Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/dc7345-75cb-4420-a3f0-65fb10a06e89/1/xh-we9d8ckMU7F7FFzCQ7FMsb3I.roa
File:                     xh-we9d8ckMU7F7FFzCQ7FMsb3I.roa (raw, json)
Hash identifier:          EaElHQr8TuQZrISDJ1FWoKtH8vNTIdcwsRa2JKICJyg=
Subject key identifier:   C6:1F:B0:7B:D7:7C:72:43:14:EC:5E:C5:17:30:90:EC:53:2C:6F:72
Certificate issuer:       /CN=2abcc5c664a4a82305892a8c433e94ffe32dadb7
Certificate serial:       019A173DE3CE06B56ABF53A38FD599940E3C
Authority key identifier: 2A:BC:C5:C6:64:A4:A8:23:05:89:2A:8C:43:3E:94:FF:E3:2D:AD:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KrzFxmSkqCMFiSqMQz6U_-Mtrbc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/dc7345-75cb-4420-a3f0-65fb10a06e89/1/xh-we9d8ckMU7F7FFzCQ7FMsb3I.roa
Signing time:             Fri 24 Oct 2025 17:22:03 +0000
ROA not before:           Fri 24 Oct 2025 17:22:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206070
IP address blocks:        185.197.104.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/dc7345-75cb-4420-a3f0-65fb10a06e89/1/KrzFxmSkqCMFiSqMQz6U_-Mtrbc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/dc7345-75cb-4420-a3f0-65fb10a06e89/1/KrzFxmSkqCMFiSqMQz6U_-Mtrbc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KrzFxmSkqCMFiSqMQz6U_-Mtrbc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 22:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:17:3d:e3:ce:06:b5:6a:bf:53:a3:8f:d5:99:94:0e:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2abcc5c664a4a82305892a8c433e94ffe32dadb7
        Validity
            Not Before: Oct 24 17:22:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c61fb07bd77c724314ec5ec5173090ec532c6f72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:34:18:d3:3d:3e:51:d2:5b:a4:e4:2a:38:bb:
                    51:f4:7c:cc:50:fe:be:3f:b7:c5:9c:39:3b:76:f3:
                    ce:c3:22:72:69:99:31:5d:d9:2c:13:66:ae:18:71:
                    1c:57:78:a9:63:1a:a7:67:69:3f:35:43:f2:3e:c3:
                    f6:5f:64:d3:6b:51:01:4c:41:12:f1:6c:d6:a7:f4:
                    f2:4a:51:0e:d7:f0:45:06:67:e2:6f:b0:2e:ba:a6:
                    d9:57:d7:a1:e6:8b:a9:c2:c3:45:d0:01:e4:c6:be:
                    95:06:ad:47:85:b2:9d:67:99:4b:57:24:58:13:3c:
                    d3:78:19:3f:de:8e:c9:08:8e:ab:04:d5:30:a8:da:
                    11:a2:99:a3:8e:09:69:63:dc:af:7d:25:0b:7a:b3:
                    dd:e5:d7:06:d9:d5:ae:84:a3:23:4b:c9:36:ef:87:
                    95:35:fb:3e:0d:18:c9:c6:8d:c3:d8:0f:8b:2b:02:
                    7f:9f:34:42:60:b3:21:a6:b7:9e:03:f8:68:85:8b:
                    30:8a:d9:36:96:96:b6:94:f3:90:d8:ca:23:78:11:
                    47:41:8b:2a:0c:c6:17:3c:bf:25:07:26:46:5b:60:
                    88:64:16:a6:da:ad:60:bb:29:83:f7:bd:6f:99:5d:
                    2c:f1:5d:20:5e:68:2f:1c:6b:88:46:d7:f9:83:12:
                    d8:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:1F:B0:7B:D7:7C:72:43:14:EC:5E:C5:17:30:90:EC:53:2C:6F:72
            X509v3 Authority Key Identifier:
