Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/b7818d-3298-4069-8290-c6e1cfd60661/1/nzgTTwbAHjDz2-zsShiAXUCqJOU.roa
File:                     nzgTTwbAHjDz2-zsShiAXUCqJOU.roa (raw, json)
Hash identifier:          GBnP7tc+zXd9JtLmcvpJOSz2ArIIJJ/9cimz8hGmRDA=
Subject key identifier:   9F:38:13:4F:06:C0:1E:30:F3:DB:EC:EC:4A:18:80:5D:40:AA:24:E5
Certificate issuer:       /CN=a56e22b4620bd042f73a2a9621f0c9247d51248a
Certificate serial:       0198135F59DCA53AB072EE5C3A894A08B175
Authority key identifier: A5:6E:22:B4:62:0B:D0:42:F7:3A:2A:96:21:F0:C9:24:7D:51:24:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pW4itGIL0EL3OiqWIfDJJH1RJIo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/b7818d-3298-4069-8290-c6e1cfd60661/1/nzgTTwbAHjDz2-zsShiAXUCqJOU.roa
Signing time:             Wed 16 Jul 2025 13:14:32 +0000
ROA not before:           Wed 16 Jul 2025 13:14:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35691
IP address blocks:        185.185.108.0/22 maxlen: 22
                          185.185.108.0/24 maxlen: 24
                          185.185.109.0/24 maxlen: 24
                          185.185.110.0/24 maxlen: 24
                          185.185.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/b7818d-3298-4069-8290-c6e1cfd60661/1/pW4itGIL0EL3OiqWIfDJJH1RJIo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/b7818d-3298-4069-8290-c6e1cfd60661/1/pW4itGIL0EL3OiqWIfDJJH1RJIo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pW4itGIL0EL3OiqWIfDJJH1RJIo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:13:5f:59:dc:a5:3a:b0:72:ee:5c:3a:89:4a:08:b1:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a56e22b4620bd042f73a2a9621f0c9247d51248a
        Validity
            Not Before: Jul 16 13:14:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f38134f06c01e30f3dbecec4a18805d40aa24e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:cc:80:ec:70:3c:df:25:68:c8:72:6c:dd:03:
                    20:b1:30:49:9f:56:4f:12:e3:86:5d:2b:bc:f1:54:
                    06:4b:ad:59:03:00:27:3a:f7:34:d9:51:56:8c:af:
                    5b:f6:f0:08:8b:40:c7:df:c9:b5:c5:06:c0:38:13:
                    8f:f2:84:f5:38:85:d6:bf:85:9d:58:d6:00:49:e3:
                    59:c3:c9:41:c2:82:63:be:83:b8:10:7f:98:af:51:
                    e5:b9:b3:5f:4f:52:87:a6:af:a0:a6:01:d9:b5:75:
                    79:32:5d:e5:51:3b:c0:e8:4a:8a:1e:93:d8:2a:ec:
                    1d:11:0b:78:bd:22:53:e7:43:d8:b3:52:1c:c2:68:
                    39:5e:f1:27:3c:5c:50:99:f4:0a:7a:0c:66:27:2b:
                    e2:d0:5f:2b:f2:cc:cf:da:98:28:6b:37:1e:34:14:
                    8c:09:c2:10:01:56:30:9d:99:0c:ae:20:82:7d:bc:
                    41:a6:f4:ea:c4:f4:38:66:c5:f5:0e:ce:99:94:a5:
                    96:d0:8b:61:45:31:21:d5:76:fa:a3:86:52:79:d5:
                    9a:e8:86:51:f7:a8:f4:fb:08:41:c2:d0:0f:3c:c1:
                    a2:30:2d:bf:37:4c:23:34:5e:28:a0:d1:95:d8:30:
                    aa:e1:ea:37:26:d6:47:96:98:70:a3:99:84:06:7c:
                    5d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:38:13:4F:06:C0:1E:30:F3:DB:EC:EC:4A:18:80:5D:40:AA:24:E5
