Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/7cc6ea-774a-4876-84f9-304d2191a4f3/1/DPh5nDPtcpqJ9naux6sZ9u0Dr1s.roa
File:                     DPh5nDPtcpqJ9naux6sZ9u0Dr1s.roa (raw, json)
Hash identifier:          YTfkEG3kyAd2IQ6e7j/lkPx7FnYmaQ7XszGFKecXlqc=
Subject key identifier:   0C:F8:79:9C:33:ED:72:9A:89:F6:76:AE:C7:AB:19:F6:ED:03:AF:5B
Certificate issuer:       /CN=656d33c5f16e3cdd960ae05c80d9f6f36fc553f2
Certificate serial:       0197F983B925E7CF4A06821E5C1FF6DBFE1F
Authority key identifier: 65:6D:33:C5:F1:6E:3C:DD:96:0A:E0:5C:80:D9:F6:F3:6F:C5:53:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZW0zxfFuPN2WCuBcgNn282_FU_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/7cc6ea-774a-4876-84f9-304d2191a4f3/1/DPh5nDPtcpqJ9naux6sZ9u0Dr1s.roa
Signing time:             Fri 11 Jul 2025 12:44:08 +0000
ROA not before:           Fri 11 Jul 2025 12:44:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.219.146.0/23 maxlen: 24
                          2a0a:640::/29 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/7cc6ea-774a-4876-84f9-304d2191a4f3/1/ZW0zxfFuPN2WCuBcgNn282_FU_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/7cc6ea-774a-4876-84f9-304d2191a4f3/1/ZW0zxfFuPN2WCuBcgNn282_FU_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZW0zxfFuPN2WCuBcgNn282_FU_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 21:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f9:83:b9:25:e7:cf:4a:06:82:1e:5c:1f:f6:db:fe:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=656d33c5f16e3cdd960ae05c80d9f6f36fc553f2
        Validity
            Not Before: Jul 11 12:44:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0cf8799c33ed729a89f676aec7ab19f6ed03af5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:91:51:8c:20:5d:7c:aa:33:da:b5:51:ad:2c:
                    3e:a1:05:6b:fa:85:ec:c3:11:45:de:7b:77:cc:7c:
                    93:0e:76:92:76:4f:75:1e:be:65:4e:27:bd:e7:c6:
                    ed:3a:b3:88:7a:ea:51:4a:1a:99:de:1c:bc:a9:01:
                    1e:24:d1:6b:6f:0f:cb:63:d4:6d:44:5f:ed:31:99:
                    eb:a9:c8:8b:81:07:b7:17:e6:5b:b3:aa:f0:32:3b:
                    d4:f3:e1:05:dc:58:f6:2c:9b:f8:06:38:e6:49:04:
                    1a:06:b5:5e:52:44:fd:b3:a2:cd:d4:f7:01:e9:3c:
                    08:9c:b9:fd:6d:d0:94:8a:b7:a1:eb:b2:cf:84:4b:
                    e6:de:33:b1:0c:c7:ef:08:7b:b3:0e:37:d5:84:fd:
                    4b:72:97:fa:90:05:16:b6:b0:5c:66:74:c1:68:89:
                    40:8b:89:1c:66:57:aa:e3:ac:84:cf:28:c2:a9:a0:
                    39:de:a5:66:00:bc:c5:fc:e4:36:f8:4e:e7:4c:29:
                    76:15:9f:de:59:16:d2:07:63:ab:87:37:69:75:3d:
                    94:3e:2c:ee:47:8d:52:b9:23:0f:ae:13:67:f9:5f:
                    62:df:54:f0:ed:f8:ac:4c:0c:02:09:14:80:18:01:
                    be:bd:e7:8d:bb:2e:2f:6e:26:03:dc:72:fc:3c:9f:
                    b1:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:F8:79:9C:33:ED:72:9A:89:F6:76:AE:C7:AB:19:F6:ED:03:AF:5B
            X509v3 Authority Key Identifier:
