Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/4445d7-ad2d-4445-8dde-2ebd6457ef1e/1/EfBLqsVRmS2V_zTPOhomf1PD6s8.roa
File:                     EfBLqsVRmS2V_zTPOhomf1PD6s8.roa (raw, json)
Hash identifier:          animJghjOYq1IX/7qhA2FDGSZ8rTFFcjT97KQ/IiWvY=
Subject key identifier:   11:F0:4B:AA:C5:51:99:2D:95:FF:34:CF:3A:1A:26:7F:53:C3:EA:CF
Certificate issuer:       /CN=4fc9ae4c50fa0b0382adda5f3c7df418f7925864
Certificate serial:       01992FA934A9DD69A0336B3B2887FB8A72F2
Authority key identifier: 4F:C9:AE:4C:50:FA:0B:03:82:AD:DA:5F:3C:7D:F4:18:F7:92:58:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8muTFD6CwOCrdpfPH30GPeSWGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/4445d7-ad2d-4445-8dde-2ebd6457ef1e/1/EfBLqsVRmS2V_zTPOhomf1PD6s8.roa
Signing time:             Tue 09 Sep 2025 18:07:22 +0000
ROA not before:           Tue 09 Sep 2025 18:07:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        185.178.196.0/22 maxlen: 22
                          2a0a:6c80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/4445d7-ad2d-4445-8dde-2ebd6457ef1e/1/T8muTFD6CwOCrdpfPH30GPeSWGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/4445d7-ad2d-4445-8dde-2ebd6457ef1e/1/T8muTFD6CwOCrdpfPH30GPeSWGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8muTFD6CwOCrdpfPH30GPeSWGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2f:a9:34:a9:dd:69:a0:33:6b:3b:28:87:fb:8a:72:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc9ae4c50fa0b0382adda5f3c7df418f7925864
        Validity
            Not Before: Sep  9 18:07:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11f04baac551992d95ff34cf3a1a267f53c3eacf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:7f:6e:8f:98:23:1a:ce:d8:5a:d2:02:7d:0c:
                    01:b4:2f:81:e0:f3:32:40:18:54:0b:55:fb:9c:0d:
                    ea:8f:92:51:03:4e:b5:4e:f0:c4:84:7c:ed:5a:94:
                    ac:af:37:9d:85:f4:d1:59:5f:a4:5e:58:a5:53:a6:
                    84:ed:79:8e:fd:6f:30:88:36:36:82:fa:21:2b:0c:
                    96:eb:46:83:1b:df:44:e4:27:f9:3a:8b:5b:53:56:
                    de:3d:cc:9e:c8:af:dc:9f:94:36:59:58:84:6e:91:
                    70:d2:78:88:0c:3a:77:be:d6:c4:a5:54:2d:27:31:
                    52:9b:7d:71:29:31:94:fa:f5:4a:29:b4:39:6d:61:
                    4a:01:d2:08:ab:c2:97:74:20:63:15:1b:47:b4:87:
                    07:33:7e:a9:dc:db:32:f0:d6:3a:c3:a2:5b:b6:f4:
                    09:6d:09:9e:bc:25:dd:d9:d4:a5:67:0e:11:52:5c:
                    a2:37:2c:7c:03:22:59:4f:9c:73:a6:63:7f:9a:74:
                    e0:2a:0a:6a:50:73:d7:9a:6d:f7:6c:6f:a2:9d:22:
                    47:7b:97:e1:bb:d9:ac:bd:9e:82:78:df:63:51:14:
                    67:22:37:ba:e8:6a:27:5f:06:78:91:a4:ce:3b:43:
                    7e:5a:45:c0:da:6b:32:1c:65:76:55:8d:f6:1a:db:
                    66:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:F0:4B:AA:C5:51:99:2D:95:FF:34:CF:3A:1A:26:7F:53:C3:EA:CF
            X509v3 Authority Key Identifier:
