Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/bce915-0783-4a54-8c45-52cba97d9b9e/1/DnzCg_u4NFNmMwRYc8qXyMIRWiY.roa
File:                     DnzCg_u4NFNmMwRYc8qXyMIRWiY.roa (raw, json)
Hash identifier:          xF2+ZjEPkdHENu1uFlay4DzSYMCWEitq04qek3Yq/2s=
Subject key identifier:   0E:7C:C2:83:FB:B8:34:53:66:33:04:58:73:CA:97:C8:C2:11:5A:26
Certificate issuer:       /CN=d91786a069e4934b2681bb8e9b3738079b24ef65
Certificate serial:       019851380EA171578F8B2BE119CC4717EA97
Authority key identifier: D9:17:86:A0:69:E4:93:4B:26:81:BB:8E:9B:37:38:07:9B:24:EF:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2ReGoGnkk0smgbuOmzc4B5sk72U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/bce915-0783-4a54-8c45-52cba97d9b9e/1/DnzCg_u4NFNmMwRYc8qXyMIRWiY.roa
Signing time:             Mon 28 Jul 2025 13:28:04 +0000
ROA not before:           Mon 28 Jul 2025 13:28:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214526
IP address blocks:        212.108.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/bce915-0783-4a54-8c45-52cba97d9b9e/1/2ReGoGnkk0smgbuOmzc4B5sk72U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/bce915-0783-4a54-8c45-52cba97d9b9e/1/2ReGoGnkk0smgbuOmzc4B5sk72U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2ReGoGnkk0smgbuOmzc4B5sk72U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 23:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:51:38:0e:a1:71:57:8f:8b:2b:e1:19:cc:47:17:ea:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d91786a069e4934b2681bb8e9b3738079b24ef65
        Validity
            Not Before: Jul 28 13:28:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e7cc283fbb834536633045873ca97c8c2115a26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:68:81:f9:fc:6b:10:9b:79:30:47:2c:dd:c5:
                    37:c9:50:21:07:06:8f:7e:7e:f3:38:fa:cf:89:9a:
                    ce:b2:20:1c:2c:3f:e9:ca:df:14:d1:c9:c0:9d:4b:
                    8e:c4:40:e3:b4:a2:f3:97:71:d8:27:a7:54:13:fa:
                    b6:f8:c2:2f:61:08:23:25:72:bb:98:d1:06:8e:43:
                    94:2e:e4:8b:12:52:eb:49:e7:6e:4c:bd:fd:68:5b:
                    21:2d:f9:47:ae:8c:9d:78:c9:71:39:1f:3f:ca:13:
                    b8:71:46:b9:d7:a6:c5:4c:74:77:ed:cc:12:fe:5c:
                    43:2d:5f:a4:2a:bd:7d:0a:bd:65:d2:1f:77:47:ff:
                    68:42:77:c9:ea:ee:8b:d9:26:b9:ee:cb:60:e9:d6:
                    fd:8a:d8:22:3d:e7:0c:30:a5:66:48:c2:48:ed:ca:
                    49:c4:17:b2:ab:ea:8f:de:44:b1:7c:b5:fe:30:fd:
                    05:6c:9d:5c:23:5d:55:9b:16:b7:ad:02:2c:01:18:
                    66:07:e5:9c:3a:76:c2:cb:26:d9:34:cd:c9:d3:13:
                    f8:ef:4d:02:38:bb:84:97:ea:72:80:8a:cd:6d:e0:
                    60:a2:66:2e:ee:f0:27:40:aa:24:72:9c:03:b3:66:
                    45:42:57:a5:63:3c:3d:31:24:53:71:3f:7a:c9:b7:
                    dd:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:7C:C2:83:FB:B8:34:53:66:33:04:58:73:CA:97:C8:C2:11:5A:26
            X509v3 Authority Key Identifier:
