Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/ZckxSPgStfBNqpf_bKZ5TlHqsiw.roa
File:                     ZckxSPgStfBNqpf_bKZ5TlHqsiw.roa (raw, json)
Hash identifier:          ylC4RavnbVZ7xL5LPnNCb6J3es9DShqfcjOt6FoGPyw=
Subject key identifier:   65:C9:31:48:F8:12:B5:F0:4D:AA:97:FF:6C:A6:79:4E:51:EA:B2:2C
Certificate issuer:       /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial:       0199C24CD229267D6310634E6FDD8C77F2C1
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/ZckxSPgStfBNqpf_bKZ5TlHqsiw.roa
Signing time:             Wed 08 Oct 2025 05:30:38 +0000
ROA not before:           Wed 08 Oct 2025 05:30:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6698
IP address blocks:        212.116.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c2:4c:d2:29:26:7d:63:10:63:4e:6f:dd:8c:77:f2:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
        Validity
            Not Before: Oct  8 05:30:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=65c93148f812b5f04daa97ff6ca6794e51eab22c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:06:58:72:1d:a9:1d:4e:58:c5:b9:95:db:b3:
                    55:c2:5b:1a:f2:7e:c0:8c:30:f2:d9:c4:67:e9:56:
                    40:c2:44:77:d2:54:d0:d9:61:8f:1c:7f:d2:37:8c:
                    7f:20:63:07:85:73:68:8f:f3:53:d9:1f:b1:73:71:
                    a2:9c:3f:fe:e8:84:f5:54:4b:7f:d7:25:c0:48:6c:
                    fd:c2:08:e3:f6:9b:c7:47:03:29:7f:28:aa:c0:4b:
                    8a:5b:a9:c7:b8:c2:89:5d:2d:fe:c2:0c:16:64:02:
                    4e:21:84:ac:a5:ef:ee:22:75:99:c5:76:f9:1b:c8:
                    a6:ad:d3:26:da:ac:c3:e6:a3:e3:a7:c8:cf:ed:4c:
                    72:f5:0f:27:79:20:8a:69:55:d2:de:e2:57:65:c1:
                    4d:77:fd:a7:ba:44:22:f6:d3:7a:df:e7:82:01:8c:
                    fb:08:58:73:a0:ef:e8:f2:15:8f:f9:d4:3a:6a:0a:
                    a5:c4:bd:a1:1a:2d:12:e4:1e:e8:a0:c9:32:ef:3c:
                    41:00:ef:a2:98:a6:d8:0f:ac:98:2c:b8:a0:44:dc:
                    73:58:c5:5c:8d:13:f7:6d:1d:08:a6:b2:92:99:82:
                    61:21:97:98:82:0d:93:b5:4d:a2:fd:e7:2e:0b:f2:
                    65:04:82:57:67:5c:2d:b2:c1:c8:46:6d:03:e3:86:
                    e7:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:C9:31:48:F8:12:B5:F0:4D:AA:97:FF:6C:A6:79:4E:51:EA:B2:2C
            X509v3 Authority Key Identifier:
                keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/ZckxSPgStfBNqpf_bKZ5TlHqsiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.116.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:8f:e2:e9:f1:93:ff:ee:e5:b4:ca:d9:0a:ce:3f:65:eb:5c:
         59:53:7d:e7:15:35:be:b7:d3:49:1d:5d:3e:f6:59:4e:35:65:
         af:62:b1:5e:bc:44:b9:f5:6a:82:b5:b7:b9:c0:35:92:1e:a4:
         65:16:9e:bc:6a:3c:b5:18:c5:8b:b0:8e:b1:b0:74:e4:eb:cb:
         89:e7:cb:c0:99:90:f8:99:6e:be:7f:c0:29:ae:13:17:bc:8a:
         d7:25:92:3e:89:b2:cb:bc:74:f3:ab:93:5b:42:8e:63:6f:c1:
         ca:52:2e:98:a2:ed:4d:8b:1e:0a:6b:2e:0f:08:c2:7d:6f:50:
         89:cf:c4:85:cd:45:c6:70:3a:b7:da:97:b2:22:ac:a4:fb:a3:
         f0:a6:fb:5c:0e:ef:3e:78:74:ed:fc:67:10:8b:7f:e2:9d:ab:
         32:97:28:31:bb:93:d2:6d:1c:d6:1d:f3:4f:c5:d3:31:be:c0:
         3a:c7:5f:a0:1e:d3:02:cb:a9:03:08:af:05:a9:5a:2c:cc:82:
         07:79:03:92:0a:03:b7:ee:f9:91:59:81:72:50:a2:53:6d:f9:
         d0:16:cb:0a:b0:77:ec:ce:61:5f:6d:74:9e:e8:fb:c0:94:cf:
         c3:5a:ca:95:23:83:b0:8e:89:68:0a:08:18:b9:29:d4:a9:92:
         28:92:d4:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnCTNIpJn1jEGNOb92Md/LBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjUxMDA4MDUzMDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWM5MzE0OGY4MTJiNWYwNGRhYTk3ZmY2Y2E2Nzk0ZTUxZWFiMjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQZYch2pHU5YxbmV27NVwlsa8n7A
jDDy2cRn6VZAwkR30lTQ2WGPHH/SN4x/IGMHhXNoj/NT2R+xc3GinD/+6IT1VEt/
1yXASGz9wgjj9pvHRwMpfyiqwEuKW6nHuMKJXS3+wgwWZAJOIYSspe/uInWZxXb5
G8imrdMm2qzD5qPjp8jP7Uxy9Q8neSCKaVXS3uJXZcFNd/2nukQi9tN63+eCAYz7
CFhzoO/o8hWP+dQ6agqlxL2hGi0S5B7ooMky7zxBAO+imKbYD6yYLLigRNxzWMVc
jRP3bR0IprKSmYJhIZeYgg2TtU2i/ecuC/JlBIJXZ1wtssHIRm0D44bnOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGXJMUj4ErXwTaqX/2ymeU5R6rIsMB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEvWmNreFNQZ1N0ZkJOcXBmX2JLWjVUbEhxc2l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HTuMA0G
CSqGSIb3DQEBCwUAA4IBAQDTj+Lp8ZP/7uW0ytkKzj9l61xZU33nFTW+t9NJHV0+
9llONWWvYrFevES59WqCtbe5wDWSHqRlFp68ajy1GMWLsI6xsHTk68uJ58vAmZD4
mW6+f8AprhMXvIrXJZI+ibLLvHTzq5NbQo5jb8HKUi6You1Nix4Kay4PCMJ9b1CJ
z8SFzUXGcDq32peyIqyk+6PwpvtcDu8+eHTt/GcQi3/inasylygxu5PSbRzWHfNP
xdMxvsA6x1+gHtMCy6kDCK8FqVoszIIHeQOSCgO37vmRWYFyUKJTbfnQFssKsHfs
zmFfbXSe6PvAlM/DWsqVI4OwjoloCggYuSnUqZIoktSV
-----END CERTIFICATE-----