Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/s2iH-K1B6baQqyEOMWE8f-GKkZE.roa
File:                     s2iH-K1B6baQqyEOMWE8f-GKkZE.roa (raw, json)
Hash identifier:          41YxT8wg456Ubbd8KhTVbDjEVITU4hqZBtp1E/4T16U=
Subject key identifier:   B3:68:87:F8:AD:41:E9:B6:90:AB:21:0E:31:61:3C:7F:E1:8A:91:91
Certificate issuer:       /CN=7eeb0aec63949f4125c73aa6177ea0b721d527bb
Certificate serial:       01990A3E4358EADC03562290A66F601B2A5C
Authority key identifier: 7E:EB:0A:EC:63:94:9F:41:25:C7:3A:A6:17:7E:A0:B7:21:D5:27:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fusK7GOUn0ElxzqmF36gtyHVJ7s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/s2iH-K1B6baQqyEOMWE8f-GKkZE.roa
Signing time:             Tue 02 Sep 2025 11:44:36 +0000
ROA not before:           Tue 02 Sep 2025 11:44:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        185.16.96.0/24 maxlen: 24
                          185.16.97.0/24 maxlen: 24
                          185.16.98.0/24 maxlen: 24
                          185.16.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/fusK7GOUn0ElxzqmF36gtyHVJ7s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/fusK7GOUn0ElxzqmF36gtyHVJ7s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fusK7GOUn0ElxzqmF36gtyHVJ7s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0a:3e:43:58:ea:dc:03:56:22:90:a6:6f:60:1b:2a:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7eeb0aec63949f4125c73aa6177ea0b721d527bb
        Validity
            Not Before: Sep  2 11:44:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b36887f8ad41e9b690ab210e31613c7fe18a9191
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:49:95:02:db:89:85:d5:28:1e:89:ea:78:1a:
                    0b:16:5b:49:62:52:af:57:6b:a7:e1:45:23:c5:d7:
                    53:d4:1c:4a:65:cb:29:66:f9:39:89:cd:62:a1:4e:
                    84:e9:25:ae:94:3c:77:97:3d:4c:79:ed:22:8e:8e:
                    17:77:97:9b:67:16:b6:df:b3:5e:08:ed:16:60:42:
                    0f:73:7a:7e:a8:96:15:ee:5f:b7:ca:a4:a6:1b:37:
                    be:83:ca:bf:a0:f3:7a:26:3c:ca:2c:d5:7e:6e:0a:
                    5e:27:d0:cc:3a:05:25:7f:d6:39:e7:f8:2c:e5:10:
                    43:b1:35:7a:d4:cc:11:81:3e:d1:cd:49:a2:95:fc:
                    8b:46:5b:8d:84:bf:06:b0:68:1e:29:ce:be:dd:58:
                    89:20:5f:7b:ed:e7:43:bc:d9:60:dc:84:bb:84:cb:
                    4e:b8:60:94:8d:ff:41:cf:be:f0:f4:ff:1e:f6:0e:
                    ae:ab:8f:39:16:93:f6:29:1c:fc:db:5b:15:84:99:
                    91:88:3b:4f:e6:16:5d:da:e2:5b:f6:ad:e9:30:a2:
                    ce:00:d0:94:0c:5d:8c:68:ec:e0:73:3d:e2:f3:8d:
                    db:2a:7d:00:ff:50:66:d8:cc:62:2b:68:74:74:6b:
                    69:b8:01:a4:15:9e:ee:a3:01:a1:55:0c:0f:f6:68:
                    e7:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:68:87:F8:AD:41:E9:B6:90:AB:21:0E:31:61:3C:7F:E1:8A:91:91
            X509v3 Authority Key Identifier:
                keyid:7E:EB:0A:EC:63:94:9F:41:25:C7:3A:A6:17:7E:A0:B7:21:D5:27:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fusK7GOUn0ElxzqmF36gtyHVJ7s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/s2iH-K1B6baQqyEOMWE8f-GKkZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/001edf-bffc-4960-a02c-d26d7d4c2505/1/fusK7GOUn0ElxzqmF36gtyHVJ7s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.16.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:10:ba:11:94:46:9d:30:9c:2f:50:34:a7:89:11:6e:b0:9f:
         21:0c:36:ab:14:3e:64:6c:cb:06:76:6a:b4:52:66:ee:6d:a3:
         fb:d1:64:56:97:ce:6d:0d:59:d8:97:53:e3:bf:f5:1a:ac:e2:
         5f:1e:c5:50:a0:56:cd:9a:e5:8f:34:65:b1:ff:0f:44:26:c2:
         bf:8f:85:ad:fc:19:ea:8a:88:f5:c4:b4:d7:0b:c0:7a:80:c8:
         93:9f:8b:77:3f:81:26:d7:fe:b3:42:95:b8:38:5e:92:12:8d:
         5b:27:b4:75:30:42:78:14:e8:37:09:f4:e8:69:b2:20:1d:ae:
         e4:fb:85:2b:c2:d7:c6:17:3c:d2:e6:aa:9e:e0:fd:a1:6f:3a:
         13:5e:74:fc:32:d4:98:1d:8e:d9:0e:1e:dc:c2:9a:f3:69:35:
         40:3f:ee:4e:3f:55:09:cf:ea:bd:36:98:d6:c6:f1:10:2e:02:
         6a:b9:c0:42:13:8e:9c:50:29:2b:37:09:42:69:74:e3:c3:82:
         3b:91:3c:ba:6e:2a:48:14:80:b9:cc:34:97:a7:e9:7a:b8:14:
         a4:14:4c:39:39:f3:21:88:14:fb:51:11:ec:29:62:c1:42:15:
         eb:aa:5a:ff:66:f2:ec:96:e3:4d:c4:63:f2:b2:e5:dc:29:d2:
         99:d3:0f:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkKPkNY6twDViKQpm9gGypcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlZWIwYWVjNjM5NDlmNDEyNWM3M2FhNjE3N2VhMGI3MjFk
NTI3YmIwHhcNMjUwOTAyMTE0NDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzY4ODdmOGFkNDFlOWI2OTBhYjIxMGUzMTYxM2M3ZmUxOGE5MTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8UmVAtuJhdUoHonqeBoLFltJYlKv
V2un4UUjxddT1BxKZcspZvk5ic1ioU6E6SWulDx3lz1Mee0ijo4Xd5ebZxa237Ne
CO0WYEIPc3p+qJYV7l+3yqSmGze+g8q/oPN6JjzKLNV+bgpeJ9DMOgUlf9Y55/gs
5RBDsTV61MwRgT7RzUmilfyLRluNhL8GsGgeKc6+3ViJIF977edDvNlg3IS7hMtO
uGCUjf9Bz77w9P8e9g6uq485FpP2KRz821sVhJmRiDtP5hZd2uJb9q3pMKLOANCU
DF2MaOzgcz3i843bKn0A/1Bm2MxiK2h0dGtpuAGkFZ7uowGhVQwP9mjniQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLNoh/itQem2kKshDjFhPH/hipGRMB8GA1UdIwQY
MBaAFH7rCuxjlJ9BJcc6phd+oLch1Se7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnVzSzdHT1VuMEVseHpxbUYzNmd0eUhWSjdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8wMDFlZGYtYmZmYy00OTYwLWEwMmMt
ZDI2ZDdkNGMyNTA1LzEvczJpSC1LMUI2YmFRcXlFT01XRThmLUdLa1pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8wMDFlZGYtYmZmYy00OTYwLWEwMmMtZDI2ZDdkNGMyNTA1
LzEvZnVzSzdHT1VuMEVseHpxbUYzNmd0eUhWSjdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRBgMA0G
CSqGSIb3DQEBCwUAA4IBAQAnELoRlEadMJwvUDSniRFusJ8hDDarFD5kbMsGdmq0
UmbubaP70WRWl85tDVnYl1Pjv/UarOJfHsVQoFbNmuWPNGWx/w9EJsK/j4Wt/Bnq
ioj1xLTXC8B6gMiTn4t3P4Em1/6zQpW4OF6SEo1bJ7R1MEJ4FOg3CfToabIgHa7k
+4UrwtfGFzzS5qqe4P2hbzoTXnT8MtSYHY7ZDh7cwprzaTVAP+5OP1UJz+q9NpjW
xvEQLgJqucBCE46cUCkrNwlCaXTjw4I7kTy6bipIFIC5zDSXp+l6uBSkFEw5OfMh
iBT7URHsKWLBQhXrqlr/ZvLsluNNxGPysuXcKdKZ0w+A
-----END CERTIFICATE-----