:                     biU2dVHDkmW3ggJsKp9Y0Y3icgc.roa (raw, json)
Hash identifier:          Q70FfzUUNjte1Czb813dG83AEi9zq10U9CCK5o5IFaU=
Subject key identifier:   6E:25:36:75:51:C3:92:65:B7:82:02:6C:2A:9F:58:D1:8D:E2:72:07
Certificate issuer:       /CN=1efcab4deded66abef7cd7ed72657bc03a8229d6
Certificate serial:       0197E91D1E556E1F7F4C9C882E927A88CB44
Authority key identifier: 1E:FC:AB:4D:ED:ED:66:AB:EF:7C:D7:ED:72:65:7B:C0:3A:82:29:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HvyrTe3tZqvvfNftcmV7wDqCKdY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/c7c83f-fac2-4551-8f78-91a77ea05df1/1/biU2dVHDkmW3ggJsKp9Y0Y3icgc.roa
Signing time:             Tue 08 Jul 2025 08:18:09 +0000
ROA not before:           Tue 08 Jul 2025 08:18:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47180
IP address blocks:        185.28.46.0/24 maxlen: 24
                          194.179.140.0/22 maxlen: 24
                          2a13:f8c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/c7c83f-fac2-4551-8f78-91a77ea05df1/1/HvyrTe3tZqvvfNftcmV7wDqCKdY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/c7c83f-fac2-4551-8f78-91a77ea05df1/1/HvyrTe3tZqvvfNftcmV7wDqCKdY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HvyrTe3tZqvvfNftcmV7wDqCKdY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e9:1d:1e:55:6e:1f:7f:4c:9c:88:2e:92:7a:88:cb:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1efcab4deded66abef7cd7ed72657bc03a8229d6
        Validity
            Not Before: Jul  8 08:18:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e25367551c39265b782026c2a9f58d18de27207
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:30:00:5b:14:b0:eb:25:dd:50:82:b4:3b:89:
                    5f:9d:f8:42:7d:96:88:28:18:38:4f:5b:1a:15:ea:
                    4c:fe:eb:66:27:47:e7:80:d9:0d:30:86:93:33:ee:
                    1d:f5:b2:80:b9:64:da:d0:01:c2:3e:c8:e9:31:95:
                    c5:a3:4b:83:48:05:25:34:56:f0:2a:d3:6b:0d:ed:
                    11:0f:75:10:59:11:be:e7:b8:a5:78:86:f9:f1:5c:
                    e0:40:b4:95:9a:83:2a:f2:3b:32:f9:61:a2:e7:ac:
                    68:0e:58:e4:4e:30:43:7f:eb:1a:f4:de:29:a2:93:
                    c0:11:05:04:43:13:1b:a3:f2:26:60:b3:67:ca:7e:
                    b3:c6:0d:1e:0c:67:9a:f0:81:0e:0e:7b:12:5f:92:
                    a6:03:e3:72:cc:33:45:bb:b9:f9:12:71:d6:68:6b:
                    3b:39:13:87:21:1b:75:12:70:ff:66:80:b8:af:7d:
                    ba:9d:96:41:f7:c6:58:73:42:81:12:17:4c:f0:92:
                    a8:e2:11:56:37:83:04:cf:7c:e8:26:ab:8b:75:6d:
                    9b:30:48:ee:56:fa:d4:69:90:85:06:7d:a7:ba:24:
                    94:86:6e:ab:39:83:01:67:97:7e:97:43:f7:95:67:
                    2a:3d:58:0e:f2:c5:ac:65:cf:08:24:6f:c5:b4:62:
                    c7:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:25:36:75:51:C3:92:65:B7:82:02:6C:2A:9F:58:D1:8D:E2:72:07
            X509v3 Authority Key Identifier:
