Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/SyJNb24T1K8v6kujf7E-DDJkWmY.roa
File:                     SyJNb24T1K8v6kujf7E-DDJkWmY.roa (raw, json)
Hash identifier:          A7UrcI4a39YeDsRjy98H53aeYuLTyiHn9DprB25yFgs=
Subject key identifier:   4B:22:4D:6F:6E:13:D4:AF:2F:EA:4B:A3:7F:B1:3E:0C:32:64:5A:66
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019808060553D417F807F032109186C20695
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/SyJNb24T1K8v6kujf7E-DDJkWmY.roa
Signing time:             Mon 14 Jul 2025 08:21:09 +0000
ROA not before:           Mon 14 Jul 2025 08:21:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213893
IP address blocks:        147.45.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:08:06:05:53:d4:17:f8:07:f0:32:10:91:86:c2:06:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jul 14 08:21:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b224d6f6e13d4af2fea4ba37fb13e0c32645a66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:ab:4c:60:db:a3:8e:14:10:66:c0:9c:23:ce:
                    89:41:18:c5:0d:b5:50:d0:c3:36:92:3e:ed:22:b6:
                    1c:f7:c2:48:fa:76:a1:c5:bf:28:a4:fe:d7:3d:9f:
                    61:39:0c:db:0d:84:fe:24:1e:9e:bd:c4:e8:b9:8a:
                    ae:69:ee:67:2f:89:56:35:59:cc:62:83:58:72:1c:
                    0c:bf:32:c0:de:bc:14:25:ac:fb:af:40:06:8f:0d:
                    7b:f6:be:f5:4d:a7:43:2a:d4:46:45:0a:b4:e7:73:
                    ea:3d:61:0c:3e:63:2e:d6:cb:20:96:35:ca:e0:9c:
                    5c:ec:6e:87:34:d9:18:b5:1f:84:18:9c:b9:f8:1d:
                    10:36:8d:54:84:5e:c9:55:a0:97:a6:f1:bf:22:59:
                    cd:7d:e8:50:c9:e1:bf:76:36:c0:d4:e0:20:93:5a:
                    91:77:7c:c4:50:a7:bd:83:23:2d:69:fb:5d:c4:92:
                    e0:6c:de:45:d9:69:80:21:e5:b0:9d:77:15:77:37:
                    ea:56:45:10:85:cb:3e:4e:e7:84:f4:03:e1:1d:8d:
                    af:a7:7c:a4:8a:32:2f:ec:e5:d4:92:12:03:70:c3:
                    ed:48:de:97:57:6e:b7:44:c0:55:98:d8:51:66:57:
                    3f:98:fd:ae:85:73:fe:18:71:40:16:52:95:31:2b:
                    b8:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:22:4D:6F:6E:13:D4:AF:2F:EA:4B:A3:7F:B1:3E:0C:32:64:5A:66
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/SyJNb24T1K8v6kujf7E-DDJkWmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:87:c6:65:61:52:99:99:5d:18:a3:4b:44:11:c1:ee:e1:03:
         12:ce:64:55:7c:0b:fa:03:a8:b7:ab:27:2c:07:f4:78:2c:95:
         dc:35:f7:49:93:92:6e:89:4f:95:79:cf:6e:dc:3a:f7:41:9a:
         cb:e9:85:b5:ee:76:b3:1f:7c:7a:dc:6c:27:2e:e1:54:cf:35:
         37:25:8f:42:5c:f1:31:31:97:51:93:5d:82:c0:66:be:33:fa:
         dd:70:69:25:fd:56:01:74:54:e8:a4:f1:83:e0:c5:86:9f:39:
         56:a2:cf:c8:c3:4c:b6:58:25:51:15:1f:e1:31:b5:ab:c8:19:
         e3:9b:16:84:27:6b:6e:71:1c:85:57:a6:7f:ce:45:f4:63:6a:
         65:40:5c:4e:fc:11:03:3c:70:34:c7:4e:1e:81:3e:79:a4:06:
         81:84:32:03:67:be:e2:ee:ac:24:0a:49:1e:8e:b6:af:2b:0c:
         76:ea:77:2d:9c:70:d7:84:21:5a:22:2e:63:c0:3a:4f:0e:ae:
         8a:04:d9:4c:da:99:a1:27:44:9a:68:3d:aa:34:5b:9c:ed:43:
         c0:ad:16:75:b6:88:88:cc:87:3b:61:a3:b3:37:18:94:ef:7c:
         cf:92:72:b1:71:07:0b:46:b1:8e:f5:96:d5:3b:5c:bc:39:44:
         26:48:13:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgIBgVT1Bf4B/AyEJGGwgaVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwNzE0MDgyMTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjIyNGQ2ZjZlMTNkNGFmMmZlYTRiYTM3ZmIxM2UwYzMyNjQ1YTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5qtMYNujjhQQZsCcI86JQRjFDbVQ
0MM2kj7tIrYc98JI+nahxb8opP7XPZ9hOQzbDYT+JB6evcTouYquae5nL4lWNVnM
YoNYchwMvzLA3rwUJaz7r0AGjw179r71TadDKtRGRQq053PqPWEMPmMu1ssgljXK
4Jxc7G6HNNkYtR+EGJy5+B0QNo1UhF7JVaCXpvG/IlnNfehQyeG/djbA1OAgk1qR
d3zEUKe9gyMtaftdxJLgbN5F2WmAIeWwnXcVdzfqVkUQhcs+TueE9APhHY2vp3yk
ijIv7OXUkhIDcMPtSN6XV263RMBVmNhRZlc/mP2uhXP+GHFAFlKVMSu40wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEsiTW9uE9SvL+pLo3+xPgwyZFpmMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvU3lKTmIyNFQxSzh2Nmt1amY3RS1EREprV21ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAky3fMA0G
CSqGSIb3DQEBCwUAA4IBAQAfh8ZlYVKZmV0Yo0tEEcHu4QMSzmRVfAv6A6i3qycs
B/R4LJXcNfdJk5JuiU+Vec9u3Dr3QZrL6YW17nazH3x63GwnLuFUzzU3JY9CXPEx
MZdRk12CwGa+M/rdcGkl/VYBdFTopPGD4MWGnzlWos/Iw0y2WCVRFR/hMbWryBnj
mxaEJ2tucRyFV6Z/zkX0Y2plQFxO/BEDPHA0x04egT55pAaBhDIDZ77i7qwkCkke
jravKwx26nctnHDXhCFaIi5jwDpPDq6KBNlM2pmhJ0SaaD2qNFuc7UPArRZ1toiI
zIc7YaOzNxiU73zPknKxcQcLRrGO9ZbVO1y8OUQmSBOR
-----END CERTIFICATE-----