Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/zo7mxq2v2o0aNKJKvVs8XzMAoSo.roa
File:                     zo7mxq2v2o0aNKJKvVs8XzMAoSo.roa (raw, json)
Hash identifier:          hDK25txovgb427j58Xr748zftbcgjP77JZ1VaXHts3o=
Subject key identifier:   CE:8E:E6:C6:AD:AF:DA:8D:1A:34:A2:4A:BD:5B:3C:5F:33:00:A1:2A
Certificate issuer:       /CN=3263787fd0f94b37813eef16bc8137423ee3fef3
Certificate serial:       0198ACB9A521B63BEC99B0A09D85308AAF46
Authority key identifier: 32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/zo7mxq2v2o0aNKJKvVs8XzMAoSo.roa
Signing time:             Fri 15 Aug 2025 07:55:04 +0000
ROA not before:           Fri 15 Aug 2025 07:55:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        37.44.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ac:b9:a5:21:b6:3b:ec:99:b0:a0:9d:85:30:8a:af:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3263787fd0f94b37813eef16bc8137423ee3fef3
        Validity
            Not Before: Aug 15 07:55:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce8ee6c6adafda8d1a34a24abd5b3c5f3300a12a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:2d:ed:c8:09:cd:d1:ff:8e:bd:ad:e8:7c:2d:
                    65:b1:f1:06:92:53:58:e6:f4:c6:ee:1a:21:27:e2:
                    3f:be:85:0e:dc:a0:3d:29:2c:ab:aa:ba:17:de:f0:
                    76:25:b6:dc:ee:14:91:d4:a4:ed:ec:a8:0b:95:6f:
                    f0:c3:1e:86:bc:2f:76:8c:55:52:d1:a9:3f:13:00:
                    40:8b:7f:09:42:83:05:4d:22:10:06:5e:a8:b5:4c:
                    54:95:16:7c:9a:7f:d1:80:48:79:3b:00:f1:8c:f0:
                    b6:94:b5:b7:3f:93:3c:7c:43:fd:3a:77:c3:80:22:
                    1b:5a:73:46:05:99:e8:d9:f4:1d:d2:86:b3:85:6c:
                    a9:44:98:36:70:c3:b3:cb:80:6e:26:75:44:37:4b:
                    e2:57:55:ac:b4:a5:ac:2c:03:9b:a4:09:04:5d:91:
                    58:74:1e:81:25:fb:e6:3a:30:6c:22:ea:84:95:c4:
                    82:24:60:7d:ab:94:85:7b:10:35:95:67:3f:ed:c1:
                    c6:7a:a7:62:69:74:60:fd:5c:65:17:fb:70:b3:b9:
                    7b:b9:26:9d:f8:e8:56:52:c6:b7:78:9a:cc:15:cf:
                    ca:09:10:82:5c:60:1d:02:69:6d:d4:ce:e5:af:5c:
                    e5:c8:ad:5f:0b:9b:43:e1:4d:1e:5e:9d:94:bc:54:
                    0f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:8E:E6:C6:AD:AF:DA:8D:1A:34:A2:4A:BD:5B:3C:5F:33:00:A1:2A
            X509v3 Authority Key Identifier:
                keyid:32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/zo7mxq2v2o0aNKJKvVs8XzMAoSo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.44.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:88:8e:37:cf:09:bd:2b:7e:3a:d8:89:9f:6b:50:5d:47:b4:
         3e:3f:8a:b4:05:16:73:1a:9d:5c:27:88:8a:54:99:cb:ba:97:
         df:fd:31:30:5b:05:de:c2:31:95:ba:ac:4e:53:26:60:94:ea:
         14:35:7d:74:78:f3:f0:b7:52:b8:ca:44:e7:5b:9e:6f:12:13:
         21:d3:c6:b5:df:9d:34:91:56:3b:b0:b3:d8:1e:08:c8:e3:a3:
         a2:aa:6e:e8:60:ca:d6:82:33:92:d0:a0:b7:39:16:f1:23:f9:
         a5:8f:b4:4f:ea:54:36:89:aa:85:22:d1:d9:e4:8b:a8:45:22:
         91:16:9c:cf:89:21:ec:ea:cf:9d:73:18:57:4e:67:4e:1e:cd:
         f7:c4:d4:7b:bd:4c:f4:51:7f:6f:f4:4d:d6:29:b0:f1:fa:53:
         1e:4c:db:3b:bf:77:aa:bd:fa:c1:a0:d9:5f:9e:28:0d:fa:6b:
         78:07:eb:1b:84:4c:79:e6:3f:89:a8:83:ba:d0:93:a9:15:2d:
         a2:e7:36:40:85:23:e5:d8:d7:8a:74:a6:a3:98:54:26:03:af:
         94:7f:dc:9b:68:d2:ae:72:29:d9:67:50:24:ef:32:f8:0b:c9:
         34:4a:be:a2:c9:0f:a4:5a:7a:a3:a2:6a:c1:bf:2b:e3:71:4a:
         bb:ad:4d:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZisuaUhtjvsmbCgnYUwiq9GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNjM3ODdmZDBmOTRiMzc4MTNlZWYxNmJjODEzNzQyM2Vl
M2ZlZjMwHhcNMjUwODE1MDc1NTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZThlZTZjNmFkYWZkYThkMWEzNGEyNGFiZDViM2M1ZjMzMDBhMTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApS3tyAnN0f+Ova3ofC1lsfEGklNY
5vTG7hohJ+I/voUO3KA9KSyrqroX3vB2Jbbc7hSR1KTt7KgLlW/wwx6GvC92jFVS
0ak/EwBAi38JQoMFTSIQBl6otUxUlRZ8mn/RgEh5OwDxjPC2lLW3P5M8fEP9OnfD
gCIbWnNGBZno2fQd0oazhWypRJg2cMOzy4BuJnVEN0viV1WstKWsLAObpAkEXZFY
dB6BJfvmOjBsIuqElcSCJGB9q5SFexA1lWc/7cHGeqdiaXRg/VxlF/tws7l7uSad
+OhWUsa3eJrMFc/KCRCCXGAdAmlt1M7lr1zlyK1fC5tD4U0eXp2UvFQPxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM6O5satr9qNGjSiSr1bPF8zAKEqMB8GA1UdIwQY
MBaAFDJjeH/Q+Us3gT7vFryBN0I+4/7zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2Qt
NTk1ZTBiZjVjNjEzLzEvem83bXhxMnYybzBhTktKS3ZWczhYek1Bb1NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2QtNTk1ZTBiZjVjNjEz
LzEvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJSzkMA0G
CSqGSIb3DQEBCwUAA4IBAQByiI43zwm9K3462Imfa1BdR7Q+P4q0BRZzGp1cJ4iK
VJnLupff/TEwWwXewjGVuqxOUyZglOoUNX10ePPwt1K4ykTnW55vEhMh08a13500
kVY7sLPYHgjI46Oiqm7oYMrWgjOS0KC3ORbxI/mlj7RP6lQ2iaqFItHZ5IuoRSKR
FpzPiSHs6s+dcxhXTmdOHs33xNR7vUz0UX9v9E3WKbDx+lMeTNs7v3eqvfrBoNlf
nigN+mt4B+sbhEx55j+JqIO60JOpFS2i5zZAhSPl2NeKdKajmFQmA6+Uf9ybaNKu
cinZZ1Ak7zL4C8k0Sr6iyQ+kWnqjomrBvyvjcUq7rU2H
-----END CERTIFICATE-----