Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/OVlT_pQqA08Q1UrNiKWeQjISths.roa
File:                     OVlT_pQqA08Q1UrNiKWeQjISths.roa (raw, json)
Hash identifier:          R9hMVU1azsLDsV2kScsNqSIvknc94xA2JDe9jn5I16c=
Subject key identifier:   39:59:53:FE:94:2A:03:4F:10:D5:4A:CD:88:A5:9E:42:32:12:B6:1B
Certificate issuer:       /CN=10721ead6a4575643cb703062c0968755e8281eb
Certificate serial:       0197BFE802D6A6D51B68854066D82B14340F
Authority key identifier: 10:72:1E:AD:6A:45:75:64:3C:B7:03:06:2C:09:68:75:5E:82:81:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EHIerWpFdWQ8twMGLAlodV6Cges.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/OVlT_pQqA08Q1UrNiKWeQjISths.roa
Signing time:             Mon 30 Jun 2025 08:15:42 +0000
ROA not before:           Mon 30 Jun 2025 08:15:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2856
IP address blocks:        45.112.172.0/22 maxlen: 22
                          91.236.216.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/EHIerWpFdWQ8twMGLAlodV6Cges.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/EHIerWpFdWQ8twMGLAlodV6Cges.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EHIerWpFdWQ8twMGLAlodV6Cges.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Jul 2025 20:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:bf:e8:02:d6:a6:d5:1b:68:85:40:66:d8:2b:14:34:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10721ead6a4575643cb703062c0968755e8281eb
        Validity
            Not Before: Jun 30 08:15:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=395953fe942a034f10d54acd88a59e423212b61b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:64:a3:8c:71:7d:0d:0d:f1:bb:d2:ff:2e:29:
                    7e:8e:a3:e5:bb:6c:ba:54:3b:38:ef:21:0f:91:7d:
                    b5:7d:ec:0d:26:08:0f:5d:a6:e3:a5:5a:e9:17:d2:
                    8c:94:dc:b3:35:26:d2:20:5a:99:30:bc:4c:33:94:
                    4a:6e:0c:c9:13:cb:90:8c:f0:4c:9d:99:08:a9:3b:
                    fa:47:4c:a4:04:a6:ad:ff:4a:d0:05:37:67:a5:8e:
                    31:12:b8:b2:fb:7e:51:5d:ca:ba:f5:3a:fe:04:21:
                    6b:05:92:15:b9:68:a9:f0:9d:29:f3:d7:a6:cd:87:
                    75:47:a8:b6:8d:4e:f0:82:2a:20:3d:e7:27:f6:d6:
                    28:53:ac:02:3b:cb:e2:2c:85:98:d7:14:ca:e1:18:
                    64:2b:a7:a2:39:09:fe:21:5d:ad:44:f4:f6:60:34:
                    b2:f9:07:1c:11:45:07:a9:56:99:06:07:b8:b3:58:
                    5d:35:a5:e8:8f:92:0c:bb:ee:53:23:4c:a2:31:21:
                    2e:bf:0f:3e:5d:6b:89:b7:e3:d8:08:af:9a:92:ee:
                    d5:f6:08:3e:67:c1:f5:ee:43:86:66:0a:22:d9:ee:
                    ec:29:57:ba:35:cb:d0:ef:d0:3f:c6:e7:95:a1:65:
                    12:43:a4:8f:f6:5a:40:a4:38:3d:a7:4b:69:bc:06:
                    8c:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:59:53:FE:94:2A:03:4F:10:D5:4A:CD:88:A5:9E:42:32:12:B6:1B
            X509v3 Authority Key Identifier:
                keyid:10:72:1E:AD:6A:45:75:64:3C:B7:03:06:2C:09:68:75:5E:82:81:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EHIerWpFdWQ8twMGLAlodV6Cges.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/OVlT_pQqA08Q1UrNiKWeQjISths.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/EHIerWpFdWQ8twMGLAlodV6Cges.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.112.172.0/22
                  91.236.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:50:51:ff:ac:e1:47:25:ae:c0:18:7c:5a:0d:92:7c:c9:61:
         ec:20:50:11:0e:bc:b7:b9:c6:ef:4b:af:07:f8:fb:e1:78:b7:
         d0:ce:b8:1f:17:1e:f7:c4:d6:48:3b:f2:11:7b:03:71:ef:c7:
         c9:ff:be:7e:7e:1e:d8:ec:99:15:89:49:de:26:61:62:01:00:
         cc:58:e2:7e:07:01:22:d0:ab:ed:12:c1:04:c9:3e:11:5a:5e:
         9c:c4:77:a7:f9:94:e5:1e:cd:d3:d0:63:f1:29:aa:1f:00:c6:
         a7:7f:ce:87:e0:0e:66:60:43:00:a5:e3:f5:43:bd:e9:81:da:
         ba:98:19:7f:bf:15:41:2c:5a:f9:d5:85:1b:b1:c8:40:cf:8b:
         4f:d8:ac:ed:d2:52:d5:c5:37:1f:6a:32:fa:83:cd:ce:6e:16:
         ec:07:8f:6c:3d:af:e4:dc:ac:2d:bb:8c:5f:74:8c:1d:8b:35:
         61:a9:99:9c:13:e7:c1:67:4d:b0:5e:16:8f:c3:f6:18:3c:74:
         f5:c6:b1:f0:5e:37:e7:31:cd:e3:26:17:c1:e7:89:28:db:49:
         81:c7:10:b2:b8:20:4f:95:f9:15:63:a0:0a:72:c1:92:3d:48:
         9a:f9:05:ac:e1:56:bc:35:3c:98:1b:f4:8c:d3:fe:17:1a:08:
         2b:be:5b:3d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZe/6ALWptUbaIVAZtgrFDQPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNzIxZWFkNmE0NTc1NjQzY2I3MDMwNjJjMDk2ODc1NWU4
MjgxZWIwHhcNMjUwNjMwMDgxNTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTU5NTNmZTk0MmEwMzRmMTBkNTRhY2Q4OGE1OWU0MjMyMTJiNjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA22SjjHF9DQ3xu9L/Lil+jqPlu2y6
VDs47yEPkX21fewNJggPXabjpVrpF9KMlNyzNSbSIFqZMLxMM5RKbgzJE8uQjPBM
nZkIqTv6R0ykBKat/0rQBTdnpY4xEriy+35RXcq69Tr+BCFrBZIVuWip8J0p89em
zYd1R6i2jU7wgiogPecn9tYoU6wCO8viLIWY1xTK4RhkK6eiOQn+IV2tRPT2YDSy
+QccEUUHqVaZBge4s1hdNaXoj5IMu+5TI0yiMSEuvw8+XWuJt+PYCK+aku7V9gg+
Z8H17kOGZgoi2e7sKVe6NcvQ79A/xueVoWUSQ6SP9lpApDg9p0tpvAaMnQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDlZU/6UKgNPENVKzYilnkIyErYbMB8GA1UdIwQY
MBaAFBByHq1qRXVkPLcDBiwJaHVegoHrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUhJZXJXcEZkV1E4dHdNR0xBbG9kVjZDZ2VzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9jYTkzNWItMjQ4NC00MDIwLWI4MTQt
M2Q0YWU4MGZjNDVkLzEvT1ZsVF9wUXFBMDhRMVVyTmlLV2VRaklTdGhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9jYTkzNWItMjQ4NC00MDIwLWI4MTQtM2Q0YWU4MGZjNDVk
LzEvRUhJZXJXcEZkV1E4dHdNR0xBbG9kVjZDZ2VzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLXCsAwQB
W+zYMA0GCSqGSIb3DQEBCwUAA4IBAQA2UFH/rOFHJa7AGHxaDZJ8yWHsIFARDry3
ucbvS68H+PvheLfQzrgfFx73xNZIO/IRewNx78fJ/75+fh7Y7JkViUneJmFiAQDM
WOJ+BwEi0KvtEsEEyT4RWl6cxHen+ZTlHs3T0GPxKaofAManf86H4A5mYEMApeP1
Q73pgdq6mBl/vxVBLFr51YUbschAz4tP2Kzt0lLVxTcfajL6g83ObhbsB49sPa/k
3Kwtu4xfdIwdizVhqZmcE+fBZ02wXhaPw/YYPHT1xrHwXjfnMc3jJhfB54ko20mB
xxCyuCBPlfkVY6AKcsGSPUia+QWs4Va8NTyYG/SM0/4XGggrvls9
-----END CERTIFICATE-----