Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/Ztr2Bhx4AS0t37WiXin1zbXPOD0.roa
File:                     Ztr2Bhx4AS0t37WiXin1zbXPOD0.roa (raw, json)
Hash identifier:          DXfe5IwyOXc8tKRY6567slHB3XZ7sa65HYm/P8E9/RM=
Subject key identifier:   66:DA:F6:06:1C:78:01:2D:2D:DF:B5:A2:5E:29:F5:CD:B5:CF:38:3D
Certificate issuer:       /CN=623526ad9fbec574fa4ec3d9badb5433fdaaca7b
Certificate serial:       0198B8D688E9E66798674A16E2AE1D2CB779
Authority key identifier: 62:35:26:AD:9F:BE:C5:74:FA:4E:C3:D9:BA:DB:54:33:FD:AA:CA:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YjUmrZ--xXT6TsPZuttUM_2qyns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/Ztr2Bhx4AS0t37WiXin1zbXPOD0.roa
Signing time:             Sun 17 Aug 2025 16:22:04 +0000
ROA not before:           Sun 17 Aug 2025 16:22:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        149.126.64.0/22 maxlen: 24
                          185.251.52.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/YjUmrZ--xXT6TsPZuttUM_2qyns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/YjUmrZ--xXT6TsPZuttUM_2qyns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YjUmrZ--xXT6TsPZuttUM_2qyns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 20 Aug 2025 23:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b8:d6:88:e9:e6:67:98:67:4a:16:e2:ae:1d:2c:b7:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=623526ad9fbec574fa4ec3d9badb5433fdaaca7b
        Validity
            Not Before: Aug 17 16:22:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66daf6061c78012d2ddfb5a25e29f5cdb5cf383d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:72:0c:b0:9f:a0:e1:52:9b:ce:08:37:a8:d7:
                    e0:ae:44:b3:1f:cb:2a:71:30:61:06:c0:6b:9f:51:
                    16:b9:ce:c2:a5:9e:73:fe:b6:f2:8c:57:17:93:74:
                    86:d4:6d:ea:a3:97:40:62:8d:22:f6:c6:ab:87:ff:
                    51:2d:0a:f3:6f:0e:94:27:42:0b:3c:28:52:9a:5c:
                    2d:3e:2e:8d:02:78:81:16:c1:29:aa:82:0b:01:8b:
                    2f:f8:e0:50:db:5c:8a:60:80:9e:dd:69:38:bc:e8:
                    dd:95:55:10:8c:b3:0e:9e:53:6c:93:e2:c5:b6:7c:
                    cd:32:03:01:e6:50:64:25:3c:06:fd:74:1c:2d:c0:
                    a8:92:47:1e:20:fd:db:0f:57:70:eb:df:49:d6:2e:
                    48:76:92:8b:fa:69:7d:ce:01:b5:d8:bd:4d:a2:7c:
                    f5:79:75:10:af:6f:0d:68:a3:f5:e2:ae:ec:a9:bf:
                    27:9a:dd:79:55:47:b2:fd:e7:64:98:39:46:f5:bf:
                    97:8d:a9:e9:8b:a5:86:cd:0b:7a:15:cb:37:e2:b9:
                    80:05:f3:42:79:24:a4:b9:12:b4:1e:28:53:f6:a9:
                    39:a4:32:2d:50:21:f6:3a:04:97:fa:5d:b5:0d:b5:
                    6c:f8:9c:4e:d1:64:f3:9b:89:13:4c:f4:3f:da:a1:
                    44:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:DA:F6:06:1C:78:01:2D:2D:DF:B5:A2:5E:29:F5:CD:B5:CF:38:3D
            X509v3 Authority Key Identifier:
                keyid:62:35:26:AD:9F:BE:C5:74:FA:4E:C3:D9:BA:DB:54:33:FD:AA:CA:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YjUmrZ--xXT6TsPZuttUM_2qyns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/Ztr2Bhx4AS0t37WiXin1zbXPOD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/1d8fc9-b21b-4db5-95cf-81c8ce750124/1/YjUmrZ--xXT6TsPZuttUM_2qyns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.126.64.0/22
                  185.251.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:06:47:85:80:3e:04:b4:cb:a3:96:86:6c:9c:f1:10:da:a6:
         28:80:ff:25:c2:0a:06:ae:27:7d:d0:0b:12:b0:48:2f:c9:a4:
         c2:97:32:44:4f:9b:f5:0a:61:ea:8b:52:a9:b4:18:9d:b2:77:
         44:57:1f:04:e6:15:35:79:cd:33:50:db:87:54:c3:e5:41:42:
         64:05:ee:c3:fc:17:93:b8:a3:e3:b6:48:75:4f:7c:d5:29:7f:
         3e:2b:86:12:3f:fa:4e:2c:78:5c:07:5d:bc:ad:17:4a:78:7c:
         37:25:b3:df:96:56:6c:4c:20:83:70:4b:3e:50:a8:4c:45:26:
         48:99:03:6e:ee:37:76:84:8c:d0:a1:08:03:a5:79:b3:8c:b0:
         7b:b4:48:c4:04:77:f2:ed:c4:67:72:72:12:34:66:68:8a:64:
         b4:71:36:42:d5:7e:c3:ba:c6:8f:15:5a:86:fc:bd:f5:35:02:
         61:2a:19:97:bc:33:bf:17:a6:a1:86:0f:17:5b:ab:da:1e:56:
         43:75:94:ab:9a:1c:fa:0f:7b:9a:e2:39:32:35:33:02:27:3b:
         c4:83:2e:3c:8e:47:56:90:13:56:00:81:ae:e9:c7:47:05:ae:
         b6:0b:7f:61:0e:1b:b9:53:65:e5:b2:e6:d8:05:61:2f:b1:1c:
         48:f3:06:00
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZi41ojp5meYZ0oW4q4dLLd5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMzUyNmFkOWZiZWM1NzRmYTRlYzNkOWJhZGI1NDMzZmRh
YWNhN2IwHhcNMjUwODE3MTYyMjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmRhZjYwNjFjNzgwMTJkMmRkZmI1YTI1ZTI5ZjVjZGI1Y2YzODNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHIMsJ+g4VKbzgg3qNfgrkSzH8sq
cTBhBsBrn1EWuc7CpZ5z/rbyjFcXk3SG1G3qo5dAYo0i9sarh/9RLQrzbw6UJ0IL
PChSmlwtPi6NAniBFsEpqoILAYsv+OBQ21yKYICe3Wk4vOjdlVUQjLMOnlNsk+LF
tnzNMgMB5lBkJTwG/XQcLcCokkceIP3bD1dw699J1i5IdpKL+ml9zgG12L1Nonz1
eXUQr28NaKP14q7sqb8nmt15VUey/edkmDlG9b+Xjanpi6WGzQt6Fcs34rmABfNC
eSSkuRK0HihT9qk5pDItUCH2OgSX+l21DbVs+JxO0WTzm4kTTPQ/2qFESQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGba9gYceAEtLd+1ol4p9c21zzg9MB8GA1UdIwQY
MBaAFGI1Jq2fvsV0+k7D2brbVDP9qsp7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWpVbXJaLS14WFQ2VHNQWnV0dFVNXzJxeW5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8xZDhmYzktYjIxYi00ZGI1LTk1Y2Yt
ODFjOGNlNzUwMTI0LzEvWnRyMkJoeDRBUzB0MzdXaVhpbjF6YlhQT0QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8xZDhmYzktYjIxYi00ZGI1LTk1Y2YtODFjOGNlNzUwMTI0
LzEvWWpVbXJaLS14WFQ2VHNQWnV0dFVNXzJxeW5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQClX5AAwQC
ufs0MA0GCSqGSIb3DQEBCwUAA4IBAQAdBkeFgD4EtMujloZsnPEQ2qYogP8lwgoG
rid90AsSsEgvyaTClzJET5v1CmHqi1KptBidsndEVx8E5hU1ec0zUNuHVMPlQUJk
Be7D/BeTuKPjtkh1T3zVKX8+K4YSP/pOLHhcB128rRdKeHw3JbPfllZsTCCDcEs+
UKhMRSZImQNu7jd2hIzQoQgDpXmzjLB7tEjEBHfy7cRncnISNGZoimS0cTZC1X7D
usaPFVqG/L31NQJhKhmXvDO/F6ahhg8XW6vaHlZDdZSrmhz6D3ua4jkyNTMCJzvE
gy48jkdWkBNWAIGu6cdHBa62C39hDhu5U2XlsubYBWEvsRxI8wYA
-----END CERTIFICATE-----