Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/7bb416-ba8f-49a7-b5aa-ee2dc2860d5b/1/trrjLXp7ppNA4f7ZBtou6UVNH0c.roa
File:                     trrjLXp7ppNA4f7ZBtou6UVNH0c.roa (raw, json)
Hash identifier:          JoQ3eQtKyL6eTj4ubcRQEeezZNpu32gkn8SEO4tRm78=
Subject key identifier:   B6:BA:E3:2D:7A:7B:A6:93:40:E1:FE:D9:06:DA:2E:E9:45:4D:1F:47
Certificate issuer:       /CN=c089de2f42fcf44a4daab6a824c120abb8b7165d
Certificate serial:       0198EAA9A91C7312BA638371AE9A067DCD4D
Authority key identifier: C0:89:DE:2F:42:FC:F4:4A:4D:AA:B6:A8:24:C1:20:AB:B8:B7:16:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wIneL0L89EpNqraoJMEgq7i3Fl0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/7bb416-ba8f-49a7-b5aa-ee2dc2860d5b/1/trrjLXp7ppNA4f7ZBtou6UVNH0c.roa
Signing time:             Wed 27 Aug 2025 08:34:04 +0000
ROA not before:           Wed 27 Aug 2025 08:34:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206795
IP address blocks:        185.176.66.0/24 maxlen: 24
                          185.176.67.0/24 maxlen: 24
                          2a0a:d80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/7bb416-ba8f-49a7-b5aa-ee2dc2860d5b/1/wIneL0L89EpNqraoJMEgq7i3Fl0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/7bb416-ba8f-49a7-b5aa-ee2dc2860d5b/1/wIneL0L89EpNqraoJMEgq7i3Fl0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wIneL0L89EpNqraoJMEgq7i3Fl0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 05:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ea:a9:a9:1c:73:12:ba:63:83:71:ae:9a:06:7d:cd:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c089de2f42fcf44a4daab6a824c120abb8b7165d
        Validity
            Not Before: Aug 27 08:34:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6bae32d7a7ba69340e1fed906da2ee9454d1f47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:8f:ef:23:dc:a5:aa:45:85:5b:fd:cd:64:bf:
                    ef:3b:84:c0:39:92:2a:68:7a:ed:7c:3a:0b:f6:4e:
                    d5:50:b6:65:97:b0:5a:69:31:aa:ef:c2:3b:9a:63:
                    14:81:4c:fc:74:60:a1:04:30:56:26:d0:c0:74:10:
                    25:cc:a7:7e:5a:1c:04:5d:6c:80:9f:a8:89:c7:1e:
                    85:e0:2d:73:28:79:0d:3c:cf:aa:b0:9a:89:52:03:
                    93:00:83:96:3e:16:7b:bd:63:f6:0b:c0:96:bc:17:
                    c8:4b:3e:a0:42:91:3f:e9:20:a1:1a:92:7a:a3:f7:
                    7f:91:c5:c8:10:2d:2a:ef:bf:34:0f:c9:e4:7a:c6:
                    0a:36:55:25:98:30:d4:6b:7a:d2:ce:6e:c8:c5:cb:
                    2b:42:fd:56:83:f2:c4:80:4f:52:41:03:8a:a2:b0:
                    82:87:4d:8d:00:61:2d:18:f3:88:08:f8:67:2e:5f:
                    60:72:02:aa:33:93:4a:35:da:b9:df:93:96:09:5a:
                    be:57:ef:9f:bd:c6:88:a3:ff:77:7f:7f:a8:f0:e9:
                    97:f0:84:53:14:43:c0:65:7d:1a:9f:7c:ae:ee:b6:
                    a0:35:05:9a:66:0c:99:aa:de:9e:63:5a:2f:33:3c:
                    6b:52:be:30:f4:5d:22:47:b8:28:99:c5:93:a9:ab:
                    b5:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:BA:E3:2D:7A:7B:A6:93:40:E1:FE:D9:06:DA:2E:E9:45:4D:1F:47
            X509v3 Authority Key Identifier:
