Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/rtbs-YwZMKQzfMQtR1ZxkOrBOjg.roa
File:                     rtbs-YwZMKQzfMQtR1ZxkOrBOjg.roa (raw, json)
Hash identifier:          zKrRYVYwGB99MK6tQ+Ph3QLt10tnnC9fsbvD0l/emU8=
Subject key identifier:   AE:D6:EC:F9:8C:19:30:A4:33:7C:C4:2D:47:56:71:90:EA:C1:3A:38
Certificate issuer:       /CN=66feef09c450990af34779ce701be6cd54b3d924
Certificate serial:       01981CA35FF20666A4E06A0FBE65E8A7BD28
Authority key identifier: 66:FE:EF:09:C4:50:99:0A:F3:47:79:CE:70:1B:E6:CD:54:B3:D9:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/rtbs-YwZMKQzfMQtR1ZxkOrBOjg.roa
Signing time:             Fri 18 Jul 2025 08:25:25 +0000
ROA not before:           Fri 18 Jul 2025 08:25:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204066
IP address blocks:        83.168.70.0/24 maxlen: 24
                          185.49.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 17:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1c:a3:5f:f2:06:66:a4:e0:6a:0f:be:65:e8:a7:bd:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66feef09c450990af34779ce701be6cd54b3d924
        Validity
            Not Before: Jul 18 08:25:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aed6ecf98c1930a4337cc42d47567190eac13a38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:47:db:d0:c8:ef:65:c0:9e:aa:f4:bd:f6:ea:
                    d7:92:e5:8c:55:5a:4b:3f:b1:21:00:f1:54:1b:0c:
                    c1:3f:cc:e0:0a:db:db:48:19:24:e0:5f:f1:8c:a3:
                    c5:89:4e:53:37:85:da:f8:01:c5:db:33:a9:33:ba:
                    16:79:9e:7b:30:84:3e:83:b0:a1:5f:69:ed:0e:87:
                    5b:60:27:17:67:d9:82:5e:03:e6:27:da:f8:5d:82:
                    e2:2f:a2:04:a3:d1:9c:73:6c:88:f2:5b:e1:fe:1b:
                    71:f1:90:bd:b1:34:00:f5:a8:a9:56:32:a0:ad:00:
                    0b:f9:5a:28:5b:6a:fa:b4:b6:49:57:ed:92:25:cd:
                    62:4b:3c:dc:2a:4d:28:5c:28:fb:2a:6d:23:93:d2:
                    3b:fe:47:74:16:94:f9:69:b7:61:c5:7e:6c:cb:d6:
                    da:15:e1:2c:6e:20:81:9c:43:01:ed:cc:6d:25:a3:
                    83:a2:0d:ef:1f:ca:dc:61:36:b2:e8:87:0b:bd:dc:
                    b2:6c:cb:3c:b6:f7:ab:e8:63:a5:1d:b3:cc:77:9a:
                    7c:58:0a:52:81:9e:5e:81:c1:2b:eb:3d:34:30:e0:
                    82:b7:7a:04:9a:2e:5a:f1:22:56:36:0d:9b:36:de:
                    47:18:8e:56:1b:06:a6:78:58:6f:99:77:2c:a4:e5:
                    e1:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:D6:EC:F9:8C:19:30:A4:33:7C:C4:2D:47:56:71:90:EA:C1:3A:38
            X509v3 Authority Key Identifier:
                keyid:66:FE:EF:09:C4:50:99:0A:F3:47:79:CE:70:1B:E6:CD:54:B3:D9:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/rtbs-YwZMKQzfMQtR1ZxkOrBOjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.168.70.0/24