                keyid:D9:17:86:A0:69:E4:93:4B:26:81:BB:8E:9B:37:38:07:9B:24:EF:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2ReGoGnkk0smgbuOmzc4B5sk72U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/bce915-0783-4a54-8c45-52cba97d9b9e/1/DnzCg_u4NFNmMwRYc8qXyMIRWiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/bce915-0783-4a54-8c45-52cba97d9b9e/1/2ReGoGnkk0smgbuOmzc4B5sk72U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.108.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:ce:98:a4:c4:69:5c:41:23:38:a6:50:e8:41:43:5f:da:37:
         a7:67:8d:bc:e9:0c:7b:09:35:a7:06:a0:1b:62:48:b8:c1:77:
         d2:27:bf:3c:46:71:5d:38:f8:46:2e:89:b8:74:7d:60:96:0a:
         a8:70:06:7e:44:86:35:59:8f:cf:20:e6:8e:bf:78:f2:21:03:
         0a:51:ad:03:c2:e2:21:d2:66:37:e5:0b:2a:8f:1e:02:64:76:
         82:1b:00:c2:72:51:45:df:38:07:7b:58:c2:a0:c3:8f:92:67:
         af:8a:12:96:76:08:0b:6d:23:70:59:53:b3:82:1d:da:2d:51:
         be:79:52:9f:91:fc:8f:5a:3b:78:56:7a:22:34:52:ef:a6:8d:
         3a:05:22:5d:95:3c:ea:9b:86:28:e4:31:e0:23:cc:05:7c:03:
         07:9b:bd:89:9f:c0:e6:75:dd:37:10:41:11:d0:a7:ce:d9:93:
         17:9d:db:61:9e:26:ad:bb:df:0c:ac:e6:bf:d9:49:fa:79:5b:
         62:28:d4:3d:72:91:13:c2:97:69:99:21:43:1f:da:ea:cb:ed:
         b1:1e:df:e8:d2:6c:b3:94:be:27:2c:1d:f0:ef:59:09:65:c5:
         a7:6a:19:25:0e:b2:2d:dd:b9:08:0f:09:44:08:44:76:86:c8:
         b9:06:1c:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhROA6hcVePiyvhGcxHF+qXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5MTc4NmEwNjllNDkzNGIyNjgxYmI4ZTliMzczODA3OWIy
NGVmNjUwHhcNMjUwNzI4MTMyODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTdjYzI4M2ZiYjgzNDUzNjYzMzA0NTg3M2NhOTdjOGMyMTE1YTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2iB+fxrEJt5MEcs3cU3yVAhBwaP
fn7zOPrPiZrOsiAcLD/pyt8U0cnAnUuOxEDjtKLzl3HYJ6dUE/q2+MIvYQgjJXK7
mNEGjkOULuSLElLrSeduTL39aFshLflHroydeMlxOR8/yhO4cUa516bFTHR37cwS
/lxDLV+kKr19Cr1l0h93R/9oQnfJ6u6L2Sa57stg6db9itgiPecMMKVmSMJI7cpJ
xBeyq+qP3kSxfLX+MP0FbJ1cI11Vmxa3rQIsARhmB+WcOnbCyybZNM3J0xP4700C
OLuEl+pygIrNbeBgomYu7vAnQKokcpwDs2ZFQlelYzw9MSRTcT96ybfdYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA58woP7uDRTZjMEWHPKl8jCEVomMB8GA1UdIwQY
MBaAFNkXhqBp5JNLJoG7jps3OAebJO9lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlJlR29HbmtrMHNtZ2J1T216YzRCNXNrNzJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9iY2U5MTUtMDc4My00YTU0LThjNDUt
NTJjYmE5N2Q5YjllLzEvRG56Q2dfdTRORk5tTXdSWWM4cVh5TUlSV2lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9iY2U5MTUtMDc4My00YTU0LThjNDUtNTJjYmE5N2Q5Yjll
LzEvMlJlR29HbmtrMHNtZ2J1T216YzRCNXNrNzJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GxhMA0G
CSqGSIb3DQEBCwUAA4IBAQBxzpikxGlcQSM4plDoQUNf2jenZ4286Qx7CTWnBqAb
Yki4wXfSJ788RnFdOPhGLom4dH1glgqocAZ+RIY1WY/PIOaOv3jyIQMKUa0DwuIh
0mY35Qsqjx4CZHaCGwDCclFF3zgHe1jCoMOPkmevihKWdggLbSNwWVOzgh3aLVG+
eVKfkfyPWjt4VnoiNFLvpo06BSJdlTzqm4Yo5DHgI8wFfAMHm72Jn8Dmdd03EEER
0KfO2ZMXndthniatu98MrOa/2Un6eVtiKNQ9cpETwpdpmSFDH9rqy+2xHt/o0myz
lL4nLB3w71kJZcWnahklDrIt3bkIDwlECER2hsi5BhyM
-----END CERTIFICATE-----