Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/319d61-560a-44fd-aa25-49671acdf486/1/U56329e4gM-IVTVVEt6zrVkDGjo.roa
File:                     U56329e4gM-IVTVVEt6zrVkDGjo.roa (raw, json)
Hash identifier:          we1XyD3BJFEUnklb4jnEqKHGEO1FUWwSSjWf88RrLFc=
Subject key identifier:   53:9E:B7:DB:D7:B8:80:CF:88:55:35:55:12:DE:B3:AD:59:03:1A:3A
Certificate issuer:       /CN=2dd3ae23cb46ee9c21950efcb60defa094ba5548
Certificate serial:       019A3E424A0FB1B169CFB4A30B5B4685C088
Authority key identifier: 2D:D3:AE:23:CB:46:EE:9C:21:95:0E:FC:B6:0D:EF:A0:94:BA:55:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LdOuI8tG7pwhlQ78tg3voJS6VUg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/319d61-560a-44fd-aa25-49671acdf486/1/U56329e4gM-IVTVVEt6zrVkDGjo.roa
Signing time:             Sat 01 Nov 2025 07:12:02 +0000
ROA not before:           Sat 01 Nov 2025 07:12:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204099
IP address blocks:        185.222.44.0/22 maxlen: 22
                          2a0c:7800::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/319d61-560a-44fd-aa25-49671acdf486/1/LdOuI8tG7pwhlQ78tg3voJS6VUg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/319d61-560a-44fd-aa25-49671acdf486/1/LdOuI8tG7pwhlQ78tg3voJS6VUg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LdOuI8tG7pwhlQ78tg3voJS6VUg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 07:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:3e:42:4a:0f:b1:b1:69:cf:b4:a3:0b:5b:46:85:c0:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dd3ae23cb46ee9c21950efcb60defa094ba5548
        Validity
            Not Before: Nov  1 07:12:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=539eb7dbd7b880cf8855355512deb3ad59031a3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:0a:2a:02:49:e4:9d:77:d8:1a:f6:ee:40:67:
                    7d:c4:d5:8f:ed:4f:ed:4c:bb:c2:2b:42:a1:80:36:
                    f5:83:22:8d:dd:fb:b5:8c:a7:99:c8:ff:54:19:da:
                    ee:9b:e2:8d:8c:5d:e9:20:7c:ef:78:1e:97:9c:5c:
                    26:87:d8:c4:fb:cb:bd:ee:42:f1:0a:8d:8d:d8:42:
                    15:77:fb:c8:78:e4:14:60:13:67:9b:06:02:df:15:
                    51:60:80:ad:e5:f1:1d:97:5a:06:c8:55:d9:2a:e7:
                    ee:a9:57:6f:dc:82:56:5e:d5:68:99:80:80:5f:ad:
                    fa:03:18:28:7f:43:04:e4:c4:92:bb:8c:90:6d:86:
                    bc:f5:d3:4e:0d:47:71:db:e8:e2:bf:5a:a3:db:e9:
                    1c:20:e8:ff:46:70:d6:6a:b3:75:df:0c:0d:12:43:
                    59:6c:fb:26:b4:ab:c2:05:2f:73:02:29:df:0e:81:
                    54:fc:fc:55:fe:71:91:15:14:8a:7e:e4:54:86:39:
                    e9:e6:87:29:86:05:14:ef:2d:a0:c0:fd:3e:a3:c3:
                    df:01:95:a3:91:04:99:89:9a:b0:dd:e4:9d:43:5c:
                    8e:90:70:f5:4f:7c:3d:3a:78:14:7a:0f:74:93:13:
                    52:19:0e:b4:8c:aa:85:ce:c7:71:1b:cc:e5:79:8e:
                    96:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:9E:B7:DB:D7:B8:80:CF:88:55:35:55:12:DE:B3:AD:59:03:1A:3A
            X509v3 Authority Key Identifier:
