Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/EXtC5OInBl_E2WCyBixzNeVE7GE.roa
File:                     EXtC5OInBl_E2WCyBixzNeVE7GE.roa (raw, json)
Hash identifier:          s2STkLGaxaRn1+xZujlaqqCE8Z9sX/a2ML/7plPSgJQ=
Subject key identifier:   11:7B:42:E4:E2:27:06:5F:C4:D9:60:B2:06:2C:73:35:E5:44:EC:61
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019A05906FB6F7A60C5ED250BE8B2CF73751
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/EXtC5OInBl_E2WCyBixzNeVE7GE.roa
Signing time:             Tue 21 Oct 2025 06:59:03 +0000
ROA not before:           Tue 21 Oct 2025 06:59:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        185.209.74.0/24 maxlen: 24
                          185.227.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Oct 2025 19:59:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:05:90:6f:b6:f7:a6:0c:5e:d2:50:be:8b:2c:f7:37:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Oct 21 06:59:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=117b42e4e227065fc4d960b2062c7335e544ec61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:56:80:60:02:53:90:4e:fe:52:9f:b4:ec:35:
                    92:dc:eb:c6:5d:86:1e:58:ab:43:5f:af:c3:96:6d:
                    38:b0:cd:7e:6c:52:e4:18:e7:50:a3:7e:40:7e:83:
                    06:b0:68:d5:71:23:80:c5:db:45:61:7d:6b:6e:87:
                    71:5a:95:fc:08:cd:7d:2b:5d:ac:09:05:03:3e:05:
                    37:3f:a6:54:5e:95:c7:f2:40:76:b0:4e:9a:e3:83:
                    28:7f:dd:46:8a:f7:e6:42:17:c4:86:d8:f8:7e:b2:
                    1b:a5:89:76:c7:f8:18:db:a9:19:82:81:cd:07:b5:
                    aa:af:53:8c:da:6a:98:02:ca:2f:7f:41:a6:c7:9f:
                    98:ce:f5:82:34:f4:af:3a:20:cf:e3:b2:48:4c:7d:
                    14:1f:20:80:f6:0b:85:5c:9b:fa:34:42:69:f7:0f:
                    4d:52:b6:7d:92:e5:c5:a7:07:48:69:b8:c3:36:7f:
                    73:15:f6:23:fa:d6:d9:e2:fb:11:d2:86:28:f5:31:
                    a6:5c:e5:0c:e6:d5:d6:bf:ec:63:df:8c:18:a8:a5:
                    cb:71:b9:6d:ab:46:8e:47:e7:a0:36:be:72:6e:29:
                    83:51:82:13:02:9e:3b:c4:56:55:93:e7:79:4c:b8:
                    df:84:a8:ff:4b:27:05:c7:7b:ac:6e:00:f9:12:1d:
                    41:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:7B:42:E4:E2:27:06:5F:C4:D9:60:B2:06:2C:73:35:E5:44:EC:61
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/EXtC5OInBl_E2WCyBixzNeVE7GE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.74.0/24
                  185.227.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:0e:7a:a6:8b:b8:3f:f7:06:46:a4:97:f6:b9:49:19:7a:f4:
         d0:3f:7b:e5:58:57:93:9e:f0:f3:dc:20:8d:1e:60:fe:f0:de:
         7c:e3:53:26:45:6d:18:57:5e:8b:41:fb:d4:e0:d3:e2:0e:db:
         df:fa:58:dc:17:83:c3:c8:82:ea:08:77:60:5a:f3:83:8b:4a:
         8f:88:d4:32:57:1d:2c:64:10:af:18:c8:25:47:f9:88:75:78:
         3c:49:5c:0c:93:eb:b4:70:cf:fd:a1:2c:47:10:85:4c:1f:78:
         c9:14:84:19:de:3a:ae:0c:a3:f6:5b:ec:45:7a:3d:b3:d9:04:
         28:a3:80:eb:21:e7:6f:3c:43:06:fa:54:33:72:59:38:20:ad:
         aa:08:e9:6f:c9:e2:c3:6d:c2:3d:52:76:2c:8b:80:d7:71:2a:
         a0:d5:c9:08:e4:42:00:d1:8d:37:94:19:6a:b7:bd:db:8f:64:
         87:81:6e:76:3c:3a:9b:15:c1:a7:fe:56:02:c0:7a:02:22:92:
         91:52:94:1b:37:61:f8:11:b4:de:24:1f:40:34:b4:f6:ec:28:
         8f:be:56:3a:c3:aa:a5:dd:7d:33:02:1c:e0:69:d5:4e:66:78:
         a7:94:8b:6e:5c:06:56:0c:86:69:aa:a5:17:c4:7c:0d:2a:7a:
         20:b0:58:8a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoFkG+296YMXtJQvoss9zdRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUxMDIxMDY1OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTdiNDJlNGUyMjcwNjVmYzRkOTYwYjIwNjJjNzMzNWU1NDRlYzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhlaAYAJTkE7+Up+07DWS3OvGXYYe
WKtDX6/Dlm04sM1+bFLkGOdQo35AfoMGsGjVcSOAxdtFYX1rbodxWpX8CM19K12s
CQUDPgU3P6ZUXpXH8kB2sE6a44Mof91GivfmQhfEhtj4frIbpYl2x/gY26kZgoHN
B7Wqr1OM2mqYAsovf0Gmx5+YzvWCNPSvOiDP47JITH0UHyCA9guFXJv6NEJp9w9N
UrZ9kuXFpwdIabjDNn9zFfYj+tbZ4vsR0oYo9TGmXOUM5tXWv+xj34wYqKXLcblt
q0aOR+egNr5ybimDUYITAp47xFZVk+d5TLjfhKj/SycFx3usbgD5Eh1BHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBF7QuTiJwZfxNlgsgYsczXlROxhMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvRVh0QzVPSW5CbF9FMldDeUJpeHpOZVZFN0dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAudFKAwQA
ueOQMA0GCSqGSIb3DQEBCwUAA4IBAQAKDnqmi7g/9wZGpJf2uUkZevTQP3vlWFeT
nvDz3CCNHmD+8N5841MmRW0YV16LQfvU4NPiDtvf+ljcF4PDyILqCHdgWvODi0qP
iNQyVx0sZBCvGMglR/mIdXg8SVwMk+u0cM/9oSxHEIVMH3jJFIQZ3jquDKP2W+xF
ej2z2QQoo4DrIedvPEMG+lQzclk4IK2qCOlvyeLDbcI9UnYsi4DXcSqg1ckI5EIA
0Y03lBlqt73bj2SHgW52PDqbFcGn/lYCwHoCIpKRUpQbN2H4EbTeJB9ANLT27CiP
vlY6w6ql3X0zAhzgadVOZninlItuXAZWDIZpqqUXxHwNKnogsFiK
-----END CERTIFICATE-----