Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/216973-516f-4501-9164-7f435bf5501c/1/4hjeIW8185ZaECNggenf_uHhDOA.roa
File:                     4hjeIW8185ZaECNggenf_uHhDOA.roa (raw, json)
Hash identifier:          UoLjdkox8BXch3olGfF5NhOzyEQg7VA83kohLHFMIMk=
Subject key identifier:   E2:18:DE:21:6F:35:F3:96:5A:10:23:60:81:E9:DF:FE:E1:E1:0C:E0
Certificate issuer:       /CN=ca290db2f72905f0db626b005bacf08878d17bac
Certificate serial:       0199512E570ADCF4D74A3FF2DE4763F60EE9
Authority key identifier: CA:29:0D:B2:F7:29:05:F0:DB:62:6B:00:5B:AC:F0:88:78:D1:7B:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yikNsvcpBfDbYmsAW6zwiHjRe6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/216973-516f-4501-9164-7f435bf5501c/1/4hjeIW8185ZaECNggenf_uHhDOA.roa
Signing time:             Tue 16 Sep 2025 06:20:15 +0000
ROA not before:           Tue 16 Sep 2025 06:20:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     146943
IP address blocks:        185.131.53.0/24 maxlen: 24
                          185.131.54.0/24 maxlen: 24
                          185.131.55.0/24 maxlen: 24
                          188.241.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/216973-516f-4501-9164-7f435bf5501c/1/yikNsvcpBfDbYmsAW6zwiHjRe6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/216973-516f-4501-9164-7f435bf5501c/1/yikNsvcpBfDbYmsAW6zwiHjRe6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yikNsvcpBfDbYmsAW6zwiHjRe6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:51:2e:57:0a:dc:f4:d7:4a:3f:f2:de:47:63:f6:0e:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca290db2f72905f0db626b005bacf08878d17bac
        Validity
            Not Before: Sep 16 06:20:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e218de216f35f3965a10236081e9dffee1e10ce0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:4c:e0:37:25:fa:55:d5:e8:14:84:ae:e5:6b:
                    9b:78:62:15:de:0c:e4:2d:dc:44:e0:89:30:75:8a:
                    3c:48:4e:8a:57:68:dd:f3:96:86:da:72:72:4e:6a:
                    25:a2:85:b8:a4:0b:d9:13:22:33:8c:58:7b:6d:04:
                    e4:69:ab:9e:ef:32:7c:f9:1a:c7:13:b4:43:29:24:
                    29:e9:9f:83:44:0d:25:32:e6:42:da:a2:17:6d:cc:
                    25:25:6c:b9:b8:7e:4b:dc:60:50:b2:9c:b4:cf:6f:
                    cb:b6:1b:20:16:7f:5f:a3:69:8a:3d:ed:92:b3:e9:
                    f5:92:4c:77:25:f9:80:3d:53:b8:4e:e1:eb:4c:4e:
                    90:50:6b:7e:53:b8:b3:5e:8a:d3:20:e8:6a:4f:64:
                    5e:4d:fa:12:77:cd:17:13:93:60:6f:9e:b9:99:20:
                    45:11:99:e8:8d:94:18:b3:1c:3d:bc:4f:62:7e:e9:
                    45:b6:60:9e:a9:d6:5b:8e:be:7f:bb:8f:a0:d2:1f:
                    f1:ec:18:a5:14:db:a5:9e:d5:2c:11:73:d6:c9:07:
                    9d:44:e0:bc:3c:4f:39:17:82:1a:a2:d4:44:f1:85:
                    d5:24:3d:d4:0e:66:7e:5b:bc:99:5a:3d:b1:13:0e:
                    ea:81:c4:ab:5b:f8:c2:ef:38:dc:4c:ee:3d:f0:75:
                    96:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:18:DE:21:6F:35:F3:96:5A:10:23:60:81:E9:DF:FE:E1:E1:0C:E0
            X509v3 Authority Key Identifier:
