Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/OG-40bYrkPCUp0MkYoRVMSu2H1w.roa
File:                     OG-40bYrkPCUp0MkYoRVMSu2H1w.roa (raw, json)
Hash identifier:          UlsUA9l9Kp1TKT4sWqeymuQrXSdCMK1f4iOVuci/KJ4=
Subject key identifier:   38:6F:B8:D1:B6:2B:90:F0:94:A7:43:24:62:84:55:31:2B:B6:1F:5C
Certificate issuer:       /CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Certificate serial:       0197CA1B1772A1948F36476A5D1F01E50705
Authority key identifier: 67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/OG-40bYrkPCUp0MkYoRVMSu2H1w.roa
Signing time:             Wed 02 Jul 2025 07:47:42 +0000
ROA not before:           Wed 02 Jul 2025 07:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48737
IP address blocks:        93.188.135.0/24 maxlen: 24
                          163.171.215.0/24 maxlen: 24
                          163.171.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ca:1b:17:72:a1:94:8f:36:47:6a:5d:1f:01:e5:07:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67b5b02dc401666ee045ab90cc88817fe09d706a
        Validity
            Not Before: Jul  2 07:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=386fb8d1b62b90f094a74324628455312bb61f5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:26:47:0a:3c:0f:03:5e:79:20:ae:a9:bf:6d:
                    f5:f1:cf:c6:68:b1:f5:a8:f1:a4:68:ff:0a:c0:85:
                    a3:27:e1:e7:5c:8b:6b:f0:cd:f4:93:cd:bb:5c:10:
                    c4:13:19:31:d0:12:51:97:59:e7:e1:8b:30:59:4b:
                    21:2f:a1:1f:d3:df:82:9e:20:ca:3e:24:ce:5e:47:
                    55:cd:4b:8f:a6:40:81:f6:d6:c1:70:49:dd:e0:9a:
                    98:5c:5a:5a:a9:a6:9a:0f:2e:8b:fd:4c:9d:e7:7d:
                    c3:5b:eb:57:e1:91:83:79:0a:41:d2:c9:e4:23:91:
                    fd:e5:d8:8d:0b:ef:0e:92:4a:81:f7:6a:3d:48:e5:
                    88:53:ec:ba:09:0f:84:1e:e6:19:6d:43:b1:73:75:
                    a3:e0:f0:44:55:2b:04:bf:5b:b7:d8:f2:72:ef:0f:
                    4a:22:48:ff:9c:0a:75:6f:e8:08:86:cb:9a:fe:ad:
                    39:68:b8:c0:ca:d3:87:81:8b:14:a6:da:01:5b:b5:
                    a1:3c:a9:a8:fa:fd:14:c1:61:43:9c:89:f8:11:6a:
                    0e:b7:b5:55:06:27:b3:4f:b9:0c:09:f6:b0:5f:0a:
                    eb:d0:80:34:c2:3b:cc:5a:6b:84:1a:79:4e:df:bf:
                    3e:74:88:b1:48:d6:d0:1e:9c:a2:e2:45:5e:41:9d:
                    41:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:6F:B8:D1:B6:2B:90:F0:94:A7:43:24:62:84:55:31:2B:B6:1F:5C
            X509v3 Authority Key Identifier:
                keyid:67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/OG-40bYrkPCUp0MkYoRVMSu2H1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.188.135.0/24
                  163.171.215.0/24
                  163.171.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:70:de:35:1e:ea:42:b8:3d:20:ce:1d:3e:41:78:0a:29:99:
         6d:ba:fa:41:9d:95:43:3d:76:62:0c:7c:4e:0b:d1:53:cd:4e:
         9c:8c:36:f7:95:be:51:0c:f3:e2:75:ba:46:4a:7f:3b:c9:7f:
         d7:cf:23:64:b7:37:47:b6:93:c9:86:3a:7b:5e:40:d9:e9:3b:
         f3:ac:9d:79:fe:6b:d5:b2:f7:2e:a1:d2:c2:e9:ee:1f:9e:c5:
         cf:02:88:62:28:34:fe:7a:fd:e4:00:56:ef:d3:ea:42:91:ea:
         dc:0f:af:39:b0:ab:35:a5:8c:8b:1d:3a:4a:0b:35:a4:d6:52:
         dd:dc:10:ab:6c:1f:29:d1:b3:29:8d:25:b7:12:57:82:e0:7f:
         ed:6d:44:57:2a:9b:2e:37:d9:53:29:0b:74:14:f5:89:99:2a:
         fc:5b:2c:d1:8d:cf:88:58:7d:7d:ec:cc:b9:43:77:d8:30:90:
         1b:2c:23:a3:eb:77:eb:71:77:d8:2b:c7:03:ec:fc:9a:12:73:
         1c:4c:43:69:c5:23:0d:a3:92:21:c2:10:e3:f3:b7:6b:06:6d:
         a7:48:78:a5:85:be:15:37:2d:23:61:1e:7b:e7:60:05:1c:b9:
         42:05:66:6e:38:50:ec:a0:22:64:06:a5:f9:c1:b8:2c:91:c1:
         f8:68:c0:90
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZfKGxdyoZSPNkdqXR8B5QcFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjViMDJkYzQwMTY2NmVlMDQ1YWI5MGNjODg4MTdmZTA5
ZDcwNmEwHhcNMjUwNzAyMDc0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODZmYjhkMWI2MmI5MGYwOTRhNzQzMjQ2Mjg0NTUzMTJiYjYxZjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriZHCjwPA155IK6pv2318c/GaLH1
qPGkaP8KwIWjJ+HnXItr8M30k827XBDEExkx0BJRl1nn4YswWUshL6Ef09+CniDK
PiTOXkdVzUuPpkCB9tbBcEnd4JqYXFpaqaaaDy6L/Uyd533DW+tX4ZGDeQpB0snk
I5H95diNC+8OkkqB92o9SOWIU+y6CQ+EHuYZbUOxc3Wj4PBEVSsEv1u32PJy7w9K
Ikj/nAp1b+gIhsua/q05aLjAytOHgYsUptoBW7WhPKmo+v0UwWFDnIn4EWoOt7VV
BiezT7kMCfawXwrr0IA0wjvMWmuEGnlO378+dIixSNbQHpyi4kVeQZ1BVQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDhvuNG2K5DwlKdDJGKEVTErth9cMB8GA1UdIwQY
MBaAFGe1sC3EAWZu4EWrkMyIgX/gnXBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQt
YjVkODg4YWRmZDM3LzEvT0ctNDBiWXJrUENVcDBNa1lvUlZNU3UySDF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQtYjVkODg4YWRmZDM3
LzEvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXbyHAwQA
o6vXAwQAo6v8MA0GCSqGSIb3DQEBCwUAA4IBAQBwcN41HupCuD0gzh0+QXgKKZlt
uvpBnZVDPXZiDHxOC9FTzU6cjDb3lb5RDPPidbpGSn87yX/XzyNktzdHtpPJhjp7
XkDZ6TvzrJ15/mvVsvcuodLC6e4fnsXPAohiKDT+ev3kAFbv0+pCkercD685sKs1
pYyLHTpKCzWk1lLd3BCrbB8p0bMpjSW3EleC4H/tbURXKpsuN9lTKQt0FPWJmSr8
WyzRjc+IWH197My5Q3fYMJAbLCOj63frcXfYK8cD7PyaEnMcTENpxSMNo5IhwhDj
87drBm2nSHilhb4VNy0jYR5752AFHLlCBWZuOFDsoCJkBqX5wbgskcH4aMCQ
-----END CERTIFICATE-----