                keyid:1E:FC:AB:4D:ED:ED:66:AB:EF:7C:D7:ED:72:65:7B:C0:3A:82:29:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HvyrTe3tZqvvfNftcmV7wDqCKdY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c7c83f-fac2-4551-8f78-91a77ea05df1/1/biU2dVHDkmW3ggJsKp9Y0Y3icgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c7c83f-fac2-4551-8f78-91a77ea05df1/1/HvyrTe3tZqvvfNftcmV7wDqCKdY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.28.46.0/24
                  194.179.140.0/22
                IPv6:
                  2a13:f8c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         92:64:7f:fe:93:2f:df:74:1c:4f:7d:50:cc:9b:5a:2f:ee:cd:
         4f:0f:90:f4:9f:4a:c5:85:37:7c:7d:13:aa:e6:8a:9e:18:04:
         e8:f6:0d:f4:9c:e5:27:55:76:22:7a:4f:b6:05:84:bb:ec:e5:
         04:10:aa:b6:f2:9c:c8:43:fa:a2:07:96:42:4c:ee:ed:ec:23:
         21:91:18:39:2a:4f:8f:92:1d:70:1b:bd:27:b9:50:6b:1b:66:
         d0:d9:02:ae:8b:22:78:54:6f:62:37:b7:4b:18:ee:ae:d8:0c:
         13:25:c0:97:77:ae:a6:04:8f:f2:4d:1f:b6:71:dc:a3:3f:c7:
         9a:60:c6:5c:48:6e:6b:34:b5:76:dd:c2:7b:34:1e:83:1c:02:
         2c:25:8c:bb:68:5d:23:9b:0d:ff:47:b6:65:45:f7:a2:25:b0:
         19:26:74:41:3b:35:cd:45:33:b2:32:e8:41:68:06:a3:f8:28:
         f8:7b:da:07:eb:22:30:60:dc:0f:cd:d1:cc:0d:93:d0:5b:6d:
         ca:f4:4f:07:b7:ad:49:17:cf:c0:6e:b8:52:7b:fc:36:76:29:
         be:f2:6b:04:ec:73:24:a4:f7:30:01:1c:82:35:23:d2:bc:3f:
         b4:74:a2:d8:ca:b9:fb:ee:0b:de:8e:cf:54:60:2c:1f:22:ff:
         69:6e:22:8d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZfpHR5Vbh9/TJyILpJ6iMtEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlZmNhYjRkZWRlZDY2YWJlZjdjZDdlZDcyNjU3YmMwM2E4
MjI5ZDYwHhcNMjUwNzA4MDgxODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTI1MzY3NTUxYzM5MjY1Yjc4MjAyNmMyYTlmNThkMThkZTI3MjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTAAWxSw6yXdUIK0O4lfnfhCfZaI
KBg4T1saFepM/utmJ0fngNkNMIaTM+4d9bKAuWTa0AHCPsjpMZXFo0uDSAUlNFbw
KtNrDe0RD3UQWRG+57ileIb58VzgQLSVmoMq8jsy+WGi56xoDljkTjBDf+sa9N4p
opPAEQUEQxMbo/ImYLNnyn6zxg0eDGea8IEODnsSX5KmA+NyzDNFu7n5EnHWaGs7
OROHIRt1EnD/ZoC4r326nZZB98ZYc0KBEhdM8JKo4hFWN4MEz3zoJquLdW2bMEju
VvrUaZCFBn2nuiSUhm6rOYMBZ5d+l0P3lWcqPVgO8sWsZc8IJG/FtGLHmQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFG4lNnVRw5Jlt4ICbCqfWNGN4nIHMB8GA1UdIwQY
MBaAFB78q03t7War73zX7XJle8A6ginWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHZ5clRlM3RacXZ2Zk5mdGNtVjd3RHFDS2RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jN2M4M2YtZmFjMi00NTUxLThmNzgt
OTFhNzdlYTA1ZGYxLzEvYmlVMmRWSERrbVczZ2dKc0twOVkwWTNpY2djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jN2M4M2YtZmFjMi00NTUxLThmNzgtOTFhNzdlYTA1ZGYx
LzEvSHZ5clRlM3RacXZ2Zk5mdGNtVjd3RHFDS2RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuRwuAwQC
wrOMMA0EAgACMAcDBQMqE/jAMA0GCSqGSIb3DQEBCwUAA4IBAQCSZH/+ky/fdBxP
fVDMm1ov7s1PD5D0n0rFhTd8fROq5oqeGATo9g30nOUnVXYiek+2BYS77OUEEKq2
8pzIQ/qiB5ZCTO7t7CMhkRg5Kk+Pkh1wG70nuVBrG2bQ2QKuiyJ4VG9iN7dLGO6u
2AwTJcCXd66mBI/yTR+2cdyjP8eaYMZcSG5rNLV23cJ7NB6DHAIsJYy7aF0jmw3/
R7ZlRfeiJbAZJnRBOzXNRTOyMuhBaAaj+Cj4e9oH6yIwYNwPzdHMDZPQW23K9E8H
t61JF8/AbrhSe/w2dim+8msE7HMkpPcwARyCNSPSvD+0dKLYyrn77gvejs9UYCwf
Iv9pbiKN
-----END CERTIFICATE-----