Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/710934-304b-4f5f-950e-12e8276fdac4/1/AbeXxMAIYICgkaX-fBnbEp53bv8.roa
File:                     AbeXxMAIYICgkaX-fBnbEp53bv8.roa (raw, json)
Hash identifier:          ynNpYcgV4hdjp9DdvyUSRnDletdqtQe2jwWhjrvFcUo=
Subject key identifier:   01:B7:97:C4:C0:08:60:80:A0:91:A5:FE:7C:19:DB:12:9E:77:6E:FF
Certificate issuer:       /CN=987277fc47d848fa5634ce8031a174fc249fa673
Certificate serial:       019A101C5346EFDA7CDFF6FA6E20466BB441
Authority key identifier: 98:72:77:FC:47:D8:48:FA:56:34:CE:80:31:A1:74:FC:24:9F:A6:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mHJ3_EfYSPpWNM6AMaF0_CSfpnM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/710934-304b-4f5f-950e-12e8276fdac4/1/AbeXxMAIYICgkaX-fBnbEp53bv8.roa
Signing time:             Thu 23 Oct 2025 08:08:03 +0000
ROA not before:           Thu 23 Oct 2025 08:08:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        185.194.8.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/710934-304b-4f5f-950e-12e8276fdac4/1/mHJ3_EfYSPpWNM6AMaF0_CSfpnM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/710934-304b-4f5f-950e-12e8276fdac4/1/mHJ3_EfYSPpWNM6AMaF0_CSfpnM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mHJ3_EfYSPpWNM6AMaF0_CSfpnM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Oct 2025 15:57:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:10:1c:53:46:ef:da:7c:df:f6:fa:6e:20:46:6b:b4:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=987277fc47d848fa5634ce8031a174fc249fa673
        Validity
            Not Before: Oct 23 08:08:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=01b797c4c0086080a091a5fe7c19db129e776eff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:cb:f0:13:37:60:95:76:b9:64:c4:d3:e1:ec:
                    4f:da:ac:ff:f5:fa:e8:55:ac:04:b0:66:cd:97:13:
                    7e:aa:8e:a1:c2:0b:63:44:9a:b8:fc:a8:17:21:24:
                    56:ce:ea:48:89:ce:cd:c7:36:a5:c8:df:59:d3:71:
                    20:98:0e:45:dd:6d:a2:e7:ce:11:29:8c:e5:3f:19:
                    bb:a8:1f:2b:0f:67:cf:38:e9:0e:18:78:a5:b1:9f:
                    fa:20:64:98:a9:ba:4a:28:ce:30:61:14:59:73:c9:
                    6e:c1:68:bf:a3:72:11:87:6d:dc:c2:45:4f:b5:71:
                    b8:9c:92:56:6e:2d:79:73:82:88:af:60:34:36:3a:
                    aa:0d:21:f9:c4:8a:45:fb:d5:5a:1b:08:b3:65:4a:
                    94:4a:11:20:05:a8:50:05:5e:5a:b2:b3:b8:b0:80:
                    24:95:e3:ea:86:dc:bf:f3:9f:27:24:c0:e9:50:1a:
                    cd:4a:fd:f1:8a:60:5a:df:f7:d9:d8:07:dd:26:8e:
                    26:93:5c:18:06:cd:3e:38:c7:56:8b:11:65:b8:c0:
                    fa:50:b9:f0:3d:75:e3:5e:da:de:79:ff:19:ab:65:
                    ea:24:37:28:37:e6:7b:48:40:9e:9e:e7:df:e0:6d:
                    4b:3a:d3:b8:88:6c:d6:4d:fa:19:ca:9f:2b:e4:da:
                    a8:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:B7:97:C4:C0:08:60:80:A0:91:A5:FE:7C:19:DB:12:9E:77:6E:FF
            X509v3 Authority Key Identifier:
                keyid:98:72:77:FC:47:D8:48:FA:56:34:CE:80:31:A1:74:FC:24:9F:A6:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mHJ3_EfYSPpWNM6AMaF0_CSfpnM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/710934-304b-4f5f-950e-12e8276fdac4/1/AbeXxMAIYICgkaX-fBnbEp53bv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/710934-304b-4f5f-950e-12e8276fdac4/1/mHJ3_EfYSPpWNM6AMaF0_CSfpnM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:ef:91:b6:b6:c3:a7:4e:9c:6c:f8:7e:8a:0c:30:2c:93:6f:
         31:d7:6e:ce:f9:d0:2e:01:c4:ad:e0:e7:b2:42:55:a0:04:a0:
         30:30:66:cf:9b:79:a7:6a:a6:a3:78:cd:a7:6a:27:3d:55:1d:
         b9:20:fe:ef:c8:44:91:15:57:11:c8:89:d5:79:8c:2d:74:38:
         77:79:e7:bb:c2:55:6c:42:87:f3:f1:a8:36:28:d9:1b:ef:45:
         cf:7d:08:e1:ec:6a:c0:84:81:9d:2f:4c:ee:27:d1:f4:85:a9:
         2a:98:d4:90:9e:15:3d:cc:2e:f7:87:74:19:d0:86:dd:70:0f:
         b7:5d:a3:32:87:b0:95:89:a3:c7:9a:4a:eb:85:44:32:77:60:
         e5:d9:33:69:17:61:d0:0f:46:bc:43:0c:3a:4a:6c:85:fd:27:
         bf:3a:fc:cd:ad:b8:44:ba:cb:66:d6:fe:c4:3c:0d:ef:7f:85:
         78:3a:96:27:82:3f:0d:55:5d:05:7a:85:eb:88:55:ba:3e:15:
         c5:d9:f7:ee:4f:bb:ec:2b:8b:24:68:0a:5f:00:5a:36:71:22:
         f7:d2:fe:e5:76:c2:90:dc:7b:0e:8d:ca:74:72:e4:cd:5e:0d:
         4b:0f:e3:56:b4:ec:6f:98:2c:e5:11:d9:aa:e3:e8:9b:b4:47:
         9c:2f:96:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoQHFNG79p83/b6biBGa7RBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NzI3N2ZjNDdkODQ4ZmE1NjM0Y2U4MDMxYTE3NGZjMjQ5
ZmE2NzMwHhcNMjUxMDIzMDgwODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWI3OTdjNGMwMDg2MDgwYTA5MWE1ZmU3YzE5ZGIxMjllNzc2ZWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8vwEzdglXa5ZMTT4exP2qz/9fro
VawEsGbNlxN+qo6hwgtjRJq4/KgXISRWzupIic7NxzalyN9Z03EgmA5F3W2i584R
KYzlPxm7qB8rD2fPOOkOGHilsZ/6IGSYqbpKKM4wYRRZc8luwWi/o3IRh23cwkVP
tXG4nJJWbi15c4KIr2A0NjqqDSH5xIpF+9VaGwizZUqUShEgBahQBV5asrO4sIAk
lePqhty/858nJMDpUBrNSv3ximBa3/fZ2AfdJo4mk1wYBs0+OMdWixFluMD6ULnw
PXXjXtreef8Zq2XqJDcoN+Z7SECenuff4G1LOtO4iGzWTfoZyp8r5NqoIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAG3l8TACGCAoJGl/nwZ2xKed27/MB8GA1UdIwQY
MBaAFJhyd/xH2Ej6VjTOgDGhdPwkn6ZzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUhKM19FZllTUHBXTk02QU1hRjBfQ1NmcG5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi83MTA5MzQtMzA0Yi00ZjVmLTk1MGUt
MTJlODI3NmZkYWM0LzEvQWJlWHhNQUlZSUNna2FYLWZCbmJFcDUzYnY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi83MTA5MzQtMzA0Yi00ZjVmLTk1MGUtMTJlODI3NmZkYWM0
LzEvbUhKM19FZllTUHBXTk02QU1hRjBfQ1NmcG5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucIIMA0G
CSqGSIb3DQEBCwUAA4IBAQCG75G2tsOnTpxs+H6KDDAsk28x127O+dAuAcSt4Oey
QlWgBKAwMGbPm3mnaqajeM2naic9VR25IP7vyESRFVcRyInVeYwtdDh3eee7wlVs
Qofz8ag2KNkb70XPfQjh7GrAhIGdL0zuJ9H0hakqmNSQnhU9zC73h3QZ0IbdcA+3
XaMyh7CViaPHmkrrhUQyd2Dl2TNpF2HQD0a8Qww6SmyF/Se/OvzNrbhEustm1v7E
PA3vf4V4OpYngj8NVV0FeoXriFW6PhXF2ffuT7vsK4skaApfAFo2cSL30v7ldsKQ
3HsOjcp0cuTNXg1LD+NWtOxvmCzlEdmq4+ibtEecL5Yl
-----END CERTIFICATE-----