Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/Pti_2wHf4nDoTULmHuDpJnb60tw.roa
File:                     Pti_2wHf4nDoTULmHuDpJnb60tw.roa (raw, json)
Hash identifier:          6vLb3cXdRGpIGB8yJspOGZTYqcFejvNzXH+8oL9C5OA=
Subject key identifier:   3E:D8:BF:DB:01:DF:E2:70:E8:4D:42:E6:1E:E0:E9:26:76:FA:D2:DC
Certificate issuer:       /CN=123c3de61011de07101e14dc0727395171cb03ab
Certificate serial:       01985BC27BF72844801066B76DAD4426F5AD
Authority key identifier: 12:3C:3D:E6:10:11:DE:07:10:1E:14:DC:07:27:39:51:71:CB:03:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ejw95hAR3gcQHhTcByc5UXHLA6s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/Pti_2wHf4nDoTULmHuDpJnb60tw.roa
Signing time:             Wed 30 Jul 2025 14:35:29 +0000
ROA not before:           Wed 30 Jul 2025 14:35:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212280
IP address blocks:        185.122.252.0/24 maxlen: 24
                          185.122.253.0/24 maxlen: 24
                          185.122.254.0/24 maxlen: 24
                          185.122.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/Ejw95hAR3gcQHhTcByc5UXHLA6s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/Ejw95hAR3gcQHhTcByc5UXHLA6s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ejw95hAR3gcQHhTcByc5UXHLA6s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 01:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5b:c2:7b:f7:28:44:80:10:66:b7:6d:ad:44:26:f5:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=123c3de61011de07101e14dc0727395171cb03ab
        Validity
            Not Before: Jul 30 14:35:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ed8bfdb01dfe270e84d42e61ee0e92676fad2dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:0a:6d:37:8f:96:11:21:49:84:ad:c7:8b:68:
                    c5:ac:ab:a0:89:c6:76:d3:06:9c:98:73:2d:a9:7e:
                    13:f7:ba:b5:8c:10:30:78:7c:cc:90:b1:70:4f:23:
                    fe:5a:95:4c:f0:7f:41:1a:fe:e9:60:6e:76:bc:b0:
                    37:9c:8f:d8:74:f1:71:a4:d8:7f:b8:6d:d6:ba:30:
                    a8:04:1a:ae:3f:22:1e:67:77:50:ce:45:c3:0e:81:
                    9f:62:7b:83:65:3b:ae:96:eb:c9:db:ae:71:ac:92:
                    b4:74:34:6e:bd:f6:4d:29:50:5a:9c:b6:b8:e8:c5:
                    14:6f:21:71:24:06:42:9c:f5:03:80:2d:4b:20:54:
                    3e:06:c1:6c:85:96:85:86:7f:c2:c4:06:9c:ef:5b:
                    ab:54:30:78:97:13:f5:28:1d:40:21:7d:4f:c0:0b:
                    66:36:41:0c:12:9b:68:43:d9:0b:ae:fb:61:98:d5:
                    a8:cc:c8:95:32:de:98:05:5a:b4:c3:2a:03:5f:a3:
                    04:d7:2e:17:6e:99:00:a7:51:ef:94:d3:fe:64:8f:
                    a6:d7:a2:a9:d5:91:f1:ea:50:a1:46:85:11:9a:08:
                    bb:f8:82:cc:6c:f2:02:e1:3e:34:85:00:6f:3f:dd:
                    f4:bf:d2:de:36:36:66:64:6c:7b:7e:20:e1:af:cb:
                    c6:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:D8:BF:DB:01:DF:E2:70:E8:4D:42:E6:1E:E0:E9:26:76:FA:D2:DC
            X509v3 Authority Key Identifier:
                keyid:12:3C:3D:E6:10:11:DE:07:10:1E:14:DC:07:27:39:51:71:CB:03:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ejw95hAR3gcQHhTcByc5UXHLA6s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/Pti_2wHf4nDoTULmHuDpJnb60tw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/229650-8a01-4370-991e-b504c9ae9bbc/1/Ejw95hAR3gcQHhTcByc5UXHLA6s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.122.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         51:41:d2:4a:45:a6:96:10:0d:48:02:02:db:70:78:f7:b6:77:
         cd:f5:33:87:a0:6d:83:d6:c6:30:11:fc:82:f1:61:e7:cd:96:
         76:60:51:22:34:b8:e8:cf:8b:61:79:e6:08:c1:93:94:47:ec:
         f4:97:2d:07:53:3c:d9:a9:80:b6:e4:07:73:43:d5:4c:fd:4c:
         a0:de:8b:eb:b4:b9:da:08:9f:3f:8a:3e:05:38:3d:0c:c5:95:
         29:d0:73:12:cf:f0:16:1e:a1:69:17:f6:1e:1d:9c:36:0f:56:
         81:9a:da:7d:9a:62:c9:f6:d8:68:c6:c0:63:2d:de:9d:24:4e:
         2b:4c:5c:c0:de:35:5c:c7:e9:06:32:48:cd:6f:98:91:8e:f5:
         89:6c:55:03:a8:0c:46:ff:ef:df:ff:08:b6:f4:cc:a3:52:00:
         7d:b4:92:da:04:19:f7:14:7f:dc:f0:52:5e:d1:c7:6d:df:21:
         9e:f9:a5:6d:01:1f:d1:05:e5:aa:2f:9c:91:92:55:32:3e:fa:
         00:d9:f8:e6:99:f2:a9:2e:6d:6d:14:b3:02:a4:fe:13:fa:16:
         04:fe:cc:41:69:2a:ac:06:37:e5:61:e1:15:68:5c:3d:2f:72:
         ee:3b:4b:8f:b9:18:85:45:4f:d7:3b:11:6b:23:93:97:97:81:
         3b:75:d3:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhbwnv3KESAEGa3ba1EJvWtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyM2MzZGU2MTAxMWRlMDcxMDFlMTRkYzA3MjczOTUxNzFj
YjAzYWIwHhcNMjUwNzMwMTQzNTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWQ4YmZkYjAxZGZlMjcwZTg0ZDQyZTYxZWUwZTkyNjc2ZmFkMmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6QptN4+WESFJhK3Hi2jFrKugicZ2
0wacmHMtqX4T97q1jBAweHzMkLFwTyP+WpVM8H9BGv7pYG52vLA3nI/YdPFxpNh/
uG3WujCoBBquPyIeZ3dQzkXDDoGfYnuDZTuuluvJ265xrJK0dDRuvfZNKVBanLa4
6MUUbyFxJAZCnPUDgC1LIFQ+BsFshZaFhn/CxAac71urVDB4lxP1KB1AIX1PwAtm
NkEMEptoQ9kLrvthmNWozMiVMt6YBVq0wyoDX6ME1y4XbpkAp1HvlNP+ZI+m16Kp
1ZHx6lChRoURmgi7+ILMbPIC4T40hQBvP930v9LeNjZmZGx7fiDhr8vGFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD7Yv9sB3+Jw6E1C5h7g6SZ2+tLcMB8GA1UdIwQY
MBaAFBI8PeYQEd4HEB4U3AcnOVFxywOrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWp3OTVoQVIzZ2NRSGhUY0J5YzVVWEhMQTZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi8yMjk2NTAtOGEwMS00MzcwLTk5MWUt
YjUwNGM5YWU5YmJjLzEvUHRpXzJ3SGY0bkRvVFVMbUh1RHBKbmI2MHR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi8yMjk2NTAtOGEwMS00MzcwLTk5MWUtYjUwNGM5YWU5YmJj
LzEvRWp3OTVoQVIzZ2NRSGhUY0J5YzVVWEhMQTZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXr8MA0G
CSqGSIb3DQEBCwUAA4IBAQBRQdJKRaaWEA1IAgLbcHj3tnfN9TOHoG2D1sYwEfyC
8WHnzZZ2YFEiNLjoz4theeYIwZOUR+z0ly0HUzzZqYC25AdzQ9VM/Uyg3ovrtLna
CJ8/ij4FOD0MxZUp0HMSz/AWHqFpF/YeHZw2D1aBmtp9mmLJ9thoxsBjLd6dJE4r
TFzA3jVcx+kGMkjNb5iRjvWJbFUDqAxG/+/f/wi29MyjUgB9tJLaBBn3FH/c8FJe
0cdt3yGe+aVtAR/RBeWqL5yRklUyPvoA2fjmmfKpLm1tFLMCpP4T+hYE/sxBaSqs
BjflYeEVaFw9L3LuO0uPuRiFRU/XOxFrI5OXl4E7ddMU
-----END CERTIFICATE-----