                  185.49.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:6c:d7:d9:ce:1f:f6:9a:0a:54:bb:fc:ff:c8:ce:80:3e:f8:
         ee:a2:46:21:b0:94:24:88:aa:da:7e:45:55:62:e1:a0:e6:44:
         45:93:73:e9:aa:77:c9:f0:dc:ad:2b:2f:41:50:3a:94:c2:ab:
         94:34:b7:69:a3:c0:65:1c:e0:5d:f8:9c:f5:ab:b9:d7:e7:0f:
         3d:9e:5c:ca:42:53:1e:76:46:0f:03:fa:a8:81:29:e2:7c:41:
         80:65:ad:2f:0b:d5:31:3e:21:7b:bc:b6:74:90:29:92:38:5a:
         aa:d9:90:dc:aa:d4:4a:36:ae:47:d0:59:51:ed:bc:dd:25:56:
         48:81:b7:be:cd:a7:7b:c1:0d:b8:77:29:bb:1d:c0:5c:2e:3b:
         86:31:c2:0e:0e:e4:24:d0:84:31:76:1a:f5:9d:b1:73:92:57:
         71:a2:b2:4c:f3:e1:f0:08:cf:fd:19:9f:91:4a:67:22:62:42:
         9b:0e:49:9d:e6:e5:f7:ea:66:a5:4d:1e:06:ae:13:e0:09:45:
         b4:e2:e9:2a:71:fd:96:58:f5:05:f2:a6:42:e3:4e:28:16:01:
         79:d1:3b:79:a3:2d:50:54:31:e8:6c:d4:ee:c9:56:aa:a7:d6:
         22:e5:c0:3a:80:03:de:aa:d5:4a:37:bc:75:d0:20:25:02:f2:
         7e:0c:42:d6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgco1/yBmak4GoPvmXop70oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZmVlZjA5YzQ1MDk5MGFmMzQ3NzljZTcwMWJlNmNkNTRi
M2Q5MjQwHhcNMjUwNzE4MDgyNTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWQ2ZWNmOThjMTkzMGE0MzM3Y2M0MmQ0NzU2NzE5MGVhYzEzYTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0fb0MjvZcCeqvS99urXkuWMVVpL
P7EhAPFUGwzBP8zgCtvbSBkk4F/xjKPFiU5TN4Xa+AHF2zOpM7oWeZ57MIQ+g7Ch
X2ntDodbYCcXZ9mCXgPmJ9r4XYLiL6IEo9Gcc2yI8lvh/htx8ZC9sTQA9aipVjKg
rQAL+VooW2r6tLZJV+2SJc1iSzzcKk0oXCj7Km0jk9I7/kd0FpT5abdhxX5sy9ba
FeEsbiCBnEMB7cxtJaODog3vH8rcYTay6IcLvdyybMs8tver6GOlHbPMd5p8WApS
gZ5egcEr6z00MOCCt3oEmi5a8SJWNg2bNt5HGI5WGwameFhvmXcspOXhkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK7W7PmMGTCkM3zELUdWcZDqwTo4MB8GA1UdIwQY
MBaAFGb+7wnEUJkK80d5znAb5s1Us9kkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnY3dkNjUlFtUXJ6UjNuT2NCdm16VlN6MlNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9hMTU5N2ItNmVmMi00NDMwLWFhNTYt
ODI0NTFmMzNmNGNhLzEvcnRicy1Zd1pNS1F6Zk1RdFIxWnhrT3JCT2pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9hMTU5N2ItNmVmMi00NDMwLWFhNTYtODI0NTFmMzNmNGNh
LzEvWnY3dkNjUlFtUXJ6UjNuT2NCdm16VlN6MlNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAU6hGAwQA
uTEcMA0GCSqGSIb3DQEBCwUAA4IBAQCPbNfZzh/2mgpUu/z/yM6APvjuokYhsJQk
iKrafkVVYuGg5kRFk3PpqnfJ8NytKy9BUDqUwquUNLdpo8BlHOBd+Jz1q7nX5w89
nlzKQlMedkYPA/qogSnifEGAZa0vC9UxPiF7vLZ0kCmSOFqq2ZDcqtRKNq5H0FlR
7bzdJVZIgbe+zad7wQ24dym7HcBcLjuGMcIODuQk0IQxdhr1nbFzkldxorJM8+Hw
CM/9GZ+RSmciYkKbDkmd5uX36malTR4GrhPgCUW04ukqcf2WWPUF8qZC404oFgF5
0Tt5oy1QVDHobNTuyVaqp9Yi5cA6gAPeqtVKN7x10CAlAvJ+DELW
-----END CERTIFICATE-----