Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/OryNoX3UGMIcnoUd_MsLiDY7bng.roa
File:                     OryNoX3UGMIcnoUd_MsLiDY7bng.roa (raw, json)
Hash identifier:          o+SjC06El+Rv9wA0fL1qtJp9DJ4Kq5lIbfs8S2VVaKI=
Subject key identifier:   3A:BC:8D:A1:7D:D4:18:C2:1C:9E:85:1D:FC:CB:0B:88:36:3B:6E:78
Certificate issuer:       /CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
Certificate serial:       0198B989FB46CD4E35C6CF644112A8EC4131
Authority key identifier: 4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/OryNoX3UGMIcnoUd_MsLiDY7bng.roa
Signing time:             Sun 17 Aug 2025 19:38:04 +0000
ROA not before:           Sun 17 Aug 2025 19:38:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400072
IP address blocks:        185.141.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 19:03:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b9:89:fb:46:cd:4e:35:c6:cf:64:41:12:a8:ec:41:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fb2bb7bad50f1921810a028e78edd65f81f6a7d
        Validity
            Not Before: Aug 17 19:38:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3abc8da17dd418c21c9e851dfccb0b88363b6e78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:af:8c:10:fe:3d:49:7d:38:fb:86:32:84:43:
                    20:45:5b:0d:33:64:3b:99:ca:b5:f9:f5:59:3a:a9:
                    ed:5a:1e:df:97:c8:5c:ae:e2:88:3c:d6:b4:74:c6:
                    cc:27:3f:03:33:c0:86:ec:97:1c:02:f8:8f:eb:6d:
                    eb:1c:ce:0f:41:df:7d:06:f7:13:27:bd:54:25:db:
                    31:a8:21:8b:a4:d5:b3:ee:02:cd:6c:7d:ca:6d:1a:
                    fc:3e:df:46:77:6e:60:cf:d3:85:a7:b7:dd:f3:62:
                    be:11:28:98:f9:7e:61:48:b9:64:39:dd:be:e7:76:
                    d6:68:61:04:bf:7f:2d:56:41:0b:fb:22:e9:b3:69:
                    94:c4:d0:4c:bb:63:af:95:81:e5:a0:8c:92:52:bb:
                    03:2a:ce:0a:6b:b3:cd:31:c8:e6:21:9b:4b:31:69:
                    91:11:72:d7:78:ad:0d:a0:48:5e:9b:f5:28:a1:25:
                    31:09:8f:71:8c:2a:83:cb:ee:d8:91:97:e5:62:39:
                    59:12:4a:63:cd:72:df:d4:5b:5e:e7:5f:d9:d5:3d:
                    c1:cc:c7:6e:ce:5c:a9:8a:de:8c:6e:48:28:3f:6f:
                    63:9c:86:9b:ed:bd:5f:93:d2:f1:0d:2e:07:44:64:
                    c5:c9:18:b8:dc:8d:66:03:32:5a:b0:47:f4:c9:b9:
                    1c:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:BC:8D:A1:7D:D4:18:C2:1C:9E:85:1D:FC:CB:0B:88:36:3B:6E:78
            X509v3 Authority Key Identifier:
                keyid:4F:B2:BB:7B:AD:50:F1:92:18:10:A0:28:E7:8E:DD:65:F8:1F:6A:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T7K7e61Q8ZIYEKAo547dZfgfan0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/OryNoX3UGMIcnoUd_MsLiDY7bng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/fda382-4257-41c3-8ec6-27fbc99ea3c6/1/T7K7e61Q8ZIYEKAo547dZfgfan0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:ec:1e:2a:7e:f2:22:95:85:93:a1:9d:51:cf:75:6d:2a:44:
