Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/SZVcNCnRZtNl1j3kPdelbWpYh_A.roa
File:                     SZVcNCnRZtNl1j3kPdelbWpYh_A.roa (raw, json)
Hash identifier:          oiD+Ta4HYG9nR8eDhSGgIJVMtjBQzSUMsY1Fa5Ny7u4=
Subject key identifier:   49:95:5C:34:29:D1:66:D3:65:D6:3D:E4:3D:D7:A5:6D:6A:58:87:F0
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0198D13D32FA771D4C635B2F8E6AE31CED30
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/SZVcNCnRZtNl1j3kPdelbWpYh_A.roa
Signing time:             Fri 22 Aug 2025 10:05:05 +0000
ROA not before:           Fri 22 Aug 2025 10:05:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213791
IP address blocks:        37.202.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 09:25:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d1:3d:32:fa:77:1d:4c:63:5b:2f:8e:6a:e3:1c:ed:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Aug 22 10:05:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=49955c3429d166d365d63de43dd7a56d6a5887f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a7:e8:0d:f1:b3:5f:d8:dd:f3:e8:30:12:0a:
                    68:16:83:14:0a:40:99:5d:fc:7e:22:20:c0:b4:bc:
                    35:3a:2c:b8:61:13:5d:a3:06:c4:b9:20:36:73:2c:
                    60:70:80:cd:7a:c7:9d:71:c4:ea:4d:0a:b9:99:ca:
                    6c:ba:56:20:16:a1:5e:67:cc:f7:27:a6:c2:c5:2c:
                    de:c5:b9:32:28:1e:0c:7a:d1:ed:cc:54:98:f7:49:
                    3e:f0:e2:22:44:5a:cc:e0:7b:14:b8:ff:cf:be:98:
                    90:82:af:7e:22:24:03:7a:c8:80:d3:b5:8d:8a:e5:
                    8e:b3:1c:37:31:d0:db:da:73:09:45:1e:49:4a:af:
                    8b:74:37:e1:1f:09:a7:2c:87:83:4b:82:77:20:ec:
                    36:b7:b9:05:74:ae:d2:8c:b8:a0:6c:f9:90:4c:bb:
                    3a:0f:bd:72:0a:27:36:17:dd:28:44:09:ef:fe:a2:
                    08:08:54:c7:bc:e7:17:0c:36:23:03:08:77:14:3f:
                    66:21:a0:8c:a9:30:06:4b:8e:69:f1:3a:40:a0:4c:
                    f4:c7:29:ea:d2:3b:b0:59:0f:52:da:d4:0c:48:0c:
                    da:f5:04:69:b1:7d:75:c9:fe:38:90:f6:a5:8f:3d:
                    c4:b2:32:63:7e:dc:52:70:93:bf:0a:87:8b:16:78:
                    ea:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:95:5C:34:29:D1:66:D3:65:D6:3D:E4:3D:D7:A5:6D:6A:58:87:F0
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/SZVcNCnRZtNl1j3kPdelbWpYh_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:4e:d1:ee:83:cc:2d:90:22:44:f4:2d:ff:52:70:77:35:46:
         da:d4:af:dd:57:87:03:cc:f1:0a:f1:34:98:9b:66:7d:8b:7c:
         25:71:ce:1e:5f:64:b9:f1:23:54:95:d5:35:b4:63:f5:db:c4:
         e1:ce:01:09:dc:91:7e:f5:37:dc:78:d8:a4:b4:91:df:83:f6:
         40:e2:55:8a:d7:fe:be:3c:a5:ec:a1:9d:32:13:46:f6:68:1b:
         a2:e3:dd:62:45:26:1a:5e:38:da:d0:9c:e1:13:0a:5a:c3:d3:
         a0:41:dc:d6:f5:48:02:92:74:6f:70:97:cd:b0:3d:69:42:9a:
         bb:f1:c5:af:3a:7b:76:8d:12:5c:36:3b:e6:e9:67:3b:ef:98:
         62:fd:e6:ed:9c:af:e2:1e:40:04:f0:a7:63:d2:63:cc:a3:26:
         55:71:1c:91:2b:1b:95:1b:0d:c4:ed:f6:bf:8d:75:1c:f4:11:
         b6:a6:6c:98:98:d6:69:5b:35:c2:fd:30:27:ba:c5:99:14:c9:
         96:97:4e:3b:68:c2:e3:b4:29:70:36:76:4e:e2:2d:95:a3:e6:
         21:4c:08:79:ea:0a:ba:be:fc:fc:3f:2e:f5:66:2c:52:b6:f0:
         69:28:56:8f:b3:22:07:c0:32:d3:d8:67:cb:30:7c:7a:47:ff:
         9c:8d:7a:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjRPTL6dx1MY1svjmrjHO0wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwODIyMTAwNTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTk1NWMzNDI5ZDE2NmQzNjVkNjNkZTQzZGQ3YTU2ZDZhNTg4N2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKfoDfGzX9jd8+gwEgpoFoMUCkCZ
Xfx+IiDAtLw1Oiy4YRNdowbEuSA2cyxgcIDNesedccTqTQq5mcpsulYgFqFeZ8z3
J6bCxSzexbkyKB4MetHtzFSY90k+8OIiRFrM4HsUuP/PvpiQgq9+IiQDesiA07WN
iuWOsxw3MdDb2nMJRR5JSq+LdDfhHwmnLIeDS4J3IOw2t7kFdK7SjLigbPmQTLs6
D71yCic2F90oRAnv/qIICFTHvOcXDDYjAwh3FD9mIaCMqTAGS45p8TpAoEz0xynq
0juwWQ9S2tQMSAza9QRpsX11yf44kPaljz3EsjJjftxScJO/CoeLFnjqpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEmVXDQp0WbTZdY95D3XpW1qWIfwMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvU1pWY05DblJadE5sMWoza1BkZWxiV3BZaF9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJcrNMA0G
CSqGSIb3DQEBCwUAA4IBAQAUTtHug8wtkCJE9C3/UnB3NUba1K/dV4cDzPEK8TSY
m2Z9i3wlcc4eX2S58SNUldU1tGP128ThzgEJ3JF+9TfceNiktJHfg/ZA4lWK1/6+
PKXsoZ0yE0b2aBui491iRSYaXjja0JzhEwpaw9OgQdzW9UgCknRvcJfNsD1pQpq7
8cWvOnt2jRJcNjvm6Wc775hi/ebtnK/iHkAE8Kdj0mPMoyZVcRyRKxuVGw3E7fa/
jXUc9BG2pmyYmNZpWzXC/TAnusWZFMmWl047aMLjtClwNnZO4i2Vo+YhTAh56gq6
vvz8Py71ZixStvBpKFaPsyIHwDLT2GfLMHx6R/+cjXp+
-----END CERTIFICATE-----