                keyid:C0:89:DE:2F:42:FC:F4:4A:4D:AA:B6:A8:24:C1:20:AB:B8:B7:16:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wIneL0L89EpNqraoJMEgq7i3Fl0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/7bb416-ba8f-49a7-b5aa-ee2dc2860d5b/1/trrjLXp7ppNA4f7ZBtou6UVNH0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/7bb416-ba8f-49a7-b5aa-ee2dc2860d5b/1/wIneL0L89EpNqraoJMEgq7i3Fl0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.66.0/23
                IPv6:
                  2a0a:d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         36:e8:d2:50:58:14:a7:b4:38:cb:8e:e5:c1:cc:26:4d:9a:fd:
         23:ad:91:32:26:aa:1d:8f:08:a1:25:75:51:70:6e:df:8a:6f:
         26:fd:28:a8:5f:1e:f9:a6:ec:33:e7:7b:2e:4d:f7:6c:84:be:
         48:10:35:47:04:8c:09:89:be:ab:12:67:ba:f4:dc:7f:19:9d:
         05:5f:17:08:5b:2e:66:f8:2f:cf:77:c9:51:50:59:2d:15:4e:
         e2:37:3b:9d:c7:fe:59:30:81:7e:c2:36:14:c8:1e:f9:f9:25:
         cb:d3:fa:bc:a3:4f:6d:36:1c:46:d6:85:37:60:a2:99:97:47:
         af:19:04:fd:67:1e:d6:7a:f8:7b:dd:24:4d:af:be:fa:19:ba:
         77:af:f9:69:42:09:45:dc:97:84:21:50:31:65:40:62:81:09:
         06:f0:53:2f:f4:5c:b9:9e:a4:97:c0:5f:69:7f:f5:4f:66:88:
         85:f9:42:74:d0:c7:8e:2b:76:d3:1a:65:7d:98:62:3f:43:47:
         97:f6:df:a8:e9:55:70:51:f5:03:71:e1:00:7c:ba:b6:6e:8b:
         9f:18:f2:6a:19:d4:de:df:f9:e8:7f:35:e8:61:4c:a9:45:9c:
         59:07:c8:cf:16:3b:c0:c2:83:34:07:1e:f4:02:c8:f1:78:28:
         83:d2:7c:0a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZjqqakccxK6Y4NxrpoGfc1NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwODlkZTJmNDJmY2Y0NGE0ZGFhYjZhODI0YzEyMGFiYjhi
NzE2NWQwHhcNMjUwODI3MDgzNDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmJhZTMyZDdhN2JhNjkzNDBlMWZlZDkwNmRhMmVlOTQ1NGQxZjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk4/vI9ylqkWFW/3NZL/vO4TAOZIq
aHrtfDoL9k7VULZll7BaaTGq78I7mmMUgUz8dGChBDBWJtDAdBAlzKd+WhwEXWyA
n6iJxx6F4C1zKHkNPM+qsJqJUgOTAIOWPhZ7vWP2C8CWvBfISz6gQpE/6SChGpJ6
o/d/kcXIEC0q7780D8nkesYKNlUlmDDUa3rSzm7IxcsrQv1Wg/LEgE9SQQOKorCC
h02NAGEtGPOICPhnLl9gcgKqM5NKNdq535OWCVq+V++fvcaIo/93f3+o8OmX8IRT
FEPAZX0an3yu7ragNQWaZgyZqt6eY1ovMzxrUr4w9F0iR7gomcWTqau11wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLa64y16e6aTQOH+2QbaLulFTR9HMB8GA1UdIwQY
MBaAFMCJ3i9C/PRKTaq2qCTBIKu4txZdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0luZUwwTDg5RXBOcXJhb0pNRWdxN2kzRmwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS83YmI0MTYtYmE4Zi00OWE3LWI1YWEt
ZWUyZGMyODYwZDViLzEvdHJyakxYcDdwcE5BNGY3WkJ0b3U2VVZOSDBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS83YmI0MTYtYmE4Zi00OWE3LWI1YWEtZWUyZGMyODYwZDVi
LzEvd0luZUwwTDg5RXBOcXJhb0pNRWdxN2kzRmwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBubBCMA0E
AgACMAcDBQMqCg2AMA0GCSqGSIb3DQEBCwUAA4IBAQA26NJQWBSntDjLjuXBzCZN
mv0jrZEyJqodjwihJXVRcG7fim8m/SioXx75puwz53suTfdshL5IEDVHBIwJib6r
Eme69Nx/GZ0FXxcIWy5m+C/Pd8lRUFktFU7iNzudx/5ZMIF+wjYUyB75+SXL0/q8
o09tNhxG1oU3YKKZl0evGQT9Zx7Wevh73SRNr776Gbp3r/lpQglF3JeEIVAxZUBi
gQkG8FMv9Fy5nqSXwF9pf/VPZoiF+UJ00MeOK3bTGmV9mGI/Q0eX9t+o6VVwUfUD
ceEAfLq2boufGPJqGdTe3/nofzXoYUypRZxZB8jPFjvAwoM0Bx70AsjxeCiD0nwK
-----END CERTIFICATE-----