                keyid:2A:BC:C5:C6:64:A4:A8:23:05:89:2A:8C:43:3E:94:FF:E3:2D:AD:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KrzFxmSkqCMFiSqMQz6U_-Mtrbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/dc7345-75cb-4420-a3f0-65fb10a06e89/1/xh-we9d8ckMU7F7FFzCQ7FMsb3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/dc7345-75cb-4420-a3f0-65fb10a06e89/1/KrzFxmSkqCMFiSqMQz6U_-Mtrbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:e3:3c:59:8e:35:28:a7:c9:17:cb:0e:30:8e:5b:34:44:2c:
         5f:52:ad:6d:22:5f:64:4d:6f:a4:4d:93:71:cf:d0:1f:ab:7e:
         ac:a1:08:d9:1e:6d:f8:b0:b4:62:89:89:00:e8:e6:16:d0:10:
         ae:42:80:06:b2:50:c5:00:e5:66:4e:dd:2b:3d:51:48:b0:1d:
         12:13:a9:6c:d1:94:3e:a7:d7:88:26:cd:1b:75:3b:53:65:b9:
         0a:7d:74:1b:ce:52:38:00:e2:3a:2c:34:df:3c:10:1c:e5:3a:
         05:22:9a:38:ad:55:7b:f0:32:45:8a:14:a4:46:90:04:3e:cd:
         02:27:76:29:5f:6b:89:66:5b:a1:56:c1:43:46:8c:69:b3:5b:
         fa:14:14:ac:6d:a6:65:65:c8:82:2e:43:ae:fd:7f:80:8b:3d:
         21:5d:7f:fa:0d:97:0b:eb:88:35:19:c3:3c:a5:20:70:7e:d3:
         2c:c8:4b:b7:05:89:f6:4b:b1:e6:2c:c5:bd:4a:a6:54:52:b1:
         e2:d1:a7:03:d3:14:ea:ee:88:36:d6:ed:d6:45:6d:1e:b1:8d:
         b4:4c:1e:3d:63:11:37:de:db:18:fe:ab:27:f9:36:35:c0:62:
         51:4a:98:c4:6d:cb:d9:80:a3:15:7d:72:e9:96:ec:7b:3e:3a:
         19:73:7f:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoXPePOBrVqv1Ojj9WZlA48MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYmNjNWM2NjRhNGE4MjMwNTg5MmE4YzQzM2U5NGZmZTMy
ZGFkYjcwHhcNMjUxMDI0MTcyMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjFmYjA3YmQ3N2M3MjQzMTRlYzVlYzUxNzMwOTBlYzUzMmM2ZjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7jQY0z0+UdJbpOQqOLtR9HzMUP6+
P7fFnDk7dvPOwyJyaZkxXdksE2auGHEcV3ipYxqnZ2k/NUPyPsP2X2TTa1EBTEES
8WzWp/TySlEO1/BFBmfib7AuuqbZV9eh5oupwsNF0AHkxr6VBq1HhbKdZ5lLVyRY
EzzTeBk/3o7JCI6rBNUwqNoRopmjjglpY9yvfSULerPd5dcG2dWuhKMjS8k274eV
Nfs+DRjJxo3D2A+LKwJ/nzRCYLMhpreeA/hohYswitk2lpa2lPOQ2MojeBFHQYsq
DMYXPL8lByZGW2CIZBam2q1guymD971vmV0s8V0gXmgvHGuIRtf5gxLYGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMYfsHvXfHJDFOxexRcwkOxTLG9yMB8GA1UdIwQY
MBaAFCq8xcZkpKgjBYkqjEM+lP/jLa23MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3J6RnhtU2txQ01GaVNxTVF6NlVfLU10cmJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9kYzczNDUtNzVjYi00NDIwLWEzZjAt
NjVmYjEwYTA2ZTg5LzEveGgtd2U5ZDhja01VN0Y3RkZ6Q1E3Rk1zYjNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9kYzczNDUtNzVjYi00NDIwLWEzZjAtNjVmYjEwYTA2ZTg5
LzEvS3J6RnhtU2txQ01GaVNxTVF6NlVfLU10cmJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucVoMA0G
CSqGSIb3DQEBCwUAA4IBAQAP4zxZjjUop8kXyw4wjls0RCxfUq1tIl9kTW+kTZNx
z9Afq36soQjZHm34sLRiiYkA6OYW0BCuQoAGslDFAOVmTt0rPVFIsB0SE6ls0ZQ+
p9eIJs0bdTtTZbkKfXQbzlI4AOI6LDTfPBAc5ToFIpo4rVV78DJFihSkRpAEPs0C
J3YpX2uJZluhVsFDRoxps1v6FBSsbaZlZciCLkOu/X+Aiz0hXX/6DZcL64g1GcM8
pSBwftMsyEu3BYn2S7HmLMW9SqZUUrHi0acD0xTq7og21u3WRW0esY20TB49YxE3
3tsY/qsn+TY1wGJRSpjEbcvZgKMVfXLplux7PjoZc38K
-----END CERTIFICATE-----