Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/fe6bac-10b3-4256-84b0-a76292e20458/1/BATki590UiqZDbP_z7AwLiqKNlQ.roa
File:                     BATki590UiqZDbP_z7AwLiqKNlQ.roa (raw, json)
Hash identifier:          lLBGgs0m/c36BeWtUsvXAnd6y79SE8z2K+GJhbENw4s=
Subject key identifier:   04:04:E4:8B:9F:74:52:2A:99:0D:B3:FF:CF:B0:30:2E:2A:8A:36:54
Certificate issuer:       /CN=e7f26134830ee20dc22986dc8a7366d0972b2930
Certificate serial:       0199292E4BCA9A6F0E1415BC8AE176367DF7
Authority key identifier: E7:F2:61:34:83:0E:E2:0D:C2:29:86:DC:8A:73:66:D0:97:2B:29:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5_JhNIMO4g3CKYbcinNm0JcrKTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/fe6bac-10b3-4256-84b0-a76292e20458/1/BATki590UiqZDbP_z7AwLiqKNlQ.roa
Signing time:             Mon 08 Sep 2025 11:55:23 +0000
ROA not before:           Mon 08 Sep 2025 11:55:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210423
IP address blocks:        79.108.228.0/22 maxlen: 22
                          93.157.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/fe6bac-10b3-4256-84b0-a76292e20458/1/5_JhNIMO4g3CKYbcinNm0JcrKTA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/fe6bac-10b3-4256-84b0-a76292e20458/1/5_JhNIMO4g3CKYbcinNm0JcrKTA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5_JhNIMO4g3CKYbcinNm0JcrKTA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 17:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:29:2e:4b:ca:9a:6f:0e:14:15:bc:8a:e1:76:36:7d:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7f26134830ee20dc22986dc8a7366d0972b2930
        Validity
            Not Before: Sep  8 11:55:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0404e48b9f74522a990db3ffcfb0302e2a8a3654
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:88:16:61:6c:cd:68:dc:d0:66:84:a4:49:af:
                    d0:b6:bb:e7:fc:83:54:23:63:4c:03:57:6f:8d:bd:
                    cf:18:0a:b0:99:16:c7:f9:af:8c:aa:3d:38:f7:a5:
                    64:ad:72:92:1e:98:97:40:c1:b1:bd:c5:f2:b4:3a:
                    1d:88:de:f6:41:18:50:3b:a5:c1:5d:00:ae:f5:50:
                    8c:96:75:8a:ff:e8:95:67:04:3d:96:53:32:06:77:
                    95:35:1e:5b:b4:83:5f:a0:0e:b7:51:93:dc:ea:5f:
                    66:17:c6:c2:92:98:90:ee:ef:23:bf:b3:c5:19:72:
                    3b:f2:f3:41:a6:f2:10:20:b0:f0:f3:e3:c3:f4:f8:
                    0b:6f:df:34:d0:b5:ce:fc:ab:bd:ab:8c:ab:29:15:
                    d6:7c:c9:fb:3b:08:3e:94:66:02:43:64:6f:e4:6f:
                    64:1d:bc:f7:1c:ef:c4:dd:43:94:c3:3c:f5:0c:29:
                    a6:d9:2d:10:12:9d:6a:e2:0d:45:85:fd:07:d9:bf:
                    a5:f8:d6:b3:26:57:7a:be:4b:f1:d8:4e:1d:4b:35:
                    57:02:6c:3f:51:d6:68:80:0e:a0:9f:28:29:0b:60:
                    10:86:61:dc:98:2a:9e:d8:bf:26:10:25:80:8b:bf:
                    3d:fb:99:26:c4:80:45:d3:a7:10:56:c3:d9:1d:7f:
                    4f:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:04:E4:8B:9F:74:52:2A:99:0D:B3:FF:CF:B0:30:2E:2A:8A:36:54
            X509v3 Authority Key Identifier:
                keyid:E7:F2:61:34:83:0E:E2:0D:C2:29:86:DC:8A:73:66:D0:97:2B:29:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5_JhNIMO4g3CKYbcinNm0JcrKTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/fe6bac-10b3-4256-84b0-a76292e20458/1/BATki590UiqZDbP_z7AwLiqKNlQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/fe6bac-10b3-4256-84b0-a76292e20458/1/5_JhNIMO4g3CKYbcinNm0JcrKTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.108.228.0/22
                  93.157.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:7a:85:b9:c2:c2:61:10:9d:51:84:cc:a2:02:de:ff:0d:bd:
         63:d5:35:51:22:20:17:44:2d:bf:d6:d8:a5:8c:6a:d3:d8:59:
         7b:39:3f:d8:fb:1e:2d:ae:29:84:4f:f7:34:4a:80:b1:1e:71:
         fe:c5:87:00:52:d6:32:b6:73:86:05:c0:71:9c:35:db:90:80:
         67:aa:89:53:1e:15:7b:05:38:06:e3:8c:40:e4:ef:59:68:90:
         d8:45:e5:42:61:38:80:df:6f:c3:d7:a9:a3:6f:f4:85:f6:80:
         4f:ac:ba:73:4e:11:33:c0:18:17:09:b8:c5:96:aa:86:9d:2c:
         10:21:90:02:1f:df:fb:1e:5a:04:34:bc:c3:25:d9:ae:46:78:
         df:66:dd:01:e3:39:dc:4b:cc:30:d1:b4:1e:0d:91:bb:17:dc:
         da:8b:ab:56:16:d4:02:44:1a:cd:e2:ee:83:76:2b:c1:57:23:
         f5:69:06:17:79:a2:13:d9:91:c8:fd:e2:a6:c2:4e:15:95:65:
         a0:76:0a:d4:05:51:a0:c9:49:24:48:f1:e5:92:5b:5f:13:d6:
         2d:fe:89:b1:79:06:28:26:e6:83:36:36:25:98:64:66:55:2a:
         23:9d:87:5b:9b:8a:31:c3:e2:07:35:2d:49:5e:1b:cf:bf:07:
         2e:e3:0e:ca
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkpLkvKmm8OFBW8iuF2Nn33MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZjI2MTM0ODMwZWUyMGRjMjI5ODZkYzhhNzM2NmQwOTcy
YjI5MzAwHhcNMjUwOTA4MTE1NTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDA0ZTQ4YjlmNzQ1MjJhOTkwZGIzZmZjZmIwMzAyZTJhOGEzNjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYgWYWzNaNzQZoSkSa/Qtrvn/INU
I2NMA1dvjb3PGAqwmRbH+a+Mqj0496VkrXKSHpiXQMGxvcXytDodiN72QRhQO6XB
XQCu9VCMlnWK/+iVZwQ9llMyBneVNR5btINfoA63UZPc6l9mF8bCkpiQ7u8jv7PF
GXI78vNBpvIQILDw8+PD9PgLb9800LXO/Ku9q4yrKRXWfMn7Owg+lGYCQ2Rv5G9k
Hbz3HO/E3UOUwzz1DCmm2S0QEp1q4g1Fhf0H2b+l+NazJld6vkvx2E4dSzVXAmw/
UdZogA6gnygpC2AQhmHcmCqe2L8mECWAi789+5kmxIBF06cQVsPZHX9PjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAQE5IufdFIqmQ2z/8+wMC4qijZUMB8GA1UdIwQY
MBaAFOfyYTSDDuINwimG3IpzZtCXKykwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNV9KaE5JTU80ZzNDS1liY2luTm0wSmNyS1RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9mZTZiYWMtMTBiMy00MjU2LTg0YjAt
YTc2MjkyZTIwNDU4LzEvQkFUa2k1OTBVaXFaRGJQX3o3QXdMaXFLTmxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9mZTZiYWMtMTBiMy00MjU2LTg0YjAtYTc2MjkyZTIwNDU4
LzEvNV9KaE5JTU80ZzNDS1liY2luTm0wSmNyS1RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCT2zkAwQA
XZ1rMA0GCSqGSIb3DQEBCwUAA4IBAQCueoW5wsJhEJ1RhMyiAt7/Db1j1TVRIiAX
RC2/1tiljGrT2Fl7OT/Y+x4trimET/c0SoCxHnH+xYcAUtYytnOGBcBxnDXbkIBn
qolTHhV7BTgG44xA5O9ZaJDYReVCYTiA32/D16mjb/SF9oBPrLpzThEzwBgXCbjF
lqqGnSwQIZACH9/7HloENLzDJdmuRnjfZt0B4zncS8ww0bQeDZG7F9zai6tWFtQC
RBrN4u6DdivBVyP1aQYXeaIT2ZHI/eKmwk4VlWWgdgrUBVGgyUkkSPHlkltfE9Yt
/omxeQYoJuaDNjYlmGRmVSojnYdbm4oxw+IHNS1JXhvPvwcu4w7K
-----END CERTIFICATE-----