Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/3_ZiNbcF_l_fHARs-V4muQ6S87I.roa
File:                     3_ZiNbcF_l_fHARs-V4muQ6S87I.roa (raw, json)
Hash identifier:          u01NktxURzNoH0tA5SjsqobM+AcImV1Of4eOpnXlaxk=
Subject key identifier:   DF:F6:62:35:B7:05:FE:5F:DF:1C:04:6C:F9:5E:26:B9:0E:92:F3:B2
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       019791DEBDC907FCEF28B7A48E516538B8C3
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/3_ZiNbcF_l_fHARs-V4muQ6S87I.roa
Signing time:             Sat 21 Jun 2025 09:43:03 +0000
ROA not before:           Sat 21 Jun 2025 09:43:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     147293
IP address blocks:        45.146.232.0/23 maxlen: 23
                          45.146.232.0/24 maxlen: 24
                          45.146.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:91:de:bd:c9:07:fc:ef:28:b7:a4:8e:51:65:38:b8:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Jun 21 09:43:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dff66235b705fe5fdf1c046cf95e26b90e92f3b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:fe:2a:6b:2d:29:5b:7a:49:22:e6:38:e9:d9:
                    a1:b0:5a:44:09:96:b3:4f:b4:2d:a4:33:c6:64:dc:
                    d8:9c:62:67:e4:16:5a:9f:cf:00:c8:71:cf:4c:f3:
                    1d:ac:c5:b2:96:8f:00:e3:46:55:3d:a1:72:5e:82:
                    5e:56:3a:11:e0:06:ca:28:91:05:f2:b4:9e:f0:72:
                    a4:70:4b:97:63:44:1e:e6:8e:cf:35:c8:d3:4d:44:
                    22:d8:ff:6a:94:ff:8e:f8:b0:a7:fb:53:22:74:2c:
                    cf:fd:56:43:15:a6:fb:f3:03:4c:1c:99:67:ec:07:
                    35:e4:3e:02:67:a4:7f:db:33:fd:0a:49:0b:b3:ad:
                    3f:9d:ed:39:01:14:d4:75:1f:64:59:69:e9:01:e3:
                    33:76:ed:c5:15:26:23:84:f1:9b:ab:a1:c3:71:0a:
                    30:87:08:da:bf:88:27:d4:22:bc:4f:de:a4:7d:a3:
                    14:8d:ec:79:16:96:ed:aa:09:aa:7e:4e:12:4a:da:
                    ad:1f:3f:a0:6d:ec:73:04:15:86:ce:29:c8:f2:42:
                    26:97:fa:9b:5e:a6:78:1d:95:ec:91:db:5d:48:5c:
                    88:ca:86:1c:56:91:95:cc:40:a6:49:f4:9a:24:e4:
                    be:5a:08:4e:b8:79:80:60:96:dc:3e:1d:9c:e2:93:
                    09:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:F6:62:35:B7:05:FE:5F:DF:1C:04:6C:F9:5E:26:B9:0E:92:F3:B2
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/3_ZiNbcF_l_fHARs-V4muQ6S87I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a2:ca:66:a9:c8:f9:78:10:2a:b1:8e:b6:31:5d:79:13:c2:bd:
         48:c3:2e:60:6c:38:1d:67:64:a6:ea:44:04:ce:8d:54:32:e1:
         18:50:8b:07:08:60:59:40:70:2d:5e:64:4b:05:a1:3f:30:88:
         3c:38:2c:2e:92:67:d1:b3:48:86:12:a6:9a:2d:65:27:f5:1f:
         7a:29:9c:c6:5d:46:1d:a1:9a:74:3a:f8:5e:7e:c6:8b:17:16:
         a9:4b:42:9c:85:65:53:65:55:5c:16:be:d0:26:33:72:74:c1:
         db:29:06:99:78:28:85:bf:5e:78:d3:b7:25:18:af:1e:6f:62:
         50:aa:ed:f0:bd:da:6d:6d:ab:65:22:12:a2:df:d4:4c:f4:96:
         60:1b:65:7d:86:75:bd:5d:44:f1:14:b3:4c:0b:07:e8:97:a5:
         a4:bb:e9:85:24:b9:87:fb:96:f8:a1:5c:17:0b:6c:8d:fc:70:
         8f:56:9b:46:41:d2:bd:34:51:a3:02:ff:c3:ba:c6:aa:d3:02:
         1d:0b:12:36:30:bf:21:95:d7:4e:6a:80:4a:9a:8f:65:ce:7f:
         9b:db:c1:40:ab:52:8e:8a:36:04:2f:5f:97:ab:b7:15:ae:7a:
         83:2f:ee:d0:18:3c:9c:55:0b:54:87:f7:9e:89:87:dc:3b:a2:
         4c:72:ca:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeR3r3JB/zvKLekjlFlOLjDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjUwNjIxMDk0MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmY2NjIzNWI3MDVmZTVmZGYxYzA0NmNmOTVlMjZiOTBlOTJmM2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP4qay0pW3pJIuY46dmhsFpECZaz
T7QtpDPGZNzYnGJn5BZan88AyHHPTPMdrMWylo8A40ZVPaFyXoJeVjoR4AbKKJEF
8rSe8HKkcEuXY0Qe5o7PNcjTTUQi2P9qlP+O+LCn+1MidCzP/VZDFab78wNMHJln
7Ac15D4CZ6R/2zP9CkkLs60/ne05ARTUdR9kWWnpAeMzdu3FFSYjhPGbq6HDcQow
hwjav4gn1CK8T96kfaMUjex5Fpbtqgmqfk4SStqtHz+gbexzBBWGzinI8kIml/qb
XqZ4HZXskdtdSFyIyoYcVpGVzECmSfSaJOS+WghOuHmAYJbcPh2c4pMJRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/2YjW3Bf5f3xwEbPleJrkOkvOyMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvM19aaU5iY0ZfbF9mSEFScy1WNG11UTZTODdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZLoMA0G
CSqGSIb3DQEBCwUAA4IBAQCiymapyPl4ECqxjrYxXXkTwr1Iwy5gbDgdZ2Sm6kQE
zo1UMuEYUIsHCGBZQHAtXmRLBaE/MIg8OCwukmfRs0iGEqaaLWUn9R96KZzGXUYd
oZp0OvhefsaLFxapS0KchWVTZVVcFr7QJjNydMHbKQaZeCiFv15407clGK8eb2JQ
qu3wvdptbatlIhKi39RM9JZgG2V9hnW9XUTxFLNMCwfol6Wku+mFJLmH+5b4oVwX
C2yN/HCPVptGQdK9NFGjAv/Dusaq0wIdCxI2ML8hlddOaoBKmo9lzn+b28FAq1KO
ijYEL1+Xq7cVrnqDL+7QGDycVQtUh/eeiYfcO6JMcspm
-----END CERTIFICATE-----