Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/4ae4c7-f286-4c6e-9514-88e6816271f7/1/str3-7dKKBXkTaCco2AxqojW1YQ.roa
File:                     str3-7dKKBXkTaCco2AxqojW1YQ.roa (raw, json)
Hash identifier:          fMmpOIsyT53t9MRkb+zMzEyMIqFRw0lRg1YQpIT+8WI=
Subject key identifier:   B2:DA:F7:FB:B7:4A:28:15:E4:4D:A0:9C:A3:60:31:AA:88:D6:D5:84
Certificate issuer:       /CN=bc9c403ad007e2a242a6b09061a3c1a360a64d5a
Certificate serial:       019A1018AA2015AE8AAF661FC34EB7087800
Authority key identifier: BC:9C:40:3A:D0:07:E2:A2:42:A6:B0:90:61:A3:C1:A3:60:A6:4D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vJxAOtAH4qJCprCQYaPBo2CmTVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/4ae4c7-f286-4c6e-9514-88e6816271f7/1/str3-7dKKBXkTaCco2AxqojW1YQ.roa
Signing time:             Thu 23 Oct 2025 08:04:03 +0000
ROA not before:           Thu 23 Oct 2025 08:04:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        185.112.188.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/4ae4c7-f286-4c6e-9514-88e6816271f7/1/vJxAOtAH4qJCprCQYaPBo2CmTVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/4ae4c7-f286-4c6e-9514-88e6816271f7/1/vJxAOtAH4qJCprCQYaPBo2CmTVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vJxAOtAH4qJCprCQYaPBo2CmTVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Oct 2025 15:57:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:10:18:aa:20:15:ae:8a:af:66:1f:c3:4e:b7:08:78:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc9c403ad007e2a242a6b09061a3c1a360a64d5a
        Validity
            Not Before: Oct 23 08:04:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2daf7fbb74a2815e44da09ca36031aa88d6d584
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:1b:b9:d3:4d:e2:4c:24:4c:8a:62:38:71:05:
                    6e:d5:b7:24:7e:a6:a8:51:76:f7:79:7d:d0:39:fe:
                    a9:83:2b:59:8e:d7:d5:b8:4a:d6:6d:06:49:3b:ff:
                    6a:6e:50:9d:cd:42:28:fd:49:db:d6:ef:98:97:db:
                    5a:fb:af:ce:8f:c4:62:9c:1c:6e:64:7c:6c:60:f8:
                    58:fa:00:4b:7c:c2:bf:c6:b2:19:2d:b9:c7:92:e0:
                    33:57:5b:80:f7:33:b4:ea:43:df:8d:f3:05:7c:69:
                    50:af:73:d6:27:89:ba:80:1d:1a:14:0a:e9:e0:b9:
                    6b:74:23:4e:54:a6:ae:01:ff:9e:12:b4:c2:cf:d7:
                    98:16:25:9b:55:72:e7:a6:90:91:fe:ce:49:f1:c5:
                    b7:96:c0:c7:66:24:3f:c0:cb:a6:43:37:8d:08:54:
                    eb:4d:6a:21:af:d4:19:f1:81:e0:9f:22:a6:b2:f5:
                    6c:90:d9:37:d7:c0:79:1d:c4:f5:5d:b7:01:e9:d4:
                    5e:cc:7b:44:b9:89:51:63:aa:3e:63:a9:26:ac:9f:
                    0c:9d:1e:94:84:69:50:43:0b:cf:95:58:ee:e2:f7:
                    ec:c0:97:dc:d1:e8:d0:db:c4:e7:9d:d8:cd:36:38:
                    26:4a:5e:43:87:e4:7c:d9:a5:64:5a:55:99:1d:bd:
                    66:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:DA:F7:FB:B7:4A:28:15:E4:4D:A0:9C:A3:60:31:AA:88:D6:D5:84
            X509v3 Authority Key Identifier:
