Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/f8fdae-a53f-43c1-9612-120fc19236c9/1/71qYJL8nzjLbrizEeui2lEgxB5s.roa
File:                     71qYJL8nzjLbrizEeui2lEgxB5s.roa (raw, json)
Hash identifier:          VmrhpDcOBNu6Xf5rfKPD5N1hG7HhaxfVhsVb8qoAF7A=
Subject key identifier:   EF:5A:98:24:BF:27:CE:32:DB:AE:2C:C4:7A:E8:B6:94:48:31:07:9B
Certificate issuer:       /CN=7d074e9ee32e0b10c830dca4763eb9cc65246faa
Certificate serial:       019A01AB6CBC9E0709970BCDE0C3DE8BFEB3
Authority key identifier: 7D:07:4E:9E:E3:2E:0B:10:C8:30:DC:A4:76:3E:B9:CC:65:24:6F:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQdOnuMuCxDIMNykdj65zGUkb6o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/f8fdae-a53f-43c1-9612-120fc19236c9/1/71qYJL8nzjLbrizEeui2lEgxB5s.roa
Signing time:             Mon 20 Oct 2025 12:50:02 +0000
ROA not before:           Mon 20 Oct 2025 12:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33933
IP address blocks:        91.209.120.0/24 maxlen: 24
                          185.11.156.0/22 maxlen: 22
                          195.38.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/f8fdae-a53f-43c1-9612-120fc19236c9/1/fQdOnuMuCxDIMNykdj65zGUkb6o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/f8fdae-a53f-43c1-9612-120fc19236c9/1/fQdOnuMuCxDIMNykdj65zGUkb6o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQdOnuMuCxDIMNykdj65zGUkb6o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 06:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:01:ab:6c:bc:9e:07:09:97:0b:cd:e0:c3:de:8b:fe:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d074e9ee32e0b10c830dca4763eb9cc65246faa
        Validity
            Not Before: Oct 20 12:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef5a9824bf27ce32dbae2cc47ae8b6944831079b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f3:9b:af:d7:9b:b0:ac:be:b1:33:95:ea:98:
                    2f:5b:67:2a:c7:8e:88:66:0f:5f:7a:5f:42:56:c9:
                    f9:e4:f0:b2:79:23:f5:6e:26:36:21:8a:fe:09:39:
                    fc:86:ce:f5:ff:84:d6:b6:b4:10:dc:9e:f1:fc:7c:
                    68:15:55:42:35:c8:d5:f3:27:36:91:eb:21:02:f7:
                    7b:17:c3:fa:0c:67:97:6b:d0:47:39:3b:d0:35:ef:
                    81:cd:3f:2d:53:dc:ca:14:ad:eb:cf:aa:8d:2b:46:
                    95:bb:9c:a9:ab:b2:ad:2d:26:6b:7e:a1:6c:2e:77:
                    f3:4c:b7:f3:f5:f6:e9:51:53:64:a7:85:82:c0:70:
                    5f:9b:f1:e6:8a:b9:93:80:ab:be:6f:89:65:72:79:
                    29:64:2b:39:f9:bf:38:0e:95:99:26:73:7a:ab:54:
                    d9:20:29:c0:4d:66:74:1c:bf:13:f0:90:a5:e3:f5:
                    98:04:e2:de:6f:5c:d0:1f:5c:93:b8:35:68:d1:b5:
                    36:de:7e:7b:74:6b:ff:ef:0b:b0:50:e0:54:aa:51:
                    72:a3:64:d6:67:20:d5:a1:08:06:67:b6:6f:3a:c7:
                    71:ce:e7:28:a6:9f:7b:c1:c7:90:7c:9d:bc:76:67:
                    9b:0e:ff:8a:2f:91:0d:ed:8d:32:f6:19:30:0d:45:
                    da:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:5A:98:24:BF:27:CE:32:DB:AE:2C:C4:7A:E8:B6:94:48:31:07:9B
            X509v3 Authority Key Identifier:
                keyid:7D:07:4E:9E:E3:2E:0B:10:C8:30:DC:A4:76:3E:B9:CC:65:24:6F:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQdOnuMuCxDIMNykdj65zGUkb6o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/f8fdae-a53f-43c1-9612-120fc19236c9/1/71qYJL8nzjLbrizEeui2lEgxB5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/f8fdae-a53f-43c1-9612-120fc19236c9/1/fQdOnuMuCxDIMNykdj65zGUkb6o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.120.0/24
                  185.11.156.0/22
                  195.38.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:d0:17:f3:d8:12:44:a6:c2:86:dc:9c:1d:a6:3a:0c:e4:50:
         3b:fe:15:16:ac:1f:4e:b3:c5:60:5d:81:3d:6e:ff:00:06:af:
         59:54:cc:94:d4:29:32:4a:b1:7d:2d:fe:cc:7c:19:a1:ca:53:
         69:8e:0c:e7:e2:9d:03:30:95:30:06:30:24:a1:22:8f:18:b3:
         b8:48:3e:d6:b3:20:94:00:43:37:e2:07:50:db:10:12:a7:9e:
         19:1a:97:8d:79:f7:10:1d:12:a9:55:cd:0b:94:ea:9d:23:15:
         3f:c7:3f:ff:9a:9e:89:3d:de:71:6c:86:7a:75:9b:95:3b:4b:
         6d:7a:1a:3d:d5:41:c5:9f:0b:cc:e6:8a:04:6f:3f:0d:09:e0:
         fb:ea:a9:b2:37:14:d9:e1:15:74:15:18:9b:f5:e4:2c:2d:e9:
         a0:31:1f:d6:31:48:a4:9d:9a:cb:b9:35:79:e0:9b:25:ad:41:
         bf:a0:3d:4d:3a:26:b9:9c:b1:e1:64:02:18:0d:47:be:c3:bf:
         26:59:79:43:b2:f8:8e:97:fd:da:b1:21:ff:cf:6e:fb:45:f2:
         65:4f:c6:90:96:f0:5b:d5:23:20:6e:20:f7:cb:d0:fe:a1:25:
         be:a0:d7:c6:f0:22:5b:b4:15:7c:74:3c:be:62:05:dd:14:6e:
         2d:be:af:95
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZoBq2y8ngcJlwvN4MPei/6zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDc0ZTllZTMyZTBiMTBjODMwZGNhNDc2M2ViOWNjNjUy
NDZmYWEwHhcNMjUxMDIwMTI1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjVhOTgyNGJmMjdjZTMyZGJhZTJjYzQ3YWU4YjY5NDQ4MzEwNzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/Obr9ebsKy+sTOV6pgvW2cqx46I
Zg9fel9CVsn55PCyeSP1biY2IYr+CTn8hs71/4TWtrQQ3J7x/HxoFVVCNcjV8yc2
keshAvd7F8P6DGeXa9BHOTvQNe+BzT8tU9zKFK3rz6qNK0aVu5ypq7KtLSZrfqFs
LnfzTLfz9fbpUVNkp4WCwHBfm/HmirmTgKu+b4llcnkpZCs5+b84DpWZJnN6q1TZ
ICnATWZ0HL8T8JCl4/WYBOLeb1zQH1yTuDVo0bU23n57dGv/7wuwUOBUqlFyo2TW
ZyDVoQgGZ7ZvOsdxzucopp97wceQfJ28dmebDv+KL5EN7Y0y9hkwDUXaKQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO9amCS/J84y264sxHrotpRIMQebMB8GA1UdIwQY
MBaAFH0HTp7jLgsQyDDcpHY+ucxlJG+qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFkT251TXVDeERJTU55a2RqNjV6R1VrYjZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9mOGZkYWUtYTUzZi00M2MxLTk2MTIt
MTIwZmMxOTIzNmM5LzEvNzFxWUpMOG56akxicml6RWV1aTJsRWd4QjVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9mOGZkYWUtYTUzZi00M2MxLTk2MTItMTIwZmMxOTIzNmM5
LzEvZlFkT251TXVDeERJTU55a2RqNjV6R1VrYjZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW9F4AwQC
uQucAwQAwyYUMA0GCSqGSIb3DQEBCwUAA4IBAQCy0Bfz2BJEpsKG3JwdpjoM5FA7
/hUWrB9Os8VgXYE9bv8ABq9ZVMyU1CkySrF9Lf7MfBmhylNpjgzn4p0DMJUwBjAk
oSKPGLO4SD7WsyCUAEM34gdQ2xASp54ZGpeNefcQHRKpVc0LlOqdIxU/xz//mp6J
Pd5xbIZ6dZuVO0tteho91UHFnwvM5ooEbz8NCeD76qmyNxTZ4RV0FRib9eQsLemg
MR/WMUiknZrLuTV54JslrUG/oD1NOia5nLHhZAIYDUe+w78mWXlDsviOl/3asSH/
z277RfJlT8aQlvBb1SMgbiD3y9D+oSW+oNfG8CJbtBV8dDy+YgXdFG4tvq+V
-----END CERTIFICATE-----