Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/p7VinBT544pt3EXzTm1pwPGpSC8.roa
File:                     p7VinBT544pt3EXzTm1pwPGpSC8.roa (raw, json)
Hash identifier:          jv8ZfoxnroW+DzcSODN0QV7hQMtZttPbI/HcF/GyoG4=
Subject key identifier:   A7:B5:62:9C:14:F9:E3:8A:6D:DC:45:F3:4E:6D:69:C0:F1:A9:48:2F
Certificate issuer:       /CN=7afb5441d8ef8e41aa28dd51cdde925943aef7fa
Certificate serial:       01992A2DBA77366511DA63B870C806ECE116
Authority key identifier: 7A:FB:54:41:D8:EF:8E:41:AA:28:DD:51:CD:DE:92:59:43:AE:F7:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/p7VinBT544pt3EXzTm1pwPGpSC8.roa
Signing time:             Mon 08 Sep 2025 16:34:23 +0000
ROA not before:           Mon 08 Sep 2025 16:34:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        62.164.160.0/21 maxlen: 21
                          116.199.224.0/21 maxlen: 21
                          116.199.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 13:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2a:2d:ba:77:36:65:11:da:63:b8:70:c8:06:ec:e1:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7afb5441d8ef8e41aa28dd51cdde925943aef7fa
        Validity
            Not Before: Sep  8 16:34:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a7b5629c14f9e38a6ddc45f34e6d69c0f1a9482f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:48:0f:fd:ba:13:9e:86:c3:80:dc:93:1d:8b:
                    cf:fd:c8:57:6f:a0:9c:27:4c:37:08:49:02:64:95:
                    ff:fb:56:45:6a:a5:d2:e1:06:02:dc:ac:8b:5e:fa:
                    2c:af:f1:dd:f0:29:47:2b:36:f8:14:49:db:70:0e:
                    23:3a:70:f7:67:12:5c:96:bd:d4:c3:05:0a:3b:02:
                    4b:9d:de:a7:a1:7c:c1:4e:78:d0:3c:3a:90:35:c3:
                    82:d2:88:7d:4f:50:3e:46:b3:d8:7a:a4:e3:28:e2:
                    1e:a1:33:4d:50:e5:81:c7:66:a1:b4:38:e3:da:1a:
                    c5:a4:46:b0:71:e8:e2:98:8b:3d:ee:07:99:61:cd:
                    b5:ac:f1:0a:c7:8d:83:00:32:ff:fc:62:82:ab:72:
                    f6:2b:eb:67:0a:b0:59:af:02:0f:88:70:f0:fd:b4:
                    e0:75:3d:37:a4:5c:a2:a8:3e:79:a4:4d:11:7a:79:
                    47:5a:1a:bd:17:13:cb:d1:b2:39:44:a9:d5:55:20:
                    9e:d7:ef:83:07:75:0c:79:00:c6:30:79:69:c0:43:
                    f2:09:79:5d:a7:3e:2e:64:b0:6e:74:b2:b8:cf:1f:
                    2d:31:90:1d:b4:1d:70:bb:85:ba:ac:42:5a:c6:c7:
                    cf:1e:d2:93:98:03:78:12:cb:e8:00:29:c5:32:e2:
                    a8:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:B5:62:9C:14:F9:E3:8A:6D:DC:45:F3:4E:6D:69:C0:F1:A9:48:2F
            X509v3 Authority Key Identifier:
                keyid:7A:FB:54:41:D8:EF:8E:41:AA:28:DD:51:CD:DE:92:59:43:AE:F7:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/p7VinBT544pt3EXzTm1pwPGpSC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.160.0/21