                keyid:65:6D:33:C5:F1:6E:3C:DD:96:0A:E0:5C:80:D9:F6:F3:6F:C5:53:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZW0zxfFuPN2WCuBcgNn282_FU_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/7cc6ea-774a-4876-84f9-304d2191a4f3/1/DPh5nDPtcpqJ9naux6sZ9u0Dr1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/7cc6ea-774a-4876-84f9-304d2191a4f3/1/ZW0zxfFuPN2WCuBcgNn282_FU_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.146.0/23
                IPv6:
                  2a0a:640::/29

    Signature Algorithm: sha256WithRSAEncryption
         a2:30:25:6d:d5:07:95:86:63:93:f3:9e:3d:b0:d7:0b:10:4c:
         c7:72:48:01:c8:fb:53:6e:60:82:17:a2:73:89:9b:b9:17:14:
         89:90:81:85:ad:5b:f3:0c:75:cb:41:64:e7:28:1b:68:3f:e0:
         5c:7d:bf:c2:92:19:6f:75:db:99:db:68:bd:9b:21:42:cf:ef:
         96:27:1c:9f:7a:12:42:f1:fe:a5:f3:78:c7:f1:ff:a5:be:7e:
         d1:8f:c8:45:00:74:f8:87:05:d7:06:26:a9:c8:09:f1:97:d1:
         c5:d6:8b:9d:49:a7:d4:22:9b:a3:f5:66:07:73:bf:0d:fc:61:
         94:4a:01:4c:f9:c9:24:56:02:9f:42:b9:65:29:6a:38:45:05:
         a0:fa:2e:db:34:dc:37:d3:9e:b9:54:84:cd:b9:1f:e1:9d:dc:
         7c:67:96:aa:a5:d8:b8:9c:b0:ac:b4:a4:17:30:4f:7a:77:10:
         b2:fa:42:28:02:37:e2:9c:e5:c2:b0:f6:93:c9:7a:00:31:2e:
         84:24:b9:28:47:48:a3:3f:54:a0:dd:75:eb:cd:49:b5:8d:38:
         6e:dc:84:5c:36:63:d5:ce:ba:2f:48:eb:df:3e:f9:9f:b9:30:
         01:77:f4:a2:09:58:22:58:d8:9e:e2:7a:b5:35:36:a9:43:c4:
         b9:63:ff:df
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZf5g7kl589KBoIeXB/22/4fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1NmQzM2M1ZjE2ZTNjZGQ5NjBhZTA1YzgwZDlmNmYzNmZj
NTUzZjIwHhcNMjUwNzExMTI0NDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2Y4Nzk5YzMzZWQ3MjlhODlmNjc2YWVjN2FiMTlmNmVkMDNhZjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5FRjCBdfKoz2rVRrSw+oQVr+oXs
wxFF3nt3zHyTDnaSdk91Hr5lTie958btOrOIeupRShqZ3hy8qQEeJNFrbw/LY9Rt
RF/tMZnrqciLgQe3F+Zbs6rwMjvU8+EF3Fj2LJv4BjjmSQQaBrVeUkT9s6LN1PcB
6TwInLn9bdCUireh67LPhEvm3jOxDMfvCHuzDjfVhP1Lcpf6kAUWtrBcZnTBaIlA
i4kcZleq46yEzyjCqaA53qVmALzF/OQ2+E7nTCl2FZ/eWRbSB2OrhzdpdT2UPizu
R41SuSMPrhNn+V9i31Tw7fisTAwCCRSAGAG+veeNuy4vbiYD3HL8PJ+xMwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAz4eZwz7XKaifZ2rserGfbtA69bMB8GA1UdIwQY
MBaAFGVtM8XxbjzdlgrgXIDZ9vNvxVPyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlcwenhmRnVQTjJXQ3VCY2dObjI4Ml9GVV9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83Y2M2ZWEtNzc0YS00ODc2LTg0Zjkt
MzA0ZDIxOTFhNGYzLzEvRFBoNW5EUHRjcHFKOW5hdXg2c1o5dTBEcjFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83Y2M2ZWEtNzc0YS00ODc2LTg0ZjktMzA0ZDIxOTFhNGYz
LzEvWlcwenhmRnVQTjJXQ3VCY2dObjI4Ml9GVV9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuduSMA0E
AgACMAcDBQMqCgZAMA0GCSqGSIb3DQEBCwUAA4IBAQCiMCVt1QeVhmOT8549sNcL
EEzHckgByPtTbmCCF6JziZu5FxSJkIGFrVvzDHXLQWTnKBtoP+Bcfb/CkhlvdduZ
22i9myFCz++WJxyfehJC8f6l83jH8f+lvn7Rj8hFAHT4hwXXBiapyAnxl9HF1oud
SafUIpuj9WYHc78N/GGUSgFM+ckkVgKfQrllKWo4RQWg+i7bNNw30565VITNuR/h
ndx8Z5aqpdi4nLCstKQXME96dxCy+kIoAjfinOXCsPaTyXoAMS6EJLkoR0ijP1Sg
3XXrzUm1jThu3IRcNmPVzrovSOvfPvmfuTABd/SiCVgiWNie4nq1NTapQ8S5Y//f
-----END CERTIFICATE-----