Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/KYbTgSax7h064F3NCImdxDDfXXU.roa
File:                     KYbTgSax7h064F3NCImdxDDfXXU.roa (raw, json)
Hash identifier:          RzrFxH2i8OJic4Y6TfEUz6A93MWm2jwQSnSbIExbBfk=
Subject key identifier:   29:86:D3:81:26:B1:EE:1D:3A:E0:5D:CD:08:89:9D:C4:30:DF:5D:75
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       019861C9265965905A9510D7587FAECE3565
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/KYbTgSax7h064F3NCImdxDDfXXU.roa
Signing time:             Thu 31 Jul 2025 18:40:29 +0000
ROA not before:           Thu 31 Jul 2025 18:40:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35751
IP address blocks:        45.133.32.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:61:c9:26:59:65:90:5a:95:10:d7:58:7f:ae:ce:35:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jul 31 18:40:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2986d38126b1ee1d3ae05dcd08899dc430df5d75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b5:6a:3d:0b:3f:c5:2f:65:73:fb:fe:e6:1e:
                    c8:7b:0e:5b:8d:00:51:98:4b:04:9f:e8:83:82:ec:
                    46:69:88:82:b1:f6:aa:72:66:ce:36:e7:09:e7:04:
                    a4:65:66:a7:75:db:7e:ba:2f:dd:57:e6:76:d1:cf:
                    f8:a5:ce:63:20:9e:7c:7e:01:99:cc:0b:2f:16:40:
                    b6:fa:aa:17:2c:05:ac:dc:36:4e:13:6c:77:58:1c:
                    bb:12:cd:4d:d6:04:44:e9:a0:d7:91:c3:8f:54:98:
                    cd:ec:dd:ed:6d:c0:68:48:7c:2f:6c:de:e1:c3:7d:
                    90:6c:e6:8a:d6:79:a7:a6:d3:1e:67:ca:67:e8:91:
                    7b:26:dc:3a:62:30:1b:ae:df:f6:18:b4:83:d6:2c:
                    e6:90:ea:e4:6f:13:76:9e:ea:17:26:90:ea:90:41:
                    92:ab:96:5e:9d:10:a6:40:be:5b:01:b4:e0:ae:99:
                    56:6e:04:3b:41:59:9a:71:69:19:88:2a:e9:09:eb:
                    9e:16:4e:b2:8c:48:18:36:17:17:42:e5:be:08:d3:
                    8e:89:3d:b4:41:18:48:7b:dd:84:0a:8c:7d:fd:70:
                    a0:f3:78:d0:57:ca:cd:d0:57:b4:0e:d5:fa:8d:e3:
                    69:6f:0f:9d:62:22:fe:75:ab:43:0c:a0:a5:5a:80:
                    36:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:86:D3:81:26:B1:EE:1D:3A:E0:5D:CD:08:89:9D:C4:30:DF:5D:75
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/KYbTgSax7h064F3NCImdxDDfXXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:e1:af:05:76:d8:87:e8:cc:57:cf:b4:9d:86:25:22:8f:57:
         f0:ab:6e:cc:1a:3d:b4:77:6b:9b:1e:d3:57:e9:0f:4c:7b:d6:
         79:32:7a:c2:d1:ae:65:28:0e:f5:0a:3f:1e:8e:45:f3:e1:8f:
         8d:95:99:0d:4b:86:bd:a6:f1:c6:a3:74:86:83:2c:da:60:1e:
         4e:7f:4e:9b:a6:7c:50:ec:0d:c9:34:e1:13:6d:a9:d0:8b:3c:
         f8:ab:3f:63:db:9d:33:81:4b:f8:bc:cd:ab:61:61:8b:03:e6:
         a7:ee:f7:66:a5:d3:4a:8c:50:2e:b5:95:3a:1d:83:60:0b:c0:
         6b:c0:3d:3d:6f:a5:1a:0d:94:f1:97:39:e2:c0:57:ee:a9:61:
         5f:1d:e1:83:b5:90:37:34:f9:4b:22:ae:f1:79:34:96:17:0d:
         8a:89:e9:e1:df:25:b2:5e:72:46:43:2a:07:ef:f4:00:e5:2f:
         9c:c3:52:15:70:35:37:2f:3c:fc:96:2b:4d:c3:1e:51:9d:68:
         3b:0f:5a:1d:57:ef:e4:44:13:90:1f:f9:51:4e:55:7b:97:48:
         41:91:79:90:21:07:45:f4:7d:4b:55:3a:da:2d:ab:e0:77:4a:
         0e:50:06:f2:3e:c9:56:e0:7a:98:46:a8:2a:a8:9e:40:d4:65:
         62:48:83:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhhySZZZZBalRDXWH+uzjVlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwNzMxMTg0MDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTg2ZDM4MTI2YjFlZTFkM2FlMDVkY2QwODg5OWRjNDMwZGY1ZDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrVqPQs/xS9lc/v+5h7Iew5bjQBR
mEsEn+iDguxGaYiCsfaqcmbONucJ5wSkZWanddt+ui/dV+Z20c/4pc5jIJ58fgGZ
zAsvFkC2+qoXLAWs3DZOE2x3WBy7Es1N1gRE6aDXkcOPVJjN7N3tbcBoSHwvbN7h
w32QbOaK1nmnptMeZ8pn6JF7Jtw6YjAbrt/2GLSD1izmkOrkbxN2nuoXJpDqkEGS
q5ZenRCmQL5bAbTgrplWbgQ7QVmacWkZiCrpCeueFk6yjEgYNhcXQuW+CNOOiT20
QRhIe92ECox9/XCg83jQV8rN0Fe0DtX6jeNpbw+dYiL+datDDKClWoA25wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmG04Emse4dOuBdzQiJncQw3111MB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvS1liVGdTYXg3aDA2NEYzTkNJbWR4RERmWFhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYUgMA0G
CSqGSIb3DQEBCwUAA4IBAQBj4a8FdtiH6MxXz7SdhiUij1fwq27MGj20d2ubHtNX
6Q9Me9Z5MnrC0a5lKA71Cj8ejkXz4Y+NlZkNS4a9pvHGo3SGgyzaYB5Of06bpnxQ
7A3JNOETbanQizz4qz9j250zgUv4vM2rYWGLA+an7vdmpdNKjFAutZU6HYNgC8Br
wD09b6UaDZTxlzniwFfuqWFfHeGDtZA3NPlLIq7xeTSWFw2Kienh3yWyXnJGQyoH
7/QA5S+cw1IVcDU3Lzz8litNwx5RnWg7D1odV+/kRBOQH/lRTlV7l0hBkXmQIQdF
9H1LVTraLavgd0oOUAbyPslW4HqYRqgqqJ5A1GViSINZ
-----END CERTIFICATE-----