Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/kySIy4GFgdUtDGutzE5tO6yZpgk.roa
File:                     kySIy4GFgdUtDGutzE5tO6yZpgk.roa (raw, json)
Hash identifier:          wa4m2rfPgkudsG20GyeWqT/CJ74sCr30uYlH63jgL/s=
Subject key identifier:   93:24:88:CB:81:85:81:D5:2D:0C:6B:AD:CC:4E:6D:3B:AC:99:A6:09
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01991447F7719F05DEDDBEDC5A29B2C47B1C
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/kySIy4GFgdUtDGutzE5tO6yZpgk.roa
Signing time:             Thu 04 Sep 2025 10:31:24 +0000
ROA not before:           Thu 04 Sep 2025 10:31:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206150
IP address blocks:        45.130.82.0/24 maxlen: 24
                          2a0b:64c6::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:14:47:f7:71:9f:05:de:dd:be:dc:5a:29:b2:c4:7b:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Sep  4 10:31:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=932488cb818581d52d0c6badcc4e6d3bac99a609
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:4c:a1:3d:cc:16:f0:5b:ce:e0:0c:5e:b0:a7:
                    52:69:02:50:13:d2:a8:30:26:6d:5f:b5:36:42:f5:
                    ae:1c:7a:44:59:59:a0:cb:42:d6:05:17:10:dc:5a:
                    13:fd:a4:2a:e0:c4:6d:85:bd:3c:36:2d:0b:7c:59:
                    dd:34:18:f0:d5:98:94:80:7d:fc:33:d6:81:97:83:
                    42:3c:4f:aa:2b:11:5a:80:6c:c2:4e:c3:42:4b:d7:
                    1f:a0:9f:a7:ca:8d:bb:93:65:0e:8a:75:a1:0b:5a:
                    8e:7e:0a:83:49:07:db:67:87:c5:df:1e:a6:2b:c3:
                    a0:9d:33:b2:2f:fb:0d:2e:05:82:52:2e:19:b0:7a:
                    f7:35:28:c8:76:56:62:98:b5:3a:e2:17:1a:34:9d:
                    14:29:83:79:e0:e0:34:04:5b:7f:20:a3:2e:8f:75:
                    0a:ae:06:25:56:1e:0c:86:05:70:c3:58:c2:dd:28:
                    27:f8:8c:2d:f4:3d:36:a9:0c:76:4d:b8:58:f7:c7:
                    5d:34:76:dd:09:b3:9b:60:ab:53:42:d8:be:52:a1:
                    f0:ff:51:6a:2f:e3:b0:8f:bf:e3:ba:f7:4e:a1:02:
                    e0:04:8c:be:31:22:db:55:3e:2e:52:b0:b1:cd:d8:
                    3e:09:5b:a5:ce:70:b6:3f:de:17:19:f6:c4:f2:b4:
                    ba:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:24:88:CB:81:85:81:D5:2D:0C:6B:AD:CC:4E:6D:3B:AC:99:A6:09
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/kySIy4GFgdUtDGutzE5tO6yZpgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.82.0/24
                IPv6:
                  2a0b:64c6::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:53:4f:dc:20:1e:c6:ed:29:a1:a8:38:dc:e2:de:d5:50:36:
         40:03:e7:10:a5:f9:7a:f6:1b:d2:62:82:2b:9a:dc:3f:0c:f4:
         2b:74:0f:4d:32:11:b1:ca:de:d7:cf:57:f9:dc:c4:f0:89:79:
         ac:ca:a9:05:a1:44:96:a7:7a:ba:ca:41:17:2f:56:a9:ed:5e:
         a4:fc:bd:22:c7:64:36:ba:70:75:e8:1d:34:d7:59:51:fe:e1:
         d0:0d:43:c5:0d:b0:2a:bb:75:ac:ef:a1:98:93:b1:25:e9:58:
         2f:89:cc:ba:93:f9:36:24:a0:51:80:91:66:e2:ec:52:22:3f:
         4e:d5:3a:5e:3b:c5:08:fc:03:af:59:cc:e6:d8:7b:9e:5e:d7:
         99:32:fa:79:b9:a7:c4:59:b0:40:12:e3:15:c5:ff:14:91:0e:
         39:4e:1c:5a:ed:11:dd:a7:08:41:9a:b7:71:c3:60:3b:83:63:
         50:75:f8:c1:dd:73:94:06:93:83:93:16:7a:7e:c7:3c:c8:ab:
         f1:ad:dc:80:64:b0:c3:6d:f1:13:b5:fa:2e:b0:cf:82:58:86:
         c5:c8:54:1a:c6:1b:bd:f1:0c:23:03:ff:bf:8f:ed:86:ee:b5:
         55:e8:58:55:9c:af:ef:ce:43:13:cb:b5:a1:90:2f:56:6b:f2:
         ff:c5:45:db
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZkUR/dxnwXe3b7cWimyxHscMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwOTA0MTAzMTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzI0ODhjYjgxODU4MWQ1MmQwYzZiYWRjYzRlNmQzYmFjOTlhNjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkyhPcwW8FvO4AxesKdSaQJQE9Ko
MCZtX7U2QvWuHHpEWVmgy0LWBRcQ3FoT/aQq4MRthb08Ni0LfFndNBjw1ZiUgH38
M9aBl4NCPE+qKxFagGzCTsNCS9cfoJ+nyo27k2UOinWhC1qOfgqDSQfbZ4fF3x6m
K8OgnTOyL/sNLgWCUi4ZsHr3NSjIdlZimLU64hcaNJ0UKYN54OA0BFt/IKMuj3UK
rgYlVh4MhgVww1jC3Sgn+Iwt9D02qQx2TbhY98ddNHbdCbObYKtTQti+UqHw/1Fq
L+Owj7/juvdOoQLgBIy+MSLbVT4uUrCxzdg+CVulznC2P94XGfbE8rS6QwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJMkiMuBhYHVLQxrrcxObTusmaYJMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEva3lTSXk0R0ZnZFV0REd1dHpFNXRPNnlacGdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALYJSMA0E
AgACMAcDBQAqC2TGMA0GCSqGSIb3DQEBCwUAA4IBAQAGU0/cIB7G7SmhqDjc4t7V
UDZAA+cQpfl69hvSYoIrmtw/DPQrdA9NMhGxyt7Xz1f53MTwiXmsyqkFoUSWp3q6
ykEXL1ap7V6k/L0ix2Q2unB16B0011lR/uHQDUPFDbAqu3Ws76GYk7El6Vgvicy6
k/k2JKBRgJFm4uxSIj9O1TpeO8UI/AOvWczm2HueXteZMvp5uafEWbBAEuMVxf8U
kQ45Thxa7RHdpwhBmrdxw2A7g2NQdfjB3XOUBpODkxZ6fsc8yKvxrdyAZLDDbfET
tfousM+CWIbFyFQaxhu98QwjA/+/j+2G7rVV6FhVnK/vzkMTy7WhkC9Wa/L/xUXb
-----END CERTIFICATE-----