Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/dttGtQl7OPv-aUDHWUDHbZFZJno.roa
File:                     dttGtQl7OPv-aUDHWUDHbZFZJno.roa (raw, json)
Hash identifier:          3BO+ElH3X3XY00qwmVKwWxckFj7EhZUB7twVfQE1pRk=
Subject key identifier:   76:DB:46:B5:09:7B:38:FB:FE:69:40:C7:59:40:C7:6D:91:59:26:7A
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0197D49A2BF7BD8A3FB3DC72F61482D07D6D
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/dttGtQl7OPv-aUDHWUDHbZFZJno.roa
Signing time:             Fri 04 Jul 2025 08:42:42 +0000
ROA not before:           Fri 04 Jul 2025 08:42:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202678
IP address blocks:        45.8.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 23:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d4:9a:2b:f7:bd:8a:3f:b3:dc:72:f6:14:82:d0:7d:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jul  4 08:42:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=76db46b5097b38fbfe6940c75940c76d9159267a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:40:06:d2:6c:eb:ba:00:e5:2f:25:8d:2d:a8:
                    62:ec:64:66:92:af:3e:e5:b7:1e:7e:56:57:ec:1d:
                    6e:67:f3:74:1f:7c:ce:0c:d3:1b:65:b8:ce:55:7f:
                    4a:b0:ee:72:3c:4d:a2:6d:24:45:5f:1d:b3:13:f1:
                    f9:d3:cd:44:ad:82:57:88:b7:6d:37:16:49:a9:81:
                    91:9a:bf:ed:b2:74:03:3c:64:24:e2:0d:8a:79:b2:
                    f4:dd:df:24:27:db:14:3b:f7:58:86:da:82:47:d1:
                    f7:a4:ff:f4:76:c5:ad:51:ec:e8:ae:84:e4:3e:ea:
                    e7:86:ff:f1:f8:7d:12:84:d4:bf:c3:6f:7b:ed:4d:
                    15:18:6e:b8:a7:c0:8c:9f:74:32:d1:9a:7b:ae:f2:
                    4b:e1:64:a4:31:21:56:67:b1:45:21:61:7a:c4:0b:
                    0a:9e:e4:c2:7e:68:94:42:96:67:96:a3:89:ff:7c:
                    44:f5:b5:36:32:55:1e:63:02:b0:20:4c:b8:63:19:
                    d7:dd:a3:e5:60:db:8c:76:01:ef:67:a9:ff:b2:36:
                    ad:ac:05:f8:11:62:2c:e6:74:3a:02:41:2b:54:6b:
                    c3:6d:c0:ca:0f:ba:94:71:95:38:90:e0:87:49:9a:
                    e2:5d:0e:27:fa:fb:d4:bc:7b:d6:9e:cb:b1:32:31:
                    ad:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:DB:46:B5:09:7B:38:FB:FE:69:40:C7:59:40:C7:6D:91:59:26:7A
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/dttGtQl7OPv-aUDHWUDHbZFZJno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:a8:e0:39:9e:a6:fc:f6:bb:e4:8d:8d:67:70:eb:8d:a4:f4:
         ab:4c:fb:30:59:55:bb:ca:27:cb:ec:41:cc:34:63:89:5f:ee:
         f4:f5:a0:69:67:42:db:d4:29:a4:42:e9:43:d7:5c:d4:fb:da:
         9f:92:64:9f:3f:89:0d:12:36:ee:ee:c8:1c:5b:a8:b5:1f:cd:
         98:1f:06:45:a4:66:3c:05:ff:89:94:5a:52:8a:02:d2:0c:ad:
         44:80:02:34:2f:37:b1:b5:d1:cc:73:21:31:24:1c:32:32:af:
         55:7d:ac:1c:4c:5c:4d:90:31:f5:fc:94:70:29:00:cf:98:33:
         20:2d:1c:b0:50:42:7a:0d:c1:da:3d:17:e2:b3:ed:7e:ca:cf:
         be:de:8c:f9:e2:5f:e5:ed:4c:f9:e7:20:09:6c:c6:92:36:4d:
         dd:cb:52:db:be:34:f0:bd:83:60:9b:c4:23:8f:13:b6:d2:69:
         81:0a:dc:e4:35:da:2b:dc:4f:74:3f:b2:01:b3:ae:30:5a:6c:
         e2:41:03:28:d0:88:9c:48:9d:08:30:8c:ea:da:36:3d:88:7b:
         76:82:47:fb:1f:ad:1b:11:cc:4c:12:b7:4b:5d:b3:fa:bc:a8:
         fd:75:20:ba:e7:47:3e:2e:91:ce:2d:df:e6:3b:b5:da:3b:f3:
         8b:63:fc:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfUmiv3vYo/s9xy9hSC0H1tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNzA0MDg0MjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmRiNDZiNTA5N2IzOGZiZmU2OTQwYzc1OTQwYzc2ZDkxNTkyNjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEAG0mzrugDlLyWNLahi7GRmkq8+
5bceflZX7B1uZ/N0H3zODNMbZbjOVX9KsO5yPE2ibSRFXx2zE/H5081ErYJXiLdt
NxZJqYGRmr/tsnQDPGQk4g2KebL03d8kJ9sUO/dYhtqCR9H3pP/0dsWtUezoroTk
Purnhv/x+H0ShNS/w2977U0VGG64p8CMn3Qy0Zp7rvJL4WSkMSFWZ7FFIWF6xAsK
nuTCfmiUQpZnlqOJ/3xE9bU2MlUeYwKwIEy4YxnX3aPlYNuMdgHvZ6n/sjatrAX4
EWIs5nQ6AkErVGvDbcDKD7qUcZU4kOCHSZriXQ4n+vvUvHvWnsuxMjGt/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHbbRrUJezj7/mlAx1lAx22RWSZ6MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvZHR0R3RRbDdPUHYtYVVESFdVREhiWkZaSm5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQgVMA0G
CSqGSIb3DQEBCwUAA4IBAQAqqOA5nqb89rvkjY1ncOuNpPSrTPswWVW7yifL7EHM
NGOJX+709aBpZ0Lb1CmkQulD11zU+9qfkmSfP4kNEjbu7sgcW6i1H82YHwZFpGY8
Bf+JlFpSigLSDK1EgAI0LzextdHMcyExJBwyMq9VfawcTFxNkDH1/JRwKQDPmDMg
LRywUEJ6DcHaPRfis+1+ys++3oz54l/l7Uz55yAJbMaSNk3dy1LbvjTwvYNgm8Qj
jxO20mmBCtzkNdor3E90P7IBs64wWmziQQMo0IicSJ0IMIzq2jY9iHt2gkf7H60b
EcxMErdLXbP6vKj9dSC650c+LpHOLd/mO7XaO/OLY/yT
-----END CERTIFICATE-----