Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/FinmXz7aoEXgbqpuedvwsugDS5w.roa
File:                     FinmXz7aoEXgbqpuedvwsugDS5w.roa (raw, json)
Hash identifier:          wP4SAIaWOKRp4m5t+F1L6t3A0BBcIjfqbuYktCxbHGo=
Subject key identifier:   16:29:E6:5F:3E:DA:A0:45:E0:6E:AA:6E:79:DB:F0:B2:E8:03:4B:9C
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019A02110DCB97BE9C813714F027BBEE8E9C
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/FinmXz7aoEXgbqpuedvwsugDS5w.roa
Signing time:             Mon 20 Oct 2025 14:41:03 +0000
ROA not before:           Mon 20 Oct 2025 14:41:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39347
IP address blocks:        85.121.208.0/21 maxlen: 24
                          85.121.240.0/21 maxlen: 24
                          85.122.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Oct 2025 14:12:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:02:11:0d:cb:97:be:9c:81:37:14:f0:27:bb:ee:8e:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Oct 20 14:41:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1629e65f3edaa045e06eaa6e79dbf0b2e8034b9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b0:06:eb:08:ec:8c:5a:6f:81:5f:40:72:cc:
                    02:25:81:99:d4:e8:7a:8e:8e:6c:4f:0d:0f:b2:90:
                    de:f5:8c:65:34:52:0b:f0:f9:ae:05:87:d7:40:5f:
                    02:bd:3c:04:23:45:cc:65:2b:29:b2:7d:74:8e:06:
                    b2:02:5a:c5:80:13:65:d5:77:f5:44:4c:5d:b6:97:
                    b8:23:1f:ae:9c:7d:fa:42:4a:58:37:d8:a7:06:68:
                    50:9f:67:dd:b2:d3:0a:58:0a:ad:16:0f:8e:75:85:
                    ff:9a:23:33:e1:8a:c7:ca:97:35:70:6a:02:4e:c2:
                    95:3c:6e:df:6a:ea:a0:6c:ba:73:8e:68:a0:35:0b:
                    32:ae:8f:27:b7:47:12:fe:b8:5a:8c:71:62:9e:41:
                    66:8a:56:76:f6:24:80:4a:3d:0f:dd:9b:43:09:67:
                    d6:00:ae:34:de:90:a6:86:26:d8:b7:a1:40:f8:9b:
                    66:20:97:b8:97:29:78:ad:a1:7d:33:c2:fb:9a:a4:
                    bc:5c:ae:1f:dc:77:5f:3e:0e:82:51:22:bd:47:f1:
                    bc:aa:61:6c:d7:11:a5:ea:b8:c0:d5:d7:13:dc:1d:
                    67:7a:5e:6c:7d:d5:85:a8:44:8c:b2:e9:9d:b8:2b:
                    0b:ad:32:56:e9:c8:e2:d0:67:97:d0:71:66:d1:ce:
                    21:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:29:E6:5F:3E:DA:A0:45:E0:6E:AA:6E:79:DB:F0:B2:E8:03:4B:9C
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/FinmXz7aoEXgbqpuedvwsugDS5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.121.208.0/21
                  85.121.240.0/21
                  85.122.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b2:7a:71:1a:d3:3a:c4:26:4d:ea:2e:cf:1f:49:1e:5d:cc:2f:
         20:f1:07:d8:18:cb:64:3f:2a:71:a3:e5:70:c4:65:40:46:8b:
         1d:32:42:be:8f:b4:f5:6f:64:05:1a:5a:0e:4f:a2:36:d4:13:
         94:d4:8a:65:c9:e0:0c:96:7e:85:cc:37:25:39:38:e4:41:b9:
         d0:63:dc:cb:a7:70:97:a5:1e:12:03:6e:7b:2f:21:bc:33:81:
         af:98:d9:52:3b:6e:89:94:60:6e:88:3d:fc:b1:ff:f4:84:a1:
         2a:6d:70:22:96:c3:74:b8:47:cc:07:ea:1b:19:68:cc:59:90:
         8d:3e:6c:24:89:a4:6d:6c:84:83:84:ff:17:20:0e:b9:8a:f6:
         3c:65:46:65:ef:83:82:69:ad:57:59:af:8f:0b:f1:37:23:55:
         3c:a4:af:1e:c1:de:5a:71:7a:31:5a:d7:e1:72:07:e8:1c:0d:
         45:4a:bc:48:5f:27:4a:3e:1e:fa:e5:cd:64:d1:2f:1e:ca:48:
         76:1b:83:a6:97:c6:92:24:ea:05:ef:57:90:67:99:83:b9:d1:
         71:50:cb:24:0f:17:f3:be:78:ee:ba:49:2f:b4:90:ad:0c:56:
         25:93:10:11:67:0b:7c:1e:8b:76:0a:a4:ab:0b:7d:0f:b2:a9:
         6c:3f:ff:56
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZoCEQ3Ll76cgTcU8Ce77o6cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUxMDIwMTQ0MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjI5ZTY1ZjNlZGFhMDQ1ZTA2ZWFhNmU3OWRiZjBiMmU4MDM0YjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bAG6wjsjFpvgV9AcswCJYGZ1Oh6
jo5sTw0PspDe9YxlNFIL8PmuBYfXQF8CvTwEI0XMZSspsn10jgayAlrFgBNl1Xf1
RExdtpe4Ix+unH36QkpYN9inBmhQn2fdstMKWAqtFg+OdYX/miMz4YrHypc1cGoC
TsKVPG7fauqgbLpzjmigNQsyro8nt0cS/rhajHFinkFmilZ29iSASj0P3ZtDCWfW
AK403pCmhibYt6FA+JtmIJe4lyl4raF9M8L7mqS8XK4f3HdfPg6CUSK9R/G8qmFs
1xGl6rjA1dcT3B1nel5sfdWFqESMsumduCsLrTJW6cji0GeX0HFm0c4hMQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBYp5l8+2qBF4G6qbnnb8LLoA0ucMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvRmlubVh6N2FvRVhnYnFwdWVkdndzdWdEUzV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDVXnQAwQD
VXnwAwQCVXp4MA0GCSqGSIb3DQEBCwUAA4IBAQCyenEa0zrEJk3qLs8fSR5dzC8g
8QfYGMtkPypxo+VwxGVARosdMkK+j7T1b2QFGloOT6I21BOU1IplyeAMln6FzDcl
OTjkQbnQY9zLp3CXpR4SA257LyG8M4GvmNlSO26JlGBuiD38sf/0hKEqbXAilsN0
uEfMB+obGWjMWZCNPmwkiaRtbISDhP8XIA65ivY8ZUZl74OCaa1XWa+PC/E3I1U8
pK8ewd5acXoxWtfhcgfoHA1FSrxIXydKPh765c1k0S8eykh2G4Oml8aSJOoF71eQ
Z5mDudFxUMskDxfzvnjuukkvtJCtDFYlkxARZwt8Hot2CqSrC30PsqlsP/9W
-----END CERTIFICATE-----