Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/_ez--C0KRSwSRmH4lyGu5zUk1HU.roa
File:                     _ez--C0KRSwSRmH4lyGu5zUk1HU.roa (raw, json)
Hash identifier:          KFrEJZmjOcmfSBpY7GDcoqxz0mSObldiNHL67FlKf8w=
Subject key identifier:   FD:EC:FE:F8:2D:0A:45:2C:12:46:61:F8:97:21:AE:E7:35:24:D4:75
Certificate issuer:       /CN=f32be982060a43734d0ad126ad46da2f395c9def
Certificate serial:       0197306CAD045BE7219CEBE3B48CC1F9EE9F
Authority key identifier: F3:2B:E9:82:06:0A:43:73:4D:0A:D1:26:AD:46:DA:2F:39:5C:9D:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8yvpggYKQ3NNCtEmrUbaLzlcne8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/_ez--C0KRSwSRmH4lyGu5zUk1HU.roa
Signing time:             Mon 02 Jun 2025 11:35:17 +0000
ROA not before:           Mon 02 Jun 2025 11:35:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.37.200.0/22 maxlen: 24
                          2a00:f020::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/8yvpggYKQ3NNCtEmrUbaLzlcne8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/8yvpggYKQ3NNCtEmrUbaLzlcne8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8yvpggYKQ3NNCtEmrUbaLzlcne8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:30:6c:ad:04:5b:e7:21:9c:eb:e3:b4:8c:c1:f9:ee:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f32be982060a43734d0ad126ad46da2f395c9def
        Validity
            Not Before: Jun  2 11:35:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fdecfef82d0a452c124661f89721aee73524d475
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:d0:c0:0d:e5:e6:a6:2a:54:24:db:97:b0:cb:
                    b2:33:90:46:28:d4:fc:3b:47:97:74:3e:79:06:5f:
                    bf:07:c1:97:ab:57:3d:7b:0c:4f:a1:99:ad:0b:9d:
                    ae:69:6b:2c:03:0c:d6:0e:23:07:1c:31:22:b0:80:
                    29:a0:e5:13:9e:b0:34:db:28:ad:0c:79:a9:b5:70:
                    a7:c5:35:54:c5:61:86:72:3f:23:8b:42:44:ec:4d:
                    e8:e8:7d:16:72:d6:3e:13:64:50:ba:f3:24:aa:b6:
                    0a:ea:bb:87:35:bd:77:5f:43:5d:db:90:d3:59:f1:
                    ae:6c:55:af:c6:63:15:7c:30:49:a7:1e:ed:a3:5c:
                    c2:c6:c9:13:ea:98:4d:0f:5f:48:2e:7e:4d:19:4b:
                    92:4e:4a:a5:ed:a0:f8:7e:a1:b5:d7:10:b7:77:de:
                    c8:3f:70:5e:e4:00:b4:b6:d9:02:44:35:8e:64:28:
                    6a:07:ff:16:f8:75:cb:ef:c4:fc:f3:02:f4:19:3e:
                    70:97:af:46:db:5a:28:13:e1:7f:5b:cc:fa:6e:ce:
                    ef:21:cf:4e:83:40:4b:e7:1c:c2:6f:bd:14:b0:48:
                    df:06:d6:0b:1c:9e:72:8b:19:fc:2b:59:df:8a:2b:
                    8f:c2:03:4b:83:05:0d:39:fd:59:04:e2:59:cb:05:
                    d6:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:EC:FE:F8:2D:0A:45:2C:12:46:61:F8:97:21:AE:E7:35:24:D4:75
            X509v3 Authority Key Identifier:
                keyid:F3:2B:E9:82:06:0A:43:73:4D:0A:D1:26:AD:46:DA:2F:39:5C:9D:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yvpggYKQ3NNCtEmrUbaLzlcne8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/_ez--C0KRSwSRmH4lyGu5zUk1HU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/8yvpggYKQ3NNCtEmrUbaLzlcne8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.200.0/22
                IPv6:
                  2a00:f020::/32

    Signature Algorithm: sha256WithRSAEncryption
         9f:13:dd:83:f1:d8:62:d2:72:62:03:ea:09:64:d4:13:ad:b0:
         6c:ed:54:59:ee:47:15:36:b2:42:cf:2a:75:33:18:d4:7d:96:
         cb:3b:96:9e:71:c4:7b:98:6d:42:0c:e8:6f:0d:61:e5:88:c4:
         8d:f6:0d:0c:91:fc:da:5c:79:c5:01:de:0a:b0:39:9b:9b:99:
         50:c5:97:37:0a:7a:00:72:e6:93:8c:3d:d8:43:71:31:af:5c:
         15:53:37:6a:eb:28:36:93:ec:bb:0a:da:a2:43:4f:59:77:01:
         c5:24:ee:63:76:3d:e5:b4:fd:97:4b:48:f3:d5:91:e2:76:f4:
         f1:87:ce:58:2a:64:33:3d:c1:2a:fe:0e:6c:ef:12:eb:25:07:
         06:fb:c1:39:20:e2:89:27:98:48:0d:a0:d1:b0:a3:8b:c1:98:
         b6:0d:64:5b:c0:76:25:ba:a3:81:eb:bd:0f:78:9a:4f:5b:73:
         69:b9:74:cc:93:07:13:bc:e3:90:33:b5:2c:14:8a:22:b4:63:
         51:ac:01:06:2b:90:5e:a7:aa:93:17:6c:e6:71:61:18:3d:bd:
         31:fc:89:e0:5b:66:7a:56:55:c7:33:5f:86:c2:6d:d6:4f:7a:
         74:2d:5f:fd:1a:08:6e:54:78:0d:0a:2e:a1:12:47:0a:26:29:
         fe:29:23:2a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZcwbK0EW+chnOvjtIzB+e6fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMmJlOTgyMDYwYTQzNzM0ZDBhZDEyNmFkNDZkYTJmMzk1
YzlkZWYwHhcNMjUwNjAyMTEzNTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGVjZmVmODJkMGE0NTJjMTI0NjYxZjg5NzIxYWVlNzM1MjRkNDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2tDADeXmpipUJNuXsMuyM5BGKNT8
O0eXdD55Bl+/B8GXq1c9ewxPoZmtC52uaWssAwzWDiMHHDEisIApoOUTnrA02yit
DHmptXCnxTVUxWGGcj8ji0JE7E3o6H0WctY+E2RQuvMkqrYK6ruHNb13X0Nd25DT
WfGubFWvxmMVfDBJpx7to1zCxskT6phND19ILn5NGUuSTkql7aD4fqG11xC3d97I
P3Be5AC0ttkCRDWOZChqB/8W+HXL78T88wL0GT5wl69G21ooE+F/W8z6bs7vIc9O
g0BL5xzCb70UsEjfBtYLHJ5yixn8K1nfiiuPwgNLgwUNOf1ZBOJZywXWzwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFP3s/vgtCkUsEkZh+Jchruc1JNR1MB8GA1UdIwQY
MBaAFPMr6YIGCkNzTQrRJq1G2i85XJ3vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHl2cGdnWUtRM05OQ3RFbXJVYmFMemxjbmU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9kYTNiMWQtN2FjZi00NTFmLWI2OGIt
OTliY2JlNmQ3ZjYzLzEvX2V6LS1DMEtSU3dTUm1INGx5R3U1elVrMUhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9kYTNiMWQtN2FjZi00NTFmLWI2OGItOTliY2JlNmQ3ZjYz
LzEvOHl2cGdnWUtRM05OQ3RFbXJVYmFMemxjbmU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSXIMA0E
AgACMAcDBQAqAPAgMA0GCSqGSIb3DQEBCwUAA4IBAQCfE92D8dhi0nJiA+oJZNQT
rbBs7VRZ7kcVNrJCzyp1MxjUfZbLO5aeccR7mG1CDOhvDWHliMSN9g0MkfzaXHnF
Ad4KsDmbm5lQxZc3CnoAcuaTjD3YQ3Exr1wVUzdq6yg2k+y7CtqiQ09ZdwHFJO5j
dj3ltP2XS0jz1ZHidvTxh85YKmQzPcEq/g5s7xLrJQcG+8E5IOKJJ5hIDaDRsKOL
wZi2DWRbwHYluqOB670PeJpPW3NpuXTMkwcTvOOQM7UsFIoitGNRrAEGK5Bep6qT
F2zmcWEYPb0x/IngW2Z6VlXHM1+Gwm3WT3p0LV/9GghuVHgNCi6hEkcKJin+KSMq
-----END CERTIFICATE-----