                keyid:4F:C9:AE:4C:50:FA:0B:03:82:AD:DA:5F:3C:7D:F4:18:F7:92:58:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8muTFD6CwOCrdpfPH30GPeSWGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/4445d7-ad2d-4445-8dde-2ebd6457ef1e/1/EfBLqsVRmS2V_zTPOhomf1PD6s8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/4445d7-ad2d-4445-8dde-2ebd6457ef1e/1/T8muTFD6CwOCrdpfPH30GPeSWGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.196.0/22
                IPv6:
                  2a0a:6c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         6f:20:ae:7c:0b:65:40:ba:23:c3:f3:91:52:12:e7:0a:5c:e6:
         0b:83:38:a3:02:c4:89:53:0b:f8:c5:46:c1:2e:27:72:d2:f6:
         aa:11:33:3c:35:f3:ae:90:3e:b4:cf:92:72:1c:32:f1:a8:2c:
         69:d5:8e:6f:97:db:f1:d6:a0:9b:d5:2e:1f:3d:e2:28:b3:35:
         cc:a0:6b:cd:85:d1:52:45:ff:6f:85:fd:c4:dd:40:78:39:7e:
         d1:c8:2a:a2:4e:67:40:80:3d:55:09:2e:c3:5d:8b:ba:e1:9e:
         d3:ea:7d:5a:86:c1:a9:f6:f1:d7:d7:bf:0b:60:0f:da:62:73:
         60:c7:ec:d6:00:d8:36:c8:f9:55:9b:a0:44:57:cd:35:fe:74:
         03:5f:90:74:85:8a:32:4d:e8:ae:61:81:19:de:fb:ec:24:03:
         59:7b:4f:32:15:47:b1:00:2c:b8:38:72:44:fb:ee:a6:c1:c7:
         61:4f:94:ad:ac:29:94:ef:10:37:5a:53:5f:3d:2e:80:b3:41:
         d5:be:ea:3f:f0:76:be:9d:a6:38:bd:51:33:24:6c:a2:a6:6e:
         77:66:4a:a9:7a:7d:f4:8a:e6:43:66:e2:de:a4:ce:ba:20:e2:
         07:4e:1a:f0:b0:a9:11:b1:d5:b6:48:61:3e:bf:cc:c4:33:df:
         b9:fe:c6:23
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZkvqTSp3WmgM2s7KIf7inLyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYzlhZTRjNTBmYTBiMDM4MmFkZGE1ZjNjN2RmNDE4Zjc5
MjU4NjQwHhcNMjUwOTA5MTgwNzIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWYwNGJhYWM1NTE5OTJkOTVmZjM0Y2YzYTFhMjY3ZjUzYzNlYWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl39uj5gjGs7YWtICfQwBtC+B4PMy
QBhUC1X7nA3qj5JRA061TvDEhHztWpSsrzedhfTRWV+kXlilU6aE7XmO/W8wiDY2
gvohKwyW60aDG99E5Cf5OotbU1bePcyeyK/cn5Q2WViEbpFw0niIDDp3vtbEpVQt
JzFSm31xKTGU+vVKKbQ5bWFKAdIIq8KXdCBjFRtHtIcHM36p3Nsy8NY6w6JbtvQJ
bQmevCXd2dSlZw4RUlyiNyx8AyJZT5xzpmN/mnTgKgpqUHPXmm33bG+inSJHe5fh
u9msvZ6CeN9jURRnIje66GonXwZ4kaTOO0N+WkXA2msyHGV2VY32GttmmQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBHwS6rFUZktlf80zzoaJn9Tw+rPMB8GA1UdIwQY
MBaAFE/JrkxQ+gsDgq3aXzx99Bj3klhkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDhtdVRGRDZDd09DcmRwZlBIMzBHUGVTV0dRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy80NDQ1ZDctYWQyZC00NDQ1LThkZGUt
MmViZDY0NTdlZjFlLzEvRWZCTHFzVlJtUzJWX3pUUE9ob21mMVBENnM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy80NDQ1ZDctYWQyZC00NDQ1LThkZGUtMmViZDY0NTdlZjFl
LzEvVDhtdVRGRDZDd09DcmRwZlBIMzBHUGVTV0dRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubLEMA0E
AgACMAcDBQMqCmyAMA0GCSqGSIb3DQEBCwUAA4IBAQBvIK58C2VAuiPD85FSEucK
XOYLgzijAsSJUwv4xUbBLidy0vaqETM8NfOukD60z5JyHDLxqCxp1Y5vl9vx1qCb
1S4fPeIoszXMoGvNhdFSRf9vhf3E3UB4OX7RyCqiTmdAgD1VCS7DXYu64Z7T6n1a
hsGp9vHX178LYA/aYnNgx+zWANg2yPlVm6BEV801/nQDX5B0hYoyTeiuYYEZ3vvs
JANZe08yFUexACy4OHJE++6mwcdhT5StrCmU7xA3WlNfPS6As0HVvuo/8Ha+naY4
vVEzJGyipm53Zkqpen30iuZDZuLepM66IOIHThrwsKkRsdW2SGE+v8zEM9+5/sYj
-----END CERTIFICATE-----