Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/a60fe9-858d-4662-80cc-e89e02659100/1/3cYwGEYRvz1yKJhsQiVSnoCXk2c.roa
File:                     3cYwGEYRvz1yKJhsQiVSnoCXk2c.roa (raw, json)
Hash identifier:          7LKNIki25we3oiggzy3/a1vHXwiHcC9D9HO/l5A+7h0=
Subject key identifier:   DD:C6:30:18:46:11:BF:3D:72:28:98:6C:42:25:52:9E:80:97:93:67
Certificate issuer:       /CN=466496a4dba04d7ef522700061743c6c5d0ae590
Certificate serial:       0198B1DC5715368FE7C519EADA37D6204B32
Authority key identifier: 46:64:96:A4:DB:A0:4D:7E:F5:22:70:00:61:74:3C:6C:5D:0A:E5:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RmSWpNugTX71InAAYXQ8bF0K5ZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/a60fe9-858d-4662-80cc-e89e02659100/1/3cYwGEYRvz1yKJhsQiVSnoCXk2c.roa
Signing time:             Sat 16 Aug 2025 07:51:04 +0000
ROA not before:           Sat 16 Aug 2025 07:51:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5627
IP address blocks:        185.123.68.0/22 maxlen: 22
                          185.123.68.0/24 maxlen: 24
                          185.123.69.0/24 maxlen: 24
                          185.123.70.0/24 maxlen: 24
                          185.123.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/a60fe9-858d-4662-80cc-e89e02659100/1/RmSWpNugTX71InAAYXQ8bF0K5ZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/a60fe9-858d-4662-80cc-e89e02659100/1/RmSWpNugTX71InAAYXQ8bF0K5ZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RmSWpNugTX71InAAYXQ8bF0K5ZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 10:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b1:dc:57:15:36:8f:e7:c5:19:ea:da:37:d6:20:4b:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=466496a4dba04d7ef522700061743c6c5d0ae590
        Validity
            Not Before: Aug 16 07:51:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ddc630184611bf3d7228986c4225529e80979367
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:16:d7:57:38:1f:b7:d8:90:56:a4:3b:af:54:
                    93:04:77:57:65:99:be:1c:36:d4:fc:58:96:74:0b:
                    e5:41:52:ce:9b:09:fd:26:2c:2b:84:8f:32:11:2c:
                    49:28:a7:3a:d8:f5:ea:fb:c3:67:22:27:7c:ae:02:
                    a1:73:7d:4f:28:47:e1:56:f0:b0:11:cf:b8:dd:32:
                    b4:5a:3d:71:4a:8b:a7:8a:78:4d:5d:96:52:07:34:
                    08:b3:f8:cc:7a:35:8d:79:67:e3:87:ab:73:eb:ad:
                    e9:24:11:9d:1a:3e:62:ca:2d:54:93:f7:51:8b:17:
                    48:fb:a2:ef:93:e8:f9:1f:52:24:4a:f7:94:a2:40:
                    24:a7:b7:57:d1:9e:40:2f:92:d9:fa:86:49:15:7a:
                    12:db:d5:91:ce:41:71:0e:cb:c7:90:bb:9d:d1:c3:
                    64:ea:03:2d:92:a5:a0:79:c4:db:5e:d6:3a:f7:d5:
                    f3:4b:10:40:ef:d2:f2:db:20:5a:00:4e:7c:97:0c:
                    6d:1e:18:68:44:fe:c3:d0:8d:a1:bf:3f:d5:43:bf:
                    79:05:7c:69:f6:b6:56:24:3c:d8:1d:de:ce:b4:79:
                    57:92:05:39:0d:1d:9d:28:34:8e:a9:29:cb:4d:3e:
                    04:80:8d:d5:2e:df:8c:18:2f:56:f3:24:56:ff:0e:
                    6d:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:C6:30:18:46:11:BF:3D:72:28:98:6C:42:25:52:9E:80:97:93:67
