Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/e2HoeG_RVyKznmPd89PLpQ6Nf6o.roa
File:                     e2HoeG_RVyKznmPd89PLpQ6Nf6o.roa (raw, json)
Hash identifier:          M3oG1lI+iEOqEpUnQ6LfaGeICcx0uBX+w5PUE5ltbc8=
Subject key identifier:   7B:61:E8:78:6F:D1:57:22:B3:9E:63:DD:F3:D3:CB:A5:0E:8D:7F:AA
Certificate issuer:       /CN=ecf7ca9ffafe72a30966f7e43d92b58e774ce741
Certificate serial:       019937CF96B8DCC18EA7A8E919AFC0E00A24
Authority key identifier: EC:F7:CA:9F:FA:FE:72:A3:09:66:F7:E4:3D:92:B5:8E:77:4C:E7:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7PfKn_r-cqMJZvfkPZK1jndM50E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/e2HoeG_RVyKznmPd89PLpQ6Nf6o.roa
Signing time:             Thu 11 Sep 2025 08:06:15 +0000
ROA not before:           Thu 11 Sep 2025 08:06:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215540
IP address blocks:        185.236.20.0/24 maxlen: 24
                          193.32.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/7PfKn_r-cqMJZvfkPZK1jndM50E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/7PfKn_r-cqMJZvfkPZK1jndM50E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7PfKn_r-cqMJZvfkPZK1jndM50E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 19:02:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:37:cf:96:b8:dc:c1:8e:a7:a8:e9:19:af:c0:e0:0a:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecf7ca9ffafe72a30966f7e43d92b58e774ce741
        Validity
            Not Before: Sep 11 08:06:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b61e8786fd15722b39e63ddf3d3cba50e8d7faa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:7f:79:f6:97:25:95:84:a1:61:f2:07:77:60:
                    ff:a3:e9:36:60:10:1b:f1:ce:bc:7d:ab:89:f8:f1:
                    c8:99:14:8d:2d:8b:25:a9:08:de:1c:d1:95:6f:59:
                    ef:9a:0a:40:56:35:42:c8:e5:de:52:51:44:45:62:
                    63:32:2d:0c:d6:14:70:39:db:e6:36:c2:50:7f:28:
                    ba:07:4c:6a:e5:2e:5e:8a:53:85:e0:dd:9c:46:3a:
                    ad:ad:8f:59:32:75:3f:da:22:00:3a:83:f5:e9:fc:
                    33:f6:02:50:71:72:a0:7f:66:a2:fe:47:b5:d8:c1:
                    fa:d9:c9:92:b6:11:96:ea:39:61:21:1b:9a:bb:b0:
                    00:81:17:be:33:3e:c4:c8:24:0b:8c:47:6c:7f:b0:
                    5c:4a:52:c9:97:1d:28:94:5f:91:a0:45:13:7c:30:
                    03:b8:a5:0c:04:d2:f5:67:ea:be:4d:2b:23:10:58:
                    1c:b5:29:e5:26:d1:2e:a0:ec:11:96:c5:d5:ed:c8:
                    bd:c1:f3:18:f6:41:10:6d:08:5c:1a:0b:bc:5b:80:
                    08:7d:77:78:20:67:d5:61:78:1f:e7:c6:e3:07:e7:
                    b3:64:86:48:9c:84:31:ca:44:a1:e8:19:45:57:6e:
                    0c:b7:1e:43:f3:6c:14:a4:c4:25:ce:f8:96:c2:29:
                    56:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:61:E8:78:6F:D1:57:22:B3:9E:63:DD:F3:D3:CB:A5:0E:8D:7F:AA
            X509v3 Authority Key Identifier:
                keyid:EC:F7:CA:9F:FA:FE:72:A3:09:66:F7:E4:3D:92:B5:8E:77:4C:E7:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7PfKn_r-cqMJZvfkPZK1jndM50E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/e2HoeG_RVyKznmPd89PLpQ6Nf6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/7PfKn_r-cqMJZvfkPZK1jndM50E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.20.0/24
                  193.32.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:9b:bb:42:40:95:d3:fc:61:cc:df:89:63:7d:cf:4e:79:e7:
         44:6c:44:9c:f4:37:04:5c:fd:62:8b:2d:6d:ab:fa:44:6f:e9:
         01:42:e9:68:f6:f1:d4:be:17:91:ec:19:b3:39:c2:20:d7:1a:
         5d:26:cb:7f:ee:e9:9f:84:63:dc:8b:88:6d:e9:5d:ca:dd:94:
         02:ab:e2:4c:57:d3:fc:f6:dd:0f:17:57:c3:59:46:54:b3:a1:
         e3:84:95:f5:ba:37:71:2b:66:a2:c4:3d:92:0a:3d:59:bf:cb:
         4a:38:41:e4:80:80:39:55:d0:2d:fa:7c:27:34:d0:29:f2:39:
         6b:e6:a0:2d:64:b2:87:43:af:58:99:51:a5:fb:7e:07:6c:76:
         0a:24:4c:4c:73:12:81:8f:4b:2b:a5:6b:a8:0f:f2:20:5a:68:
         4f:2d:76:4f:c5:23:cf:3c:8c:23:be:58:7c:5c:25:bc:5a:29:
         de:6c:1b:a9:a6:b9:94:7d:06:6a:17:07:54:36:3f:3c:1e:5e:
         f7:05:23:9f:9e:a1:96:ed:2f:df:88:e6:b8:c5:c1:3b:30:b4:
         6d:d6:c2:67:89:c3:b7:58:c0:05:ce:7d:9e:2a:03:2e:fe:51:
         3d:6a:34:5c:ff:c1:66:4a:09:a2:f8:87:c2:76:b0:d9:5a:4e:
         3a:79:0e:c4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZk3z5a43MGOp6jpGa/A4AokMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjZjdjYTlmZmFmZTcyYTMwOTY2ZjdlNDNkOTJiNThlNzc0
Y2U3NDEwHhcNMjUwOTExMDgwNjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjYxZTg3ODZmZDE1NzIyYjM5ZTYzZGRmM2QzY2JhNTBlOGQ3ZmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5H959pcllYShYfIHd2D/o+k2YBAb
8c68fauJ+PHImRSNLYslqQjeHNGVb1nvmgpAVjVCyOXeUlFERWJjMi0M1hRwOdvm
NsJQfyi6B0xq5S5eilOF4N2cRjqtrY9ZMnU/2iIAOoP16fwz9gJQcXKgf2ai/ke1
2MH62cmSthGW6jlhIRuau7AAgRe+Mz7EyCQLjEdsf7BcSlLJlx0olF+RoEUTfDAD
uKUMBNL1Z+q+TSsjEFgctSnlJtEuoOwRlsXV7ci9wfMY9kEQbQhcGgu8W4AIfXd4
IGfVYXgf58bjB+ezZIZInIQxykSh6BlFV24Mtx5D82wUpMQlzviWwilW2wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHth6Hhv0Vcis55j3fPTy6UOjX+qMB8GA1UdIwQY
MBaAFOz3yp/6/nKjCWb35D2StY53TOdBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1BmS25fci1jcU1KWnZma1BaSzFqbmRNNTBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8zMjc3OWQtMzY1Ni00NGMwLThhYjUt
OTgxZmJiMzQ0MmRkLzEvZTJIb2VHX1JWeUt6bm1QZDg5UExwUTZOZjZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8zMjc3OWQtMzY1Ni00NGMwLThhYjUtOTgxZmJiMzQ0MmRk
LzEvN1BmS25fci1jcU1KWnZma1BaSzFqbmRNNTBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuewUAwQA
wSCwMA0GCSqGSIb3DQEBCwUAA4IBAQCYm7tCQJXT/GHM34ljfc9OeedEbESc9DcE
XP1iiy1tq/pEb+kBQulo9vHUvheR7BmzOcIg1xpdJst/7umfhGPci4ht6V3K3ZQC
q+JMV9P89t0PF1fDWUZUs6HjhJX1ujdxK2aixD2SCj1Zv8tKOEHkgIA5VdAt+nwn
NNAp8jlr5qAtZLKHQ69YmVGl+34HbHYKJExMcxKBj0srpWuoD/IgWmhPLXZPxSPP
PIwjvlh8XCW8WinebBupprmUfQZqFwdUNj88Hl73BSOfnqGW7S/fiOa4xcE7MLRt
1sJnicO3WMAFzn2eKgMu/lE9ajRc/8FmSgmi+IfCdrDZWk46eQ7E
-----END CERTIFICATE-----