Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/THD6dCAcQylh5j9TRPuNEYk_EF0.roa
File:                     THD6dCAcQylh5j9TRPuNEYk_EF0.roa (raw, json)
Hash identifier:          RLY2fSTdx8vREbBUWYofmuTLlTO7pJB3RnHvsPQUpgw=
Subject key identifier:   4C:70:FA:74:20:1C:43:29:61:E6:3F:53:44:FB:8D:11:89:3F:10:5D
Certificate issuer:       /CN=25bbed0bff7ffeab67f302b411a00701854a6c30
Certificate serial:       019A4DA2248F828B1B8D398508795C33F259
Authority key identifier: 25:BB:ED:0B:FF:7F:FE:AB:67:F3:02:B4:11:A0:07:01:85:4A:6C:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/THD6dCAcQylh5j9TRPuNEYk_EF0.roa
Signing time:             Tue 04 Nov 2025 06:51:03 +0000
ROA not before:           Tue 04 Nov 2025 06:51:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        185.189.244.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4d:a2:24:8f:82:8b:1b:8d:39:85:08:79:5c:33:f2:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25bbed0bff7ffeab67f302b411a00701854a6c30
        Validity
            Not Before: Nov  4 06:51:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c70fa74201c432961e63f5344fb8d11893f105d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:7e:c4:91:b7:0a:09:32:a7:1b:e4:41:2f:8e:
                    62:4d:74:a5:a8:16:c4:ba:67:26:2a:5d:10:58:73:
                    e9:60:b5:0c:f7:92:2f:a3:a0:f9:d6:5e:c0:a4:98:
                    6c:f3:8d:a8:73:78:73:99:b2:18:b7:e1:e1:95:d5:
                    ee:3a:be:66:26:6b:d7:8e:57:25:ca:2f:69:6f:95:
                    92:82:8d:b5:ab:71:06:8c:8b:6e:71:3e:9f:7c:8b:
                    61:1e:06:db:07:f7:92:63:93:5b:43:14:06:83:a1:
                    84:9f:c4:51:d8:c9:eb:0d:4b:08:5d:94:08:28:17:
                    b0:12:21:d2:25:7b:91:ff:6b:68:6c:1a:4f:15:ab:
                    0f:14:b1:9c:f0:8c:06:ff:20:d6:b9:73:aa:82:71:
                    af:19:0f:3f:fd:f1:74:3c:ec:23:0a:92:96:26:20:
                    ab:03:d2:ec:82:00:7e:70:9b:0d:54:e8:88:72:c6:
                    f4:b6:03:fd:e4:4e:fb:98:6b:f5:22:40:43:81:4f:
                    7e:69:e2:11:44:6f:b7:68:d6:f8:93:ca:33:db:92:
                    a8:36:9b:a1:97:e8:67:a2:25:70:d6:40:25:4a:c4:
                    92:aa:aa:36:65:95:9e:aa:1d:bf:5b:b7:59:ec:1e:
                    87:06:f1:08:e3:0b:22:b1:70:d6:37:c1:10:13:76:
                    65:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:70:FA:74:20:1C:43:29:61:E6:3F:53:44:FB:8D:11:89:3F:10:5D
            X509v3 Authority Key Identifier:
                keyid:25:BB:ED:0B:FF:7F:FE:AB:67:F3:02:B4:11:A0:07:01:85:4A:6C:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/THD6dCAcQylh5j9TRPuNEYk_EF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.189.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3e:b6:ea:5e:50:50:84:11:3a:2e:7c:56:f1:e0:20:89:7f:90:
         90:7b:2a:7f:5f:61:b0:7a:d1:a0:96:d4:1e:34:6a:61:79:cc:
         76:a9:5d:08:ea:7f:28:b7:7a:c7:29:5f:8d:d8:9d:ca:82:33:
         58:b9:fa:3b:d4:20:37:83:0e:f0:5b:24:36:3d:25:aa:1c:7f:
         28:9e:93:45:17:48:7d:79:d5:48:87:a7:82:c9:4a:2e:dc:db:
         40:82:b4:13:44:c4:af:52:2a:83:77:d6:76:f3:d1:20:79:1f:
         31:ca:77:67:31:02:8f:d7:ce:5b:c9:6f:d7:31:c8:3a:d3:d1:
         b1:14:c4:7b:bf:0b:ea:9c:71:53:d1:dc:fc:f1:0b:48:66:af:
         f0:92:d8:eb:16:e9:44:1a:30:ba:df:83:89:99:d7:2f:e5:6f:
         4f:1b:73:65:0b:94:f7:0a:c7:f4:78:d5:5b:8d:ed:8d:5a:f6:
         de:f4:b4:4e:58:76:b5:bd:a8:32:3f:51:1f:af:2a:4d:07:5b:
         dc:cb:e2:fe:bc:80:0e:54:57:1c:cd:ce:99:b6:74:52:4d:d3:
         d1:ee:47:ec:f5:05:d2:df:b9:9f:6b:c4:ce:7b:e7:c3:0a:bd:
         2f:db:85:1c:46:79:34:80:f0:14:9d:dd:ea:79:e0:9a:96:43:
         93:48:28:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpNoiSPgosbjTmFCHlcM/JZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YmJlZDBiZmY3ZmZlYWI2N2YzMDJiNDExYTAwNzAxODU0
YTZjMzAwHhcNMjUxMTA0MDY1MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzcwZmE3NDIwMWM0MzI5NjFlNjNmNTM0NGZiOGQxMTg5M2YxMDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAun7EkbcKCTKnG+RBL45iTXSlqBbE
umcmKl0QWHPpYLUM95Ivo6D51l7ApJhs842oc3hzmbIYt+HhldXuOr5mJmvXjlcl
yi9pb5WSgo21q3EGjItucT6ffIthHgbbB/eSY5NbQxQGg6GEn8RR2MnrDUsIXZQI
KBewEiHSJXuR/2tobBpPFasPFLGc8IwG/yDWuXOqgnGvGQ8//fF0POwjCpKWJiCr
A9LsggB+cJsNVOiIcsb0tgP95E77mGv1IkBDgU9+aeIRRG+3aNb4k8oz25KoNpuh
l+hnoiVw1kAlSsSSqqo2ZZWeqh2/W7dZ7B6HBvEI4wsisXDWN8EQE3Zl2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExw+nQgHEMpYeY/U0T7jRGJPxBdMB8GA1UdIwQY
MBaAFCW77Qv/f/6rZ/MCtBGgBwGFSmwwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmJ2dENfOV9fcXRuOHdLMEVhQUhBWVZLYkRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8zYjlhZmYtZjAwZC00MTg3LWFmOTQt
NTcxN2I0NTQ0MjM3LzEvVEhENmRDQWNReWxoNWo5VFJQdU5FWWtfRUYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8zYjlhZmYtZjAwZC00MTg3LWFmOTQtNTcxN2I0NTQ0MjM3
LzEvSmJ2dENfOV9fcXRuOHdLMEVhQUhBWVZLYkRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBub30MA0G
CSqGSIb3DQEBCwUAA4IBAQA+tupeUFCEEToufFbx4CCJf5CQeyp/X2GwetGgltQe
NGphecx2qV0I6n8ot3rHKV+N2J3KgjNYufo71CA3gw7wWyQ2PSWqHH8onpNFF0h9
edVIh6eCyUou3NtAgrQTRMSvUiqDd9Z289EgeR8xyndnMQKP185byW/XMcg609Gx
FMR7vwvqnHFT0dz88QtIZq/wktjrFulEGjC634OJmdcv5W9PG3NlC5T3Csf0eNVb
je2NWvbe9LROWHa1vagyP1EfrypNB1vcy+L+vIAOVFcczc6ZtnRSTdPR7kfs9QXS
37mfa8TOe+fDCr0v24UcRnk0gPAUnd3qeeCalkOTSCjj
-----END CERTIFICATE-----