Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/bN7-Kq7z3wgWftbb2nqd7rwbLZg.roa
File:                     bN7-Kq7z3wgWftbb2nqd7rwbLZg.roa (raw, json)
Hash identifier:          mqM3YX+F8GmcuQTzFbd6b+e0Q2Ma/O75255EWFQHM0o=
Subject key identifier:   6C:DE:FE:2A:AE:F3:DF:08:16:7E:D6:DB:DA:7A:9D:EE:BC:1B:2D:98
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019A5E9EC1FF9E517CE2E89C253089246FE5
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/bN7-Kq7z3wgWftbb2nqd7rwbLZg.roa
Signing time:             Fri 07 Nov 2025 14:00:53 +0000
ROA not before:           Fri 07 Nov 2025 14:00:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        85.202.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Nov 2025 14:56:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:5e:9e:c1:ff:9e:51:7c:e2:e8:9c:25:30:89:24:6f:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Nov  7 14:00:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6cdefe2aaef3df08167ed6dbda7a9deebc1b2d98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:46:1d:14:33:f0:74:44:34:71:28:33:bf:94:
                    68:e3:cb:5d:4d:fb:9a:51:84:61:b2:c3:a6:83:09:
                    55:a8:10:5f:ab:ce:57:13:4a:10:d0:93:b9:77:88:
                    3b:61:a5:22:f2:53:aa:42:81:b8:14:36:c2:94:df:
                    b4:83:f7:1a:42:5d:bf:46:15:1e:09:3b:59:73:1b:
                    69:a9:36:e7:6a:a1:06:d1:b9:8e:94:a6:bb:53:07:
                    06:9c:aa:d3:82:f6:c3:b4:6f:f8:58:08:6e:4e:cf:
                    6c:e1:3d:29:34:b6:0c:a0:cd:b6:c4:1d:c2:6e:69:
                    d8:98:c8:0e:c8:c3:ea:c8:8c:ca:7a:5b:61:d9:71:
                    0c:93:57:18:08:47:36:a1:f3:cf:68:a1:a4:09:cf:
                    95:03:8c:a4:1d:2e:c8:29:3b:9d:3c:87:53:fa:1f:
                    c8:2a:69:62:b9:87:0b:49:4d:bb:9e:b8:45:74:c9:
                    52:a8:21:31:00:65:50:2b:cb:5f:d4:a7:98:57:f0:
                    51:fe:65:e8:f1:b6:2b:ed:69:16:47:99:9d:2d:8c:
                    f9:f6:67:08:63:ff:c4:d2:9b:9b:80:66:1d:44:c2:
                    79:34:02:c2:7e:be:80:e6:9f:e9:a5:6d:31:cf:0d:
                    8f:6c:de:a4:24:25:1d:76:2a:ab:19:86:f2:c6:fe:
                    62:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:DE:FE:2A:AE:F3:DF:08:16:7E:D6:DB:DA:7A:9D:EE:BC:1B:2D:98
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/bN7-Kq7z3wgWftbb2nqd7rwbLZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:bf:fa:b3:03:21:c2:ca:12:c6:b2:cb:37:f2:1c:53:c4:82:
         0a:69:49:9f:87:3f:2e:4b:c0:53:1a:ee:6a:69:ec:33:b1:62:
         5f:53:84:b3:3e:fa:1e:04:1f:15:12:f1:5d:5f:f5:b5:49:24:
         8f:0d:cf:4c:b9:92:2b:2f:da:34:04:87:c0:f1:c5:e6:6e:10:
         20:58:a0:9b:ee:f3:80:fa:59:aa:33:82:61:3c:4b:80:96:ba:
         d8:59:b3:b1:3e:98:8b:66:74:97:06:f3:c7:48:05:58:5b:df:
         fd:ca:5a:36:e0:60:6e:a4:26:94:4f:79:a9:3d:bf:ed:40:59:
         70:4a:10:69:19:33:72:a4:40:0a:8e:bc:80:68:bf:74:77:a1:
         3b:63:0b:8b:af:d9:86:ce:09:24:ea:4c:bc:28:eb:43:b2:d1:
         62:52:82:58:59:1d:6f:e3:7f:1c:4c:f5:ed:7c:09:a1:9f:36:
         3d:a9:2e:a9:9d:1f:d0:ce:86:6f:d2:34:85:6f:db:14:98:da:
         fb:f6:5c:88:61:6d:47:88:65:58:a4:90:fb:05:19:7c:22:24:
         e1:9f:5e:8d:01:75:45:eb:04:0f:7e:cc:ab:3b:ea:b9:d3:43:
         70:f8:c5:ba:d1:b0:ec:83:75:70:a9:5a:7e:76:8a:5c:d3:b3:
         37:4d:86:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpensH/nlF84uicJTCJJG/lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUxMTA3MTQwMDUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2RlZmUyYWFlZjNkZjA4MTY3ZWQ2ZGJkYTdhOWRlZWJjMWIyZDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkYdFDPwdEQ0cSgzv5Ro48tdTfua
UYRhssOmgwlVqBBfq85XE0oQ0JO5d4g7YaUi8lOqQoG4FDbClN+0g/caQl2/RhUe
CTtZcxtpqTbnaqEG0bmOlKa7UwcGnKrTgvbDtG/4WAhuTs9s4T0pNLYMoM22xB3C
bmnYmMgOyMPqyIzKelth2XEMk1cYCEc2ofPPaKGkCc+VA4ykHS7IKTudPIdT+h/I
KmliuYcLSU27nrhFdMlSqCExAGVQK8tf1KeYV/BR/mXo8bYr7WkWR5mdLYz59mcI
Y//E0pubgGYdRMJ5NALCfr6A5p/ppW0xzw2PbN6kJCUddiqrGYbyxv5iXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGze/iqu898IFn7W29p6ne68Gy2YMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvYk43LUtxN3ozd2dXZnRiYjJucWQ3cndiTFpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcrLMA0G
CSqGSIb3DQEBCwUAA4IBAQAmv/qzAyHCyhLGsss38hxTxIIKaUmfhz8uS8BTGu5q
aewzsWJfU4SzPvoeBB8VEvFdX/W1SSSPDc9MuZIrL9o0BIfA8cXmbhAgWKCb7vOA
+lmqM4JhPEuAlrrYWbOxPpiLZnSXBvPHSAVYW9/9ylo24GBupCaUT3mpPb/tQFlw
ShBpGTNypEAKjryAaL90d6E7YwuLr9mGzgkk6ky8KOtDstFiUoJYWR1v438cTPXt
fAmhnzY9qS6pnR/QzoZv0jSFb9sUmNr79lyIYW1HiGVYpJD7BRl8IiThn16NAXVF
6wQPfsyrO+q500Nw+MW60bDsg3VwqVp+dopc07M3TYZQ
-----END CERTIFICATE-----