Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/ZGbxcZi9cS52WoJdVb-r0w_TFVk.roa
File:                     ZGbxcZi9cS52WoJdVb-r0w_TFVk.roa (raw, json)
Hash identifier:          UaSAvffUeAya0sIHPIbsIDALMTsblptod9P+M2JwLlw=
Subject key identifier:   64:66:F1:71:98:BD:71:2E:76:5A:82:5D:55:BF:AB:D3:0F:D3:15:59
Certificate issuer:       /CN=b6c167dfa9882b2aa8f84595f58a97c305ca43c5
Certificate serial:       01998A63D6F06259D6C39FA6BE7F992E3F9A
Authority key identifier: B6:C1:67:DF:A9:88:2B:2A:A8:F8:45:95:F5:8A:97:C3:05:CA:43:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tsFn36mIKyqo-EWV9YqXwwXKQ8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/ZGbxcZi9cS52WoJdVb-r0w_TFVk.roa
Signing time:             Sat 27 Sep 2025 08:57:02 +0000
ROA not before:           Sat 27 Sep 2025 08:57:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214225
IP address blocks:        45.135.240.0/24 maxlen: 24
                          195.96.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/tsFn36mIKyqo-EWV9YqXwwXKQ8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/tsFn36mIKyqo-EWV9YqXwwXKQ8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tsFn36mIKyqo-EWV9YqXwwXKQ8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:8a:63:d6:f0:62:59:d6:c3:9f:a6:be:7f:99:2e:3f:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6c167dfa9882b2aa8f84595f58a97c305ca43c5
        Validity
            Not Before: Sep 27 08:57:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6466f17198bd712e765a825d55bfabd30fd31559
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:a0:5e:5f:f5:df:ae:fe:6f:b7:79:f4:eb:9f:
                    af:6f:52:18:48:6c:3e:fe:24:52:b1:87:ba:ee:42:
                    fa:bc:4c:1f:31:ad:77:e6:1b:79:f3:99:00:ec:39:
                    ee:40:56:fa:5e:03:94:70:e6:c6:20:d9:8a:90:a8:
                    17:af:59:00:51:69:5c:99:a9:71:59:e4:32:40:21:
                    a3:92:b3:fe:5e:d4:90:c6:57:87:5e:81:06:a6:98:
                    79:18:a2:39:31:af:6f:65:bc:ec:40:2c:89:28:0b:
                    88:cc:df:ee:53:c8:9a:98:5d:42:5d:f9:88:5c:f6:
                    9c:6d:d2:d1:17:d2:70:15:69:1e:25:98:53:f2:e3:
                    b4:a2:71:ac:a9:e2:a7:fe:e0:3f:48:b8:f9:58:f5:
                    01:11:b4:af:c5:3d:59:5b:43:27:93:53:a7:bc:78:
                    47:2d:86:d5:f0:78:ba:93:43:49:d4:75:31:fd:77:
                    47:14:51:e8:36:09:5c:a2:83:0a:f7:5e:02:8f:47:
                    0c:93:47:2b:89:e8:d6:3b:5f:ce:be:76:40:4f:a9:
                    26:44:13:ab:a4:d5:82:c4:ce:0d:2f:1d:dc:f0:81:
                    05:0e:d9:1d:08:78:23:fe:d2:57:3d:35:df:01:a6:
                    45:d3:50:d0:35:bf:53:04:7d:ba:00:18:3e:b8:7e:
                    12:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:66:F1:71:98:BD:71:2E:76:5A:82:5D:55:BF:AB:D3:0F:D3:15:59
            X509v3 Authority Key Identifier:
                keyid:B6:C1:67:DF:A9:88:2B:2A:A8:F8:45:95:F5:8A:97:C3:05:CA:43:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tsFn36mIKyqo-EWV9YqXwwXKQ8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/ZGbxcZi9cS52WoJdVb-r0w_TFVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/tsFn36mIKyqo-EWV9YqXwwXKQ8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.240.0/24
                  195.96.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:5a:76:61:a6:c4:5f:9a:7c:f4:a6:eb:04:7f:39:ea:1c:db:
         d7:23:21:d2:bc:29:8e:dd:3e:d4:ec:a0:45:26:cf:37:30:22:
         0d:11:2b:cb:c1:69:1c:ce:2d:78:49:bf:00:55:8b:a4:4d:eb:
         96:6e:0d:e0:ee:00:31:ba:21:a3:83:95:07:3f:0e:59:52:dc:
         ac:33:d7:4f:0a:8c:e8:40:13:1a:56:e6:ae:b8:2d:69:99:d4:
         0b:2e:00:48:75:a2:7a:0d:b6:6a:ee:f3:86:27:90:28:03:bc:
         e6:02:19:be:14:f3:0b:e6:75:05:3c:ec:53:33:e2:d8:21:ea:
         96:d6:e5:21:a2:1e:ab:da:9b:89:51:a8:fc:f3:d8:71:71:c6:
         63:2a:c4:3a:42:a0:30:9e:60:3a:e1:72:67:c1:f4:34:9e:9d:
         a9:5f:bb:55:fc:bb:c9:f0:49:0d:81:25:a4:a4:53:9c:08:2b:
         24:aa:c2:16:1e:fe:e1:64:f2:d8:56:e4:59:f0:9a:76:70:c7:
         cc:d0:05:e7:87:54:8f:88:f6:a1:0d:3c:65:3e:e7:75:58:3c:
         ec:01:4c:e3:d8:b2:8e:5e:9f:f0:77:cd:2c:d7:09:28:f4:f8:
         a2:8a:f7:00:80:37:71:05:77:b9:d1:9e:83:f3:78:e8:d3:7f:
         59:29:76:c2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmKY9bwYlnWw5+mvn+ZLj+aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2YzE2N2RmYTk4ODJiMmFhOGY4NDU5NWY1OGE5N2MzMDVj
YTQzYzUwHhcNMjUwOTI3MDg1NzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDY2ZjE3MTk4YmQ3MTJlNzY1YTgyNWQ1NWJmYWJkMzBmZDMxNTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2KBeX/Xfrv5vt3n065+vb1IYSGw+
/iRSsYe67kL6vEwfMa135ht585kA7DnuQFb6XgOUcObGINmKkKgXr1kAUWlcmalx
WeQyQCGjkrP+XtSQxleHXoEGpph5GKI5Ma9vZbzsQCyJKAuIzN/uU8iamF1CXfmI
XPacbdLRF9JwFWkeJZhT8uO0onGsqeKn/uA/SLj5WPUBEbSvxT1ZW0Mnk1OnvHhH
LYbV8Hi6k0NJ1HUx/XdHFFHoNglcooMK914Cj0cMk0criejWO1/OvnZAT6kmRBOr
pNWCxM4NLx3c8IEFDtkdCHgj/tJXPTXfAaZF01DQNb9TBH26ABg+uH4S+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGRm8XGYvXEudlqCXVW/q9MP0xVZMB8GA1UdIwQY
MBaAFLbBZ9+piCsqqPhFlfWKl8MFykPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHNGbjM2bUlLeXFvLUVXVjlZcVh3d1hLUThVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy83M2JlZWItNmEwNS00Y2NhLTg2YmUt
YWNmYzNkMmMyNTIyLzEvWkdieGNaaTljUzUyV29KZFZiLXIwd19URlZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy83M2JlZWItNmEwNS00Y2NhLTg2YmUtYWNmYzNkMmMyNTIy
LzEvdHNGbjM2bUlLeXFvLUVXVjlZcVh3d1hLUThVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYfwAwQA
w2CAMA0GCSqGSIb3DQEBCwUAA4IBAQAcWnZhpsRfmnz0pusEfznqHNvXIyHSvCmO
3T7U7KBFJs83MCINESvLwWkczi14Sb8AVYukTeuWbg3g7gAxuiGjg5UHPw5ZUtys
M9dPCozoQBMaVuauuC1pmdQLLgBIdaJ6DbZq7vOGJ5AoA7zmAhm+FPML5nUFPOxT
M+LYIeqW1uUhoh6r2puJUaj889hxccZjKsQ6QqAwnmA64XJnwfQ0np2pX7tV/LvJ
8EkNgSWkpFOcCCskqsIWHv7hZPLYVuRZ8Jp2cMfM0AXnh1SPiPahDTxlPud1WDzs
AUzj2LKOXp/wd80s1wko9PiiivcAgDdxBXe50Z6D83jo039ZKXbC
-----END CERTIFICATE-----