Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/0gt7gWPlYkAD6I5VWwVpm8zuqSA.roa
File:                     0gt7gWPlYkAD6I5VWwVpm8zuqSA.roa (raw, json)
Hash identifier:          XT6jqLweMWpOMLqnkTMv3g0pW+EQ6zOtIlDvlGDwd8Y=
Subject key identifier:   D2:0B:7B:81:63:E5:62:40:03:E8:8E:55:5B:05:69:9B:CC:EE:A9:20
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019A4DCE1754802BFE9C06BD9A53D1FD0220
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/0gt7gWPlYkAD6I5VWwVpm8zuqSA.roa
Signing time:             Tue 04 Nov 2025 07:39:03 +0000
ROA not before:           Tue 04 Nov 2025 07:39:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        185.209.74.0/24 maxlen: 24
                          185.223.82.0/24 maxlen: 24
                          185.227.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 07 Nov 2025 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4d:ce:17:54:80:2b:fe:9c:06:bd:9a:53:d1:fd:02:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov  4 07:39:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d20b7b8163e5624003e88e555b05699bcceea920
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b8:68:bb:f8:cb:df:a7:3f:98:d9:4b:53:6a:
                    b8:b3:73:1a:3e:2d:e0:45:73:f9:bc:48:0b:3e:75:
                    72:ab:5e:58:d5:ab:df:d3:fe:88:d2:00:26:72:23:
                    e5:ed:3c:b6:ea:5f:66:fb:45:11:a6:99:1d:0d:aa:
                    49:8b:62:c2:eb:08:99:b2:17:aa:67:8c:e2:f3:9f:
                    2e:2d:88:dd:89:b7:ef:0c:83:65:02:11:13:cc:44:
                    95:d2:1d:0d:1f:d6:d5:e7:ad:fa:90:29:dc:87:94:
                    56:6e:31:19:11:fa:b6:31:4e:1e:15:f9:9a:94:95:
                    4a:88:90:0c:80:64:e6:b5:01:e5:36:67:30:19:42:
                    25:fb:20:8b:56:f5:95:c1:60:3d:22:82:83:e9:ce:
                    73:9f:88:43:20:2f:e3:2e:d4:75:bb:07:ca:a2:aa:
                    c9:0b:1a:f6:91:ac:7c:4d:3d:b9:91:5c:80:7a:94:
                    63:3b:26:f7:77:37:46:fa:8a:34:70:b8:8f:60:1e:
                    a8:e2:67:d9:23:88:b0:84:7f:de:e3:05:45:04:2c:
                    dd:85:dd:0e:45:64:1b:a4:6a:37:71:eb:cb:62:96:
                    91:b2:29:d3:64:80:4d:6f:5c:04:81:ab:c0:31:ea:
                    7a:ca:3a:24:f3:52:3f:cc:05:0b:d9:d0:b4:e3:65:
                    59:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:0B:7B:81:63:E5:62:40:03:E8:8E:55:5B:05:69:9B:CC:EE:A9:20
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/0gt7gWPlYkAD6I5VWwVpm8zuqSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.74.0/24
                  185.223.82.0/24
                  185.227.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:c9:70:24:0d:32:25:d5:20:d2:5f:9d:68:2b:e2:56:65:1c:
         3e:66:73:d1:07:b4:2d:53:4c:b5:6d:4f:37:33:4f:ce:a0:4a:
         ec:03:7d:14:27:18:cf:de:cc:0a:48:c2:a0:55:98:74:cd:12:
         9e:46:79:1e:d3:e5:43:79:ad:4d:f1:c5:18:8d:d3:b9:fb:bd:
         64:a8:ac:74:ce:ab:9c:0a:36:43:f0:4a:39:46:a5:fe:6a:d3:
         ec:74:03:3d:29:d8:70:90:2e:5a:23:50:0c:cc:d3:94:2c:a5:
         9e:04:b1:36:51:ce:7f:e6:24:2c:46:de:80:da:90:68:96:e9:
         5f:1c:b9:55:5b:ec:9a:7d:40:c9:da:18:a0:14:e7:5e:56:39:
         e9:5f:ab:b8:8a:f3:98:28:0c:9b:15:cf:e1:88:cf:db:b1:69:
         dd:3c:5c:c5:e9:86:34:0a:f7:b4:fc:ef:79:00:36:c0:ce:0d:
         63:ff:a4:25:e4:2d:dc:a8:7c:58:ff:ac:01:3a:f9:9b:80:22:
         37:3a:98:f2:bb:d6:c1:e1:0a:5c:33:c0:94:58:13:97:b1:3f:
         a0:7e:8a:02:a8:9f:d1:a3:c9:4d:26:a8:03:52:9e:46:4f:60:
         5c:ef:bb:4e:66:4f:74:70:c6:13:24:ed:d9:ad:8d:d0:52:87:
         9c:fc:6c:ee
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZpNzhdUgCv+nAa9mlPR/QIgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUxMTA0MDczOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjBiN2I4MTYzZTU2MjQwMDNlODhlNTU1YjA1Njk5YmNjZWVhOTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bhou/jL36c/mNlLU2q4s3MaPi3g
RXP5vEgLPnVyq15Y1avf0/6I0gAmciPl7Ty26l9m+0URppkdDapJi2LC6wiZsheq
Z4zi858uLYjdibfvDINlAhETzESV0h0NH9bV5636kCnch5RWbjEZEfq2MU4eFfma
lJVKiJAMgGTmtQHlNmcwGUIl+yCLVvWVwWA9IoKD6c5zn4hDIC/jLtR1uwfKoqrJ
Cxr2kax8TT25kVyAepRjOyb3dzdG+oo0cLiPYB6o4mfZI4iwhH/e4wVFBCzdhd0O
RWQbpGo3cevLYpaRsinTZIBNb1wEgavAMep6yjok81I/zAUL2dC042VZywIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNILe4Fj5WJAA+iOVVsFaZvM7qkgMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvMGd0N2dXUGxZa0FENkk1Vld3VnBtOHp1cVNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAudFKAwQA
ud9SAwQAueOQMA0GCSqGSIb3DQEBCwUAA4IBAQA5yXAkDTIl1SDSX51oK+JWZRw+
ZnPRB7QtU0y1bU83M0/OoErsA30UJxjP3swKSMKgVZh0zRKeRnke0+VDea1N8cUY
jdO5+71kqKx0zqucCjZD8Eo5RqX+atPsdAM9KdhwkC5aI1AMzNOULKWeBLE2Uc5/
5iQsRt6A2pBolulfHLlVW+yafUDJ2higFOdeVjnpX6u4ivOYKAybFc/hiM/bsWnd
PFzF6YY0Cve0/O95ADbAzg1j/6Ql5C3cqHxY/6wBOvmbgCI3Opjyu9bB4QpcM8CU
WBOXsT+gfooCqJ/Ro8lNJqgDUp5GT2Bc77tOZk90cMYTJO3ZrY3QUoec/Gzu
-----END CERTIFICATE-----