Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/CC0RmvuVfYwNQ3pLTQBL-5iFM_E.roa
File:                     CC0RmvuVfYwNQ3pLTQBL-5iFM_E.roa (raw, json)
Hash identifier:          Aim4Tu85bqYCaCsZc3kdrS8rw57cBsl6kIH5aK/3IP0=
Subject key identifier:   08:2D:11:9A:FB:95:7D:8C:0D:43:7A:4B:4D:00:4B:FB:98:85:33:F1
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       0198942BF33615824432C164C26650C0923B
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/CC0RmvuVfYwNQ3pLTQBL-5iFM_E.roa
Signing time:             Sun 10 Aug 2025 13:29:24 +0000
ROA not before:           Sun 10 Aug 2025 13:29:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208485
IP address blocks:        45.88.137.0/24 maxlen: 24
                          45.132.180.0/24 maxlen: 24
                          91.223.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 23:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:94:2b:f3:36:15:82:44:32:c1:64:c2:66:50:c0:92:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Aug 10 13:29:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=082d119afb957d8c0d437a4b4d004bfb988533f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ce:90:65:62:90:6d:57:f2:40:c5:06:89:11:
                    53:14:5b:b3:e1:69:7d:b9:44:0e:9c:4a:b1:90:d5:
                    2b:ca:01:84:8b:11:f2:7c:93:51:b4:3a:34:1e:72:
                    0c:61:81:c1:f5:02:c4:60:a7:1c:d2:b7:52:5e:d7:
                    98:d4:04:3c:fd:2a:f9:2a:51:2e:0f:c1:f2:7d:7f:
                    ed:f0:bb:a5:c2:92:e6:be:00:b8:00:8c:53:64:79:
                    79:80:ca:8f:43:f0:ee:e7:cd:9c:bf:89:b2:01:01:
                    9c:6a:08:da:b4:2a:78:f2:26:bb:59:af:bc:4e:0b:
                    08:8b:85:df:34:0b:05:fe:f2:4d:4a:4d:89:08:82:
                    5c:4e:92:37:f5:bd:7e:39:8b:70:ea:cb:d2:3e:d6:
                    69:f1:4e:89:26:cd:da:89:87:c6:72:3f:e3:9a:8b:
                    3a:d0:b4:df:f7:10:61:c8:34:64:f7:9d:89:4f:bf:
                    d8:95:17:a1:48:45:e7:d1:86:cd:ce:c8:7d:bc:ff:
                    ab:6e:d1:19:d4:d5:e4:b4:63:9b:8b:3b:8f:a3:80:
                    e3:60:ff:ad:62:a4:54:b7:17:0e:a7:7a:2d:ef:bd:
                    07:51:e6:4a:5b:c2:23:99:c6:7f:e0:a9:65:ee:93:
                    46:f5:2e:a4:b6:2a:d7:7a:3a:5b:2d:fd:47:41:e4:
                    59:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:2D:11:9A:FB:95:7D:8C:0D:43:7A:4B:4D:00:4B:FB:98:85:33:F1
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/CC0RmvuVfYwNQ3pLTQBL-5iFM_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.137.0/24
                  45.132.180.0/24
                  91.223.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:ed:37:18:a0:62:f9:b5:d3:50:2c:d5:8a:0e:d3:b4:47:fa:
         d5:f8:07:09:05:c0:43:41:46:2b:71:c1:96:f0:b4:2d:f3:42:
         e3:00:ff:6e:29:30:07:02:3a:20:c0:fa:37:2d:d0:f2:b7:ae:
         bf:5d:84:9c:ee:3e:60:bf:0d:02:54:9a:8a:86:ef:43:bc:ec:
         2d:fa:81:33:64:dd:d8:65:1a:0c:b3:bc:d8:86:ea:a7:e5:35:
         90:2d:36:70:c8:cc:e5:ae:3a:4a:bc:35:18:7f:bd:c7:a9:2e:
         53:70:8f:e5:42:f6:67:4c:95:59:ea:2f:92:c0:8d:7d:93:04:
         b1:f8:19:ef:7d:0d:f6:0d:04:a4:a3:a8:fa:00:0c:0e:b2:36:
         48:81:b3:43:c0:c4:8f:70:da:30:ac:34:9a:ec:e3:a1:85:ba:
         1b:4e:bf:1b:f6:4c:bf:c2:08:dd:d0:a8:56:c9:fb:33:d2:0c:
         90:1b:df:e4:41:a1:8c:9d:0e:c1:86:d7:ee:8c:b2:9b:3a:7a:
         bf:5a:8c:dc:e8:ba:ea:d3:8d:0b:38:d5:9c:41:63:a8:70:e6:
         7e:a8:f9:96:f4:d3:6b:32:d8:5e:a1:bc:0a:b5:ff:3f:29:97:
         3b:92:28:b9:85:3b:06:73:8e:38:e9:c6:ed:e7:e2:c6:c8:6c:
         c5:77:fa:f3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZiUK/M2FYJEMsFkwmZQwJI7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwODEwMTMyOTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODJkMTE5YWZiOTU3ZDhjMGQ0MzdhNGI0ZDAwNGJmYjk4ODUzM2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuM6QZWKQbVfyQMUGiRFTFFuz4Wl9
uUQOnEqxkNUrygGEixHyfJNRtDo0HnIMYYHB9QLEYKcc0rdSXteY1AQ8/Sr5KlEu
D8HyfX/t8LulwpLmvgC4AIxTZHl5gMqPQ/Du582cv4myAQGcagjatCp48ia7Wa+8
TgsIi4XfNAsF/vJNSk2JCIJcTpI39b1+OYtw6svSPtZp8U6JJs3aiYfGcj/jmos6
0LTf9xBhyDRk952JT7/YlRehSEXn0YbNzsh9vP+rbtEZ1NXktGObizuPo4DjYP+t
YqRUtxcOp3ot770HUeZKW8IjmcZ/4Kll7pNG9S6ktirXejpbLf1HQeRZVQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAgtEZr7lX2MDUN6S00AS/uYhTPxMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvQ0MwUm12dVZmWXdOUTNwTFRRQkwtNWlGTV9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALViJAwQA
LYS0AwQAW99uMA0GCSqGSIb3DQEBCwUAA4IBAQCx7TcYoGL5tdNQLNWKDtO0R/rV
+AcJBcBDQUYrccGW8LQt80LjAP9uKTAHAjogwPo3LdDyt66/XYSc7j5gvw0CVJqK
hu9DvOwt+oEzZN3YZRoMs7zYhuqn5TWQLTZwyMzlrjpKvDUYf73HqS5TcI/lQvZn
TJVZ6i+SwI19kwSx+BnvfQ32DQSko6j6AAwOsjZIgbNDwMSPcNowrDSa7OOhhbob
Tr8b9ky/wgjd0KhWyfsz0gyQG9/kQaGMnQ7BhtfujLKbOnq/Wozc6Lrq040LONWc
QWOocOZ+qPmW9NNrMtheobwKtf8/KZc7kii5hTsGc4446cbt5+LGyGzFd/rz
-----END CERTIFICATE-----