Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/oz-gpVKEUvOG9fOS01I-1A1aI-Y.roa
File:                     oz-gpVKEUvOG9fOS01I-1A1aI-Y.roa (raw, json)
Hash identifier:          0NG9CVuIlSmbnaNtm7cZXsbOMNvpcIJrtm880P+NpNc=
Subject key identifier:   A3:3F:A0:A5:52:84:52:F3:86:F5:F3:92:D3:52:3E:D4:0D:5A:23:E6
Certificate issuer:       /CN=b3d5ec1516ee6dc19d1e5c3998cb7e7a646f715a
Certificate serial:       0197CCEB9D91DDE272F3771ED4C411E80845
Authority key identifier: B3:D5:EC:15:16:EE:6D:C1:9D:1E:5C:39:98:CB:7E:7A:64:6F:71:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s9XsFRbubcGdHlw5mMt-emRvcVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/oz-gpVKEUvOG9fOS01I-1A1aI-Y.roa
Signing time:             Wed 02 Jul 2025 20:54:42 +0000
ROA not before:           Wed 02 Jul 2025 20:54:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206120
IP address blocks:        185.155.175.0/24 maxlen: 24
                          2a0f:b0c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/s9XsFRbubcGdHlw5mMt-emRvcVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/s9XsFRbubcGdHlw5mMt-emRvcVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s9XsFRbubcGdHlw5mMt-emRvcVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:cc:eb:9d:91:dd:e2:72:f3:77:1e:d4:c4:11:e8:08:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3d5ec1516ee6dc19d1e5c3998cb7e7a646f715a
        Validity
            Not Before: Jul  2 20:54:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a33fa0a5528452f386f5f392d3523ed40d5a23e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:8d:b1:0e:0d:8c:b7:be:94:72:81:24:98:0b:
                    d9:33:61:a8:33:fe:bd:44:6a:96:ea:58:dd:14:a0:
                    07:c6:a6:d2:5f:21:ca:82:04:a3:c6:46:bc:63:df:
                    40:94:08:4b:19:fc:3d:ea:a7:71:cd:8d:d6:90:9e:
                    a2:48:e1:01:ea:44:02:a6:5e:fd:a3:fa:6b:3f:9a:
                    c2:71:ed:de:88:7c:ee:32:2e:c1:52:f6:b9:7b:94:
                    3c:5d:87:d2:ed:2e:97:87:45:6f:d2:84:72:3b:37:
                    6a:ef:2b:04:2c:70:4c:41:e0:11:b1:d4:3f:b1:40:
                    7d:0c:46:c6:e0:18:55:3a:a6:56:30:94:1d:56:96:
                    d3:e0:0e:1a:17:36:94:b0:aa:e8:b4:c5:de:4f:3b:
                    ee:8b:f8:58:29:1f:9c:11:9b:ff:cf:59:89:e0:b8:
                    52:58:e6:c6:df:6c:91:e7:ca:4d:40:45:9d:c6:0e:
                    61:18:1d:40:d8:da:46:56:b6:bf:5a:79:6d:6a:7f:
                    ac:81:cb:6a:9a:36:f8:83:d5:b6:b5:fa:13:45:09:
                    2c:4c:ef:96:29:d8:39:80:1e:2c:09:b6:06:c3:13:
                    f2:de:ca:c2:0f:16:b9:b3:c9:fe:25:e2:ab:fd:d7:
                    c9:e1:d4:d5:c8:9a:21:08:1c:22:a2:4b:b8:76:7d:
                    ff:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:3F:A0:A5:52:84:52:F3:86:F5:F3:92:D3:52:3E:D4:0D:5A:23:E6
            X509v3 Authority Key Identifier:
                keyid:B3:D5:EC:15:16:EE:6D:C1:9D:1E:5C:39:98:CB:7E:7A:64:6F:71:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s9XsFRbubcGdHlw5mMt-emRvcVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/oz-gpVKEUvOG9fOS01I-1A1aI-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/s9XsFRbubcGdHlw5mMt-emRvcVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.175.0/24
                IPv6:
                  2a0f:b0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         af:15:e6:14:be:86:f0:58:e0:9d:62:4f:20:92:93:61:fe:c8:
         18:ab:fe:d2:13:77:b7:d2:86:75:f5:fd:d0:79:e8:8f:71:2d:
         84:97:6c:f0:ba:6a:e9:f9:0a:de:ac:bc:bf:89:7d:02:cd:d6:
         55:b0:2a:58:fd:66:ea:a3:4c:d3:e5:d9:2b:89:51:ac:09:0b:
         66:7e:5f:d5:f8:75:6f:3d:5f:a1:82:8e:51:32:e6:d0:38:7a:
         44:ec:42:14:b9:d3:6d:5b:d4:68:94:6a:40:f7:83:cf:49:d5:
         c6:98:d9:ee:a5:92:49:d4:2d:24:ff:66:40:62:36:c9:62:0c:
         23:30:2c:c6:f3:47:49:35:9f:52:f4:0a:79:c8:3b:e1:db:41:
         12:81:e5:d9:11:12:46:4a:be:95:a8:b1:71:29:ee:ae:fd:82:
         50:9f:c5:79:ec:53:de:fd:1d:36:09:e2:67:c3:1b:d5:01:0a:
         3c:46:be:7b:de:e0:ea:c6:73:b7:2f:cd:41:73:3d:55:a9:a2:
         f9:bd:17:08:2c:f3:b2:67:d9:31:98:42:8d:b7:91:ad:12:51:
         ce:a6:4f:6e:0e:c4:15:3f:d0:4e:a5:5e:00:5e:9f:9e:67:ac:
         1a:43:a9:ec:b3:f1:82:a1:03:db:e1:ff:12:40:0f:1c:63:e8:
         f1:27:df:33
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZfM652R3eJy83ce1MQR6AhFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZDVlYzE1MTZlZTZkYzE5ZDFlNWMzOTk4Y2I3ZTdhNjQ2
ZjcxNWEwHhcNMjUwNzAyMjA1NDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzNmYTBhNTUyODQ1MmYzODZmNWYzOTJkMzUyM2VkNDBkNWEyM2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0I2xDg2Mt76UcoEkmAvZM2GoM/69
RGqW6ljdFKAHxqbSXyHKggSjxka8Y99AlAhLGfw96qdxzY3WkJ6iSOEB6kQCpl79
o/prP5rCce3eiHzuMi7BUva5e5Q8XYfS7S6Xh0Vv0oRyOzdq7ysELHBMQeARsdQ/
sUB9DEbG4BhVOqZWMJQdVpbT4A4aFzaUsKrotMXeTzvui/hYKR+cEZv/z1mJ4LhS
WObG32yR58pNQEWdxg5hGB1A2NpGVra/Wnltan+sgctqmjb4g9W2tfoTRQksTO+W
Kdg5gB4sCbYGwxPy3srCDxa5s8n+JeKr/dfJ4dTVyJohCBwioku4dn3/MwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKM/oKVShFLzhvXzktNSPtQNWiPmMB8GA1UdIwQY
MBaAFLPV7BUW7m3BnR5cOZjLfnpkb3FaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczlYc0ZSYnViY0dkSGx3NW1NdC1lbVJ2Y1ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8zYWQ3Y2MtM2MwOC00YjcyLTg3MGEt
NmMzMDVhNmRiYWI5LzEvb3otZ3BWS0VVdk9HOWZPUzAxSS0xQTFhSS1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8zYWQ3Y2MtM2MwOC00YjcyLTg3MGEtNmMzMDVhNmRiYWI5
LzEvczlYc0ZSYnViY0dkSGx3NW1NdC1lbVJ2Y1ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuZuvMA0E
AgACMAcDBQMqD7DAMA0GCSqGSIb3DQEBCwUAA4IBAQCvFeYUvobwWOCdYk8gkpNh
/sgYq/7SE3e30oZ19f3QeeiPcS2El2zwumrp+QrerLy/iX0CzdZVsCpY/Wbqo0zT
5dkriVGsCQtmfl/V+HVvPV+hgo5RMubQOHpE7EIUudNtW9RolGpA94PPSdXGmNnu
pZJJ1C0k/2ZAYjbJYgwjMCzG80dJNZ9S9Ap5yDvh20ESgeXZERJGSr6VqLFxKe6u
/YJQn8V57FPe/R02CeJnwxvVAQo8Rr573uDqxnO3L81Bcz1VqaL5vRcILPOyZ9kx
mEKNt5GtElHOpk9uDsQVP9BOpV4AXp+eZ6waQ6nss/GCoQPb4f8SQA8cY+jxJ98z
-----END CERTIFICATE-----