Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/cyR0MG358cE31yYquNutXJ-iDF8.roa
File:                     cyR0MG358cE31yYquNutXJ-iDF8.roa (raw, json)
Hash identifier:          L+ASvmDkfATGzQpFgRk2AnKdML9CN0Rr1X6uRXAEZ1E=
Subject key identifier:   73:24:74:30:6D:F9:F1:C1:37:D7:26:2A:B8:DB:AD:5C:9F:A2:0C:5F
Certificate issuer:       /CN=571cb51cba68eb7ef9867a75d17ab28018196aa1
Certificate serial:       0198224295EA41ECA16246178C725632B434
Authority key identifier: 57:1C:B5:1C:BA:68:EB:7E:F9:86:7A:75:D1:7A:B2:80:18:19:6A:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/cyR0MG358cE31yYquNutXJ-iDF8.roa
Signing time:             Sat 19 Jul 2025 10:37:25 +0000
ROA not before:           Sat 19 Jul 2025 10:37:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7922
IP address blocks:        185.188.192.0/22 maxlen: 22
                          195.211.116.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Jul 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:22:42:95:ea:41:ec:a1:62:46:17:8c:72:56:32:b4:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=571cb51cba68eb7ef9867a75d17ab28018196aa1
        Validity
            Not Before: Jul 19 10:37:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=732474306df9f1c137d7262ab8dbad5c9fa20c5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:5a:7e:47:a1:16:ca:15:54:cd:5a:88:85:55:
                    95:13:73:0b:95:9e:e9:08:a7:6b:1c:3b:12:a8:00:
                    d8:a6:1d:5f:a9:6d:a3:62:ea:c4:64:99:bd:ac:f5:
                    05:22:d2:5a:45:69:9d:26:ee:6b:90:c1:76:3d:1a:
                    19:c9:43:8d:86:e4:08:51:4a:3d:fe:1d:5f:3c:1c:
                    e6:5c:38:8a:8c:14:31:ed:6a:08:99:0e:33:af:a5:
                    f4:1e:ec:8e:02:56:77:34:7d:ee:f0:3c:f3:e4:f0:
                    8f:eb:51:e7:46:d9:7e:af:f8:92:8a:6b:30:8b:5c:
                    0f:a0:f8:94:1c:ae:8f:b5:f2:1f:ca:2c:c9:5f:96:
                    c9:59:93:2d:04:9e:48:76:48:52:38:20:18:fb:38:
                    13:3f:2d:b2:18:f8:48:06:80:90:0e:a1:2f:9d:8b:
                    fd:38:55:0e:13:b9:0a:d5:e2:93:52:4b:91:35:e8:
                    79:3f:2d:1a:2a:7a:8a:63:75:b0:22:86:8b:54:56:
                    39:72:44:8a:ac:73:e2:ac:f0:a3:9c:6a:0d:a9:68:
                    01:82:52:50:83:6a:23:b6:8c:36:10:41:9d:22:c9:
                    54:cc:ab:3a:54:b1:6d:bb:d0:54:1d:16:48:ca:b1:
                    22:4c:77:c5:53:30:3c:11:66:66:4d:cf:02:52:ee:
                    fa:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:24:74:30:6D:F9:F1:C1:37:D7:26:2A:B8:DB:AD:5C:9F:A2:0C:5F
            X509v3 Authority Key Identifier:
                keyid:57:1C:B5:1C:BA:68:EB:7E:F9:86:7A:75:D1:7A:B2:80:18:19:6A:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/cyR0MG358cE31yYquNutXJ-iDF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.192.0/22
