Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/15f95c-b0b6-4522-8ea0-55beafa4bb29/1/zUvaZsb6AAcGs5bszD-Bq4oB3BE.roa
File:                     zUvaZsb6AAcGs5bszD-Bq4oB3BE.roa (raw, json)
Hash identifier:          2T5+Ho1mw99m4EQU26GsTeUM3Ju0dbCS0haz/aa2sBA=
Subject key identifier:   CD:4B:DA:66:C6:FA:00:07:06:B3:96:EC:CC:3F:81:AB:8A:01:DC:11
Certificate issuer:       /CN=ee9ccd38a5d6496880bc094706e68fa04fa2cd96
Certificate serial:       01986099F79E95CBF096B3AC5B0BE713867D
Authority key identifier: EE:9C:CD:38:A5:D6:49:68:80:BC:09:47:06:E6:8F:A0:4F:A2:CD:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7pzNOKXWSWiAvAlHBuaPoE-izZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/15f95c-b0b6-4522-8ea0-55beafa4bb29/1/zUvaZsb6AAcGs5bszD-Bq4oB3BE.roa
Signing time:             Thu 31 Jul 2025 13:09:19 +0000
ROA not before:           Thu 31 Jul 2025 13:09:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213417
IP address blocks:        37.58.28.0/24 maxlen: 24
                          45.10.56.0/24 maxlen: 24
                          2a14:ff00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/15f95c-b0b6-4522-8ea0-55beafa4bb29/1/7pzNOKXWSWiAvAlHBuaPoE-izZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/15f95c-b0b6-4522-8ea0-55beafa4bb29/1/7pzNOKXWSWiAvAlHBuaPoE-izZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7pzNOKXWSWiAvAlHBuaPoE-izZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 19:03:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:60:99:f7:9e:95:cb:f0:96:b3:ac:5b:0b:e7:13:86:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee9ccd38a5d6496880bc094706e68fa04fa2cd96
        Validity
            Not Before: Jul 31 13:09:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd4bda66c6fa000706b396eccc3f81ab8a01dc11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:76:cc:00:35:d7:91:a6:c8:1a:2c:3e:71:db:
                    cf:e7:bb:56:08:b4:83:58:73:56:2f:af:b6:49:a5:
                    85:4d:aa:61:cd:3b:e6:0b:f7:41:d1:88:ca:2a:3e:
                    6b:6e:d6:4b:ca:59:ad:f1:0c:b2:b4:72:7c:af:9a:
                    1d:f9:f0:d0:cf:43:5c:5c:80:89:1a:89:96:8c:2c:
                    7a:3a:b4:6b:22:9d:0c:d1:72:4c:c1:03:d0:f7:17:
                    b1:e3:e5:bb:37:c3:c1:db:0d:6a:af:b3:2f:2e:2b:
                    6e:f3:2b:62:43:a8:a1:ae:cf:35:0f:98:11:56:23:
                    b8:a2:2b:b2:f2:1e:90:93:96:00:f8:6e:78:09:84:
                    ab:b3:53:ef:a5:cd:4b:28:a4:2d:91:02:cb:bf:e2:
                    08:1f:c9:d9:1d:9e:42:8a:08:d7:09:c4:f2:0b:da:
                    b1:86:6f:b4:4e:48:0f:82:de:c8:c3:f7:c3:a2:c3:
                    6e:f3:9b:88:2d:2c:a3:1b:d1:3a:1c:1a:56:90:57:
                    bb:36:d2:63:30:a5:68:52:18:db:36:18:73:23:54:
                    e1:8d:c0:78:20:ed:0c:f2:9b:eb:2a:bf:3c:97:28:
                    ad:38:b9:a7:de:b9:c3:b0:fd:88:9e:89:46:55:ab:
                    14:d3:ae:a0:11:97:5a:d3:8c:1b:d8:44:dd:a4:88:
                    55:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:4B:DA:66:C6:FA:00:07:06:B3:96:EC:CC:3F:81:AB:8A:01:DC:11
            X509v3 Authority Key Identifier:
                keyid:EE:9C:CD:38:A5:D6:49:68:80:BC:09:47:06:E6:8F:A0:4F:A2:CD:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7pzNOKXWSWiAvAlHBuaPoE-izZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/15f95c-b0b6-4522-8ea0-55beafa4bb29/1/zUvaZsb6AAcGs5bszD-Bq4oB3BE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/15f95c-b0b6-4522-8ea0-55beafa4bb29/1/7pzNOKXWSWiAvAlHBuaPoE-izZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.58.28.0/24
                  45.10.56.0/24
                IPv6:
                  2a14:ff00::/29

    Signature Algorithm: sha256WithRSAEncryption
         7d:91:2d:87:2a:10:7d:f0:42:88:52:8d:e9:5a:71:1e:5e:86:
         a6:21:09:ce:df:2f:6b:a2:c8:59:40:2c:cd:b8:35:47:9f:9a:
         c3:68:86:24:87:01:1d:59:a9:ae:3c:b6:ff:c1:33:58:1b:65:
         0d:af:96:ae:2f:6c:e3:f8:84:f3:3a:75:2a:63:7d:87:2e:1d:
         c1:90:b9:a5:97:33:4c:87:78:30:33:1c:fb:dd:27:91:c1:61:
         c1:ac:11:a2:c4:a1:d5:25:b5:83:b0:a0:4b:90:81:02:1b:b2:
         2e:fb:12:25:d2:a3:99:57:e3:f4:59:db:1a:c9:aa:19:7d:fa:
         db:0c:e7:61:63:ca:a4:38:51:d0:14:bc:71:f1:e8:38:cb:75:
         7f:b1:32:e7:5d:39:58:59:5d:13:1d:cd:bb:e2:9c:56:a4:e0:
         40:4a:bd:95:1c:39:25:a0:7a:0b:1d:27:a3:97:6d:f0:90:c0:
         0e:6c:b6:de:40:f7:55:d8:6b:cd:f4:3b:e7:fa:a2:08:55:16:
         58:95:43:b1:7a:3a:96:3e:ba:44:d7:a6:88:a2:07:8b:10:da:
         f8:35:bc:75:48:65:05:48:7b:b7:3f:8f:71:e1:27:c8:55:a0:
         41:5b:73:e7:68:13:d1:61:65:10:8e:bb:2d:6e:76:ea:16:a6:
         c6:fd:20:24
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZhgmfeelcvwlrOsWwvnE4Z9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlOWNjZDM4YTVkNjQ5Njg4MGJjMDk0NzA2ZTY4ZmEwNGZh
MmNkOTYwHhcNMjUwNzMxMTMwOTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDRiZGE2NmM2ZmEwMDA3MDZiMzk2ZWNjYzNmODFhYjhhMDFkYzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXbMADXXkabIGiw+cdvP57tWCLSD
WHNWL6+2SaWFTaphzTvmC/dB0YjKKj5rbtZLylmt8QyytHJ8r5od+fDQz0NcXICJ
GomWjCx6OrRrIp0M0XJMwQPQ9xex4+W7N8PB2w1qr7MvLitu8ytiQ6ihrs81D5gR
ViO4oiuy8h6Qk5YA+G54CYSrs1Pvpc1LKKQtkQLLv+IIH8nZHZ5CigjXCcTyC9qx
hm+0TkgPgt7Iw/fDosNu85uILSyjG9E6HBpWkFe7NtJjMKVoUhjbNhhzI1ThjcB4
IO0M8pvrKr88lyitOLmn3rnDsP2InolGVasU066gEZda04wb2ETdpIhVeQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFM1L2mbG+gAHBrOW7Mw/gauKAdwRMB8GA1UdIwQY
MBaAFO6czTil1klogLwJRwbmj6BPos2WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3B6Tk9LWFdTV2lBdkFsSEJ1YVBvRS1pelpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8xNWY5NWMtYjBiNi00NTIyLThlYTAt
NTViZWFmYTRiYjI5LzEvelV2YVpzYjZBQWNHczVic3pELUJxNG9CM0JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8xNWY5NWMtYjBiNi00NTIyLThlYTAtNTViZWFmYTRiYjI5
LzEvN3B6Tk9LWFdTV2lBdkFsSEJ1YVBvRS1pelpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAJTocAwQA
LQo4MA0EAgACMAcDBQMqFP8AMA0GCSqGSIb3DQEBCwUAA4IBAQB9kS2HKhB98EKI
Uo3pWnEeXoamIQnO3y9roshZQCzNuDVHn5rDaIYkhwEdWamuPLb/wTNYG2UNr5au
L2zj+ITzOnUqY32HLh3BkLmllzNMh3gwMxz73SeRwWHBrBGixKHVJbWDsKBLkIEC
G7Iu+xIl0qOZV+P0WdsayaoZffrbDOdhY8qkOFHQFLxx8eg4y3V/sTLnXTlYWV0T
Hc274pxWpOBASr2VHDkloHoLHSejl23wkMAObLbeQPdV2GvN9Dvn+qIIVRZYlUOx
ejqWPrpE16aIogeLENr4Nbx1SGUFSHu3P49x4SfIVaBBW3PnaBPRYWUQjrstbnbq
FqbG/SAk
-----END CERTIFICATE-----