                keyid:2D:D3:AE:23:CB:46:EE:9C:21:95:0E:FC:B6:0D:EF:A0:94:BA:55:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LdOuI8tG7pwhlQ78tg3voJS6VUg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/319d61-560a-44fd-aa25-49671acdf486/1/U56329e4gM-IVTVVEt6zrVkDGjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/319d61-560a-44fd-aa25-49671acdf486/1/LdOuI8tG7pwhlQ78tg3voJS6VUg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.44.0/22
                IPv6:
                  2a0c:7800::/29

    Signature Algorithm: sha256WithRSAEncryption
         33:96:25:35:04:69:fb:77:25:17:3a:76:95:88:6a:95:bc:ae:
         3f:7a:12:59:06:8f:3b:99:ce:8b:e6:2f:c9:34:a6:19:95:58:
         54:b2:87:36:00:d6:81:c3:f8:b9:16:a0:de:8e:f1:af:ba:5b:
         b8:1a:c3:f8:4b:f3:75:af:33:a2:ef:83:ba:fd:ff:01:a5:d2:
         0f:b1:4b:67:95:73:38:9b:22:f0:0b:1f:d5:fe:19:01:3d:75:
         61:f7:7c:81:6f:63:ea:a2:1b:13:1c:eb:65:f6:9f:3c:65:3a:
         2c:71:35:fa:0b:b6:fa:68:e3:02:f2:41:9e:c4:a9:da:ec:ad:
         62:60:8e:67:c3:ba:15:79:c4:c1:41:44:a2:d6:ec:29:47:23:
         a2:9f:74:2c:09:18:55:7d:56:8b:ae:a5:bf:70:8a:91:59:f8:
         b2:c6:9d:f6:e5:19:99:eb:41:3e:b4:d4:46:fd:84:1d:db:85:
         cf:97:c2:be:df:1e:82:81:14:7a:c6:94:3d:33:1b:f1:7a:58:
         63:ee:08:c3:b9:a2:66:cc:81:23:3d:54:1f:c1:50:2a:2a:c8:
         52:e2:b7:e4:84:01:ee:7b:ba:96:79:76:e7:0c:57:14:fd:76:
         9f:60:7f:bb:c9:74:e1:29:1b:b9:0e:51:02:2b:82:d5:7d:78:
         a4:71:36:b5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZo+QkoPsbFpz7SjC1tGhcCIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkZDNhZTIzY2I0NmVlOWMyMTk1MGVmY2I2MGRlZmEwOTRi
YTU1NDgwHhcNMjUxMTAxMDcxMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzllYjdkYmQ3Yjg4MGNmODg1NTM1NTUxMmRlYjNhZDU5MDMxYTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAoqAknknXfYGvbuQGd9xNWP7U/t
TLvCK0KhgDb1gyKN3fu1jKeZyP9UGdrum+KNjF3pIHzveB6XnFwmh9jE+8u97kLx
Co2N2EIVd/vIeOQUYBNnmwYC3xVRYICt5fEdl1oGyFXZKufuqVdv3IJWXtVomYCA
X636Axgof0ME5MSSu4yQbYa89dNODUdx2+jiv1qj2+kcIOj/RnDWarN13wwNEkNZ
bPsmtKvCBS9zAinfDoFU/PxV/nGRFRSKfuRUhjnp5ocphgUU7y2gwP0+o8PfAZWj
kQSZiZqw3eSdQ1yOkHD1T3w9OngUeg90kxNSGQ60jKqFzsdxG8zleY6WzwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFOet9vXuIDPiFU1VRLes61ZAxo6MB8GA1UdIwQY
MBaAFC3TriPLRu6cIZUO/LYN76CUulVIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGRPdUk4dEc3cHdobFE3OHRnM3ZvSlM2VlVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zMTlkNjEtNTYwYS00NGZkLWFhMjUt
NDk2NzFhY2RmNDg2LzEvVTU2MzI5ZTRnTS1JVlRWVkV0NnpyVmtER2pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zMTlkNjEtNTYwYS00NGZkLWFhMjUtNDk2NzFhY2RmNDg2
LzEvTGRPdUk4dEc3cHdobFE3OHRnM3ZvSlM2VlVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCud4sMA0E
AgACMAcDBQMqDHgAMA0GCSqGSIb3DQEBCwUAA4IBAQAzliU1BGn7dyUXOnaViGqV
vK4/ehJZBo87mc6L5i/JNKYZlVhUsoc2ANaBw/i5FqDejvGvulu4GsP4S/N1rzOi
74O6/f8BpdIPsUtnlXM4myLwCx/V/hkBPXVh93yBb2PqohsTHOtl9p88ZToscTX6
C7b6aOMC8kGexKna7K1iYI5nw7oVecTBQUSi1uwpRyOin3QsCRhVfVaLrqW/cIqR
Wfiyxp325RmZ60E+tNRG/YQd24XPl8K+3x6CgRR6xpQ9Mxvxelhj7gjDuaJmzIEj
PVQfwVAqKshS4rfkhAHue7qWeXbnDFcU/XafYH+7yXThKRu5DlECK4LVfXikcTa1
-----END CERTIFICATE-----