Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/816cf9-e6a0-43f1-8a3d-5c7c3ad74a32/1/7rHBYtW6X1cejc9TILphrdP_TBk.roa
File:                     7rHBYtW6X1cejc9TILphrdP_TBk.roa (raw, json)
Hash identifier:          fyAkynyCTru31PmwyHkLxs5s4xfquOrJnfeQ7K5zOpE=
Subject key identifier:   EE:B1:C1:62:D5:BA:5F:57:1E:8D:CF:53:20:BA:61:AD:D3:FF:4C:19
Certificate issuer:       /CN=e8318216f03110192d9f6f62ffee190ebbd5c41b
Certificate serial:       0197C6ED2FFFF6297D83C77A9C209E4351DB
Authority key identifier: E8:31:82:16:F0:31:10:19:2D:9F:6F:62:FF:EE:19:0E:BB:D5:C4:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6DGCFvAxEBktn29i_-4ZDrvVxBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/816cf9-e6a0-43f1-8a3d-5c7c3ad74a32/1/7rHBYtW6X1cejc9TILphrdP_TBk.roa
Signing time:             Tue 01 Jul 2025 16:58:42 +0000
ROA not before:           Tue 01 Jul 2025 16:58:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208820
IP address blocks:        185.243.156.0/22 maxlen: 22
                          185.243.156.0/24 maxlen: 24
                          185.243.157.0/24 maxlen: 24
                          185.243.158.0/24 maxlen: 24
                          185.243.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/816cf9-e6a0-43f1-8a3d-5c7c3ad74a32/1/6DGCFvAxEBktn29i_-4ZDrvVxBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/816cf9-e6a0-43f1-8a3d-5c7c3ad74a32/1/6DGCFvAxEBktn29i_-4ZDrvVxBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6DGCFvAxEBktn29i_-4ZDrvVxBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 16:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c6:ed:2f:ff:f6:29:7d:83:c7:7a:9c:20:9e:43:51:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8318216f03110192d9f6f62ffee190ebbd5c41b
        Validity
            Not Before: Jul  1 16:58:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eeb1c162d5ba5f571e8dcf5320ba61add3ff4c19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:2a:29:b3:7a:da:9d:45:ac:a8:c1:9a:85:a5:
                    5b:d5:9f:56:5b:6e:50:db:4a:28:ea:de:92:04:c7:
                    58:9d:b9:3f:d9:8c:c8:07:b7:d3:cd:25:c8:68:c9:
                    8e:f2:90:6c:d6:9b:24:04:d5:e8:de:70:0c:56:85:
                    48:b6:9d:f6:b6:fb:68:d3:3d:82:89:a1:8f:ce:5a:
                    d1:36:73:65:90:ef:9a:a2:b5:c4:d4:98:d8:70:ba:
                    15:0c:2e:9d:9a:0e:21:8b:ea:52:0a:26:5a:5a:5b:
                    0d:8b:7a:04:b8:db:9b:fc:fe:0e:06:22:90:72:e9:
                    a0:74:18:44:78:f6:33:73:b0:87:09:a6:8a:b0:d5:
                    3b:eb:2a:43:9a:ae:b0:1c:c5:20:00:f2:bd:e5:fb:
                    bf:ba:a5:3e:8b:60:f0:9d:8d:7a:f5:16:ea:f2:fa:
                    56:5a:0e:dd:0e:60:d8:66:3b:73:a1:b2:b2:0e:db:
                    42:73:ec:c2:c3:a6:9a:83:1c:15:ce:9c:fe:40:6e:
                    e6:0d:47:9f:8e:f3:f1:f4:93:0c:51:73:ea:fa:e2:
                    96:32:e7:7e:4a:44:f0:1c:90:43:f5:52:ea:4e:cd:
                    52:b6:e6:27:88:b1:b4:cb:70:02:71:fa:de:47:7c:
                    c8:9c:20:e3:c1:d5:a6:1e:81:9c:74:41:42:4e:8d:
