Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/dc11d6-4c35-4daa-a7de-3e51bcd14736/1/cP3ZObpESgmIwVeoeUilsXbe7dU.roa
File:                     cP3ZObpESgmIwVeoeUilsXbe7dU.roa (raw, json)
Hash identifier:          x1z5oGuQZIc9RbQHr2zNPztkI2YQUxkkGtsbysCQzFE=
Subject key identifier:   70:FD:D9:39:BA:44:4A:09:88:C1:57:A8:79:48:A5:B1:76:DE:ED:D5
Certificate issuer:       /CN=213cb2a2181a7d36f40e41758d627f701a602042
Certificate serial:       01997C152157F9F1207A673BBE04230EA779
Authority key identifier: 21:3C:B2:A2:18:1A:7D:36:F4:0E:41:75:8D:62:7F:70:1A:60:20:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITyyohgafTb0DkF1jWJ_cBpgIEI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/dc11d6-4c35-4daa-a7de-3e51bcd14736/1/cP3ZObpESgmIwVeoeUilsXbe7dU.roa
Signing time:             Wed 24 Sep 2025 14:16:23 +0000
ROA not before:           Wed 24 Sep 2025 14:16:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215904
IP address blocks:        185.65.68.0/24 maxlen: 24
                          217.70.14.0/24 maxlen: 24
                          2a14:2f40::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/dc11d6-4c35-4daa-a7de-3e51bcd14736/1/ITyyohgafTb0DkF1jWJ_cBpgIEI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/dc11d6-4c35-4daa-a7de-3e51bcd14736/1/ITyyohgafTb0DkF1jWJ_cBpgIEI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITyyohgafTb0DkF1jWJ_cBpgIEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7c:15:21:57:f9:f1:20:7a:67:3b:be:04:23:0e:a7:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=213cb2a2181a7d36f40e41758d627f701a602042
        Validity
            Not Before: Sep 24 14:16:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70fdd939ba444a0988c157a87948a5b176deedd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a1:c6:16:d0:bf:0e:79:3c:a5:69:91:da:9b:
                    76:a4:7a:77:99:59:1c:50:f3:41:e1:7f:59:85:3c:
                    73:85:6f:c1:89:5f:7a:19:53:5b:9c:72:44:bb:3b:
                    98:58:5f:4a:f0:94:fb:85:92:14:c5:c2:6d:c4:cc:
                    4e:c5:e1:4f:bb:06:ae:d6:d3:0d:bb:13:19:25:98:
                    47:7a:6c:87:40:9a:15:c1:3d:9a:bf:eb:cc:db:e6:
                    af:ce:ac:ed:19:1c:a0:e1:cd:56:a4:05:11:cd:97:
                    04:ad:38:7e:74:81:cb:47:ae:f3:07:ce:c9:2b:58:
                    34:11:00:07:e0:13:c7:b8:33:f6:a6:d5:f6:4c:a2:
                    4c:22:e2:70:3c:90:4e:bf:5e:78:78:cc:e4:02:9c:
                    94:4a:08:d3:4f:0c:18:85:e2:b3:0d:04:44:e1:a8:
                    3e:40:f9:fb:22:79:43:1d:e8:b3:75:e9:bc:7b:12:
                    da:70:05:a9:0a:43:4b:4e:cf:00:f2:f4:b9:05:07:
                    54:01:9e:8c:18:ff:9f:68:90:01:70:f4:4f:61:9a:
                    60:fd:e1:cc:ae:7c:ad:f7:7f:cb:21:0a:9d:91:85:
                    88:20:1a:ce:c6:6c:57:55:66:5b:20:a6:5c:a0:ee:
                    59:50:10:4c:90:18:90:cb:c5:68:db:b0:44:11:68:
                    29:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:FD:D9:39:BA:44:4A:09:88:C1:57:A8:79:48:A5:B1:76:DE:ED:D5
            X509v3 Authority Key Identifier:
                keyid:21:3C:B2:A2:18:1A:7D:36:F4:0E:41:75:8D:62:7F:70:1A:60:20:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITyyohgafTb0DkF1jWJ_cBpgIEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dc11d6-4c35-4daa-a7de-3e51bcd14736/1/cP3ZObpESgmIwVeoeUilsXbe7dU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dc11d6-4c35-4daa-a7de-3e51bcd14736/1/ITyyohgafTb0DkF1jWJ_cBpgIEI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.68.0/24
                  217.70.14.0/24
                IPv6:
                  2a14:2f40::/32

    Signature Algorithm: sha256WithRSAEncryption
         72:fb:ee:e2:9b:63:24:17:6b:2d:16:d3:53:63:cb:17:0d:a8:
         92:2f:9a:8b:9e:8d:fe:26:a7:b7:86:51:6f:1c:9d:cd:db:a4:
         0f:e3:ff:33:78:6b:ba:02:4b:f6:7d:22:6a:82:53:93:0a:b2:
         a7:75:1c:65:89:4e:37:79:4a:05:96:30:06:ec:5c:a9:38:cc:
         3c:7b:c3:39:20:7e:0e:db:7b:86:91:5a:7c:a3:f4:be:03:2f:
         b4:33:10:00:15:65:bf:31:d1:98:61:44:cf:0b:c3:97:2f:d4:
         eb:88:0c:ce:70:11:76:d0:de:5b:e7:cd:aa:0b:8e:f1:de:d3:
         5c:93:9f:c7:76:fe:63:33:5f:e0:c3:32:79:b9:96:11:c6:96:
         fb:60:9c:60:d9:ab:19:00:60:b1:2d:9e:ac:c7:84:71:e4:ae:
         fe:c3:e0:ee:ef:e5:62:ff:a5:fb:85:60:60:fe:9b:e7:6d:bb:
         d2:6b:14:2c:19:be:7d:49:eb:03:3e:ec:2d:55:92:e8:33:4f:
         84:62:5e:b3:9e:2c:5c:4c:30:09:cc:95:7a:88:67:33:ff:3d:
         24:54:63:ac:17:8a:7c:91:0e:14:f7:67:b4:53:3d:03:45:f5:
         44:c6:47:f3:d0:6c:6c:dc:bd:09:1f:f3:e1:e5:79:69:a9:1e:
         b1:44:59:b0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZl8FSFX+fEgemc7vgQjDqd5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxM2NiMmEyMTgxYTdkMzZmNDBlNDE3NThkNjI3ZjcwMWE2
MDIwNDIwHhcNMjUwOTI0MTQxNjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGZkZDkzOWJhNDQ0YTA5ODhjMTU3YTg3OTQ4YTViMTc2ZGVlZGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKHGFtC/Dnk8pWmR2pt2pHp3mVkc
UPNB4X9ZhTxzhW/BiV96GVNbnHJEuzuYWF9K8JT7hZIUxcJtxMxOxeFPuwau1tMN
uxMZJZhHemyHQJoVwT2av+vM2+avzqztGRyg4c1WpAURzZcErTh+dIHLR67zB87J
K1g0EQAH4BPHuDP2ptX2TKJMIuJwPJBOv154eMzkApyUSgjTTwwYheKzDQRE4ag+
QPn7InlDHeizdem8exLacAWpCkNLTs8A8vS5BQdUAZ6MGP+faJABcPRPYZpg/eHM
rnyt93/LIQqdkYWIIBrOxmxXVWZbIKZcoO5ZUBBMkBiQy8Vo27BEEWgpZQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHD92Tm6REoJiMFXqHlIpbF23u3VMB8GA1UdIwQY
MBaAFCE8sqIYGn029A5BdY1if3AaYCBCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVR5eW9oZ2FmVGIwRGtGMWpXSl9jQnBnSUVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kYzExZDYtNGMzNS00ZGFhLWE3ZGUt
M2U1MWJjZDE0NzM2LzEvY1AzWk9icEVTZ21Jd1Zlb2VVaWxzWGJlN2RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kYzExZDYtNGMzNS00ZGFhLWE3ZGUtM2U1MWJjZDE0NzM2
LzEvSVR5eW9oZ2FmVGIwRGtGMWpXSl9jQnBnSUVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuUFEAwQA
2UYOMA0EAgACMAcDBQAqFC9AMA0GCSqGSIb3DQEBCwUAA4IBAQBy++7im2MkF2st
FtNTY8sXDaiSL5qLno3+Jqe3hlFvHJ3N26QP4/8zeGu6Akv2fSJqglOTCrKndRxl
iU43eUoFljAG7FypOMw8e8M5IH4O23uGkVp8o/S+Ay+0MxAAFWW/MdGYYUTPC8OX
L9TriAzOcBF20N5b582qC47x3tNck5/Hdv5jM1/gwzJ5uZYRxpb7YJxg2asZAGCx
LZ6sx4Rx5K7+w+Du7+Vi/6X7hWBg/pvnbbvSaxQsGb59SesDPuwtVZLoM0+EYl6z
nixcTDAJzJV6iGcz/z0kVGOsF4p8kQ4U92e0Uz0DRfVExkfz0Gxs3L0JH/Ph5Xlp
qR6xRFmw
-----END CERTIFICATE-----