Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/oo68fdLP_MI4Rwlcq0C2I-y_K9g.roa
File:                     oo68fdLP_MI4Rwlcq0C2I-y_K9g.roa (raw, json)
Hash identifier:          UGZ9aKbm2nLCSA0ehujHTDQj51oKQ6d9RZi7a5m0ANs=
Subject key identifier:   A2:8E:BC:7D:D2:CF:FC:C2:38:47:09:5C:AB:40:B6:23:EC:BF:2B:D8
Certificate issuer:       /CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
Certificate serial:       0197636031D54413C7AB3023B6191D9AE670
Authority key identifier: BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/oo68fdLP_MI4Rwlcq0C2I-y_K9g.roa
Signing time:             Thu 12 Jun 2025 09:02:18 +0000
ROA not before:           Thu 12 Jun 2025 09:02:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        45.149.4.0/24 maxlen: 24
                          212.81.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Jun 2025 18:59:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:63:60:31:d5:44:13:c7:ab:30:23:b6:19:1d:9a:e6:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
        Validity
            Not Before: Jun 12 09:02:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a28ebc7dd2cffcc23847095cab40b623ecbf2bd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:95:26:42:29:96:16:42:01:aa:c0:06:92:47:
                    3c:94:57:de:eb:88:3a:ad:31:b8:cd:1d:80:5b:7b:
                    90:de:05:37:3f:26:b9:26:eb:5c:9f:db:02:a9:cf:
                    41:2d:9a:28:49:a5:89:f7:e1:ea:1d:08:6a:41:7f:
                    76:f7:f2:ed:5e:7f:38:2d:16:69:da:bc:36:6c:48:
                    93:6f:d2:90:6c:c3:89:c6:81:a7:94:f9:94:75:a0:
                    e5:fd:23:64:bd:cc:9d:41:f3:23:92:60:f9:de:c0:
                    67:54:11:56:c7:94:a8:1f:a3:c7:59:13:36:49:fb:
                    96:17:48:7f:e9:de:f0:fa:c8:c1:0b:6a:61:64:0b:
                    f8:23:10:16:6a:48:90:4c:0d:2a:43:21:4e:70:af:
                    11:5c:4a:3e:e3:62:35:db:be:41:bd:fc:2c:3b:c2:
                    44:1d:13:a8:a7:4b:0c:27:cb:83:3a:8b:2b:f9:44:
                    a7:6e:72:4f:0a:19:79:6c:36:f2:f8:17:6f:a6:ac:
                    02:55:f9:01:94:c5:45:c1:02:20:04:14:0e:ee:71:
                    a9:2b:b0:41:f8:fa:23:27:51:53:d6:a9:7d:c6:0a:
                    0e:54:69:85:e9:20:e3:e9:1f:bf:6c:05:fe:65:42:
                    92:3d:28:c8:73:3b:e5:48:e8:44:7a:80:d1:0d:9d:
                    e9:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:8E:BC:7D:D2:CF:FC:C2:38:47:09:5C:AB:40:B6:23:EC:BF:2B:D8
            X509v3 Authority Key Identifier:
                keyid:BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/oo68fdLP_MI4Rwlcq0C2I-y_K9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.4.0/24
                  212.81.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:54:3d:b6:7a:cb:1a:98:0e:92:5f:9c:b7:99:ee:d6:b9:73:
         9f:9f:6d:6e:ac:f8:06:ce:79:8d:44:70:af:e9:a1:b0:cb:89:
         7a:73:8b:8f:26:67:74:ac:8e:05:a9:7f:3e:ed:00:ca:5a:09:
         3d:0c:19:e9:a6:01:5a:fa:6e:f2:bc:cd:9d:0e:96:13:a6:ce:
         6d:ed:23:5b:03:41:59:50:a0:01:a6:12:00:d3:54:41:5e:d8:
         35:3b:f2:fe:cb:e4:88:da:5a:27:d7:15:b0:f2:e3:10:87:be:
         37:dc:9d:00:86:7e:cb:04:7c:7a:81:0c:b4:30:78:99:6a:f4:
         73:f6:fe:88:60:b4:3b:da:fa:3b:52:7e:32:e0:ca:a2:04:36:
         46:d8:99:97:38:94:35:40:f0:49:b9:94:c7:6d:89:07:ba:0f:
         12:f4:a2:cf:25:17:5e:d9:ae:40:ab:e8:a8:4f:53:41:d9:42:
         00:97:a4:73:1c:5e:e3:5e:c3:d8:aa:07:96:b7:92:72:34:73:
         b9:c4:60:94:c3:11:36:de:45:8d:53:34:36:ef:3a:5f:4a:c1:
         ce:7a:74:84:b5:3a:a6:f4:1b:7a:ae:6e:5b:ed:d3:c4:c7:53:
         65:7a:b3:f9:e8:b1:3b:40:d5:f5:30:69:50:e8:2d:e9:d4:4e:
         b7:f8:82:c0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdjYDHVRBPHqzAjthkdmuZwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMzY2ODYyOGYwZGY3OWQwNDdlY2EwZDlhZGNmYzBiNjY5
M2UzMDkwHhcNMjUwNjEyMDkwMjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjhlYmM3ZGQyY2ZmY2MyMzg0NzA5NWNhYjQwYjYyM2VjYmYyYmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZUmQimWFkIBqsAGkkc8lFfe64g6
rTG4zR2AW3uQ3gU3Pya5Jutcn9sCqc9BLZooSaWJ9+HqHQhqQX929/LtXn84LRZp
2rw2bEiTb9KQbMOJxoGnlPmUdaDl/SNkvcydQfMjkmD53sBnVBFWx5SoH6PHWRM2
SfuWF0h/6d7w+sjBC2phZAv4IxAWakiQTA0qQyFOcK8RXEo+42I1275BvfwsO8JE
HROop0sMJ8uDOosr+USnbnJPChl5bDby+BdvpqwCVfkBlMVFwQIgBBQO7nGpK7BB
+PojJ1FT1ql9xgoOVGmF6SDj6R+/bAX+ZUKSPSjIczvlSOhEeoDRDZ3pCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKKOvH3Sz/zCOEcJXKtAtiPsvyvYMB8GA1UdIwQY
MBaAFL02aGKPDfedBH7KDZrc/Atmk+MJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMt
ZTZiZjMxNmM5NGExLzEvb282OGZkTFBfTUk0UndsY3EwQzJJLXlfSzlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMtZTZiZjMxNmM5NGEx
LzEvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZUEAwQA
1FEvMA0GCSqGSIb3DQEBCwUAA4IBAQBmVD22essamA6SX5y3me7WuXOfn21urPgG
znmNRHCv6aGwy4l6c4uPJmd0rI4FqX8+7QDKWgk9DBnppgFa+m7yvM2dDpYTps5t
7SNbA0FZUKABphIA01RBXtg1O/L+y+SI2lon1xWw8uMQh7433J0Ahn7LBHx6gQy0
MHiZavRz9v6IYLQ72vo7Un4y4MqiBDZG2JmXOJQ1QPBJuZTHbYkHug8S9KLPJRde
2a5Aq+ioT1NB2UIAl6RzHF7jXsPYqgeWt5JyNHO5xGCUwxE23kWNUzQ27zpfSsHO
enSEtTqm9Bt6rm5b7dPEx1NlerP56LE7QNX1MGlQ6C3p1E63+ILA
-----END CERTIFICATE-----