Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/4Big0S_3eVdxzCi9Q5-ZazqY78k.roa
File:                     4Big0S_3eVdxzCi9Q5-ZazqY78k.roa (raw, json)
Hash identifier:          MZj2ZauIX6SjNg/AhkH3xRZrKv7KoBeknyWj0YQB2/w=
Subject key identifier:   E0:18:A0:D1:2F:F7:79:57:71:CC:28:BD:43:9F:99:6B:3A:98:EF:C9
Certificate issuer:       /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial:       0197F43F274B6F2DEE87C6FD94CAA9E6D608
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/4Big0S_3eVdxzCi9Q5-ZazqY78k.roa
Signing time:             Thu 10 Jul 2025 12:11:08 +0000
ROA not before:           Thu 10 Jul 2025 12:11:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211288
IP address blocks:        185.234.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 14:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f4:3f:27:4b:6f:2d:ee:87:c6:fd:94:ca:a9:e6:d6:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
        Validity
            Not Before: Jul 10 12:11:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e018a0d12ff7795771cc28bd439f996b3a98efc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:97:3b:26:c8:0e:4e:c4:87:34:0b:a4:0e:55:
                    ae:d2:a2:e2:ae:7f:24:e2:5f:ff:3d:99:b6:8f:4d:
                    14:4a:a6:82:f0:85:17:2d:d2:44:d2:d8:9e:19:71:
                    1e:c6:66:67:0b:2d:30:05:18:94:64:4c:75:7a:4e:
                    ea:f2:3c:63:79:be:32:f2:80:10:7a:96:8c:58:27:
                    76:9f:3a:04:ce:58:0d:65:50:a3:0c:b1:fa:9e:be:
                    86:19:3e:6e:f2:05:f3:f2:37:b2:dd:fe:9a:db:33:
                    0f:76:99:75:19:7c:76:14:5f:17:ed:a2:d1:5b:30:
                    81:02:7e:b7:e5:04:d8:14:88:89:f6:4c:e6:06:49:
                    b1:00:55:ae:8c:e8:17:8b:b7:68:5c:c5:7c:a9:2e:
                    b8:aa:d7:8b:52:d7:15:93:52:ed:9c:d8:47:3f:c0:
                    d5:aa:82:ed:e7:c6:10:da:33:5e:ab:d8:f6:7c:d4:
                    9a:bc:a2:38:4b:8d:08:25:3f:cf:00:7c:47:0d:f9:
                    bb:f4:40:27:ca:9f:2b:a6:bb:63:c7:ac:72:e0:2e:
                    a2:ed:94:21:ca:98:6a:38:cf:b7:3e:b5:30:ef:d8:
                    42:d1:7c:d3:40:a3:a8:89:c3:80:d4:73:1a:ff:22:
                    b0:02:55:8f:05:15:56:c4:a8:a1:6d:b7:b8:55:02:
                    9b:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:18:A0:D1:2F:F7:79:57:71:CC:28:BD:43:9F:99:6B:3A:98:EF:C9
            X509v3 Authority Key Identifier:
                keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/4Big0S_3eVdxzCi9Q5-ZazqY78k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:0b:6a:6e:60:d0:12:12:c4:90:95:80:d0:66:30:30:05:59:
         37:d6:02:d0:f2:f5:ed:d5:76:1e:8d:6c:2e:35:23:c3:08:7a:
         12:d9:3c:a2:52:ba:e0:e0:2c:a8:e7:eb:d0:13:c4:80:95:09:
         3d:0f:6f:da:a5:39:64:6d:a1:93:8e:ec:2b:5d:57:13:13:d6:
         da:f5:f6:5c:f3:27:56:e2:52:74:04:c3:80:99:69:59:58:05:
         02:81:73:6f:5a:67:be:23:ad:73:2a:2c:8d:e4:5c:ca:d9:ed:
         bc:c3:ad:a1:88:f4:ac:e5:40:a8:e2:1d:da:03:3e:96:76:fd:
         be:6f:14:03:54:f0:c9:ef:ca:7e:6d:48:8d:e2:ae:81:95:ce:
         27:6c:28:17:da:dc:b7:08:cb:a4:51:06:95:f9:7a:77:2c:d6:
         5d:b4:75:dd:46:c3:7d:a8:35:26:63:88:90:fb:77:dd:21:aa:
         c5:79:dc:e6:46:66:79:f4:ad:3c:15:08:46:4c:eb:f8:d7:28:
         03:6f:c1:a6:48:27:1d:79:27:06:8f:0a:ad:59:ed:75:c6:54:
         5c:63:73:00:03:f8:49:0d:c9:f1:99:cc:6d:92:a0:f4:24:91:
         ba:c7:41:ce:fe:4e:35:df:ae:f2:fd:b4:6b:67:c4:2c:d0:32:
         02:73:79:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf0PydLby3uh8b9lMqp5tYIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjUwNzEwMTIxMTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDE4YTBkMTJmZjc3OTU3NzFjYzI4YmQ0MzlmOTk2YjNhOThlZmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5c7JsgOTsSHNAukDlWu0qLirn8k
4l//PZm2j00USqaC8IUXLdJE0tieGXEexmZnCy0wBRiUZEx1ek7q8jxjeb4y8oAQ
epaMWCd2nzoEzlgNZVCjDLH6nr6GGT5u8gXz8jey3f6a2zMPdpl1GXx2FF8X7aLR
WzCBAn635QTYFIiJ9kzmBkmxAFWujOgXi7doXMV8qS64qteLUtcVk1LtnNhHP8DV
qoLt58YQ2jNeq9j2fNSavKI4S40IJT/PAHxHDfm79EAnyp8rprtjx6xy4C6i7ZQh
yphqOM+3PrUw79hC0XzTQKOoicOA1HMa/yKwAlWPBRVWxKihbbe4VQKbqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOAYoNEv93lXccwovUOfmWs6mO/JMB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEvNEJpZzBTXzNlVmR4ekNpOVE1LVphenFZNzhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuer+MA0G
CSqGSIb3DQEBCwUAA4IBAQCMC2puYNASEsSQlYDQZjAwBVk31gLQ8vXt1XYejWwu
NSPDCHoS2TyiUrrg4Cyo5+vQE8SAlQk9D2/apTlkbaGTjuwrXVcTE9ba9fZc8ydW
4lJ0BMOAmWlZWAUCgXNvWme+I61zKiyN5FzK2e28w62hiPSs5UCo4h3aAz6Wdv2+
bxQDVPDJ78p+bUiN4q6Blc4nbCgX2ty3CMukUQaV+Xp3LNZdtHXdRsN9qDUmY4iQ
+3fdIarFedzmRmZ59K08FQhGTOv41ygDb8GmSCcdeScGjwqtWe11xlRcY3MAA/hJ
DcnxmcxtkqD0JJG6x0HO/k41367y/bRrZ8Qs0DICc3lx
-----END CERTIFICATE-----