Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/DyWWOZN8ZTBRhf1Fm0u0zqt0jfg.roa
File:                     DyWWOZN8ZTBRhf1Fm0u0zqt0jfg.roa (raw, json)
Hash identifier:          JdiiPOalyZBqTA3/ZOTpeoS0RQEBs3JtiLIYPTkerfM=
Subject key identifier:   0F:25:96:39:93:7C:65:30:51:85:FD:45:9B:4B:B4:CE:AB:74:8D:F8
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       019875D4AD2D5FED741144915EC7D0C029DB
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/DyWWOZN8ZTBRhf1Fm0u0zqt0jfg.roa
Signing time:             Mon 04 Aug 2025 16:05:28 +0000
ROA not before:           Mon 04 Aug 2025 16:05:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        46.236.241.0/24 maxlen: 24
                          82.139.225.0/24 maxlen: 24
                          82.139.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:75:d4:ad:2d:5f:ed:74:11:44:91:5e:c7:d0:c0:29:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: Aug  4 16:05:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f259639937c65305185fd459b4bb4ceab748df8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:50:8a:98:a9:4a:37:24:13:e6:3c:f5:74:35:
                    3a:9a:fb:1d:0b:d9:ea:22:1c:c3:44:43:44:cf:eb:
                    a8:82:99:e3:9b:ef:13:ef:1e:1f:79:92:11:1e:05:
                    0c:9f:80:5a:90:5e:4c:ac:19:93:74:88:d6:8e:66:
                    0f:78:8c:3f:7d:d1:08:fc:43:f4:89:95:98:59:d5:
                    e0:a5:b3:22:eb:72:b2:9d:e8:b9:42:fb:9a:19:50:
                    72:80:6b:e9:64:4e:49:a3:c3:c7:09:c2:00:2f:85:
                    3c:32:90:d9:d1:f8:7e:01:30:dc:0c:4b:23:1c:0a:
                    b2:d8:85:f0:b9:05:19:a8:67:b3:a8:cd:0c:80:58:
                    39:35:58:71:45:e5:79:d3:a2:69:dd:3b:eb:d7:8e:
                    ef:48:60:f4:81:23:23:2b:f9:5f:1f:1e:bf:65:33:
                    08:23:02:a9:20:86:fc:fe:92:b3:fb:a4:80:4f:11:
                    ab:fd:04:ed:27:70:8b:a0:63:2e:a7:ae:5f:65:c4:
                    cc:22:eb:b0:c8:dd:cb:9b:31:e8:07:b3:f6:bb:1b:
                    77:7c:d3:58:09:93:36:cc:14:dc:e0:31:73:57:65:
                    79:fc:95:77:6f:5a:80:09:e4:16:03:e4:a3:00:af:
                    68:47:4e:d6:59:98:77:b5:f1:48:8a:97:5e:b5:0d:
                    02:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:25:96:39:93:7C:65:30:51:85:FD:45:9B:4B:B4:CE:AB:74:8D:F8
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/DyWWOZN8ZTBRhf1Fm0u0zqt0jfg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.241.0/24
                  82.139.225.0/24
                  82.139.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:43:3f:9c:96:36:06:20:fd:b4:a2:72:cf:68:4e:0d:26:63:
         c6:97:9f:f3:67:96:cb:29:25:2d:88:5b:eb:6d:f6:8f:00:f8:
         91:42:69:ce:fd:bd:87:71:25:ca:25:83:72:94:1e:ef:10:17:
         31:33:99:0c:b1:44:f0:db:aa:47:6f:82:5e:6f:a1:87:58:28:
         d1:43:84:c1:e1:7f:89:08:ff:81:e6:93:ea:59:00:8e:fe:26:
         83:ab:93:7a:0f:a1:8e:36:16:50:37:24:c2:ba:4b:31:4f:ed:
         d8:24:37:17:db:8f:01:71:f7:25:42:d0:fe:a9:85:1a:3d:0b:
         e8:97:73:00:cf:4c:7b:3e:3b:97:3f:e1:48:ea:54:d3:19:b2:
         35:16:6d:f8:e9:15:fc:8e:e0:fd:c7:f6:eb:cc:23:63:35:45:
         56:bf:e0:3d:4e:d7:83:ba:47:27:98:05:02:7e:7a:a7:2c:30:
         c9:a2:3f:ff:bc:e7:dd:e3:f1:d2:34:6a:55:44:3f:29:d8:54:
         cb:b3:7e:b0:8b:b0:1f:f8:9b:7a:0b:90:47:53:91:7e:47:2e:
         6d:52:d1:f8:13:c4:e8:7b:e5:b8:8e:9b:13:60:f0:69:40:c7:
         0d:6a:9b:d2:ed:0e:2d:3e:94:4d:10:1a:a2:c5:de:4d:0c:6b:
         66:60:c8:c9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZh11K0tX+10EUSRXsfQwCnbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjUwODA0MTYwNTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjI1OTYzOTkzN2M2NTMwNTE4NWZkNDU5YjRiYjRjZWFiNzQ4ZGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlFCKmKlKNyQT5jz1dDU6mvsdC9nq
IhzDRENEz+uogpnjm+8T7x4feZIRHgUMn4BakF5MrBmTdIjWjmYPeIw/fdEI/EP0
iZWYWdXgpbMi63Kynei5QvuaGVBygGvpZE5Jo8PHCcIAL4U8MpDZ0fh+ATDcDEsj
HAqy2IXwuQUZqGezqM0MgFg5NVhxReV506Jp3Tvr147vSGD0gSMjK/lfHx6/ZTMI
IwKpIIb8/pKz+6SATxGr/QTtJ3CLoGMup65fZcTMIuuwyN3LmzHoB7P2uxt3fNNY
CZM2zBTc4DFzV2V5/JV3b1qACeQWA+SjAK9oR07WWZh3tfFIipdetQ0CMwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFA8lljmTfGUwUYX9RZtLtM6rdI34MB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEvRHlXV09aTjhaVEJSaGYxRm0wdTB6cXQwamZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALuzxAwQA
UovhAwQAUovrMA0GCSqGSIb3DQEBCwUAA4IBAQBQQz+cljYGIP20onLPaE4NJmPG
l5/zZ5bLKSUtiFvrbfaPAPiRQmnO/b2HcSXKJYNylB7vEBcxM5kMsUTw26pHb4Je
b6GHWCjRQ4TB4X+JCP+B5pPqWQCO/iaDq5N6D6GONhZQNyTCuksxT+3YJDcX248B
cfclQtD+qYUaPQvol3MAz0x7PjuXP+FI6lTTGbI1Fm346RX8juD9x/brzCNjNUVW
v+A9TteDukcnmAUCfnqnLDDJoj//vOfd4/HSNGpVRD8p2FTLs36wi7Af+Jt6C5BH
U5F+Ry5tUtH4E8Toe+W4jpsTYPBpQMcNapvS7Q4tPpRNEBqixd5NDGtmYMjJ
-----END CERTIFICATE-----