Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/jVzLhR_-fZDDxOR849cM8vp6pzo.roa
File:                     jVzLhR_-fZDDxOR849cM8vp6pzo.roa (raw, json)
Hash identifier:          j+TN92lkP2jjoQ1DpZsUrV4hygUYX+rjfYRIwGn+Dyc=
Subject key identifier:   8D:5C:CB:85:1F:FE:7D:90:C3:C4:E4:7C:E3:D7:0C:F2:FA:7A:A7:3A
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       01994242C32FECE505CBE24C7D353FDE303F
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/jVzLhR_-fZDDxOR849cM8vp6pzo.roa
Signing time:             Sat 13 Sep 2025 08:48:15 +0000
ROA not before:           Sat 13 Sep 2025 08:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     22773
IP address blocks:        37.218.208.0/21 maxlen: 24
                          37.218.216.0/21 maxlen: 24
                          188.215.124.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 06:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:42:42:c3:2f:ec:e5:05:cb:e2:4c:7d:35:3f:de:30:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Sep 13 08:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d5ccb851ffe7d90c3c4e47ce3d70cf2fa7aa73a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:56:a2:59:e1:18:12:af:46:3e:21:40:3b:23:
                    10:ac:ae:e7:b0:c1:c7:e9:65:87:61:43:7f:93:07:
                    c6:11:14:12:22:8a:03:3f:c5:09:0e:e6:15:6b:70:
                    6e:ca:08:e6:d4:01:c7:30:72:ae:ff:3c:63:7c:c5:
                    56:54:72:8e:a3:29:a1:23:69:0c:5a:ac:82:97:43:
                    b0:6d:3b:99:84:53:28:ee:c1:0f:2c:2d:01:ce:94:
                    c0:85:e9:87:11:86:91:83:7d:bb:7a:70:d8:c1:9e:
                    1e:f3:a0:ce:c3:b4:20:80:9a:95:53:26:f1:0e:34:
                    64:15:1d:8c:39:2a:f1:49:e9:bd:6f:fe:d8:aa:8a:
                    58:c7:78:f6:9c:01:27:a0:52:e4:2d:95:27:d0:56:
                    78:55:07:20:17:f3:6e:4a:3b:56:3c:bf:a3:74:15:
                    b0:b6:cd:41:d3:91:9a:5e:4f:1d:6f:c9:a6:c5:75:
                    a1:6b:99:bc:59:fb:a9:e6:10:00:15:0e:0e:00:91:
                    3b:38:75:8b:93:ba:c2:fb:86:a6:fb:1f:7d:ac:59:
                    24:6f:6e:03:bc:9a:33:51:db:c1:56:11:d3:36:7c:
                    38:06:ff:cf:31:3c:36:cb:d5:1e:6a:e7:71:cc:07:
                    b3:d2:c9:72:02:61:85:71:88:75:6e:04:40:a8:cf:
                    a0:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:5C:CB:85:1F:FE:7D:90:C3:C4:E4:7C:E3:D7:0C:F2:FA:7A:A7:3A
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/jVzLhR_-fZDDxOR849cM8vp6pzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.218.208.0/20
                  188.215.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:13:60:3f:f2:d2:ce:9c:2a:a5:5e:52:11:31:51:76:29:bf:
         ba:66:ba:1b:cd:0b:28:d6:f6:e3:9b:86:22:04:83:20:9f:11:
         f5:a0:37:44:7e:4d:c7:8e:cb:c0:5d:b5:00:cc:63:23:3c:c1:
         a1:e1:ec:60:48:3e:6b:50:a9:6b:6f:54:84:be:77:8c:38:7a:
         98:1f:c8:0d:c8:70:ee:a4:56:2c:43:67:93:79:e4:7f:4f:de:
         bd:fb:aa:a5:a9:f4:79:20:a7:d4:51:7b:ea:f5:05:a8:0e:35:
         a4:ee:6f:3c:db:38:c7:c8:46:41:9b:19:b0:6d:23:34:a4:76:
         83:42:f9:7c:82:62:c0:6f:fc:79:ec:a8:5d:49:b0:c2:83:85:
         e0:73:48:91:64:44:78:b4:28:21:3b:1c:96:04:28:05:d7:38:
         1f:08:34:bf:57:35:91:35:bd:5c:89:9e:e1:e3:bc:bf:ca:3a:
         b1:e9:0f:ef:bf:ae:2b:91:0c:61:aa:4f:35:3f:dd:42:c6:20:
         e0:14:e6:8f:88:ff:00:b5:c1:92:33:a8:bc:48:47:97:64:9f:
         6f:a6:20:0a:ac:4b:73:44:1a:33:6a:0b:07:c2:e8:dd:94:84:
         a6:54:02:b2:99:68:32:64:ff:45:62:0e:92:a1:06:50:e9:1d:
         d4:5d:6f:7d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlCQsMv7OUFy+JMfTU/3jA/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwOTEzMDg0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDVjY2I4NTFmZmU3ZDkwYzNjNGU0N2NlM2Q3MGNmMmZhN2FhNzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0FaiWeEYEq9GPiFAOyMQrK7nsMHH
6WWHYUN/kwfGERQSIooDP8UJDuYVa3Buygjm1AHHMHKu/zxjfMVWVHKOoymhI2kM
WqyCl0OwbTuZhFMo7sEPLC0BzpTAhemHEYaRg327enDYwZ4e86DOw7QggJqVUybx
DjRkFR2MOSrxSem9b/7YqopYx3j2nAEnoFLkLZUn0FZ4VQcgF/NuSjtWPL+jdBWw
ts1B05GaXk8db8mmxXWha5m8Wfup5hAAFQ4OAJE7OHWLk7rC+4am+x99rFkkb24D
vJozUdvBVhHTNnw4Bv/PMTw2y9UeaudxzAez0slyAmGFcYh1bgRAqM+gkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI1cy4Uf/n2Qw8TkfOPXDPL6eqc6MB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvalZ6TGhSXy1mWkREeE9SODQ5Y004dnA2cHpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEJdrQAwQC
vNd8MA0GCSqGSIb3DQEBCwUAA4IBAQAxE2A/8tLOnCqlXlIRMVF2Kb+6ZrobzQso
1vbjm4YiBIMgnxH1oDdEfk3HjsvAXbUAzGMjPMGh4exgSD5rUKlrb1SEvneMOHqY
H8gNyHDupFYsQ2eTeeR/T969+6qlqfR5IKfUUXvq9QWoDjWk7m882zjHyEZBmxmw
bSM0pHaDQvl8gmLAb/x57KhdSbDCg4Xgc0iRZER4tCghOxyWBCgF1zgfCDS/VzWR
Nb1ciZ7h47y/yjqx6Q/vv64rkQxhqk81P91CxiDgFOaPiP8AtcGSM6i8SEeXZJ9v
piAKrEtzRBozagsHwujdlISmVAKymWgyZP9FYg6SoQZQ6R3UXW99
-----END CERTIFICATE-----