Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/ZXvQgtCwdZFH33GeNkjgldbwU0g.roa
File:                     ZXvQgtCwdZFH33GeNkjgldbwU0g.roa (raw, json)
Hash identifier:          WG+LLLlTTipnD9xWrIvYnomhJk4LiYNkyxpSwcuckf4=
Subject key identifier:   65:7B:D0:82:D0:B0:75:91:47:DF:71:9E:36:48:E0:95:D6:F0:53:48
Certificate issuer:       /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial:       01984CE35AF8684EBCF49F15CD134E30CAEE
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/ZXvQgtCwdZFH33GeNkjgldbwU0g.roa
Signing time:             Sun 27 Jul 2025 17:17:05 +0000
ROA not before:           Sun 27 Jul 2025 17:17:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36530
IP address blocks:        212.116.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 20:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:4c:e3:5a:f8:68:4e:bc:f4:9f:15:cd:13:4e:30:ca:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
        Validity
            Not Before: Jul 27 17:17:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=657bd082d0b0759147df719e3648e095d6f05348
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:2e:67:7e:c5:73:46:43:e6:1e:d7:97:c6:e6:
                    f6:33:3e:c0:f8:15:fb:8e:df:bd:2f:13:37:5b:62:
                    29:88:7a:cf:fc:34:a8:ac:d5:db:61:e4:7d:0d:99:
                    a7:29:a8:12:75:41:e8:a6:c5:0f:f6:16:9b:68:fc:
                    bc:11:01:33:ad:b7:f4:77:90:45:4d:db:79:6e:75:
                    5e:8a:86:99:ad:c5:ff:ea:1a:11:bf:3b:17:e0:f4:
                    c5:47:5a:a1:56:00:ec:3b:3b:63:81:35:3a:1d:0b:
                    cc:c6:6e:9b:3c:49:6e:bb:e7:86:49:61:74:11:21:
                    40:f2:a4:3e:89:94:e1:48:49:d4:11:ed:4d:93:75:
                    73:2d:c2:09:d6:1d:c2:16:00:e8:e9:18:2f:53:cb:
                    47:19:d4:21:b7:f6:2b:c9:c3:e1:21:0e:35:a7:c4:
                    d4:88:79:ec:2d:d4:82:41:56:5a:05:9a:f8:73:9e:
                    44:7e:db:96:2d:bb:24:74:a6:46:1d:c5:5d:1c:06:
                    51:e1:d8:a5:e4:a9:14:5c:f9:e3:5d:a5:f4:62:85:
                    72:d8:20:b2:26:b7:03:80:1d:8b:3c:18:58:79:fb:
                    1d:96:7d:4a:43:b3:43:17:71:05:0c:cb:95:b5:05:
                    55:20:5a:a2:f0:20:1c:a9:fc:8e:d7:d5:5d:53:4c:
                    d7:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:7B:D0:82:D0:B0:75:91:47:DF:71:9E:36:48:E0:95:D6:F0:53:48
            X509v3 Authority Key Identifier:
                keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/ZXvQgtCwdZFH33GeNkjgldbwU0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.116.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:e6:92:c4:c3:c7:34:b7:a0:65:98:70:74:f6:7b:ef:4b:fd:
         7c:f7:3d:9f:ec:39:50:65:62:12:fc:bb:9d:a8:67:79:71:3c:
         77:24:5c:87:32:c2:61:a7:71:d8:e4:8e:16:4b:c0:53:2b:7b:
         6a:4c:11:9a:b3:b8:d1:80:0a:9f:8a:be:1a:51:f4:36:41:a0:
         94:21:21:53:3d:b8:11:44:54:b9:7f:91:0b:12:1f:45:c8:62:
         b1:6f:2d:fc:41:56:11:0a:42:69:48:6f:b7:0c:36:c5:d0:34:
         21:f8:67:88:e9:6e:d3:33:4a:05:8a:bd:e6:f7:20:bc:27:1b:
         8e:0c:3b:d2:4a:35:db:ca:5d:a1:8c:6c:b6:7b:2f:06:02:6a:
         3f:55:76:bf:ad:38:51:47:1c:d7:a4:93:45:62:92:32:0e:25:
         40:21:b0:27:15:82:bd:1b:7a:5b:cc:25:6f:c9:c1:b2:17:9a:
         fe:d3:4e:b2:48:6a:e3:ea:fb:76:b5:b2:0f:6f:51:c9:13:64:
         ca:06:75:65:a9:51:fd:61:8c:e9:52:d7:ed:a8:67:0d:ca:8c:
         98:c7:1b:4b:4a:14:d5:8f:19:28:77:7b:f1:99:75:5a:d9:bf:
         6a:cc:60:38:74:ba:d7:81:a2:cb:0b:6d:ac:87:c4:d4:04:be:
         69:5d:69:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhM41r4aE689J8VzRNOMMruMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjUwNzI3MTcxNzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTdiZDA4MmQwYjA3NTkxNDdkZjcxOWUzNjQ4ZTA5NWQ2ZjA1MzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzS5nfsVzRkPmHteXxub2Mz7A+BX7
jt+9LxM3W2IpiHrP/DSorNXbYeR9DZmnKagSdUHopsUP9habaPy8EQEzrbf0d5BF
Tdt5bnVeioaZrcX/6hoRvzsX4PTFR1qhVgDsOztjgTU6HQvMxm6bPEluu+eGSWF0
ESFA8qQ+iZThSEnUEe1Nk3VzLcIJ1h3CFgDo6RgvU8tHGdQht/YrycPhIQ41p8TU
iHnsLdSCQVZaBZr4c55EftuWLbskdKZGHcVdHAZR4dil5KkUXPnjXaX0YoVy2CCy
JrcDgB2LPBhYefsdln1KQ7NDF3EFDMuVtQVVIFqi8CAcqfyO19VdU0zXRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGV70ILQsHWRR99xnjZI4JXW8FNIMB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEvWlh2UWd0Q3dkWkZIMzNHZU5ramdsZGJ3VTBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HTwMA0G
CSqGSIb3DQEBCwUAA4IBAQBC5pLEw8c0t6BlmHB09nvvS/189z2f7DlQZWIS/Lud
qGd5cTx3JFyHMsJhp3HY5I4WS8BTK3tqTBGas7jRgAqfir4aUfQ2QaCUISFTPbgR
RFS5f5ELEh9FyGKxby38QVYRCkJpSG+3DDbF0DQh+GeI6W7TM0oFir3m9yC8JxuO
DDvSSjXbyl2hjGy2ey8GAmo/VXa/rThRRxzXpJNFYpIyDiVAIbAnFYK9G3pbzCVv
ycGyF5r+006ySGrj6vt2tbIPb1HJE2TKBnVlqVH9YYzpUtftqGcNyoyYxxtLShTV
jxkod3vxmXVa2b9qzGA4dLrXgaLLC22sh8TUBL5pXWn4
-----END CERTIFICATE-----