Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/665d7d-d170-4df7-acc7-bf3f7951c5ea/1/gDWNTfdushTYGvH0YYGiHbmkEao.roa
File:                     gDWNTfdushTYGvH0YYGiHbmkEao.roa (raw, json)
Hash identifier:          bmF6UCiNLmG9+dRjmLyfBtuEdv4BCZD7226wgKqq0bo=
Subject key identifier:   80:35:8D:4D:F7:6E:B2:14:D8:1A:F1:F4:61:81:A2:1D:B9:A4:11:AA
Certificate issuer:       /CN=5fdf516c95dd6eb2d1d9dd4e0e03286c1911f6e1
Certificate serial:       019736970ADF434BC7C78BD276C65ABC5C6A
Authority key identifier: 5F:DF:51:6C:95:DD:6E:B2:D1:D9:DD:4E:0E:03:28:6C:19:11:F6:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X99RbJXdbrLR2d1ODgMobBkR9uE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/665d7d-d170-4df7-acc7-bf3f7951c5ea/1/gDWNTfdushTYGvH0YYGiHbmkEao.roa
Signing time:             Tue 03 Jun 2025 16:19:17 +0000
ROA not before:           Tue 03 Jun 2025 16:19:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209970
IP address blocks:        45.67.112.0/22 maxlen: 24
                          185.155.120.0/22 maxlen: 24
                          2a09:75c0::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/665d7d-d170-4df7-acc7-bf3f7951c5ea/1/X99RbJXdbrLR2d1ODgMobBkR9uE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/665d7d-d170-4df7-acc7-bf3f7951c5ea/1/X99RbJXdbrLR2d1ODgMobBkR9uE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X99RbJXdbrLR2d1ODgMobBkR9uE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:36:97:0a:df:43:4b:c7:c7:8b:d2:76:c6:5a:bc:5c:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fdf516c95dd6eb2d1d9dd4e0e03286c1911f6e1
        Validity
            Not Before: Jun  3 16:19:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80358d4df76eb214d81af1f46181a21db9a411aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:8a:7c:37:e6:7b:54:25:d0:49:f1:3e:92:c5:
                    b7:c6:96:db:7f:e1:cd:d9:42:85:e2:00:e0:77:4e:
                    ff:65:55:4c:4f:ae:a3:e5:bc:e0:4f:06:13:86:46:
                    1c:9d:98:31:fd:d4:c1:37:05:75:61:d9:6c:b2:87:
                    e8:fd:01:64:cd:a6:6f:74:b1:a3:59:e9:23:58:ca:
                    b9:b3:e0:d2:9c:75:0a:2e:7e:35:05:ca:a7:53:69:
                    99:c0:5b:8c:c5:ec:ad:44:43:ec:a3:64:04:12:5a:
                    7c:63:c7:53:c1:85:e1:e5:2e:b4:f9:17:8a:be:78:
                    56:71:9e:45:b8:81:0c:e3:43:8e:f5:a9:fb:f0:48:
                    3f:9a:bb:e7:9f:07:ff:b6:ab:6a:5d:7b:1e:a2:2a:
                    f2:b7:a3:0a:bd:2a:7c:96:07:bc:a8:e8:88:ff:8e:
                    ea:72:2c:5d:1b:35:e3:96:ff:fc:86:65:af:0f:ed:
                    08:2e:b6:fe:6b:5c:34:f4:b9:b0:6a:08:f3:c9:58:
                    0c:f4:15:da:56:97:15:dd:f6:0e:98:1f:93:1a:d1:
                    b9:d7:45:3a:7c:e6:b8:42:ff:e8:88:6e:2d:7c:70:
                    4f:d7:1e:48:52:66:83:36:2d:30:7e:83:cc:8c:60:
                    7f:e6:ce:29:95:8e:40:2a:42:74:07:55:e9:90:89:
                    06:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:35:8D:4D:F7:6E:B2:14:D8:1A:F1:F4:61:81:A2:1D:B9:A4:11:AA
            X509v3 Authority Key Identifier:
