Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/fbFp30tlds9SoJJaUq5OEp638sk.roa
File:                     fbFp30tlds9SoJJaUq5OEp638sk.roa (raw, json)
Hash identifier:          p5y15eDb7e13qvb9/5WBmJnyQVEEGak4ep0rcaPkAFw=
Subject key identifier:   7D:B1:69:DF:4B:65:76:CF:52:A0:92:5A:52:AE:4E:12:9E:B7:F2:C9
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       019A39E559923DF7B2021B044852505288BF
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/fbFp30tlds9SoJJaUq5OEp638sk.roa
Signing time:             Fri 31 Oct 2025 10:52:03 +0000
ROA not before:           Fri 31 Oct 2025 10:52:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57587
IP address blocks:        185.202.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 07:01:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:39:e5:59:92:3d:f7:b2:02:1b:04:48:52:50:52:88:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Oct 31 10:52:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7db169df4b6576cf52a0925a52ae4e129eb7f2c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ed:b0:ea:03:f4:b3:ac:03:dc:66:cb:45:be:
                    d2:b0:9f:0d:d2:0d:d3:9d:1d:8a:00:d9:fd:09:4f:
                    75:29:b9:d4:ad:31:aa:a2:b6:94:f8:ef:d2:11:30:
                    13:4d:1b:45:d3:05:a4:bd:6d:4c:f6:e7:97:53:a1:
                    39:4f:c0:60:9b:62:66:f6:2b:0f:b4:70:92:c9:ce:
                    00:c3:46:3f:ab:90:ca:ce:2b:b8:37:25:1e:33:f9:
                    49:e2:ec:e2:ae:61:43:5a:8e:8c:e3:ba:57:bf:ec:
                    ff:0f:44:2c:cd:8d:1e:6f:87:46:dc:45:6f:0e:36:
                    ac:0b:6d:c7:e9:1d:6e:4b:ef:e3:0c:20:a6:00:63:
                    8d:3e:c8:7b:4b:bb:0f:7d:35:f8:27:b3:f2:26:04:
                    08:56:15:25:d5:9e:ca:d4:e7:99:98:d3:72:63:14:
                    5d:20:07:a8:c9:e6:76:df:9f:b8:2a:5c:fb:e8:ac:
                    20:56:13:ed:a0:57:30:aa:e0:0a:5f:b3:0c:3a:b3:
                    d7:42:40:05:88:1b:14:52:79:af:ac:97:1e:9c:62:
                    ff:5c:0e:a9:a6:4f:e9:94:20:69:e2:5b:3b:cd:e5:
                    08:6b:73:20:ab:92:bb:09:89:77:4e:29:4f:1f:0e:
                    15:b2:ec:34:6e:fb:e4:69:fe:37:af:55:ad:53:2b:
                    45:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:B1:69:DF:4B:65:76:CF:52:A0:92:5A:52:AE:4E:12:9E:B7:F2:C9
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/fbFp30tlds9SoJJaUq5OEp638sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.202.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:f1:43:3f:b9:28:a5:38:4a:d5:9c:ca:9d:ac:46:0d:d7:0a:
         04:ea:61:f6:d8:ad:51:a8:4c:5f:89:26:0f:5f:22:b9:46:55:
         fe:c1:ca:c6:54:ed:d9:49:ba:ed:18:5f:10:31:12:a1:0f:70:
         03:ca:f4:24:0f:db:e9:11:0e:51:c8:11:48:6a:6a:2a:c4:34:
         80:1e:5b:b1:5e:89:ec:49:59:5f:54:5a:54:24:52:f8:e6:c3:
         76:2d:00:a0:38:e4:9d:a6:1a:84:6b:71:af:56:98:ac:77:1f:
         5f:c6:c5:d6:7c:cc:0f:67:66:d5:e5:e0:a3:11:ec:21:13:2c:
         d9:fd:c0:04:7b:a3:30:77:c5:c2:de:81:85:25:6d:69:07:66:
         1d:12:47:8a:f2:38:61:e1:99:80:fb:92:d9:7d:67:9c:3b:fb:
         77:7a:fa:35:a9:46:9b:09:b1:74:ff:6b:f9:bb:a3:11:35:ad:
         d9:45:47:87:b0:88:5b:4a:7f:81:84:80:03:93:58:fc:fb:a4:
         3e:38:54:68:da:27:88:5b:63:b8:cd:f0:b1:81:c2:74:6e:19:
         1a:a2:11:e1:f7:a4:d0:02:bc:ec:fa:f1:fc:7a:03:f2:97:de:
         72:da:fc:ef:fb:e4:86:06:d2:9f:ff:1e:5e:0e:94:aa:02:0b:
         2a:11:67:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZo55VmSPfeyAhsESFJQUoi/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjUxMDMxMTA1MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGIxNjlkZjRiNjU3NmNmNTJhMDkyNWE1MmFlNGUxMjllYjdmMmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtO2w6gP0s6wD3GbLRb7SsJ8N0g3T
nR2KANn9CU91KbnUrTGqoraU+O/SETATTRtF0wWkvW1M9ueXU6E5T8Bgm2Jm9isP
tHCSyc4Aw0Y/q5DKziu4NyUeM/lJ4uzirmFDWo6M47pXv+z/D0QszY0eb4dG3EVv
DjasC23H6R1uS+/jDCCmAGONPsh7S7sPfTX4J7PyJgQIVhUl1Z7K1OeZmNNyYxRd
IAeoyeZ235+4Klz76KwgVhPtoFcwquAKX7MMOrPXQkAFiBsUUnmvrJcenGL/XA6p
pk/plCBp4ls7zeUIa3Mgq5K7CYl3TilPHw4Vsuw0bvvkaf43r1WtUytFHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH2xad9LZXbPUqCSWlKuThKet/LJMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvZmJGcDMwdGxkczlTb0pKYVVxNU9FcDYzOHNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucoDMA0G
CSqGSIb3DQEBCwUAA4IBAQAE8UM/uSilOErVnMqdrEYN1woE6mH22K1RqExfiSYP
XyK5RlX+wcrGVO3ZSbrtGF8QMRKhD3ADyvQkD9vpEQ5RyBFIamoqxDSAHluxXons
SVlfVFpUJFL45sN2LQCgOOSdphqEa3GvVpisdx9fxsXWfMwPZ2bV5eCjEewhEyzZ
/cAEe6Mwd8XC3oGFJW1pB2YdEkeK8jhh4ZmA+5LZfWecO/t3evo1qUabCbF0/2v5
u6MRNa3ZRUeHsIhbSn+BhIADk1j8+6Q+OFRo2ieIW2O4zfCxgcJ0bhkaohHh96TQ
Arzs+vH8egPyl95y2vzv++SGBtKf/x5eDpSqAgsqEWe6
-----END CERTIFICATE-----