                keyid:CA:29:0D:B2:F7:29:05:F0:DB:62:6B:00:5B:AC:F0:88:78:D1:7B:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yikNsvcpBfDbYmsAW6zwiHjRe6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/216973-516f-4501-9164-7f435bf5501c/1/4hjeIW8185ZaECNggenf_uHhDOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/216973-516f-4501-9164-7f435bf5501c/1/yikNsvcpBfDbYmsAW6zwiHjRe6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.53.0-185.131.55.255
                  188.241.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:9a:08:cf:2f:af:26:29:1e:fd:08:a2:9d:2d:ad:98:2b:27:
         dd:7e:02:72:6d:ae:0c:91:d5:54:8f:fd:2a:ec:f2:52:3f:9b:
         16:16:e5:8e:65:f0:70:73:79:1c:7b:8b:23:4a:80:60:4c:f3:
         df:0e:0a:3a:91:db:37:00:bc:c4:4a:c2:9d:60:82:4a:c8:5f:
         01:4d:4e:17:61:df:00:fa:36:02:e6:54:d3:30:23:8f:14:ab:
         c2:f5:6b:73:50:7e:46:6a:71:bf:a4:cd:fa:07:f3:c8:49:83:
         17:a4:19:30:82:88:1f:37:8f:4d:d3:6d:07:61:d2:a3:71:0b:
         7f:c4:de:b0:18:80:05:c5:93:52:e8:5d:c9:a0:42:a4:9c:cb:
         9d:2c:ee:17:1b:b4:98:83:86:57:1a:05:50:1b:af:e9:28:f4:
         1a:86:6d:a4:8e:c4:41:9f:77:06:e2:0c:67:38:88:b1:3a:12:
         24:1f:00:f1:ad:3c:ea:26:7f:3f:df:77:0d:c7:bc:00:48:48:
         52:a0:c5:02:d0:fb:62:e2:90:38:0b:f8:6f:ed:c4:10:45:33:
         82:d9:d1:f4:3b:a5:31:e4:b2:0e:3a:8a:21:d4:28:74:72:ff:
         c1:b2:e3:b2:b7:92:d9:12:6c:83:db:b9:44:7b:e2:bd:0a:b9:
         34:9a:05:67
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZlRLlcK3PTXSj/y3kdj9g7pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhMjkwZGIyZjcyOTA1ZjBkYjYyNmIwMDViYWNmMDg4Nzhk
MTdiYWMwHhcNMjUwOTE2MDYyMDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjE4ZGUyMTZmMzVmMzk2NWExMDIzNjA4MWU5ZGZmZWUxZTEwY2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkzgNyX6VdXoFISu5WubeGIV3gzk
LdxE4IkwdYo8SE6KV2jd85aG2nJyTmolooW4pAvZEyIzjFh7bQTkaaue7zJ8+RrH
E7RDKSQp6Z+DRA0lMuZC2qIXbcwlJWy5uH5L3GBQspy0z2/LthsgFn9fo2mKPe2S
s+n1kkx3JfmAPVO4TuHrTE6QUGt+U7izXorTIOhqT2ReTfoSd80XE5Ngb565mSBF
EZnojZQYsxw9vE9ifulFtmCeqdZbjr5/u4+g0h/x7BilFNulntUsEXPWyQedROC8
PE85F4IaotRE8YXVJD3UDmZ+W7yZWj2xEw7qgcSrW/jC7zjcTO498HWWFwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFOIY3iFvNfOWWhAjYIHp3/7h4QzgMB8GA1UdIwQY
MBaAFMopDbL3KQXw22JrAFus8Ih40XusMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWlrTnN2Y3BCZkRiWW1zQVc2endpSGpSZTZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8yMTY5NzMtNTE2Zi00NTAxLTkxNjQt
N2Y0MzViZjU1MDFjLzEvNGhqZUlXODE4NVphRUNOZ2dlbmZfdUhoRE9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8yMTY5NzMtNTE2Zi00NTAxLTkxNjQtN2Y0MzViZjU1MDFj
LzEveWlrTnN2Y3BCZkRiWW1zQVc2endpSGpSZTZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAC5gzUD
BAO5gzADBAC88bswDQYJKoZIhvcNAQELBQADggEBAE2aCM8vryYpHv0Iop0trZgr
J91+AnJtrgyR1VSP/Srs8lI/mxYW5Y5l8HBzeRx7iyNKgGBM898OCjqR2zcAvMRK
wp1ggkrIXwFNThdh3wD6NgLmVNMwI48Uq8L1a3NQfkZqcb+kzfoH88hJgxekGTCC
iB83j03TbQdh0qNxC3/E3rAYgAXFk1LoXcmgQqScy50s7hcbtJiDhlcaBVAbr+ko
9BqGbaSOxEGfdwbiDGc4iLE6EiQfAPGtPOomfz/fdw3HvABISFKgxQLQ+2LikDgL
+G/txBBFM4LZ0fQ7pTHksg46iiHUKHRy/8Gy47K3ktkSbIPbuUR74r0KuTSaBWc=
-----END CERTIFICATE-----