Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/OltzXJJiE9XyxoEWZKwac5KxNNc.roa
File:                     OltzXJJiE9XyxoEWZKwac5KxNNc.roa (raw, json)
Hash identifier:          MXwRj0eiEFB7lamZjGpRz17XKhXqe6VMpTtPXa7Dwss=
Subject key identifier:   3A:5B:73:5C:92:62:13:D5:F2:C6:81:16:64:AC:1A:73:92:B1:34:D7
Certificate issuer:       /CN=411a2a9405bda1671c10776f4426273c904e4ad0
Certificate serial:       0197EFE40B8BDEBBA10654CC68334D90C252
Authority key identifier: 41:1A:2A:94:05:BD:A1:67:1C:10:77:6F:44:26:27:3C:90:4E:4A:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QRoqlAW9oWccEHdvRCYnPJBOStA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/OltzXJJiE9XyxoEWZKwac5KxNNc.roa
Signing time:             Wed 09 Jul 2025 15:53:09 +0000
ROA not before:           Wed 09 Jul 2025 15:53:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209097
IP address blocks:        45.11.252.0/24 maxlen: 24
                          45.11.253.0/24 maxlen: 24
                          45.11.254.0/24 maxlen: 24
                          45.11.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/QRoqlAW9oWccEHdvRCYnPJBOStA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/QRoqlAW9oWccEHdvRCYnPJBOStA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QRoqlAW9oWccEHdvRCYnPJBOStA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 20:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ef:e4:0b:8b:de:bb:a1:06:54:cc:68:33:4d:90:c2:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=411a2a9405bda1671c10776f4426273c904e4ad0
        Validity
            Not Before: Jul  9 15:53:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a5b735c926213d5f2c6811664ac1a7392b134d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ed:93:2c:01:c7:49:a1:62:cc:42:11:bf:e7:
                    17:89:58:16:d6:8b:0b:4b:5a:1c:b6:0d:47:16:d0:
                    47:d2:66:46:0f:67:e7:9f:51:95:f6:46:64:92:4e:
                    15:59:29:d4:48:c2:ea:b0:aa:d0:33:41:a7:b0:da:
                    86:6e:7d:f3:7a:c1:9d:a9:0c:e2:00:5c:76:64:ad:
                    f9:91:0c:26:dd:e1:2f:11:1f:d1:ea:07:00:77:e4:
                    91:cb:eb:3d:67:12:6d:ff:3b:78:6c:ec:58:e7:e7:
                    55:41:d3:de:16:14:e5:be:e4:81:03:e2:95:33:94:
                    de:45:73:e7:e6:bf:7e:f6:9a:f9:03:7c:6f:93:88:
                    76:e1:0d:b1:b4:f4:89:74:6e:30:f5:46:d5:5f:c9:
                    1f:4d:f0:38:2f:b0:e5:c0:d3:05:ed:30:10:ec:aa:
                    cc:5e:d8:72:c7:26:53:a1:d1:ee:bf:00:d8:94:a2:
                    62:2b:f1:60:e3:24:c0:7c:4a:fe:4e:f8:e9:4e:03:
                    64:40:f1:24:77:b5:04:69:ed:d6:30:51:57:be:51:
                    42:2d:d9:70:fb:d5:c8:58:f3:88:70:3c:03:e0:0d:
                    c4:1a:10:85:8f:d5:c2:6b:1c:33:cb:aa:ce:a7:92:
                    b8:5e:5a:11:5b:98:e3:64:51:93:68:ae:18:af:6a:
                    c7:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:5B:73:5C:92:62:13:D5:F2:C6:81:16:64:AC:1A:73:92:B1:34:D7
