Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/OtfTMdrLOw5sJBwVvIgWGPfsgXI.roa
File:                     OtfTMdrLOw5sJBwVvIgWGPfsgXI.roa (raw, json)
Hash identifier:          BmAfnAqdGNpNwRDBHyvprNrWZ9k8Iz5qIeHYUyS8B0k=
Subject key identifier:   3A:D7:D3:31:DA:CB:3B:0E:6C:24:1C:15:BC:88:16:18:F7:EC:81:72
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0198E5D422A7D76C4E8D16CCCDCFC04C3369
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/OtfTMdrLOw5sJBwVvIgWGPfsgXI.roa
Signing time:             Tue 26 Aug 2025 10:02:21 +0000
ROA not before:           Tue 26 Aug 2025 10:02:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399073
IP address blocks:        45.90.19.0/24 maxlen: 24
                          185.36.204.0/24 maxlen: 24
                          185.246.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 03:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e5:d4:22:a7:d7:6c:4e:8d:16:cc:cd:cf:c0:4c:33:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Aug 26 10:02:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ad7d331dacb3b0e6c241c15bc881618f7ec8172
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f3:ad:71:a9:d6:44:e0:10:25:92:db:2f:8b:
                    15:d1:02:96:56:b1:30:0a:9a:93:20:85:c1:6e:a7:
                    47:07:93:2b:6a:64:dc:77:e0:71:69:b7:01:eb:17:
                    7f:c9:83:8a:0a:e3:20:fd:fd:ce:49:15:e7:2f:2f:
                    35:e4:3c:65:ef:1a:22:a0:b2:96:9e:71:93:53:a2:
                    6e:19:96:b2:e9:19:78:cf:2f:5a:41:c0:a5:fb:8d:
                    17:d3:3a:ae:b3:5e:5a:95:64:40:f6:d2:e3:2b:25:
                    40:25:3f:d6:3c:c7:ef:e4:40:59:9f:a2:fc:06:4c:
                    c2:aa:0f:04:1f:0b:e9:76:17:ed:a3:8e:08:7a:e2:
                    8d:71:eb:e6:67:34:4a:2a:f6:27:da:fd:de:97:c4:
                    0b:c1:b9:8e:3e:4b:d9:c9:6d:f7:8f:a6:4d:ed:f4:
                    f2:b1:e9:0c:8f:9c:43:eb:a7:09:0b:c1:28:e5:c2:
                    e8:28:ca:c3:32:dc:4a:43:db:86:3f:5e:1f:8e:7e:
                    c9:9e:e9:19:0d:aa:20:1f:ea:61:d3:2a:d8:c7:d8:
                    17:1a:b8:20:d8:74:bb:91:85:81:89:cc:10:39:39:
                    52:cc:e7:62:65:92:90:af:c9:f6:e3:4e:59:32:2c:
                    e0:ea:a1:a1:fb:4e:bc:74:ea:df:d9:89:f9:6e:54:
                    00:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:D7:D3:31:DA:CB:3B:0E:6C:24:1C:15:BC:88:16:18:F7:EC:81:72
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/OtfTMdrLOw5sJBwVvIgWGPfsgXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.19.0/24
                  185.36.204.0/24
                  185.246.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:e7:7b:15:5f:b6:08:bb:d0:5f:d7:0c:2b:10:b9:cf:dc:e0:
         d3:00:e4:b9:02:83:66:67:87:39:4e:71:34:6d:b7:16:84:04:
         35:22:7c:fd:a2:f6:9d:f4:3b:22:e4:3a:fc:d6:51:02:5b:83:
         e2:ee:c5:87:4d:3b:99:23:d4:5f:2f:32:75:db:91:72:21:33:
         b1:d0:e2:d1:b1:a8:f3:e1:3f:be:ab:07:a4:8f:cb:94:8c:28:
         04:51:7c:6c:7d:19:92:01:46:41:73:a6:7d:d8:37:30:d3:08:
         ae:ac:98:37:47:7b:15:a2:51:c5:f7:f5:c6:d4:7f:9e:d5:b7:
         98:85:46:e0:4a:f0:60:18:dd:06:23:ac:32:7c:5c:ae:e8:cf:
         bb:1b:e4:ea:bb:37:9a:46:3d:eb:11:69:80:06:b5:22:b1:fd:
         28:30:eb:f7:2a:30:2f:37:ba:67:08:1e:5d:1a:db:85:63:d9:
         76:88:3a:7f:a2:94:81:e9:90:d2:92:a5:5f:7f:0c:b3:22:7b:
         51:33:25:e6:e1:30:f5:ae:be:75:09:59:bf:d5:41:5c:80:4f:
         d9:0c:5a:11:e3:a6:d4:35:f6:a4:3f:95:13:63:8a:ec:c4:35:
         5f:55:07:6c:fe:97:83:7c:05:6e:03:4b:bc:b6:49:30:ad:6a:
         68:6e:35:46
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZjl1CKn12xOjRbMzc/ATDNpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwODI2MTAwMjIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWQ3ZDMzMWRhY2IzYjBlNmMyNDFjMTViYzg4MTYxOGY3ZWM4MTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvOtcanWROAQJZLbL4sV0QKWVrEw
CpqTIIXBbqdHB5MramTcd+BxabcB6xd/yYOKCuMg/f3OSRXnLy815Dxl7xoioLKW
nnGTU6JuGZay6Rl4zy9aQcCl+40X0zqus15alWRA9tLjKyVAJT/WPMfv5EBZn6L8
BkzCqg8EHwvpdhfto44IeuKNcevmZzRKKvYn2v3el8QLwbmOPkvZyW33j6ZN7fTy
sekMj5xD66cJC8Eo5cLoKMrDMtxKQ9uGP14fjn7JnukZDaogH+ph0yrYx9gXGrgg
2HS7kYWBicwQOTlSzOdiZZKQr8n2405ZMizg6qGh+068dOrf2Yn5blQAjwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDrX0zHayzsObCQcFbyIFhj37IFyMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvT3RmVE1kckxPdzVzSkJ3VnZJZ1dHUGZzZ1hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVoTAwQA
uSTMAwQAufZzMA0GCSqGSIb3DQEBCwUAA4IBAQCb53sVX7YIu9Bf1wwrELnP3ODT
AOS5AoNmZ4c5TnE0bbcWhAQ1Inz9ovad9Dsi5Dr81lECW4Pi7sWHTTuZI9RfLzJ1
25FyITOx0OLRsajz4T++qwekj8uUjCgEUXxsfRmSAUZBc6Z92Dcw0wiurJg3R3sV
olHF9/XG1H+e1beYhUbgSvBgGN0GI6wyfFyu6M+7G+TquzeaRj3rEWmABrUisf0o
MOv3KjAvN7pnCB5dGtuFY9l2iDp/opSB6ZDSkqVffwyzIntRMyXm4TD1rr51CVm/
1UFcgE/ZDFoR46bUNfakP5UTY4rsxDVfVQds/peDfAVuA0u8tkkwrWpobjVG
-----END CERTIFICATE-----