Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7ZMyCn_I4Q_hzIrgnEPqA_zQfIc.roa
File:                     7ZMyCn_I4Q_hzIrgnEPqA_zQfIc.roa (raw, json)
Hash identifier:          Hecp2aqI5AkSrL922R1YJbICKnfVP5kS1BnfF0oogWE=
Subject key identifier:   ED:93:32:0A:7F:C8:E1:0F:E1:CC:8A:E0:9C:43:EA:03:FC:D0:7C:87
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019A492185602D27DF992ED18101E9A7939E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7ZMyCn_I4Q_hzIrgnEPqA_zQfIc.roa
Signing time:             Mon 03 Nov 2025 09:52:04 +0000
ROA not before:           Mon 03 Nov 2025 09:52:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213200
IP address blocks:        109.176.202.0/24 maxlen: 24
                          217.144.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 15:37:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:49:21:85:60:2d:27:df:99:2e:d1:81:01:e9:a7:93:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov  3 09:52:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed93320a7fc8e10fe1cc8ae09c43ea03fcd07c87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:b7:b2:1f:6f:20:f5:7c:22:d2:05:bd:cd:3e:
                    60:7e:0e:f7:7c:ec:12:0b:9f:99:1f:42:13:d9:70:
                    8f:f3:af:28:9a:cf:a3:ae:71:8d:f8:ac:cf:fa:d8:
                    6d:7a:5d:bd:a7:e8:c6:54:94:e1:ae:a2:67:f4:b6:
                    cd:5e:6a:30:4e:fa:54:f0:b1:a5:a0:cc:e2:05:1e:
                    64:5d:95:0f:4d:c5:e1:02:fb:cf:37:8d:6c:ad:62:
                    6a:2e:66:39:db:29:a5:1f:15:77:56:57:7e:75:c4:
                    e4:f8:11:0c:11:26:62:37:c9:13:4a:0a:42:eb:48:
                    05:5a:0c:55:cd:18:62:d1:32:72:87:e6:2f:e9:0f:
                    37:91:34:72:76:6c:22:b0:5a:83:d0:37:6e:51:81:
                    91:9a:6f:66:3b:02:cf:b0:70:b7:b7:d1:09:5f:ad:
                    37:aa:9f:af:87:ca:f1:57:37:53:3d:c6:b5:9d:39:
                    08:f5:cb:87:91:96:bc:4b:1c:03:3f:29:04:96:54:
                    e2:0d:3a:47:72:2a:ef:6a:93:7a:3d:fe:90:7c:e9:
                    7b:4e:f2:05:b3:5d:0d:e8:8a:bd:dc:47:66:08:05:
                    3e:a7:34:71:ab:ab:e5:70:1a:4f:d1:4f:e6:6c:90:
                    6f:8b:a6:af:14:27:36:26:34:bc:21:2b:28:3d:99:
                    8e:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:93:32:0A:7F:C8:E1:0F:E1:CC:8A:E0:9C:43:EA:03:FC:D0:7C:87
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7ZMyCn_I4Q_hzIrgnEPqA_zQfIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.202.0/24
                  217.144.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:a5:69:13:87:56:63:cd:ea:88:c6:63:35:51:33:3d:4c:ff:
         e5:e8:65:89:cc:93:1f:68:5a:f8:ac:b7:f1:67:89:79:7a:4e:
         39:34:f9:23:c5:43:49:5e:31:ff:0b:3c:03:bf:b3:73:d6:ec:
         6d:01:44:ea:ae:ba:45:f8:a8:ac:c3:4c:e0:73:0b:c9:3a:ac:
         ea:7c:4f:c9:b3:9e:57:04:14:62:b4:98:b8:75:ac:c2:9a:6e:
         b7:de:db:f0:7c:87:4a:b4:a9:ce:9b:7b:8a:dd:49:1c:5b:77:
         3c:fd:6d:f3:ae:ca:73:f8:2c:cc:a3:7d:6b:b7:14:4e:6d:60:
         ec:d0:f8:aa:ed:d7:5d:d3:c7:91:44:48:3f:5b:bf:66:9f:10:
         3f:49:9a:84:69:e6:9a:d6:0a:84:35:42:05:97:fc:83:6c:48:
         6c:b8:5c:86:0e:3e:1c:5e:45:3d:f2:2a:ef:17:50:d9:24:f3:
         ec:27:18:35:05:0d:60:c6:1b:f9:8b:40:10:11:ab:c9:49:5f:
         8c:d4:cb:0c:5f:e0:b3:ba:60:b2:7f:bd:da:84:ab:37:33:6c:
         aa:98:15:47:0a:9a:5a:8f:4b:f8:24:0f:f6:23:e7:9d:56:da:
         95:3a:91:ed:a9:a4:be:32:96:90:7a:5e:83:b1:16:7f:27:10:
         ae:49:4d:0e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZpJIYVgLSffmS7RgQHpp5OeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMTAzMDk1MjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDkzMzIwYTdmYzhlMTBmZTFjYzhhZTA5YzQzZWEwM2ZjZDA3Yzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8LeyH28g9Xwi0gW9zT5gfg73fOwS
C5+ZH0IT2XCP868oms+jrnGN+KzP+thtel29p+jGVJThrqJn9LbNXmowTvpU8LGl
oMziBR5kXZUPTcXhAvvPN41srWJqLmY52ymlHxV3Vld+dcTk+BEMESZiN8kTSgpC
60gFWgxVzRhi0TJyh+Yv6Q83kTRydmwisFqD0DduUYGRmm9mOwLPsHC3t9EJX603
qp+vh8rxVzdTPca1nTkI9cuHkZa8SxwDPykEllTiDTpHcirvapN6Pf6QfOl7TvIF
s10N6Iq93EdmCAU+pzRxq6vlcBpP0U/mbJBvi6avFCc2JjS8ISsoPZmO+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO2TMgp/yOEP4cyK4JxD6gP80HyHMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvN1pNeUNuX0k0UV9oeklyZ25FUHFBX3pRZkljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbbDKAwQA
2ZCaMA0GCSqGSIb3DQEBCwUAA4IBAQBmpWkTh1ZjzeqIxmM1UTM9TP/l6GWJzJMf
aFr4rLfxZ4l5ek45NPkjxUNJXjH/CzwDv7Nz1uxtAUTqrrpF+Kisw0zgcwvJOqzq
fE/Js55XBBRitJi4dazCmm633tvwfIdKtKnOm3uK3UkcW3c8/W3zrspz+CzMo31r
txRObWDs0Piq7ddd08eRREg/W79mnxA/SZqEaeaa1gqENUIFl/yDbEhsuFyGDj4c
XkU98irvF1DZJPPsJxg1BQ1gxhv5i0AQEavJSV+M1MsMX+CzumCyf73ahKs3M2yq
mBVHCppaj0v4JA/2I+edVtqVOpHtqaS+MpaQel6DsRZ/JxCuSU0O
-----END CERTIFICATE-----