Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/p7Zmwvy2dxrINzJ4ikAzaX6O840.roa
File:                     p7Zmwvy2dxrINzJ4ikAzaX6O840.roa (raw, json)
Hash identifier:          SbQBVdQpLZHKjHu5jBED/DHL+txB6h9QZkkFwmO9+f4=
Subject key identifier:   A7:B6:66:C2:FC:B6:77:1A:C8:37:32:78:8A:40:33:69:7E:8E:F3:8D
Certificate issuer:       /CN=8f4669216a2078cb024231f4632eab4da7ee4bc1
Certificate serial:       019A5A06F896755CBFF87780DF0A5066A764
Authority key identifier: 8F:46:69:21:6A:20:78:CB:02:42:31:F4:63:2E:AB:4D:A7:EE:4B:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/p7Zmwvy2dxrINzJ4ikAzaX6O840.roa
Signing time:             Thu 06 Nov 2025 16:36:37 +0000
ROA not before:           Thu 06 Nov 2025 16:36:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     984
IP address blocks:        185.46.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:5a:06:f8:96:75:5c:bf:f8:77:80:df:0a:50:66:a7:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4669216a2078cb024231f4632eab4da7ee4bc1
        Validity
            Not Before: Nov  6 16:36:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a7b666c2fcb6771ac83732788a4033697e8ef38d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:b6:34:92:e8:a2:94:15:b4:cc:e8:2a:00:ab:
                    6b:d4:38:03:26:82:95:5a:38:b1:5e:3a:d3:03:06:
                    a9:d6:aa:52:5e:ae:aa:b2:b4:9a:82:83:c6:fb:fa:
                    0d:32:75:ae:96:05:c4:9d:ef:20:7d:6e:0a:5e:a4:
                    d6:f9:cf:44:cd:bd:59:f1:1e:fa:13:68:d8:6d:f7:
                    e3:12:54:cd:b1:7c:5f:16:07:49:b6:10:11:9d:d7:
                    48:6e:ef:44:27:ba:fa:32:d4:71:83:ac:44:14:39:
                    66:23:76:bd:c3:6c:ba:3a:a4:55:17:46:09:ce:bb:
                    3b:a5:4b:e1:21:f0:9f:f1:47:27:f7:2b:35:2b:2c:
                    f1:71:07:47:95:1e:5c:f0:e4:58:c5:6d:2b:88:f6:
                    85:b1:02:df:5f:c6:96:26:f8:ee:3b:d3:0f:21:cb:
                    fe:20:ce:a6:9f:a7:a9:5a:16:22:69:eb:95:8c:b6:
                    a8:a6:d6:ab:67:e7:67:bf:09:82:a0:cf:2c:25:97:
                    58:57:97:01:af:b6:4f:64:6a:47:d5:dd:94:92:cb:
                    e8:7f:b5:aa:c9:c3:b0:51:a8:b1:04:6b:5a:16:b4:
                    d1:f3:4e:d1:07:5a:b4:b9:af:2a:5e:b5:32:56:62:
                    7b:36:05:3f:90:9c:f4:ab:38:41:0d:02:da:b0:44:
                    8f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:B6:66:C2:FC:B6:77:1A:C8:37:32:78:8A:40:33:69:7E:8E:F3:8D
            X509v3 Authority Key Identifier:
                keyid:8F:46:69:21:6A:20:78:CB:02:42:31:F4:63:2E:AB:4D:A7:EE:4B:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/p7Zmwvy2dxrINzJ4ikAzaX6O840.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:b5:7f:c0:b7:f6:f3:fe:5e:c7:fc:f7:ac:ad:ac:f1:12:00:
         a1:75:c4:39:d0:37:ea:5e:67:7f:cb:51:cf:4b:ce:3c:ba:6a:
         65:d3:24:1b:7a:41:fd:b3:f8:26:c8:c4:ab:a3:66:c3:e8:29:
         64:40:5a:00:55:33:d3:86:61:bc:68:69:f4:b6:eb:2a:9a:01:
         9a:ae:0d:0e:7d:10:c1:14:3e:19:cc:bf:18:e0:04:43:15:a5:
         c3:cc:88:57:c2:e5:13:e8:00:9e:33:3a:ee:32:e9:32:3a:e4:
         0f:0d:48:c0:dd:7c:a5:c8:d3:35:0f:d0:16:7f:50:82:22:f3:
         fa:8d:f4:2d:7e:27:8c:f6:37:0c:bf:9e:02:f2:0c:bc:d7:e0:
         1a:1a:92:5c:2c:fc:c3:01:7c:73:83:cb:12:5b:3f:a3:ce:10:
         5e:88:19:66:0e:02:e7:52:e4:cb:e9:3a:ee:1c:4a:00:7e:71:
         97:1e:ae:ea:b5:87:cf:1f:8f:3a:68:ba:80:4b:77:f3:ea:f6:
         35:7a:31:e5:e9:9e:67:dc:2c:db:bf:47:b3:cd:36:e8:5f:27:
         4e:59:af:28:b6:a2:77:7c:ec:fe:a9:b3:62:0b:b9:4a:c8:ad:
         ba:ef:e2:0e:b7:d7:e7:bd:47:c6:1d:92:30:a9:7e:88:5a:69:
         02:c3:9d:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpaBviWdVy/+HeA3wpQZqdkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmNDY2OTIxNmEyMDc4Y2IwMjQyMzFmNDYzMmVhYjRkYTdl
ZTRiYzEwHhcNMjUxMTA2MTYzNjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2I2NjZjMmZjYjY3NzFhYzgzNzMyNzg4YTQwMzM2OTdlOGVmMzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA47Y0kuiilBW0zOgqAKtr1DgDJoKV
WjixXjrTAwap1qpSXq6qsrSagoPG+/oNMnWulgXEne8gfW4KXqTW+c9Ezb1Z8R76
E2jYbffjElTNsXxfFgdJthARnddIbu9EJ7r6MtRxg6xEFDlmI3a9w2y6OqRVF0YJ
zrs7pUvhIfCf8Ucn9ys1KyzxcQdHlR5c8ORYxW0riPaFsQLfX8aWJvjuO9MPIcv+
IM6mn6epWhYiaeuVjLaoptarZ+dnvwmCoM8sJZdYV5cBr7ZPZGpH1d2Uksvof7Wq
ycOwUaixBGtaFrTR807RB1q0ua8qXrUyVmJ7NgU/kJz0qzhBDQLasESPUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKe2ZsL8tncayDcyeIpAM2l+jvONMB8GA1UdIwQY
MBaAFI9GaSFqIHjLAkIx9GMuq02n7kvBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajBacElXb2dlTXNDUWpIMFl5NnJUYWZ1UzhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9kYTQ4ZTItZmY2My00YmNkLTgyYTIt
ZDdiOGViNDYwOGUyLzEvcDdabXd2eTJkeHJJTnpKNGlrQXphWDZPODQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9kYTQ4ZTItZmY2My00YmNkLTgyYTItZDdiOGViNDYwOGUy
LzEvajBacElXb2dlTXNDUWpIMFl5NnJUYWZ1UzhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuS5yMA0G
CSqGSIb3DQEBCwUAA4IBAQA2tX/At/bz/l7H/PesrazxEgChdcQ50DfqXmd/y1HP
S848umpl0yQbekH9s/gmyMSro2bD6ClkQFoAVTPThmG8aGn0tusqmgGarg0OfRDB
FD4ZzL8Y4ARDFaXDzIhXwuUT6ACeMzruMukyOuQPDUjA3XylyNM1D9AWf1CCIvP6
jfQtfieM9jcMv54C8gy81+AaGpJcLPzDAXxzg8sSWz+jzhBeiBlmDgLnUuTL6Tru
HEoAfnGXHq7qtYfPH486aLqAS3fz6vY1ejHl6Z5n3Czbv0ezzTboXydOWa8otqJ3
fOz+qbNiC7lKyK267+IOt9fnvUfGHZIwqX6IWmkCw52t
-----END CERTIFICATE-----