Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/_xC1kXcH_xnBrp3zmmeFMgFE7KI.roa
File:                     _xC1kXcH_xnBrp3zmmeFMgFE7KI.roa (raw, json)
Hash identifier:          lnLioS9m0wvQKnvleqYpOpwLrz8qz8X99uptw34wSFs=
Subject key identifier:   FF:10:B5:91:77:07:FF:19:C1:AE:9D:F3:9A:67:85:32:01:44:EC:A2
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       01984089208FF7342E0A815FD40F9E0A741C
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/_xC1kXcH_xnBrp3zmmeFMgFE7KI.roa
Signing time:             Fri 25 Jul 2025 07:43:05 +0000
ROA not before:           Fri 25 Jul 2025 07:43:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206378
IP address blocks:        45.157.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:40:89:20:8f:f7:34:2e:0a:81:5f:d4:0f:9e:0a:74:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jul 25 07:43:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff10b5917707ff19c1ae9df39a6785320144eca2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:88:ed:82:66:22:4f:3a:fd:8e:00:8b:bb:f3:
                    f5:d3:c4:0d:d9:b6:80:17:12:c6:af:48:07:74:ff:
                    0f:fb:a7:f9:ae:f2:a5:75:85:45:04:38:d5:34:30:
                    2c:c0:ba:6c:29:27:9c:01:0d:cc:47:58:21:ac:c2:
                    66:df:80:27:4a:08:82:aa:c6:91:43:bf:88:29:84:
                    ae:a6:17:42:1b:ee:76:f7:bb:a5:81:be:f6:f0:a7:
                    ca:c7:a8:1a:4b:52:d1:24:20:1f:37:0c:d3:16:f6:
                    03:8a:a2:1a:5f:fe:dc:ac:27:8b:29:68:71:d4:21:
                    2c:df:b0:70:d1:24:a3:13:93:66:48:ac:80:82:74:
                    b4:70:a5:c4:5b:18:db:2e:c1:8b:76:e0:5d:d4:4e:
                    c9:e0:12:9a:fb:62:9e:b5:92:67:1f:95:3b:9c:6e:
                    1c:f4:3f:6b:ad:51:1a:a0:e4:6c:dd:eb:42:02:e0:
                    b2:44:43:35:4c:04:4d:4d:bc:21:24:e4:0a:30:63:
                    e7:8e:76:dd:22:46:af:3a:1b:96:a4:07:fa:0b:27:
                    62:69:2e:76:fe:e0:70:97:97:64:8a:22:6d:cc:86:
                    99:cc:aa:6a:77:d2:86:f9:f6:07:57:8b:ca:2f:58:
                    07:0c:86:bd:af:90:ff:70:ba:48:9c:41:59:4d:55:
                    88:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:10:B5:91:77:07:FF:19:C1:AE:9D:F3:9A:67:85:32:01:44:EC:A2
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/_xC1kXcH_xnBrp3zmmeFMgFE7KI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:72:0b:16:b1:cd:8b:e7:9f:38:db:a4:32:8a:c4:99:33:55:
         ce:e7:d0:c5:08:21:7a:bc:03:6f:dd:73:66:13:0b:14:77:25:
         63:af:38:be:57:17:19:d8:c1:4a:04:7c:26:f1:18:b5:ad:b1:
         78:1b:f7:b8:59:06:e9:db:bd:6d:3b:67:6d:7e:75:e2:45:20:
         b8:c0:51:b1:fd:bc:0a:50:b5:ca:5e:94:ec:23:28:de:c1:ae:
         04:7f:57:7a:c4:48:df:74:aa:42:c3:98:0d:f3:84:cc:ce:2a:
         7e:2a:fc:53:16:e7:05:c5:83:fd:a5:a4:2d:33:8b:f0:ef:05:
         53:8c:64:71:30:f7:2c:3d:95:46:49:4b:b7:51:73:8c:ab:64:
         90:61:f8:1c:1c:05:6a:be:41:20:9b:df:87:1d:ac:ce:86:4a:
         99:9a:e7:94:56:87:b6:75:12:34:d4:72:1c:b4:76:be:67:35:
         e0:ce:c2:79:d6:bb:7a:02:7b:e0:67:7a:ff:40:46:b8:21:7d:
         ef:fa:2d:77:33:23:c3:1d:52:c3:04:ef:84:a5:b8:57:b8:d7:
         97:90:54:38:78:e4:5c:0a:f2:51:ca:62:59:bb:c2:0b:5b:b3:
         b2:7b:75:84:a6:c8:09:97:e9:a5:21:38:7b:66:92:12:e9:be:
         b1:77:7d:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhAiSCP9zQuCoFf1A+eCnQcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjUwNzI1MDc0MzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjEwYjU5MTc3MDdmZjE5YzFhZTlkZjM5YTY3ODUzMjAxNDRlY2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApojtgmYiTzr9jgCLu/P108QN2baA
FxLGr0gHdP8P+6f5rvKldYVFBDjVNDAswLpsKSecAQ3MR1ghrMJm34AnSgiCqsaR
Q7+IKYSuphdCG+5297ulgb728KfKx6gaS1LRJCAfNwzTFvYDiqIaX/7crCeLKWhx
1CEs37Bw0SSjE5NmSKyAgnS0cKXEWxjbLsGLduBd1E7J4BKa+2KetZJnH5U7nG4c
9D9rrVEaoORs3etCAuCyREM1TARNTbwhJOQKMGPnjnbdIkavOhuWpAf6CydiaS52
/uBwl5dkiiJtzIaZzKpqd9KG+fYHV4vKL1gHDIa9r5D/cLpInEFZTVWIMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP8QtZF3B/8Zwa6d85pnhTIBROyiMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvX3hDMWtYY0hfeG5CcnAzem1tZUZNZ0ZFN0tJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ3TMA0G
CSqGSIb3DQEBCwUAA4IBAQA6cgsWsc2L558426QyisSZM1XO59DFCCF6vANv3XNm
EwsUdyVjrzi+VxcZ2MFKBHwm8Ri1rbF4G/e4WQbp271tO2dtfnXiRSC4wFGx/bwK
ULXKXpTsIyjewa4Ef1d6xEjfdKpCw5gN84TMzip+KvxTFucFxYP9paQtM4vw7wVT
jGRxMPcsPZVGSUu3UXOMq2SQYfgcHAVqvkEgm9+HHazOhkqZmueUVoe2dRI01HIc
tHa+ZzXgzsJ51rt6AnvgZ3r/QEa4IX3v+i13MyPDHVLDBO+EpbhXuNeXkFQ4eORc
CvJRymJZu8ILW7Oye3WEpsgJl+mlITh7ZpIS6b6xd33/
-----END CERTIFICATE-----