            X509v3 Authority Key Identifier:
                keyid:46:64:96:A4:DB:A0:4D:7E:F5:22:70:00:61:74:3C:6C:5D:0A:E5:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RmSWpNugTX71InAAYXQ8bF0K5ZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/a60fe9-858d-4662-80cc-e89e02659100/1/3cYwGEYRvz1yKJhsQiVSnoCXk2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/a60fe9-858d-4662-80cc-e89e02659100/1/RmSWpNugTX71InAAYXQ8bF0K5ZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.123.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:fa:22:bc:5d:58:b8:1d:e7:36:6e:96:d4:93:ec:f6:96:db:
         05:2d:6f:27:30:4d:f0:c1:d4:a8:c3:33:ea:4c:05:ce:92:98:
         cd:2f:82:15:19:21:43:77:9f:0d:a2:5e:8e:a2:9a:af:90:ba:
         86:c3:88:9e:5e:45:65:75:30:fd:c5:b6:4f:76:40:5f:20:15:
         a0:e4:ea:3a:e0:fc:18:39:ed:43:66:f1:14:b1:73:d2:96:bb:
         41:2b:3e:61:d6:54:a9:5e:8e:e0:74:31:f0:14:c5:67:f4:09:
         16:3c:94:92:b2:48:31:1f:0a:29:24:44:7f:59:0e:35:3e:91:
         43:70:30:4a:00:a9:66:07:f0:99:e1:b4:dd:f9:47:d7:79:e3:
         a1:c0:6e:a4:60:c9:fc:02:88:6e:98:e8:17:aa:ad:3e:b3:66:
         90:df:85:ca:47:ae:ef:4e:bf:a0:52:00:b8:f3:b2:99:3b:ec:
         54:c9:10:1b:6a:76:95:81:30:3d:23:0e:6a:e1:00:b2:28:9a:
         e3:74:fb:e7:c6:9b:c8:76:04:dc:6a:7f:2c:62:0c:a5:46:9f:
         ea:92:7c:51:13:29:72:c7:81:83:ef:c1:5f:52:21:45:95:32:
         b4:87:50:c3:03:00:07:6c:5d:98:b4:ce:75:44:b6:00:dc:b0:
         69:2d:5a:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZix3FcVNo/nxRnq2jfWIEsyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NjQ5NmE0ZGJhMDRkN2VmNTIyNzAwMDYxNzQzYzZjNWQw
YWU1OTAwHhcNMjUwODE2MDc1MTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGM2MzAxODQ2MTFiZjNkNzIyODk4NmM0MjI1NTI5ZTgwOTc5MzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhbXVzgft9iQVqQ7r1STBHdXZZm+
HDbU/FiWdAvlQVLOmwn9JiwrhI8yESxJKKc62PXq+8NnIid8rgKhc31PKEfhVvCw
Ec+43TK0Wj1xSouninhNXZZSBzQIs/jMejWNeWfjh6tz663pJBGdGj5iyi1Uk/dR
ixdI+6Lvk+j5H1IkSveUokAkp7dX0Z5AL5LZ+oZJFXoS29WRzkFxDsvHkLud0cNk
6gMtkqWgecTbXtY699XzSxBA79Ly2yBaAE58lwxtHhhoRP7D0I2hvz/VQ795BXxp
9rZWJDzYHd7OtHlXkgU5DR2dKDSOqSnLTT4EgI3VLt+MGC9W8yRW/w5tXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN3GMBhGEb89ciiYbEIlUp6Al5NnMB8GA1UdIwQY
MBaAFEZklqTboE1+9SJwAGF0PGxdCuWQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm1TV3BOdWdUWDcxSW5BQVlYUThiRjBLNVpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9hNjBmZTktODU4ZC00NjYyLTgwY2Mt
ZTg5ZTAyNjU5MTAwLzEvM2NZd0dFWVJ2ejF5S0poc1FpVlNub0NYazJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9hNjBmZTktODU4ZC00NjYyLTgwY2MtZTg5ZTAyNjU5MTAw
LzEvUm1TV3BOdWdUWDcxSW5BQVlYUThiRjBLNVpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXtEMA0G
CSqGSIb3DQEBCwUAA4IBAQBM+iK8XVi4Hec2bpbUk+z2ltsFLW8nME3wwdSowzPq
TAXOkpjNL4IVGSFDd58Nol6OopqvkLqGw4ieXkVldTD9xbZPdkBfIBWg5Oo64PwY
Oe1DZvEUsXPSlrtBKz5h1lSpXo7gdDHwFMVn9AkWPJSSskgxHwopJER/WQ41PpFD
cDBKAKlmB/CZ4bTd+UfXeeOhwG6kYMn8AohumOgXqq0+s2aQ34XKR67vTr+gUgC4
87KZO+xUyRAbanaVgTA9Iw5q4QCyKJrjdPvnxpvIdgTcan8sYgylRp/qknxREyly
x4GD78FfUiFFlTK0h1DDAwAHbF2YtM51RLYA3LBpLVrT
-----END CERTIFICATE-----