Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/OgfuNbp0FLwn35kSH1QFksBBpuk.roa
File:                     OgfuNbp0FLwn35kSH1QFksBBpuk.roa (raw, json)
Hash identifier:          iI+edTbWFpONN9x09GV3LBC0YBWX5LquEmt51grcATc=
Subject key identifier:   3A:07:EE:35:BA:74:14:BC:27:DF:99:12:1F:54:05:92:C0:41:A6:E9
Certificate issuer:       /CN=66f8206e3311df394f48389b8122b94aa1f0b05c
Certificate serial:       01981D6576E1C91260FAC0C3400CE861C9DA
Authority key identifier: 66:F8:20:6E:33:11:DF:39:4F:48:38:9B:81:22:B9:4A:A1:F0:B0:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZvggbjMR3zlPSDibgSK5SqHwsFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/OgfuNbp0FLwn35kSH1QFksBBpuk.roa
Signing time:             Fri 18 Jul 2025 11:57:25 +0000
ROA not before:           Fri 18 Jul 2025 11:57:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211588
IP address blocks:        185.229.33.0/24 maxlen: 24
                          185.229.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/ZvggbjMR3zlPSDibgSK5SqHwsFw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/ZvggbjMR3zlPSDibgSK5SqHwsFw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZvggbjMR3zlPSDibgSK5SqHwsFw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1d:65:76:e1:c9:12:60:fa:c0:c3:40:0c:e8:61:c9:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66f8206e3311df394f48389b8122b94aa1f0b05c
        Validity
            Not Before: Jul 18 11:57:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a07ee35ba7414bc27df99121f540592c041a6e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:fd:1d:7d:d0:b8:b7:e9:94:d3:c9:2b:fc:b1:
                    ac:9b:18:c6:2d:f0:c4:7d:c6:70:ee:dc:49:9c:eb:
                    cd:4c:f8:de:1f:69:6d:b3:8e:81:25:ad:0b:a3:dd:
                    b1:75:03:53:cc:79:ca:00:45:0a:38:08:a5:b5:94:
                    e5:4b:f4:a0:f8:19:39:a9:9e:61:a6:aa:b1:7e:58:
                    a8:6d:f3:3b:02:08:91:f7:2c:5b:71:a2:67:c7:f1:
                    b2:2c:86:34:66:94:4e:b2:c6:a6:47:35:67:73:8b:
                    34:b6:9c:70:1a:cc:d5:87:a7:33:fc:7c:0c:87:10:
                    ed:43:da:ab:cd:2b:af:fc:40:e3:57:2f:12:6c:e8:
                    6e:bf:ed:c7:40:ec:cb:41:a1:05:fb:f3:a6:29:4d:
                    a8:fc:2e:cc:c8:92:ee:5b:36:5d:31:11:20:09:b7:
                    ac:ad:38:2d:ce:b4:0d:3d:6a:54:b8:36:eb:6b:79:
                    ae:4f:c1:d1:9b:1b:98:b0:da:4c:e4:c7:42:cd:10:
                    02:d1:32:6e:0a:f9:78:52:c5:b7:82:24:96:f9:c1:
                    0c:55:40:36:cc:7b:91:00:2d:a4:3d:57:5a:a7:c4:
                    a4:b4:bc:2f:30:fd:a9:06:77:e1:ad:f6:19:45:eb:
                    0a:06:02:c7:40:98:dc:b9:4f:5d:d5:a4:f5:ac:8a:
                    80:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:07:EE:35:BA:74:14:BC:27:DF:99:12:1F:54:05:92:C0:41:A6:E9
            X509v3 Authority Key Identifier:
                keyid:66:F8:20:6E:33:11:DF:39:4F:48:38:9B:81:22:B9:4A:A1:F0:B0:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZvggbjMR3zlPSDibgSK5SqHwsFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/OgfuNbp0FLwn35kSH1QFksBBpuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/ZvggbjMR3zlPSDibgSK5SqHwsFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.33.0/24
                  185.229.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:b7:fd:f1:82:58:a8:86:52:33:4b:20:af:86:a4:9e:f2:eb:
         d5:40:c9:dd:e5:d2:78:f4:17:d3:bd:c5:01:c5:8f:9e:54:c1:
         9f:e9:fa:ad:f4:c8:86:62:92:95:64:0d:86:9a:21:3f:ab:d7:
         ae:dd:bf:2d:56:0a:74:06:6c:bd:a1:db:76:57:aa:ea:49:42:
         8b:fc:34:70:5c:08:8d:a3:0c:e6:46:17:a4:9b:d9:69:9f:e7:
         1c:ce:52:88:c2:41:45:93:cc:d3:a0:50:87:97:0b:be:4c:eb:
         0c:73:12:fb:98:b9:aa:0c:03:17:b5:ec:ad:e5:ab:bc:5a:7e:
         17:02:55:87:66:a6:c7:66:e0:7a:34:95:3b:e1:96:5b:22:7c:
         04:99:b1:22:62:31:6f:0a:c8:37:db:f0:a4:c9:c8:04:f1:b2:
         3a:04:d9:03:24:35:99:1c:3e:33:fd:1a:ee:f0:6a:9f:8c:74:
         04:1f:c7:56:c1:31:da:96:15:9e:68:20:ef:10:c6:1d:fd:b4:
         eb:cb:77:78:05:7a:7c:30:8b:30:8a:35:1a:20:17:eb:fb:2b:
         4c:64:4b:51:83:76:40:5e:1d:9a:84:37:0e:de:83:e8:9d:6e:
         5c:99:d6:16:f8:8d:b8:5d:73:09:9a:51:c2:18:f2:40:68:5a:
         d6:0f:13:c4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgdZXbhyRJg+sDDQAzoYcnaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZjgyMDZlMzMxMWRmMzk0ZjQ4Mzg5YjgxMjJiOTRhYTFm
MGIwNWMwHhcNMjUwNzE4MTE1NzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTA3ZWUzNWJhNzQxNGJjMjdkZjk5MTIxZjU0MDU5MmMwNDFhNmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/0dfdC4t+mU08kr/LGsmxjGLfDE
fcZw7txJnOvNTPjeH2lts46BJa0Lo92xdQNTzHnKAEUKOAiltZTlS/Sg+Bk5qZ5h
pqqxfliobfM7AgiR9yxbcaJnx/GyLIY0ZpROssamRzVnc4s0tpxwGszVh6cz/HwM
hxDtQ9qrzSuv/EDjVy8SbOhuv+3HQOzLQaEF+/OmKU2o/C7MyJLuWzZdMREgCbes
rTgtzrQNPWpUuDbra3muT8HRmxuYsNpM5MdCzRAC0TJuCvl4UsW3giSW+cEMVUA2
zHuRAC2kPVdap8SktLwvMP2pBnfhrfYZResKBgLHQJjcuU9d1aT1rIqA9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDoH7jW6dBS8J9+ZEh9UBZLAQabpMB8GA1UdIwQY
MBaAFGb4IG4zEd85T0g4m4EiuUqh8LBcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnZnZ2JqTVIzemxQU0RpYmdTSzVTcUh3c0Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9iZTFhMjUtNTg1NS00YWVjLThlMTgt
YmJmZDQ1Yzg0YmVhLzEvT2dmdU5icDBGTHduMzVrU0gxUUZrc0JCcHVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9iZTFhMjUtNTg1NS00YWVjLThlMTgtYmJmZDQ1Yzg0YmVh
LzEvWnZnZ2JqTVIzemxQU0RpYmdTSzVTcUh3c0Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAueUhAwQA
ueUjMA0GCSqGSIb3DQEBCwUAA4IBAQCDt/3xgliohlIzSyCvhqSe8uvVQMnd5dJ4
9BfTvcUBxY+eVMGf6fqt9MiGYpKVZA2GmiE/q9eu3b8tVgp0Bmy9odt2V6rqSUKL
/DRwXAiNowzmRhekm9lpn+cczlKIwkFFk8zToFCHlwu+TOsMcxL7mLmqDAMXteyt
5au8Wn4XAlWHZqbHZuB6NJU74ZZbInwEmbEiYjFvCsg32/CkycgE8bI6BNkDJDWZ
HD4z/Rru8GqfjHQEH8dWwTHalhWeaCDvEMYd/bTry3d4BXp8MIswijUaIBfr+ytM
ZEtRg3ZAXh2ahDcO3oPonW5cmdYW+I24XXMJmlHCGPJAaFrWDxPE
-----END CERTIFICATE-----