         d4:da:53:2e:0b:91:65:1c:6f:83:fd:a3:39:c5:43:d6:75:51:
         8b:71:0d:dd:b1:62:e7:33:8d:0c:3e:67:04:57:38:23:c8:53:
         a7:41:a5:95:df:d8:06:6a:b3:54:d5:99:d8:3f:1e:2d:f1:34:
         ab:65:0c:57:e0:6f:05:ae:3f:ad:0e:e6:32:c2:c1:3d:5b:f9:
         de:92:c5:c7:37:27:01:4a:dc:06:23:06:a6:c3:10:37:87:58:
         97:87:d6:76:f4:5b:f9:4f:54:c5:e5:d8:74:b1:0f:53:d4:ae:
         83:37:07:b7:35:4f:47:a1:ec:34:90:58:c7:4c:4c:3b:25:df:
         ec:83:03:60:8c:f4:58:c8:3a:1f:f4:18:78:2a:69:df:46:c3:
         e1:fb:0e:3d:6f:b4:75:97:ba:03:5f:04:53:1a:c5:36:59:d9:
         66:36:be:77:62:02:b2:85:7c:de:89:cc:3f:5b:7b:87:c5:97:
         54:3b:2d:d9:8f:e8:93:85:73:8e:32:55:ec:55:95:3f:e9:4a:
         3c:8c:0b:59:bf:88:ec:0c:d0:36:96:c6:e5:2f:8b:b9:81:ee:
         a7:3b:4c:73:d1:37:b9:fe:b6:55:23:ec:44:d0:a1:be:5f:8d:
         0e:2f:55:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZi5iftGzU41xs9kQRKo7EExMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYjJiYjdiYWQ1MGYxOTIxODEwYTAyOGU3OGVkZDY1Zjgx
ZjZhN2QwHhcNMjUwODE3MTkzODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWJjOGRhMTdkZDQxOGMyMWM5ZTg1MWRmY2NiMGI4ODM2M2I2ZTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsq+MEP49SX04+4YyhEMgRVsNM2Q7
mcq1+fVZOqntWh7fl8hcruKIPNa0dMbMJz8DM8CG7JccAviP623rHM4PQd99BvcT
J71UJdsxqCGLpNWz7gLNbH3KbRr8Pt9Gd25gz9OFp7fd82K+ESiY+X5hSLlkOd2+
53bWaGEEv38tVkEL+yLps2mUxNBMu2OvlYHloIySUrsDKs4Ka7PNMcjmIZtLMWmR
EXLXeK0NoEhem/UooSUxCY9xjCqDy+7YkZflYjlZEkpjzXLf1Fte51/Z1T3BzMdu
zlypit6MbkgoP29jnIab7b1fk9LxDS4HRGTFyRi43I1mAzJasEf0ybkcswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDq8jaF91BjCHJ6FHfzLC4g2O254MB8GA1UdIwQY
MBaAFE+yu3utUPGSGBCgKOeO3WX4H2p9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDdLN2U2MVE4WklZRUtBbzU0N2RaZmdmYW4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9mZGEzODItNDI1Ny00MWMzLThlYzYt
MjdmYmM5OWVhM2M2LzEvT3J5Tm9YM1VHTUljbm9VZF9Nc0xpRFk3Ym5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9mZGEzODItNDI1Ny00MWMzLThlYzYtMjdmYmM5OWVhM2M2
LzEvVDdLN2U2MVE4WklZRUtBbzU0N2RaZmdmYW4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY10MA0G
CSqGSIb3DQEBCwUAA4IBAQCF7B4qfvIilYWToZ1Rz3VtKkTU2lMuC5FlHG+D/aM5
xUPWdVGLcQ3dsWLnM40MPmcEVzgjyFOnQaWV39gGarNU1ZnYPx4t8TSrZQxX4G8F
rj+tDuYywsE9W/neksXHNycBStwGIwamwxA3h1iXh9Z29Fv5T1TF5dh0sQ9T1K6D
Nwe3NU9Hoew0kFjHTEw7Jd/sgwNgjPRYyDof9Bh4KmnfRsPh+w49b7R1l7oDXwRT
GsU2WdlmNr53YgKyhXzeicw/W3uHxZdUOy3Zj+iThXOOMlXsVZU/6Uo8jAtZv4js
DNA2lsblL4u5ge6nO0xz0Te5/rZVI+xE0KG+X40OL1Wa
-----END CERTIFICATE-----