Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/7jwxCTrpuBYCzl_mE2RCtp0REXI.roa
File:                     7jwxCTrpuBYCzl_mE2RCtp0REXI.roa (raw, json)
Hash identifier:          +ypxyRmQFEVXeIrygXjJlGbbYxoSAkj90Kr5Ppz5cVM=
Subject key identifier:   EE:3C:31:09:3A:E9:B8:16:02:CE:5F:E6:13:64:42:B6:9D:11:11:72
Certificate issuer:       /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial:       0198EB646E09A3C787F6E7F8C1F751D7B096
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/7jwxCTrpuBYCzl_mE2RCtp0REXI.roa
Signing time:             Wed 27 Aug 2025 11:58:04 +0000
ROA not before:           Wed 27 Aug 2025 11:58:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202827
IP address blocks:        86.110.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 13:02:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:eb:64:6e:09:a3:c7:87:f6:e7:f8:c1:f7:51:d7:b0:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
        Validity
            Not Before: Aug 27 11:58:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee3c31093ae9b81602ce5fe6136442b69d111172
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:d3:c7:93:58:17:84:6b:d5:c6:a3:1a:a6:50:
                    d5:46:c4:cc:4c:30:3f:4d:fc:2e:66:40:a0:89:0f:
                    dc:c1:42:93:f5:aa:9f:2d:12:d9:66:ee:4d:ae:28:
                    af:12:23:4f:a9:cc:28:50:ff:35:9e:0f:49:79:6c:
                    4e:18:43:f6:7a:8e:dd:bb:db:c8:0d:69:ba:4d:d8:
                    f5:f0:94:20:5e:16:c0:14:9d:94:83:e1:3b:75:44:
                    9c:d9:e8:75:8d:2f:f5:9f:d6:6f:74:66:fd:18:a3:
                    a2:35:e9:c9:7d:bb:cf:f3:18:8e:bc:30:8a:ab:d4:
                    0f:f5:57:ae:72:a7:94:ff:97:c1:6d:9a:c8:77:41:
                    68:af:3d:4a:43:cf:f0:ca:99:d6:61:94:e8:46:d7:
                    77:2f:81:72:db:65:6d:1d:de:c6:bd:e2:84:9b:fb:
                    2a:c8:3d:a3:8a:cd:8b:bb:c1:cb:20:d4:92:9f:54:
                    cc:94:77:a1:e2:51:01:f0:69:16:a9:87:8f:72:72:
                    c3:59:b4:3d:89:c2:eb:14:a4:04:5c:4e:27:a8:42:
                    44:ec:2d:44:2f:3b:d6:64:61:03:2e:49:58:82:6a:
                    a2:dc:f6:f4:b0:a3:6a:e6:02:2f:d8:c7:20:34:36:
                    4e:35:6c:99:14:f6:dc:b6:fb:a1:03:db:50:38:ef:
                    11:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:3C:31:09:3A:E9:B8:16:02:CE:5F:E6:13:64:42:B6:9D:11:11:72
            X509v3 Authority Key Identifier:
                keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/7jwxCTrpuBYCzl_mE2RCtp0REXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:6b:91:3d:db:84:f0:5c:eb:e5:62:f4:6f:ff:cd:b8:48:b4:
         e5:27:0c:4e:48:aa:1f:bd:de:62:40:34:39:2a:59:bf:79:d0:
         01:f3:25:ef:05:b9:20:f5:79:a8:70:a6:ff:73:37:da:6f:ac:
         5e:82:ee:e6:74:2a:8e:2d:b3:66:84:af:b1:b7:6f:a1:ed:2a:
         85:8a:d8:d5:2e:67:39:60:11:dc:9d:66:b5:38:c6:32:5a:2e:
         bb:ff:5a:21:b5:dd:e6:42:9d:74:a4:61:d0:31:0c:a3:38:ab:
         2b:9e:12:f1:2a:b8:3f:7f:bf:48:d0:32:10:76:c9:3f:d4:8d:
         08:23:e6:f6:af:a0:d9:d8:41:26:7a:6e:6a:80:de:37:5b:31:
         35:05:b0:25:ae:c1:2f:41:17:d8:93:aa:c2:d4:5e:df:08:12:
         b0:53:90:06:f6:55:03:60:6c:db:3f:13:37:95:f8:dd:12:6a:
         f1:aa:8e:b7:9a:a9:84:c8:c4:a2:10:73:c1:81:f8:48:a2:ed:
         2c:d0:d9:24:31:ee:8a:8b:d2:b9:e5:b7:28:7a:79:3d:97:0e:
         a0:43:b2:b9:4b:6c:ee:fd:63:e9:dd:39:b7:9c:bf:f9:32:5d:
         41:cc:4c:cf:0b:63:ab:8d:f1:79:31:63:87:4b:ba:08:ed:d2:
         08:92:4e:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjrZG4Jo8eH9uf4wfdR17CWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjUwODI3MTE1ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTNjMzEwOTNhZTliODE2MDJjZTVmZTYxMzY0NDJiNjlkMTExMTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8dPHk1gXhGvVxqMaplDVRsTMTDA/
TfwuZkCgiQ/cwUKT9aqfLRLZZu5NriivEiNPqcwoUP81ng9JeWxOGEP2eo7du9vI
DWm6Tdj18JQgXhbAFJ2Ug+E7dUSc2eh1jS/1n9ZvdGb9GKOiNenJfbvP8xiOvDCK
q9QP9VeucqeU/5fBbZrId0Forz1KQ8/wypnWYZToRtd3L4Fy22VtHd7GveKEm/sq
yD2jis2Lu8HLINSSn1TMlHeh4lEB8GkWqYePcnLDWbQ9icLrFKQEXE4nqEJE7C1E
LzvWZGEDLklYgmqi3Pb0sKNq5gIv2McgNDZONWyZFPbctvuhA9tQOO8RNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO48MQk66bgWAs5f5hNkQradERFyMB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvN2p3eENUcnB1QllDemxfbUUyUkN0cDBSRVhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm4zMA0G
CSqGSIb3DQEBCwUAA4IBAQB6a5E924TwXOvlYvRv/824SLTlJwxOSKofvd5iQDQ5
Klm/edAB8yXvBbkg9XmocKb/czfab6xegu7mdCqOLbNmhK+xt2+h7SqFitjVLmc5
YBHcnWa1OMYyWi67/1ohtd3mQp10pGHQMQyjOKsrnhLxKrg/f79I0DIQdsk/1I0I
I+b2r6DZ2EEmem5qgN43WzE1BbAlrsEvQRfYk6rC1F7fCBKwU5AG9lUDYGzbPxM3
lfjdEmrxqo63mqmEyMSiEHPBgfhIou0s0NkkMe6Ki9K55bcoenk9lw6gQ7K5S2zu
/WPp3Tm3nL/5Ml1BzEzPC2OrjfF5MWOHS7oI7dIIkk7R
-----END CERTIFICATE-----