                keyid:5F:DF:51:6C:95:DD:6E:B2:D1:D9:DD:4E:0E:03:28:6C:19:11:F6:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X99RbJXdbrLR2d1ODgMobBkR9uE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/665d7d-d170-4df7-acc7-bf3f7951c5ea/1/gDWNTfdushTYGvH0YYGiHbmkEao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/665d7d-d170-4df7-acc7-bf3f7951c5ea/1/X99RbJXdbrLR2d1ODgMobBkR9uE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.112.0/22
                  185.155.120.0/22
                IPv6:
                  2a09:75c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         38:89:65:64:fd:cd:06:3d:52:c0:0b:25:f4:eb:f1:83:c9:08:
         d8:b3:53:e6:d7:0e:da:36:ca:bf:88:29:46:8f:db:69:7e:f1:
         60:87:0e:10:05:0b:ba:5a:3c:27:59:e9:cc:91:0c:47:73:eb:
         65:2d:9b:e8:af:29:0b:9c:24:e4:f9:b3:82:14:73:e1:ad:bc:
         a3:93:df:9e:5d:f9:4f:23:81:cf:09:04:bd:6d:d4:4f:02:50:
         2f:94:e5:3d:99:c9:02:f0:c8:fc:38:df:7e:12:25:b2:89:ff:
         65:4f:7d:82:87:76:d6:78:7f:f1:03:f3:57:97:c6:2b:77:4a:
         0d:78:09:80:f9:b5:91:9c:5d:60:39:40:fb:a9:58:de:fe:c7:
         61:90:c8:c2:c9:d0:51:dc:58:cf:37:48:85:4b:80:d6:53:06:
         a4:e6:d5:06:f8:9d:76:87:33:c3:e2:1f:66:72:30:18:6c:e4:
         1c:76:b3:37:fb:2f:8f:1e:7b:2e:4f:d6:90:bd:f0:8e:f4:9f:
         8a:48:3b:36:ce:6c:5a:7f:1e:3e:68:bb:bf:07:1d:40:d0:14:
         92:c0:2a:85:1a:e3:c8:7e:b4:95:b1:8a:ee:5e:3c:a7:b1:fd:
         c6:57:e1:b3:82:f8:9a:26:6f:e7:ad:de:a5:14:6c:ef:25:06:
         09:34:f2:2d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZc2lwrfQ0vHx4vSdsZavFxqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmZGY1MTZjOTVkZDZlYjJkMWQ5ZGQ0ZTBlMDMyODZjMTkx
MWY2ZTEwHhcNMjUwNjAzMTYxOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDM1OGQ0ZGY3NmViMjE0ZDgxYWYxZjQ2MTgxYTIxZGI5YTQxMWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYp8N+Z7VCXQSfE+ksW3xpbbf+HN
2UKF4gDgd07/ZVVMT66j5bzgTwYThkYcnZgx/dTBNwV1Ydlssofo/QFkzaZvdLGj
WekjWMq5s+DSnHUKLn41BcqnU2mZwFuMxeytREPso2QEElp8Y8dTwYXh5S60+ReK
vnhWcZ5FuIEM40OO9an78Eg/mrvnnwf/tqtqXXseoiryt6MKvSp8lge8qOiI/47q
cixdGzXjlv/8hmWvD+0ILrb+a1w09LmwagjzyVgM9BXaVpcV3fYOmB+TGtG510U6
fOa4Qv/oiG4tfHBP1x5IUmaDNi0wfoPMjGB/5s4plY5AKkJ0B1XpkIkGGwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIA1jU33brIU2Brx9GGBoh25pBGqMB8GA1UdIwQY
MBaAFF/fUWyV3W6y0dndTg4DKGwZEfbhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDk5UmJKWGRickxSMmQxT0RnTW9iQmtSOXVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy82NjVkN2QtZDE3MC00ZGY3LWFjYzct
YmYzZjc5NTFjNWVhLzEvZ0RXTlRmZHVzaFRZR3ZIMFlZR2lIYm1rRWFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy82NjVkN2QtZDE3MC00ZGY3LWFjYzctYmYzZjc5NTFjNWVh
LzEvWDk5UmJKWGRickxSMmQxT0RnTW9iQmtSOXVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLUNwAwQC
uZt4MA0EAgACMAcDBQMqCXXAMA0GCSqGSIb3DQEBCwUAA4IBAQA4iWVk/c0GPVLA
CyX06/GDyQjYs1Pm1w7aNsq/iClGj9tpfvFghw4QBQu6WjwnWenMkQxHc+tlLZvo
rykLnCTk+bOCFHPhrbyjk9+eXflPI4HPCQS9bdRPAlAvlOU9mckC8Mj8ON9+EiWy
if9lT32Ch3bWeH/xA/NXl8Yrd0oNeAmA+bWRnF1gOUD7qVje/sdhkMjCydBR3FjP
N0iFS4DWUwak5tUG+J12hzPD4h9mcjAYbOQcdrM3+y+PHnsuT9aQvfCO9J+KSDs2
zmxafx4+aLu/Bx1A0BSSwCqFGuPIfrSVsYruXjynsf3GV+GzgviaJm/nrd6lFGzv
JQYJNPIt
-----END CERTIFICATE-----