                keyid:BC:9C:40:3A:D0:07:E2:A2:42:A6:B0:90:61:A3:C1:A3:60:A6:4D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vJxAOtAH4qJCprCQYaPBo2CmTVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/4ae4c7-f286-4c6e-9514-88e6816271f7/1/str3-7dKKBXkTaCco2AxqojW1YQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/4ae4c7-f286-4c6e-9514-88e6816271f7/1/vJxAOtAH4qJCprCQYaPBo2CmTVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:a6:ef:99:39:77:9e:68:38:ac:35:c9:c5:36:54:94:35:47:
         1e:da:78:9d:15:10:62:4d:59:ac:46:86:9d:3f:ea:db:62:a1:
         1f:76:52:9a:2e:63:98:d1:0c:a4:0c:1b:03:cd:e2:d5:ef:70:
         35:44:a3:1a:9e:81:bb:10:e3:84:37:12:f7:e7:9d:30:28:56:
         1e:62:72:94:05:d3:f2:7a:a7:8b:aa:5f:46:91:94:be:22:20:
         aa:b0:df:b6:ad:ac:9e:29:7e:1f:aa:f2:71:35:93:3d:e2:8d:
         fc:bf:f0:f9:12:20:34:cd:a2:7d:64:b0:e7:f8:9b:47:7e:a9:
         1d:94:79:ff:f3:7d:00:c9:a0:c6:6b:5b:2b:1d:46:6b:88:d6:
         b7:c8:86:05:56:36:03:72:d5:27:0b:ba:83:35:af:c1:14:b7:
         15:86:3d:a0:5c:6e:84:ec:db:d0:5c:3a:be:a9:3e:7a:29:86:
         8a:d3:2c:1e:0a:a4:bd:2b:f8:84:c5:22:af:00:8e:89:56:b0:
         f6:21:98:b0:e9:2d:a7:bf:fb:8d:41:c5:9a:44:07:09:9d:81:
         62:ab:4a:39:d3:4f:65:6e:13:14:69:4d:9f:64:81:30:51:41:
         9d:07:a6:f3:ab:7c:a7:4f:05:e1:35:4a:a4:55:5d:3d:53:c3:
         35:44:f1:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoQGKogFa6Kr2Yfw063CHgAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjOWM0MDNhZDAwN2UyYTI0MmE2YjA5MDYxYTNjMWEzNjBh
NjRkNWEwHhcNMjUxMDIzMDgwNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmRhZjdmYmI3NGEyODE1ZTQ0ZGEwOWNhMzYwMzFhYTg4ZDZkNTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Bu5003iTCRMimI4cQVu1bckfqao
UXb3eX3QOf6pgytZjtfVuErWbQZJO/9qblCdzUIo/Unb1u+Yl9ta+6/Oj8RinBxu
ZHxsYPhY+gBLfMK/xrIZLbnHkuAzV1uA9zO06kPfjfMFfGlQr3PWJ4m6gB0aFArp
4LlrdCNOVKauAf+eErTCz9eYFiWbVXLnppCR/s5J8cW3lsDHZiQ/wMumQzeNCFTr
TWohr9QZ8YHgnyKmsvVskNk318B5HcT1XbcB6dRezHtEuYlRY6o+Y6kmrJ8MnR6U
hGlQQwvPlVju4vfswJfc0ejQ28TnndjNNjgmSl5Dh+R82aVkWlWZHb1mpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLLa9/u3SigV5E2gnKNgMaqI1tWEMB8GA1UdIwQY
MBaAFLycQDrQB+KiQqawkGGjwaNgpk1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkp4QU90QUg0cUpDcHJDUVlhUEJvMkNtVFZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS80YWU0YzctZjI4Ni00YzZlLTk1MTQt
ODhlNjgxNjI3MWY3LzEvc3RyMy03ZEtLQlhrVGFDY28yQXhxb2pXMVlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS80YWU0YzctZjI4Ni00YzZlLTk1MTQtODhlNjgxNjI3MWY3
LzEvdkp4QU90QUg0cUpDcHJDUVlhUEJvMkNtVFZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXC8MA0G
CSqGSIb3DQEBCwUAA4IBAQCMpu+ZOXeeaDisNcnFNlSUNUce2nidFRBiTVmsRoad
P+rbYqEfdlKaLmOY0QykDBsDzeLV73A1RKManoG7EOOENxL3550wKFYeYnKUBdPy
eqeLql9GkZS+IiCqsN+2rayeKX4fqvJxNZM94o38v/D5EiA0zaJ9ZLDn+JtHfqkd
lHn/830AyaDGa1srHUZriNa3yIYFVjYDctUnC7qDNa/BFLcVhj2gXG6E7NvQXDq+
qT56KYaK0yweCqS9K/iExSKvAI6JVrD2IZiw6S2nv/uNQcWaRAcJnYFiq0o5009l
bhMUaU2fZIEwUUGdB6bzq3ynTwXhNUqkVV09U8M1RPEA
-----END CERTIFICATE-----