            X509v3 Authority Key Identifier:
                keyid:41:1A:2A:94:05:BD:A1:67:1C:10:77:6F:44:26:27:3C:90:4E:4A:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QRoqlAW9oWccEHdvRCYnPJBOStA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/OltzXJJiE9XyxoEWZKwac5KxNNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/fe6870-0990-4c21-9e4d-8c52e666a8a2/1/QRoqlAW9oWccEHdvRCYnPJBOStA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:fd:43:10:ce:d2:38:ad:9d:3e:5e:2d:5b:bf:3e:42:b2:28:
         3e:dc:80:30:e6:be:fd:2a:fc:a1:47:52:4e:78:b6:e9:cb:8e:
         e0:9b:ee:f8:17:dc:5d:5e:69:0f:fa:48:11:0e:71:70:0a:ad:
         92:16:fb:24:34:ea:23:e8:27:0d:f6:b4:c8:86:2b:ad:f9:f1:
         8a:7a:79:e8:48:c7:25:33:4c:af:77:79:fa:cd:65:f4:4d:7b:
         03:e6:60:9c:37:23:0b:cd:a4:df:96:cf:54:28:4d:27:61:37:
         44:9f:c6:5a:bb:61:79:bc:f6:0e:74:f0:a0:c8:e1:87:9c:33:
         4d:3e:39:bf:02:6b:18:d6:68:43:ae:18:91:20:9b:ad:d2:6b:
         41:e6:bb:d7:cd:42:f7:ef:05:36:ba:11:63:cb:a7:d9:7f:83:
         5e:7a:33:39:a1:33:df:93:c2:4d:b1:f5:f8:0f:88:b6:e1:5a:
         2a:43:12:9e:19:bd:95:4a:00:58:9b:23:c1:aa:08:fd:06:ca:
         21:12:f9:90:79:04:76:dc:b4:84:33:bf:d3:dc:6b:fc:a0:b0:
         6d:24:12:a5:b0:ec:94:fe:32:ce:48:28:e0:40:40:ae:81:26:
         c8:7d:2c:17:01:19:aa:0b:df:13:60:02:57:23:09:92:4c:f0:
         85:95:17:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfv5AuL3ruhBlTMaDNNkMJSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMWEyYTk0MDViZGExNjcxYzEwNzc2ZjQ0MjYyNzNjOTA0
ZTRhZDAwHhcNMjUwNzA5MTU1MzA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTViNzM1YzkyNjIxM2Q1ZjJjNjgxMTY2NGFjMWE3MzkyYjEzNGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAme2TLAHHSaFizEIRv+cXiVgW1osL
S1octg1HFtBH0mZGD2fnn1GV9kZkkk4VWSnUSMLqsKrQM0GnsNqGbn3zesGdqQzi
AFx2ZK35kQwm3eEvER/R6gcAd+SRy+s9ZxJt/zt4bOxY5+dVQdPeFhTlvuSBA+KV
M5TeRXPn5r9+9pr5A3xvk4h24Q2xtPSJdG4w9UbVX8kfTfA4L7DlwNMF7TAQ7KrM
XthyxyZTodHuvwDYlKJiK/Fg4yTAfEr+TvjpTgNkQPEkd7UEae3WMFFXvlFCLdlw
+9XIWPOIcDwD4A3EGhCFj9XCaxwzy6rOp5K4XloRW5jjZFGTaK4Yr2rHYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDpbc1ySYhPV8saBFmSsGnOSsTTXMB8GA1UdIwQY
MBaAFEEaKpQFvaFnHBB3b0QmJzyQTkrQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVJvcWxBVzlvV2NjRUhkdlJDWW5QSkJPU3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9mZTY4NzAtMDk5MC00YzIxLTllNGQt
OGM1MmU2NjZhOGEyLzEvT2x0elhKSmlFOVh5eG9FV1pLd2FjNUt4Tk5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9mZTY4NzAtMDk5MC00YzIxLTllNGQtOGM1MmU2NjZhOGEy
LzEvUVJvcWxBVzlvV2NjRUhkdlJDWW5QSkJPU3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQv8MA0G
CSqGSIb3DQEBCwUAA4IBAQAj/UMQztI4rZ0+Xi1bvz5Csig+3IAw5r79KvyhR1JO
eLbpy47gm+74F9xdXmkP+kgRDnFwCq2SFvskNOoj6CcN9rTIhiut+fGKennoSMcl
M0yvd3n6zWX0TXsD5mCcNyMLzaTfls9UKE0nYTdEn8Zau2F5vPYOdPCgyOGHnDNN
Pjm/AmsY1mhDrhiRIJut0mtB5rvXzUL37wU2uhFjy6fZf4NeejM5oTPfk8JNsfX4
D4i24VoqQxKeGb2VSgBYmyPBqgj9BsohEvmQeQR23LSEM7/T3Gv8oLBtJBKlsOyU
/jLOSCjgQECugSbIfSwXARmqC98TYAJXIwmSTPCFlRdT
-----END CERTIFICATE-----