Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/GHxZUkY9bOorEwdWJVU5TnZ_i1E.roa
File:                     GHxZUkY9bOorEwdWJVU5TnZ_i1E.roa (raw, json)
Hash identifier:          V/ninTsb+HPXbupGZSjlT5J8bNup37ea3EAw10ow9dg=
Subject key identifier:   18:7C:59:52:46:3D:6C:EA:2B:13:07:56:25:55:39:4E:76:7F:8B:51
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       01983E4CEC4218BAFBFAC8119601435E5109
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/GHxZUkY9bOorEwdWJVU5TnZ_i1E.roa
Signing time:             Thu 24 Jul 2025 21:18:05 +0000
ROA not before:           Thu 24 Jul 2025 21:18:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215046
IP address blocks:        37.156.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 15:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:3e:4c:ec:42:18:ba:fb:fa:c8:11:96:01:43:5e:51:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Jul 24 21:18:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=187c5952463d6cea2b1307562555394e767f8b51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ce:d7:a5:cb:7c:bb:9a:c9:c2:f5:b4:ec:b9:
                    42:be:16:0f:4e:c7:eb:6f:d1:6b:97:27:3a:f5:ad:
                    35:14:21:00:75:13:83:48:d6:c4:9c:af:e2:0f:23:
                    8a:92:f5:6d:fc:52:bd:0d:14:c6:4f:e0:c6:bd:a5:
                    f1:2b:72:3b:34:8f:4c:01:7b:b4:4f:e6:1f:b5:28:
                    7f:f1:48:68:a8:9c:90:b1:ec:d5:f1:37:d9:d5:09:
                    e7:ff:15:f3:67:8c:3a:1f:2b:0c:53:02:fa:b4:22:
                    ae:b4:34:51:5b:b0:27:85:33:62:5a:79:90:f3:b9:
                    6e:92:4c:80:29:dd:bf:49:b2:8d:8a:25:7c:4d:75:
                    9d:b1:4e:b9:1e:d4:06:ba:c8:60:17:97:f7:f6:f4:
                    44:12:d5:98:47:b2:1a:09:c7:11:c5:07:c0:62:a1:
                    dd:20:c1:22:99:b7:fd:36:65:c7:01:2d:ba:a9:af:
                    28:55:52:df:66:6c:d5:05:1b:20:ee:26:37:67:7c:
                    02:e8:8a:25:65:ae:3c:41:6f:07:a7:d3:4f:a6:19:
                    a4:66:42:d9:b4:cc:c2:ab:be:54:c2:3f:29:09:d0:
                    76:45:8c:a0:c0:5c:f9:4b:aa:80:e9:41:4b:30:b1:
                    f5:0c:38:c4:ce:c0:1b:ed:46:28:46:16:1f:f2:82:
                    22:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:7C:59:52:46:3D:6C:EA:2B:13:07:56:25:55:39:4E:76:7F:8B:51
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/GHxZUkY9bOorEwdWJVU5TnZ_i1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.156.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:56:84:39:ff:37:23:34:7c:11:83:61:db:a5:bb:6d:15:c3:
         6c:e5:88:4e:bf:7c:99:dd:96:e9:8e:ee:1b:5e:6d:d8:78:b3:
         ff:bc:d2:58:0d:f5:86:27:4e:dd:cc:05:49:ca:14:69:47:26:
         a0:03:7a:f0:ad:5a:90:8f:47:b0:e1:41:1b:7d:44:14:17:1e:
         e6:ff:e2:38:2d:8c:13:b2:24:48:5e:0c:ce:f7:22:40:a3:69:
         30:fd:14:ca:4f:87:9e:99:e7:31:68:17:16:b8:16:92:91:35:
         04:b1:5e:04:b3:dd:0a:1d:29:a1:27:54:bf:7b:c9:86:bb:ea:
         6e:d8:81:89:07:17:fe:1c:90:7b:44:96:c2:d3:b6:06:8e:84:
         be:95:f9:e6:62:9d:10:c9:45:dc:a4:5b:d4:07:28:c1:20:2b:
         c9:20:3a:76:2d:52:6e:15:4e:55:4d:88:b0:48:59:5b:03:fa:
         bf:71:18:45:9d:b0:3c:73:07:ce:d6:de:58:8b:bb:f7:a5:fb:
         ee:0e:7c:e1:fe:02:43:f8:d4:c1:42:0b:cb:5d:14:af:28:ec:
         02:74:02:9b:5c:f2:bf:ea:23:57:d5:2f:9b:7d:59:29:f8:ba:
         8b:87:0e:e0:23:18:62:de:0f:d7:3d:64:7b:a6:f2:b1:00:e2:
         02:76:42:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZg+TOxCGLr7+sgRlgFDXlEJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjUwNzI0MjExODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODdjNTk1MjQ2M2Q2Y2VhMmIxMzA3NTYyNTU1Mzk0ZTc2N2Y4YjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlc7Xpct8u5rJwvW07LlCvhYPTsfr
b9Frlyc69a01FCEAdRODSNbEnK/iDyOKkvVt/FK9DRTGT+DGvaXxK3I7NI9MAXu0
T+YftSh/8UhoqJyQsezV8TfZ1Qnn/xXzZ4w6HysMUwL6tCKutDRRW7AnhTNiWnmQ
87lukkyAKd2/SbKNiiV8TXWdsU65HtQGushgF5f39vREEtWYR7IaCccRxQfAYqHd
IMEimbf9NmXHAS26qa8oVVLfZmzVBRsg7iY3Z3wC6IolZa48QW8Hp9NPphmkZkLZ
tMzCq75Uwj8pCdB2RYygwFz5S6qA6UFLMLH1DDjEzsAb7UYoRhYf8oIihQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBh8WVJGPWzqKxMHViVVOU52f4tRMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvR0h4WlVrWTliT29yRXdkV0pWVTVUblpfaTFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZwjMA0G
CSqGSIb3DQEBCwUAA4IBAQAfVoQ5/zcjNHwRg2HbpbttFcNs5YhOv3yZ3Zbpju4b
Xm3YeLP/vNJYDfWGJ07dzAVJyhRpRyagA3rwrVqQj0ew4UEbfUQUFx7m/+I4LYwT
siRIXgzO9yJAo2kw/RTKT4eemecxaBcWuBaSkTUEsV4Es90KHSmhJ1S/e8mGu+pu
2IGJBxf+HJB7RJbC07YGjoS+lfnmYp0QyUXcpFvUByjBICvJIDp2LVJuFU5VTYiw
SFlbA/q/cRhFnbA8cwfO1t5Yi7v3pfvuDnzh/gJD+NTBQgvLXRSvKOwCdAKbXPK/
6iNX1S+bfVkp+LqLhw7gIxhi3g/XPWR7pvKxAOICdkIL
-----END CERTIFICATE-----