Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/klZ7ZESUw9aSQqvDp_XePeAeGD8.roa
File:                     klZ7ZESUw9aSQqvDp_XePeAeGD8.roa (raw, json)
Hash identifier:          UjZLVTQ2caUVugBmJM3EIPjM7ZaYVSiDxE3OCNG/jns=
Subject key identifier:   92:56:7B:64:44:94:C3:D6:92:42:AB:C3:A7:F5:DE:3D:E0:1E:18:3F
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B36C418459308C763B781FFE8C96BF
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/klZ7ZESUw9aSQqvDp_XePeAeGD8.roa
Signing time:             Mon 14 Jul 2025 16:10:10 +0000
ROA not before:           Mon 14 Jul 2025 16:10:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58061
IP address blocks:        185.106.95.0/24 maxlen: 24
                          185.109.21.0/24 maxlen: 24
                          213.108.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b3:6c:41:84:59:30:8c:76:3b:78:1f:fe:8c:96:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:10:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92567b644494c3d69242abc3a7f5de3de01e183f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:79:d0:a5:42:b4:3e:82:ac:4d:78:ee:5f:80:
                    cf:6d:e7:83:a3:5b:e7:c0:e7:7c:fc:1a:e3:77:7d:
                    1b:c5:93:0a:bb:a8:fa:5e:7d:27:58:2f:16:6c:0d:
                    fb:b4:9e:35:d7:b4:06:03:3e:8b:d2:cf:b8:d8:a3:
                    f8:37:bb:0c:9c:e7:dd:21:60:fd:99:3b:2f:bc:32:
                    6c:a9:60:b6:5d:08:aa:b7:68:72:c6:96:8f:03:7f:
                    9b:68:cf:e0:13:fc:93:c3:fe:00:60:a3:0b:08:16:
                    b0:f3:be:00:99:86:4e:7f:7b:71:f6:6e:61:3f:0d:
                    66:35:1c:43:8c:8e:39:25:a8:3e:05:10:25:ae:ff:
                    08:c8:1d:5a:11:db:3c:0d:6e:0f:a8:d7:d1:c9:80:
                    ee:01:c3:a2:33:25:61:5f:50:dd:89:a0:16:6f:35:
                    42:8c:9c:78:6b:32:3c:3e:ff:96:24:6c:cd:67:20:
                    e0:30:d9:29:16:98:d3:f2:29:0e:2b:22:9c:db:db:
                    14:2c:30:c4:a2:3a:2e:2a:3b:3a:f2:a6:d8:d1:d3:
                    03:c9:50:70:e0:18:77:7a:c0:0d:40:ff:b4:60:7b:
                    1e:4d:b8:62:26:b0:c3:84:0e:59:36:7b:45:5f:d6:
                    20:6a:78:93:84:3a:d2:c4:8d:56:c1:9f:07:9e:94:
                    aa:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:56:7B:64:44:94:C3:D6:92:42:AB:C3:A7:F5:DE:3D:E0:1E:18:3F
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/klZ7ZESUw9aSQqvDp_XePeAeGD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.106.95.0/24
                  185.109.21.0/24
                  213.108.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:64:e7:3f:b8:2c:c9:36:52:f5:66:4c:35:c4:9a:11:4e:52:
         53:e8:b9:9d:ee:27:f1:9d:5a:db:4f:6f:34:75:5d:1f:f1:2d:
         f5:fb:87:24:98:6d:28:f3:4e:8b:3c:04:5d:10:6c:6d:e4:ce:
         f6:1d:c4:72:4c:c8:7a:14:54:66:fa:d5:10:76:d9:22:79:ee:
         cf:8b:43:69:76:57:bb:86:6a:8b:3e:ab:e5:f5:bf:96:65:20:
         cd:26:9d:7d:ea:20:29:dc:59:d5:0e:31:d8:95:16:8b:1b:74:
         99:8e:47:d3:3e:81:86:78:85:5b:5f:dd:34:39:4f:33:ba:12:
         f3:6d:00:1c:c3:41:77:a2:8e:f2:29:7c:99:d1:74:ea:ab:0e:
         ee:22:e4:31:f2:3b:71:7a:9c:48:be:93:a3:60:53:a3:3a:c6:
         e4:8c:3f:99:06:b5:0a:36:5f:4c:88:60:8e:de:ea:58:4c:22:
         64:bc:83:eb:eb:fe:ce:06:1f:eb:46:f6:38:82:a9:a3:60:d4:
         f5:8e:6f:e7:fe:b8:99:81:e0:a5:26:86:0a:4b:43:95:57:57:
         13:6b:8f:d0:9f:a3:26:06:33:c2:93:07:9b:5d:ee:18:19:84:
         af:e0:8f:98:22:75:c6:d3:e8:90:c4:62:9b:a1:0e:74:28:f7:
         23:a9:a2:05
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZgJs2xBhFkwjHY7eB/+jJa/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYxMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjU2N2I2NDQ0OTRjM2Q2OTI0MmFiYzNhN2Y1ZGUzZGUwMWUxODNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3nQpUK0PoKsTXjuX4DPbeeDo1vn
wOd8/Brjd30bxZMKu6j6Xn0nWC8WbA37tJ4117QGAz6L0s+42KP4N7sMnOfdIWD9
mTsvvDJsqWC2XQiqt2hyxpaPA3+baM/gE/yTw/4AYKMLCBaw874AmYZOf3tx9m5h
Pw1mNRxDjI45Jag+BRAlrv8IyB1aEds8DW4PqNfRyYDuAcOiMyVhX1DdiaAWbzVC
jJx4azI8Pv+WJGzNZyDgMNkpFpjT8ikOKyKc29sULDDEojouKjs68qbY0dMDyVBw
4Bh3esANQP+0YHseTbhiJrDDhA5ZNntFX9YganiThDrSxI1WwZ8HnpSqLQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJJWe2RElMPWkkKrw6f13j3gHhg/MB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEva2xaN1pFU1V3OWFTUXF2RHBfWGVQZUFlR0Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuWpfAwQA
uW0VAwQA1WzHMA0GCSqGSIb3DQEBCwUAA4IBAQByZOc/uCzJNlL1Zkw1xJoRTlJT
6Lmd7ifxnVrbT280dV0f8S31+4ckmG0o806LPARdEGxt5M72HcRyTMh6FFRm+tUQ
dtkiee7Pi0Npdle7hmqLPqvl9b+WZSDNJp196iAp3FnVDjHYlRaLG3SZjkfTPoGG
eIVbX900OU8zuhLzbQAcw0F3oo7yKXyZ0XTqqw7uIuQx8jtxepxIvpOjYFOjOsbk
jD+ZBrUKNl9MiGCO3upYTCJkvIPr6/7OBh/rRvY4gqmjYNT1jm/n/riZgeClJoYK
S0OVV1cTa4/Qn6MmBjPCkwebXe4YGYSv4I+YInXG0+iQxGKboQ50KPcjqaIF
-----END CERTIFICATE-----