            X509v3 Authority Key Identifier:
                keyid:A5:6E:22:B4:62:0B:D0:42:F7:3A:2A:96:21:F0:C9:24:7D:51:24:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pW4itGIL0EL3OiqWIfDJJH1RJIo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/b7818d-3298-4069-8290-c6e1cfd60661/1/nzgTTwbAHjDz2-zsShiAXUCqJOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/b7818d-3298-4069-8290-c6e1cfd60661/1/pW4itGIL0EL3OiqWIfDJJH1RJIo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.185.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:4a:ca:62:82:b7:e9:31:17:94:6b:0b:cf:6c:e0:60:c3:e0:
         84:58:3b:2b:75:1f:9e:7a:09:07:dc:25:31:d6:62:05:91:d9:
         8a:a4:fc:9a:d2:92:7a:7f:51:3c:3e:e2:e2:0e:db:ec:eb:f3:
         f1:d8:7a:b0:02:04:0f:f1:c7:62:36:d2:86:4a:d7:da:aa:ee:
         70:c4:10:1a:76:08:d9:eb:28:94:57:44:b0:20:d1:20:fa:8e:
         c8:13:5e:49:ba:8b:5e:60:35:fa:41:b2:70:6a:c0:bb:77:b9:
         9e:e9:f4:d0:91:3a:8d:71:58:e0:da:b5:70:82:cd:8c:5d:c3:
         09:6c:30:92:97:35:5d:e8:29:fb:40:1a:ff:b8:1c:b8:76:e6:
         03:8c:6e:be:49:00:c4:2a:99:87:60:d2:c1:5e:2d:3c:bc:b5:
         47:ff:86:64:fa:9c:e1:b7:78:a0:d9:43:ef:45:e4:6f:ca:d7:
         11:b1:22:63:73:44:96:7b:9b:75:e4:bc:b9:1c:51:81:82:9b:
         63:24:03:bc:eb:36:d3:f5:de:99:87:c8:fc:dd:28:ef:5d:a6:
         8d:4c:07:c9:90:93:2f:c3:d8:0f:4c:a9:c6:a6:b0:79:c7:5f:
         8d:a7:bf:4b:ab:b9:91:15:d6:d2:00:69:37:5a:8a:b9:40:5c:
         cc:91:73:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgTX1ncpTqwcu5cOolKCLF1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NmUyMmI0NjIwYmQwNDJmNzNhMmE5NjIxZjBjOTI0N2Q1
MTI0OGEwHhcNMjUwNzE2MTMxNDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjM4MTM0ZjA2YzAxZTMwZjNkYmVjZWM0YTE4ODA1ZDQwYWEyNGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsyA7HA83yVoyHJs3QMgsTBJn1ZP
EuOGXSu88VQGS61ZAwAnOvc02VFWjK9b9vAIi0DH38m1xQbAOBOP8oT1OIXWv4Wd
WNYASeNZw8lBwoJjvoO4EH+Yr1HlubNfT1KHpq+gpgHZtXV5Ml3lUTvA6EqKHpPY
KuwdEQt4vSJT50PYs1Icwmg5XvEnPFxQmfQKegxmJyvi0F8r8szP2pgoazceNBSM
CcIQAVYwnZkMriCCfbxBpvTqxPQ4ZsX1Ds6ZlKWW0IthRTEh1Xb6o4ZSedWa6IZR
96j0+whBwtAPPMGiMC2/N0wjNF4ooNGV2DCq4eo3JtZHlphwo5mEBnxdzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ84E08GwB4w89vs7EoYgF1AqiTlMB8GA1UdIwQY
MBaAFKVuIrRiC9BC9zoqliHwySR9USSKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFc0aXRHSUwwRUwzT2lxV0lmREpKSDFSSklvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9iNzgxOGQtMzI5OC00MDY5LTgyOTAt
YzZlMWNmZDYwNjYxLzEvbnpnVFR3YkFIakR6Mi16c1NoaUFYVUNxSk9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9iNzgxOGQtMzI5OC00MDY5LTgyOTAtYzZlMWNmZDYwNjYx
LzEvcFc0aXRHSUwwRUwzT2lxV0lmREpKSDFSSklvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCublsMA0G
CSqGSIb3DQEBCwUAA4IBAQA9SspigrfpMReUawvPbOBgw+CEWDsrdR+eegkH3CUx
1mIFkdmKpPya0pJ6f1E8PuLiDtvs6/Px2HqwAgQP8cdiNtKGStfaqu5wxBAadgjZ
6yiUV0SwINEg+o7IE15JuoteYDX6QbJwasC7d7me6fTQkTqNcVjg2rVwgs2MXcMJ
bDCSlzVd6Cn7QBr/uBy4duYDjG6+SQDEKpmHYNLBXi08vLVH/4Zk+pzht3ig2UPv
ReRvytcRsSJjc0SWe5t15Ly5HFGBgptjJAO86zbT9d6Zh8j83SjvXaaNTAfJkJMv
w9gPTKnGprB5x1+Np79Lq7mRFdbSAGk3Woq5QFzMkXPA
-----END CERTIFICATE-----