                    98:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:B1:C1:62:D5:BA:5F:57:1E:8D:CF:53:20:BA:61:AD:D3:FF:4C:19
            X509v3 Authority Key Identifier:
                keyid:E8:31:82:16:F0:31:10:19:2D:9F:6F:62:FF:EE:19:0E:BB:D5:C4:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6DGCFvAxEBktn29i_-4ZDrvVxBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/816cf9-e6a0-43f1-8a3d-5c7c3ad74a32/1/7rHBYtW6X1cejc9TILphrdP_TBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/816cf9-e6a0-43f1-8a3d-5c7c3ad74a32/1/6DGCFvAxEBktn29i_-4ZDrvVxBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:36:20:46:d2:6f:10:a4:17:22:fa:1c:3a:6f:23:c8:e8:6c:
         87:22:be:43:fe:5b:dd:6e:24:12:f0:30:94:b7:64:24:ea:82:
         76:49:50:3e:4f:70:03:7d:c6:f3:7a:5d:85:05:2f:91:9a:63:
         72:4e:ea:82:06:99:e5:cb:66:5e:bc:20:da:1b:45:b8:2b:3a:
         a9:5b:59:5a:82:62:e8:9c:22:f2:37:a1:94:00:a5:c9:09:cc:
         2b:b9:94:f6:1f:8e:a5:19:36:3c:18:5d:0a:78:3c:6b:a7:8e:
         c3:0b:ab:e5:c7:21:21:80:dd:d6:39:05:10:f6:93:bd:9d:5b:
         d4:0d:73:5e:5c:fc:54:94:02:d4:d5:b2:71:0a:14:33:ca:a6:
         34:f4:05:53:70:82:3a:8d:e1:1f:e9:22:de:2d:36:d3:f1:0b:
         e6:e0:88:23:0b:87:10:03:4b:5e:2d:d2:a9:6d:48:ff:29:3d:
         b4:97:37:76:7f:76:e8:1f:fc:9c:4b:49:b2:c2:e0:a4:12:15:
         e5:41:a4:a2:7d:3a:e4:bf:67:32:1f:87:1a:1f:81:88:ec:02:
         48:fb:b0:f6:df:62:8d:d9:e3:bf:2a:55:80:a9:0e:5c:bc:b3:
         cc:ff:f9:14:3d:92:5c:0a:58:21:ed:2f:4d:d7:a3:45:df:c0:
         f8:0d:94:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfG7S//9il9g8d6nCCeQ1HbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MzE4MjE2ZjAzMTEwMTkyZDlmNmY2MmZmZWUxOTBlYmJk
NWM0MWIwHhcNMjUwNzAxMTY1ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWIxYzE2MmQ1YmE1ZjU3MWU4ZGNmNTMyMGJhNjFhZGQzZmY0YzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCops3ranUWsqMGahaVb1Z9WW25Q
20oo6t6SBMdYnbk/2YzIB7fTzSXIaMmO8pBs1pskBNXo3nAMVoVItp32tvto0z2C
iaGPzlrRNnNlkO+aorXE1JjYcLoVDC6dmg4hi+pSCiZaWlsNi3oEuNub/P4OBiKQ
cumgdBhEePYzc7CHCaaKsNU76ypDmq6wHMUgAPK95fu/uqU+i2DwnY169Rbq8vpW
Wg7dDmDYZjtzobKyDttCc+zCw6aagxwVzpz+QG7mDUefjvPx9JMMUXPq+uKWMud+
SkTwHJBD9VLqTs1StuYniLG0y3ACcfreR3zInCDjwdWmHoGcdEFCTo2YSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO6xwWLVul9XHo3PUyC6Ya3T/0wZMB8GA1UdIwQY
MBaAFOgxghbwMRAZLZ9vYv/uGQ671cQbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkRHQ0Z2QXhFQmt0bjI5aV8tNFpEcnZWeEJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi84MTZjZjktZTZhMC00M2YxLThhM2Qt
NWM3YzNhZDc0YTMyLzEvN3JIQll0VzZYMWNlamM5VElMcGhyZFBfVEJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi84MTZjZjktZTZhMC00M2YxLThhM2QtNWM3YzNhZDc0YTMy
LzEvNkRHQ0Z2QXhFQmt0bjI5aV8tNFpEcnZWeEJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufOcMA0G
CSqGSIb3DQEBCwUAA4IBAQAmNiBG0m8QpBci+hw6byPI6GyHIr5D/lvdbiQS8DCU
t2Qk6oJ2SVA+T3ADfcbzel2FBS+RmmNyTuqCBpnly2ZevCDaG0W4KzqpW1lagmLo
nCLyN6GUAKXJCcwruZT2H46lGTY8GF0KeDxrp47DC6vlxyEhgN3WOQUQ9pO9nVvU
DXNeXPxUlALU1bJxChQzyqY09AVTcII6jeEf6SLeLTbT8Qvm4IgjC4cQA0teLdKp
bUj/KT20lzd2f3boH/ycS0mywuCkEhXlQaSifTrkv2cyH4caH4GI7AJI+7D232KN
2eO/KlWAqQ5cvLPM//kUPZJcClgh7S9N16NF38D4DZSL
-----END CERTIFICATE-----