Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/DHyXOn19u1an-1DmAs6BbgJDbac.roa
File:                     DHyXOn19u1an-1DmAs6BbgJDbac.roa (raw, json)
Hash identifier:          piQ53WBrzXB4pOG/EQce0Jv8sX7hIvx1CerfkU+iVyY=
Subject key identifier:   0C:7C:97:3A:7D:7D:BB:56:A7:FB:50:E6:02:CE:81:6E:02:43:6D:A7
Certificate issuer:       /CN=2415bf9c61c85db7c99ac4cdf79257e7997ab77c
Certificate serial:       0197EF19B460B3DFDA8D431DF5D18C0855FD
Authority key identifier: 24:15:BF:9C:61:C8:5D:B7:C9:9A:C4:CD:F7:92:57:E7:99:7A:B7:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JBW_nGHIXbfJmsTN95JX55l6t3w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/DHyXOn19u1an-1DmAs6BbgJDbac.roa
Signing time:             Wed 09 Jul 2025 12:12:08 +0000
ROA not before:           Wed 09 Jul 2025 12:12:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        37.153.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/JBW_nGHIXbfJmsTN95JX55l6t3w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/JBW_nGHIXbfJmsTN95JX55l6t3w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JBW_nGHIXbfJmsTN95JX55l6t3w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ef:19:b4:60:b3:df:da:8d:43:1d:f5:d1:8c:08:55:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2415bf9c61c85db7c99ac4cdf79257e7997ab77c
        Validity
            Not Before: Jul  9 12:12:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c7c973a7d7dbb56a7fb50e602ce816e02436da7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:43:a3:72:85:be:1f:dc:de:b8:f6:71:7a:86:
                    61:a2:0c:37:47:6d:47:07:46:c3:8d:37:8e:27:16:
                    62:f3:b0:8d:0b:08:40:73:b1:d3:d0:ac:8d:4a:3e:
                    c5:bd:35:12:78:b5:68:cd:c6:e2:cf:f2:8c:32:59:
                    71:ac:9f:4d:7b:31:63:3e:a8:ab:39:12:3a:42:2a:
                    e4:1c:78:9b:b8:ea:11:13:be:9f:91:7c:20:54:d0:
                    e5:18:25:07:a0:3a:d4:ec:19:78:2d:b4:5b:64:79:
                    41:ba:8f:02:b0:bb:21:8f:de:be:3e:d6:22:71:77:
                    23:e3:68:f4:d2:21:48:21:63:68:4a:7a:50:d8:52:
                    fd:e9:27:51:f6:64:3e:e5:4e:95:52:98:34:97:f4:
                    e2:92:9a:13:91:fa:5d:d7:cb:d4:1b:69:9b:f0:72:
                    a9:06:ac:68:71:92:a2:1c:66:eb:38:36:4b:f1:c8:
                    13:27:f1:9c:5e:42:86:c3:f2:19:b2:ab:7a:c7:5c:
                    4a:2a:8d:06:7e:d2:30:8e:aa:71:ad:6f:bb:71:ac:
                    4e:36:34:84:e2:52:2e:a7:18:26:69:56:7c:63:3b:
                    b5:22:ec:e9:36:51:cb:23:b3:88:ca:e1:b2:49:e1:
                    57:29:8f:a0:9d:ab:f7:a8:94:d4:0f:ac:ad:fc:8f:
                    84:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:7C:97:3A:7D:7D:BB:56:A7:FB:50:E6:02:CE:81:6E:02:43:6D:A7
            X509v3 Authority Key Identifier:
                keyid:24:15:BF:9C:61:C8:5D:B7:C9:9A:C4:CD:F7:92:57:E7:99:7A:B7:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JBW_nGHIXbfJmsTN95JX55l6t3w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/DHyXOn19u1an-1DmAs6BbgJDbac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/JBW_nGHIXbfJmsTN95JX55l6t3w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:ef:c4:30:dd:a5:0f:e0:5a:c0:28:f7:9c:6e:56:4a:92:9a:
         f8:0b:6e:fa:05:d7:c6:1a:3d:6f:2b:3c:24:fd:b8:98:9d:b0:
         b4:80:ce:7a:57:b1:53:30:18:4e:92:fd:7b:df:09:4c:78:4a:
         0d:3f:15:1e:b5:b3:5a:7e:80:b8:34:2d:ba:d9:cd:1c:70:0a:
         69:05:b6:91:a5:c6:8a:29:8b:58:e0:d7:13:ff:84:f0:f5:e4:
         2e:93:3b:77:7f:96:cd:62:a3:0f:7e:63:6c:bf:ca:a0:3c:e3:
         7b:5f:bf:58:8d:d4:52:66:60:9b:0e:2a:67:17:d3:e2:52:56:
         0f:82:c1:23:54:aa:bb:01:8a:6a:e0:83:88:ad:65:9d:08:d1:
         b6:60:f7:e9:4e:e8:22:c2:6b:c0:62:92:83:34:5e:88:92:d2:
         b1:72:84:9c:d6:01:bb:65:44:b0:e1:e2:ad:39:d3:2d:a8:1c:
         e8:6c:77:3a:85:dd:b0:54:98:82:c3:c5:25:44:af:d1:e6:cd:
         65:e5:73:4a:e0:d2:e6:9f:96:58:91:65:a6:d7:51:0c:e7:b7:
         fb:c0:38:32:b6:3f:57:60:05:95:d3:a6:c9:a4:75:81:34:98:
         30:af:ff:0c:3d:29:40:53:75:14:71:1e:25:e1:de:7f:89:33:
         70:b4:ec:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfvGbRgs9/ajUMd9dGMCFX9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MTViZjljNjFjODVkYjdjOTlhYzRjZGY3OTI1N2U3OTk3
YWI3N2MwHhcNMjUwNzA5MTIxMjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzdjOTczYTdkN2RiYjU2YTdmYjUwZTYwMmNlODE2ZTAyNDM2ZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkOjcoW+H9zeuPZxeoZhogw3R21H
B0bDjTeOJxZi87CNCwhAc7HT0KyNSj7FvTUSeLVozcbiz/KMMllxrJ9NezFjPqir
ORI6QirkHHibuOoRE76fkXwgVNDlGCUHoDrU7Bl4LbRbZHlBuo8CsLshj96+PtYi
cXcj42j00iFIIWNoSnpQ2FL96SdR9mQ+5U6VUpg0l/TikpoTkfpd18vUG2mb8HKp
BqxocZKiHGbrODZL8cgTJ/GcXkKGw/IZsqt6x1xKKo0GftIwjqpxrW+7caxONjSE
4lIupxgmaVZ8Yzu1IuzpNlHLI7OIyuGySeFXKY+gnav3qJTUD6yt/I+EoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAx8lzp9fbtWp/tQ5gLOgW4CQ22nMB8GA1UdIwQY
MBaAFCQVv5xhyF23yZrEzfeSV+eZerd8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkJXX25HSElYYmZKbXNUTjk1Slg1NWw2dDN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8zMzg5ZWItMTg1Ny00OWQyLTg0MWMt
NmExOGRjODgxNmRiLzEvREh5WE9uMTl1MWFuLTFEbUFzNkJiZ0pEYmFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8zMzg5ZWItMTg1Ny00OWQyLTg0MWMtNmExOGRjODgxNmRi
LzEvSkJXX25HSElYYmZKbXNUTjk1Slg1NWw2dDN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZmZMA0G
CSqGSIb3DQEBCwUAA4IBAQBj78Qw3aUP4FrAKPecblZKkpr4C276BdfGGj1vKzwk
/biYnbC0gM56V7FTMBhOkv173wlMeEoNPxUetbNafoC4NC262c0ccAppBbaRpcaK
KYtY4NcT/4Tw9eQukzt3f5bNYqMPfmNsv8qgPON7X79YjdRSZmCbDipnF9PiUlYP
gsEjVKq7AYpq4IOIrWWdCNG2YPfpTugiwmvAYpKDNF6IktKxcoSc1gG7ZUSw4eKt
OdMtqBzobHc6hd2wVJiCw8UlRK/R5s1l5XNK4NLmn5ZYkWWm11EM57f7wDgytj9X
YAWV06bJpHWBNJgwr/8MPSlAU3UUcR4l4d5/iTNwtOwz
-----END CERTIFICATE-----