Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/3dzOq8G9IRlpRN6VYAesJxFCM9I.roa
File:                     3dzOq8G9IRlpRN6VYAesJxFCM9I.roa (raw, json)
Hash identifier:          pZlE7f/kxQT336UtrvzPnURvz6UI7VQoJaImOOVWpDM=
Subject key identifier:   DD:DC:CE:AB:C1:BD:21:19:69:44:DE:95:60:07:AC:27:11:42:33:D2
Certificate issuer:       /CN=c8c2c7314593042cf74210f7f03be7106c224f89
Certificate serial:       01980827E418A08B1641186372A265FBED27
Authority key identifier: C8:C2:C7:31:45:93:04:2C:F7:42:10:F7:F0:3B:E7:10:6C:22:4F:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yMLHMUWTBCz3QhD38DvnEGwiT4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/3dzOq8G9IRlpRN6VYAesJxFCM9I.roa
Signing time:             Mon 14 Jul 2025 08:58:08 +0000
ROA not before:           Mon 14 Jul 2025 08:58:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206716
IP address blocks:        185.107.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/yMLHMUWTBCz3QhD38DvnEGwiT4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/yMLHMUWTBCz3QhD38DvnEGwiT4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yMLHMUWTBCz3QhD38DvnEGwiT4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:08:27:e4:18:a0:8b:16:41:18:63:72:a2:65:fb:ed:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8c2c7314593042cf74210f7f03be7106c224f89
        Validity
            Not Before: Jul 14 08:58:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dddcceabc1bd21196944de956007ac27114233d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f2:43:3d:d6:26:16:9c:d9:8c:6c:e0:8d:79:
                    1e:af:c6:dc:8a:e3:3b:fa:ab:43:3d:36:19:ab:ba:
                    f1:9f:f2:7f:d7:38:7a:2c:65:c3:61:1c:54:f4:5c:
                    52:dd:c2:7f:01:55:e9:84:62:b2:26:d0:e4:fa:ba:
                    f2:f7:4a:61:fd:d4:7f:00:c4:8c:8b:00:79:d2:84:
                    79:16:92:d6:2a:90:84:5e:1b:a2:9f:3c:92:61:87:
                    01:9d:d4:a5:77:75:c1:a1:fb:f1:7c:15:02:09:c5:
                    99:ab:b4:16:8d:5d:47:ca:60:8d:d5:c7:f4:04:85:
                    fa:55:d7:d7:29:02:0f:bb:79:00:9c:2e:69:52:c6:
                    10:5a:c2:3b:1a:1a:15:48:c3:f6:0c:e6:e1:96:3c:
                    d5:c6:6b:e2:de:f4:c8:27:31:44:f5:b3:0b:1c:71:
                    e6:b2:ff:84:93:a8:e5:a9:e2:46:35:0e:2f:99:ae:
                    20:8a:86:07:03:35:f8:b3:03:a7:01:55:89:f9:44:
                    6d:89:76:0b:7c:e5:1a:aa:d3:b6:f9:69:9b:92:b9:
                    c5:ca:3e:24:54:c9:c9:6c:25:32:e9:dc:a5:db:b8:
                    03:b4:86:e3:76:f5:7e:19:f8:6d:7e:5c:14:9b:ff:
                    56:75:94:b4:e8:50:da:7a:92:9e:da:c3:ea:54:95:
                    a0:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:DC:CE:AB:C1:BD:21:19:69:44:DE:95:60:07:AC:27:11:42:33:D2
            X509v3 Authority Key Identifier:
                keyid:C8:C2:C7:31:45:93:04:2C:F7:42:10:F7:F0:3B:E7:10:6C:22:4F:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yMLHMUWTBCz3QhD38DvnEGwiT4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/3dzOq8G9IRlpRN6VYAesJxFCM9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/yMLHMUWTBCz3QhD38DvnEGwiT4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.107.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:59:dd:d4:e2:f5:2a:f9:9b:c1:d3:3f:d8:27:6d:a5:9e:98:
         60:d2:53:4e:c9:d9:23:67:53:6e:98:de:5b:46:8c:4a:68:ce:
         74:6d:88:54:9b:a6:df:60:ad:b0:c3:57:1e:50:ae:6b:52:5c:
         45:9f:55:38:c3:34:82:5a:00:4f:01:f4:23:4a:39:81:9a:49:
         fa:72:a3:1b:71:fc:12:80:71:8d:dc:e5:ea:26:52:ed:9a:10:
         a5:57:56:9c:31:76:ae:fe:d3:54:d7:b6:bf:2f:f0:12:61:7c:
         3b:e0:0c:4e:d8:7d:8b:d2:3c:3c:1b:15:75:68:84:93:2e:1b:
         a1:db:92:89:96:99:9e:5b:26:31:bf:55:96:d4:2e:0b:fd:35:
         7d:52:f7:19:42:8d:04:cc:dc:a0:06:3f:7e:46:17:5c:93:56:
         34:47:37:cd:77:53:9a:02:a2:58:e1:d4:86:58:1e:64:91:23:
         fb:d9:62:bf:c5:a2:c9:72:c7:2c:fd:ae:5f:2b:2f:c1:0b:ef:
         ff:9c:60:f1:3f:f1:4b:ef:04:a4:3b:12:65:f5:5d:23:a4:46:
         6f:cc:a5:6a:8c:f5:b1:c2:35:23:9c:38:6e:b0:76:02:9d:a0:
         2e:df:03:ff:7d:ce:04:2c:63:7b:80:9c:d5:76:94:3a:87:13:
         a3:97:c1:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgIJ+QYoIsWQRhjcqJl++0nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4YzJjNzMxNDU5MzA0MmNmNzQyMTBmN2YwM2JlNzEwNmMy
MjRmODkwHhcNMjUwNzE0MDg1ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGRjY2VhYmMxYmQyMTE5Njk0NGRlOTU2MDA3YWMyNzExNDIzM2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPJDPdYmFpzZjGzgjXker8bciuM7
+qtDPTYZq7rxn/J/1zh6LGXDYRxU9FxS3cJ/AVXphGKyJtDk+rry90ph/dR/AMSM
iwB50oR5FpLWKpCEXhuinzySYYcBndSld3XBofvxfBUCCcWZq7QWjV1HymCN1cf0
BIX6VdfXKQIPu3kAnC5pUsYQWsI7GhoVSMP2DObhljzVxmvi3vTIJzFE9bMLHHHm
sv+Ek6jlqeJGNQ4vma4gioYHAzX4swOnAVWJ+URtiXYLfOUaqtO2+WmbkrnFyj4k
VMnJbCUy6dyl27gDtIbjdvV+GfhtflwUm/9WdZS06FDaepKe2sPqVJWgewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN3czqvBvSEZaUTelWAHrCcRQjPSMB8GA1UdIwQY
MBaAFMjCxzFFkwQs90IQ9/A75xBsIk+JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU1MSE1VV1RCQ3ozUWhEMzhEdm5FR3dpVDRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9iMmRiZTAtMDRjNS00MWJhLWFjNjIt
M2E1M2QwZWY4YjVhLzEvM2R6T3E4RzlJUmxwUk42VllBZXNKeEZDTTlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9iMmRiZTAtMDRjNS00MWJhLWFjNjItM2E1M2QwZWY4YjVh
LzEveU1MSE1VV1RCQ3ozUWhEMzhEdm5FR3dpVDRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWuHMA0G
CSqGSIb3DQEBCwUAA4IBAQCYWd3U4vUq+ZvB0z/YJ22lnphg0lNOydkjZ1NumN5b
RoxKaM50bYhUm6bfYK2ww1ceUK5rUlxFn1U4wzSCWgBPAfQjSjmBmkn6cqMbcfwS
gHGN3OXqJlLtmhClV1acMXau/tNU17a/L/ASYXw74AxO2H2L0jw8GxV1aISTLhuh
25KJlpmeWyYxv1WW1C4L/TV9UvcZQo0EzNygBj9+Rhdck1Y0RzfNd1OaAqJY4dSG
WB5kkSP72WK/xaLJcscs/a5fKy/BC+//nGDxP/FL7wSkOxJl9V0jpEZvzKVqjPWx
wjUjnDhusHYCnaAu3wP/fc4ELGN7gJzVdpQ6hxOjl8EZ
-----END CERTIFICATE-----