                  116.199.224.0/21
                  116.199.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:fc:29:c0:af:23:78:57:c2:ce:f6:b2:9c:0a:1e:08:31:27:
         95:de:c6:0c:94:c0:b5:c5:14:f1:0b:0f:81:87:23:46:33:a8:
         78:6d:be:1c:10:e4:66:f7:71:84:9c:c2:cd:4f:36:d8:87:ae:
         4a:0c:ee:58:a8:f1:df:58:31:bf:8c:f7:44:05:f1:b0:d2:07:
         1b:69:2f:a1:86:ec:00:90:f9:9f:4a:c5:dd:8b:1b:b9:53:8f:
         ab:ba:a1:3c:18:d3:3f:14:05:51:43:a3:46:3e:5b:65:7e:c1:
         b8:d8:ed:e3:a0:30:00:34:91:76:8e:fd:fc:dc:44:e5:55:32:
         2b:39:87:ce:14:54:62:d8:b8:f0:2e:9e:16:6a:d4:a2:cf:ce:
         73:cb:7b:be:9a:0d:8d:8c:ca:b5:d9:67:ff:86:9a:a9:d7:3d:
         12:94:cb:61:82:53:5f:dd:c1:f0:85:aa:97:34:97:ed:bf:39:
         ae:77:46:74:c2:93:e8:9e:99:31:66:24:ca:fe:c3:4c:78:60:
         3b:92:4e:8e:2b:e0:91:e8:bf:93:ed:58:27:c7:95:ea:24:dc:
         b0:74:88:40:cd:f2:ec:ef:e5:bb:2a:1e:fc:3c:60:12:3e:18:
         eb:84:bf:a2:db:da:58:da:9f:f5:7f:6b:f0:e8:6b:49:4c:29:
         fa:39:6d:3e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZkqLbp3NmUR2mO4cMgG7OEWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZmI1NDQxZDhlZjhlNDFhYTI4ZGQ1MWNkZGU5MjU5NDNh
ZWY3ZmEwHhcNMjUwOTA4MTYzNDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2I1NjI5YzE0ZjllMzhhNmRkYzQ1ZjM0ZTZkNjljMGYxYTk0ODJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkgP/boTnobDgNyTHYvP/chXb6Cc
J0w3CEkCZJX/+1ZFaqXS4QYC3KyLXvosr/Hd8ClHKzb4FEnbcA4jOnD3ZxJclr3U
wwUKOwJLnd6noXzBTnjQPDqQNcOC0oh9T1A+RrPYeqTjKOIeoTNNUOWBx2ahtDjj
2hrFpEawcejimIs97geZYc21rPEKx42DADL//GKCq3L2K+tnCrBZrwIPiHDw/bTg
dT03pFyiqD55pE0RenlHWhq9FxPL0bI5RKnVVSCe1++DB3UMeQDGMHlpwEPyCXld
pz4uZLBudLK4zx8tMZAdtB1wu4W6rEJaxsfPHtKTmAN4EsvoACnFMuKo1wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKe1YpwU+eOKbdxF805tacDxqUgvMB8GA1UdIwQY
MBaAFHr7VEHY745BqijdUc3ekllDrvf6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXZ0VVFkanZqa0dxS04xUnpkNlNXVU91OV9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny80ZDc2ZjUtNDJlYy00NTNlLTg5OTIt
ZDg5NzNhY2FmNDFkLzEvcDdWaW5CVDU0NHB0M0VYelRtMXB3UEdwU0M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny80ZDc2ZjUtNDJlYy00NTNlLTg5OTItZDg5NzNhY2FmNDFk
LzEvZXZ0VVFkanZqa0dxS04xUnpkNlNXVU91OV9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDPqSgAwQD
dMfgAwQAdMfqMA0GCSqGSIb3DQEBCwUAA4IBAQAR/CnAryN4V8LO9rKcCh4IMSeV
3sYMlMC1xRTxCw+BhyNGM6h4bb4cEORm93GEnMLNTzbYh65KDO5YqPHfWDG/jPdE
BfGw0gcbaS+hhuwAkPmfSsXdixu5U4+ruqE8GNM/FAVRQ6NGPltlfsG42O3joDAA
NJF2jv383ETlVTIrOYfOFFRi2LjwLp4WatSiz85zy3u+mg2NjMq12Wf/hpqp1z0S
lMthglNf3cHwhaqXNJftvzmud0Z0wpPonpkxZiTK/sNMeGA7kk6OK+CR6L+T7Vgn
x5XqJNywdIhAzfLs7+W7Kh78PGASPhjrhL+i29pY2p/1f2vw6GtJTCn6OW0+
-----END CERTIFICATE-----