                  195.211.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:4e:b1:a0:05:31:7b:56:68:9d:c7:56:b9:72:b5:64:fb:07:
         f0:58:e6:ef:b5:f8:9f:b1:a3:bc:c2:a0:fc:b2:24:9d:16:ba:
         f8:0e:78:6d:92:23:c8:78:65:98:5a:0d:dc:0e:86:79:13:b1:
         b1:25:20:10:50:05:5b:63:a9:2c:94:49:9a:a0:d7:b8:af:21:
         97:d0:16:50:f4:28:d6:1f:8b:cf:34:b0:4f:07:ee:b0:5e:ec:
         09:89:0a:72:2b:34:f9:60:e6:99:3b:df:23:f0:5c:f4:ee:17:
         de:80:ca:ff:58:14:d5:cd:d9:57:c6:fe:9b:ee:14:9c:92:77:
         32:ec:19:77:f2:bf:e8:b4:0d:42:02:70:17:a3:4e:e9:40:10:
         7d:f6:93:88:3b:af:0f:cc:3e:1f:8d:f7:2e:d8:22:22:3b:c6:
         33:7f:fe:c1:1c:ee:bf:e9:3c:fb:1a:34:2a:cf:0e:73:5c:66:
         37:b9:32:d7:82:16:d8:29:07:31:8d:93:10:d5:36:5b:40:b7:
         c7:ce:2f:45:03:32:3b:19:2f:59:e9:6f:69:b2:40:89:fa:d7:
         55:79:53:1b:cb:72:c3:bf:b2:b4:29:ca:ef:0c:8b:ff:45:59:
         eb:10:e8:39:e3:0d:14:03:ee:4a:61:be:53:0c:c5:fd:44:f8:
         6a:31:07:71
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgiQpXqQeyhYkYXjHJWMrQ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MWNiNTFjYmE2OGViN2VmOTg2N2E3NWQxN2FiMjgwMTgx
OTZhYTEwHhcNMjUwNzE5MTAzNzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzI0NzQzMDZkZjlmMWMxMzdkNzI2MmFiOGRiYWQ1YzlmYTIwYzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFp+R6EWyhVUzVqIhVWVE3MLlZ7p
CKdrHDsSqADYph1fqW2jYurEZJm9rPUFItJaRWmdJu5rkMF2PRoZyUONhuQIUUo9
/h1fPBzmXDiKjBQx7WoImQ4zr6X0HuyOAlZ3NH3u8Dzz5PCP61HnRtl+r/iSimsw
i1wPoPiUHK6PtfIfyizJX5bJWZMtBJ5IdkhSOCAY+zgTPy2yGPhIBoCQDqEvnYv9
OFUOE7kK1eKTUkuRNeh5Py0aKnqKY3WwIoaLVFY5ckSKrHPirPCjnGoNqWgBglJQ
g2ojtow2EEGdIslUzKs6VLFtu9BUHRZIyrEiTHfFUzA8EWZmTc8CUu76tQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHMkdDBt+fHBN9cmKrjbrVyfogxfMB8GA1UdIwQY
MBaAFFcctRy6aOt++YZ6ddF6soAYGWqhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnh5MUhMcG82Mzc1aG5wMTBYcXlnQmdaYXFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9iOGQyYTgtNTNhOS00MmMwLWI3Yzkt
ZGQ4NjI3NzRhMDkyLzEvY3lSME1HMzU4Y0UzMXlZcXVOdXRYSi1pREY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9iOGQyYTgtNTNhOS00MmMwLWI3YzktZGQ4NjI3NzRhMDky
LzEvVnh5MUhMcG82Mzc1aG5wMTBYcXlnQmdaYXFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCubzAAwQC
w9N0MA0GCSqGSIb3DQEBCwUAA4IBAQCVTrGgBTF7Vmidx1a5crVk+wfwWObvtfif
saO8wqD8siSdFrr4DnhtkiPIeGWYWg3cDoZ5E7GxJSAQUAVbY6kslEmaoNe4ryGX
0BZQ9CjWH4vPNLBPB+6wXuwJiQpyKzT5YOaZO98j8Fz07hfegMr/WBTVzdlXxv6b
7hSckncy7Bl38r/otA1CAnAXo07pQBB99pOIO68PzD4fjfcu2CIiO8Yzf/7BHO6/
6Tz7GjQqzw5zXGY3uTLXghbYKQcxjZMQ1TZbQLfHzi9FAzI7GS9Z6W9pskCJ+tdV
eVMby3LDv7K0KcrvDIv/RVnrEOg54w0UA+5KYb5TDMX9RPhqMQdx
-----END CERTIFICATE-----