Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/O59qU3GlbCPOunuU26RSWdQm6Ys.roa
File:                     O59qU3GlbCPOunuU26RSWdQm6Ys.roa (raw, json)
Hash identifier:          cUEfityQpCrIrR/hweLcH6F77z41nX/RM/hfo/Kr52s=
Subject key identifier:   3B:9F:6A:53:71:A5:6C:23:CE:BA:7B:94:DB:A4:52:59:D4:26:E9:8B
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       0198D14396E1DBAC62F68FA70CC400146A9F
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/O59qU3GlbCPOunuU26RSWdQm6Ys.roa
Signing time:             Fri 22 Aug 2025 10:12:04 +0000
ROA not before:           Fri 22 Aug 2025 10:12:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212836
IP address blocks:        45.158.253.0/24 maxlen: 24
                          185.233.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 13:02:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d1:43:96:e1:db:ac:62:f6:8f:a7:0c:c4:00:14:6a:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Aug 22 10:12:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b9f6a5371a56c23ceba7b94dba45259d426e98b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:95:9b:d0:8e:ff:6a:f7:b5:8a:ab:44:b9:22:
                    be:b8:02:0d:fa:c9:ea:93:d5:1f:1d:e5:b8:57:50:
                    53:4f:c6:cc:dd:5d:a5:20:5e:b8:53:94:46:6c:de:
                    9e:20:38:36:be:04:ff:7b:5f:e2:76:cf:bb:b5:f0:
                    96:e5:21:d6:b0:78:42:e6:aa:b6:be:13:7a:9d:94:
                    a3:48:eb:f9:69:7b:b1:6a:c3:d7:6c:c5:ab:8d:c4:
                    c6:e5:14:d5:86:25:58:ab:f6:30:39:60:fb:27:02:
                    bd:1c:50:8d:62:37:a0:8d:3e:bb:79:b6:43:3f:0b:
                    73:ef:62:50:79:2b:bb:a3:c3:22:6e:9b:3e:29:73:
                    e1:29:78:60:6e:c2:61:bc:db:47:73:eb:61:af:25:
                    a7:b1:4f:14:0b:fa:3f:de:ba:1c:fd:a2:bb:f9:31:
                    68:ef:ef:f2:7f:5b:34:7c:7f:3f:43:4e:3f:de:fc:
                    e1:dd:6a:95:f8:a5:7f:84:c7:da:06:66:13:1e:53:
                    dd:d2:bf:1e:d4:c3:04:03:18:3a:e9:17:d5:3b:63:
                    a4:17:96:fb:86:46:c3:63:c9:be:e4:85:6f:72:2e:
                    4d:d6:7f:e2:50:54:55:46:0d:d2:71:75:a9:10:f9:
                    6b:06:4c:d9:16:77:22:4b:d7:68:49:3c:ad:b7:4f:
                    46:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:9F:6A:53:71:A5:6C:23:CE:BA:7B:94:DB:A4:52:59:D4:26:E9:8B
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/O59qU3GlbCPOunuU26RSWdQm6Ys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.253.0/24
                  185.233.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:f5:d4:e6:9f:f4:d2:a8:ce:79:24:cd:09:de:7a:1e:0b:82:
         03:83:af:2f:8e:f3:2b:a6:a2:63:52:cc:99:84:ac:d2:44:a7:
         7b:9b:1d:b4:68:6f:ec:4a:80:77:87:ef:2e:67:00:2b:16:40:
         c9:b4:f9:94:5f:8a:1a:3e:71:d5:ef:e4:af:8e:2d:a5:c9:4d:
         e7:ad:60:dc:d2:78:a9:84:1b:da:62:23:77:22:5e:7f:7d:06:
         c8:d6:34:f3:73:07:96:da:50:a6:77:00:98:ad:e5:2f:e1:28:
         68:20:e7:6b:3f:9c:1c:46:a4:a9:72:35:27:d1:b7:13:95:3b:
         3c:46:4b:9e:a4:7c:a4:70:29:0a:81:86:f2:f1:4f:01:be:0c:
         07:65:75:8a:e6:5a:c5:8c:9e:34:49:b1:23:41:36:0d:ba:77:
         8d:0d:2e:0b:8a:ed:e8:99:78:9c:c5:49:81:80:1a:f6:36:55:
         d1:b7:02:ee:83:8d:7d:fd:64:07:56:62:02:b1:cc:a3:63:35:
         2d:a0:2f:54:bf:54:96:ce:ce:df:60:f3:99:e5:a2:0b:2e:ea:
         b7:cf:d8:54:d3:ca:06:20:84:1a:74:5d:a7:b7:38:f4:3b:d3:
         b3:72:9f:d9:b8:f2:c1:9b:cd:b8:66:fe:3c:55:cb:ae:3a:d6:
         78:ef:31:07
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjRQ5bh26xi9o+nDMQAFGqfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjUwODIyMTAxMjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjlmNmE1MzcxYTU2YzIzY2ViYTdiOTRkYmE0NTI1OWQ0MjZlOThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5Wb0I7/ave1iqtEuSK+uAIN+snq
k9UfHeW4V1BTT8bM3V2lIF64U5RGbN6eIDg2vgT/e1/ids+7tfCW5SHWsHhC5qq2
vhN6nZSjSOv5aXuxasPXbMWrjcTG5RTVhiVYq/YwOWD7JwK9HFCNYjegjT67ebZD
Pwtz72JQeSu7o8Mibps+KXPhKXhgbsJhvNtHc+thryWnsU8UC/o/3roc/aK7+TFo
7+/yf1s0fH8/Q04/3vzh3WqV+KV/hMfaBmYTHlPd0r8e1MMEAxg66RfVO2OkF5b7
hkbDY8m+5IVvci5N1n/iUFRVRg3ScXWpEPlrBkzZFnciS9doSTytt09GAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDufalNxpWwjzrp7lNukUlnUJumLMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvTzU5cVUzR2xiQ1BPdW51VTI2UlNXZFFtNllzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZ79AwQA
uekQMA0GCSqGSIb3DQEBCwUAA4IBAQDE9dTmn/TSqM55JM0J3noeC4IDg68vjvMr
pqJjUsyZhKzSRKd7mx20aG/sSoB3h+8uZwArFkDJtPmUX4oaPnHV7+Svji2lyU3n
rWDc0niphBvaYiN3Il5/fQbI1jTzcweW2lCmdwCYreUv4ShoIOdrP5wcRqSpcjUn
0bcTlTs8RkuepHykcCkKgYby8U8BvgwHZXWK5lrFjJ40SbEjQTYNuneNDS4Liu3o
mXicxUmBgBr2NlXRtwLug419/WQHVmICscyjYzUtoC9Uv1SWzs7fYPOZ5aILLuq3
z9hU08oGIIQadF2ntzj0O9Ozcp/ZuPLBm824Zv48VcuuOtZ47zEH
-----END CERTIFICATE-----