Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/J1c1yp2_GZKBjoLFXqb0Zqcaxcg.roa
File:                     J1c1yp2_GZKBjoLFXqb0Zqcaxcg.roa (raw, json)
Hash identifier:          qG1WvOYUuXteb+k9gBh8cZ6MT9AiGx21xU8WTTUq6+0=
Subject key identifier:   27:57:35:CA:9D:BF:19:92:81:8E:82:C5:5E:A6:F4:66:A7:1A:C5:C8
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019934D4F5B9EC4E21B572B3106590C2DE33
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/J1c1yp2_GZKBjoLFXqb0Zqcaxcg.roa
Signing time:             Wed 10 Sep 2025 18:13:15 +0000
ROA not before:           Wed 10 Sep 2025 18:13:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12844
IP address blocks:        45.85.107.0/24 maxlen: 24
                          185.217.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 01:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:34:d4:f5:b9:ec:4e:21:b5:72:b3:10:65:90:c2:de:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Sep 10 18:13:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=275735ca9dbf1992818e82c55ea6f466a71ac5c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:8c:ff:bc:22:55:a0:ee:dc:7d:43:9d:fc:07:
                    a9:78:97:f2:bf:ea:a8:9e:ab:56:27:61:ea:28:52:
                    30:c9:04:cd:25:0c:f6:df:99:35:00:f7:8a:cb:01:
                    ec:a1:9f:0b:f2:a6:26:61:20:f6:fb:5e:d5:ad:c1:
                    f3:e0:50:4c:44:c2:2d:ed:6b:cc:f5:c7:37:2d:96:
                    f9:b1:84:31:9a:b4:18:78:e9:3d:ea:3a:a0:70:d0:
                    c2:4b:f8:fa:d4:b1:41:8b:43:80:cb:67:67:cf:fe:
                    06:a0:6a:75:03:a5:7d:11:5c:10:f8:50:5d:87:1a:
                    49:61:cc:76:70:31:47:e1:46:76:7b:ff:54:0f:d7:
                    4c:47:73:b5:b0:44:61:e8:bc:05:2a:7d:ac:5b:64:
                    e8:fd:cd:aa:bb:57:c2:7b:f7:4e:d2:ab:2d:b8:65:
                    f8:63:11:cc:5d:cb:80:74:a2:a5:92:7a:d9:aa:68:
                    36:3a:43:35:18:9f:8c:96:35:1a:20:33:ef:d2:9f:
                    bf:e4:28:bf:4e:fe:91:70:45:c4:1e:49:99:ee:60:
                    ab:c1:ae:36:30:8b:31:41:b8:e9:55:bc:03:48:cf:
                    f7:7d:99:51:94:2b:d3:c2:0b:30:fc:98:2a:77:74:
                    f9:6e:6f:98:05:d6:c6:06:69:32:28:b4:15:bd:4b:
                    d0:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:57:35:CA:9D:BF:19:92:81:8E:82:C5:5E:A6:F4:66:A7:1A:C5:C8
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/J1c1yp2_GZKBjoLFXqb0Zqcaxcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.107.0/24
                  185.217.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:f0:01:e0:f0:81:e1:cd:43:d1:45:87:ea:ba:2d:a7:3b:47:
         50:e1:09:7a:54:38:af:99:ff:00:6b:b3:8b:cf:9f:6a:03:fd:
         f9:a1:fe:85:e8:4a:7d:5e:c1:7b:49:2c:2c:b0:9c:3f:c6:b5:
         21:f1:be:8f:90:47:e6:79:19:e7:57:b5:10:9b:d1:bb:4b:3a:
         6d:d0:20:66:4a:15:a4:ad:1d:fb:00:bc:42:b5:44:f4:98:9c:
         1d:da:fb:b9:8f:27:ce:8a:a1:21:08:60:25:6f:26:3d:e3:2c:
         f2:7e:f3:b1:ea:17:80:5b:cb:84:98:77:82:c9:12:08:de:d3:
         33:18:20:0b:f7:da:df:be:c6:37:16:9a:33:da:8c:86:58:dd:
         3b:7e:15:b4:5e:08:57:d1:a1:2e:6c:54:ee:40:9a:a7:ba:26:
         d4:c0:c0:fa:73:38:44:f2:f8:fd:9d:b7:9a:da:c6:8e:56:64:
         b1:64:8c:59:18:4c:84:23:7d:9f:0d:1a:1c:c9:ac:af:d7:14:
         23:40:28:ee:ca:6f:b6:2b:b7:e9:a9:63:1a:7c:42:40:bd:fb:
         ab:6f:2c:67:9a:49:1e:93:ba:ef:75:89:9d:d7:8f:bd:34:15:
         03:29:72:3b:e8:10:d3:eb:a3:72:04:ca:c1:fd:e9:8f:74:19:
         ec:bb:ce:f0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZk01PW57E4htXKzEGWQwt4zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwOTEwMTgxMzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzU3MzVjYTlkYmYxOTkyODE4ZTgyYzU1ZWE2ZjQ2NmE3MWFjNWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Iz/vCJVoO7cfUOd/AepeJfyv+qo
nqtWJ2HqKFIwyQTNJQz235k1APeKywHsoZ8L8qYmYSD2+17VrcHz4FBMRMIt7WvM
9cc3LZb5sYQxmrQYeOk96jqgcNDCS/j61LFBi0OAy2dnz/4GoGp1A6V9EVwQ+FBd
hxpJYcx2cDFH4UZ2e/9UD9dMR3O1sERh6LwFKn2sW2To/c2qu1fCe/dO0qstuGX4
YxHMXcuAdKKlknrZqmg2OkM1GJ+MljUaIDPv0p+/5Ci/Tv6RcEXEHkmZ7mCrwa42
MIsxQbjpVbwDSM/3fZlRlCvTwgsw/Jgqd3T5bm+YBdbGBmkyKLQVvUvQ3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCdXNcqdvxmSgY6CxV6m9GanGsXIMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvSjFjMXlwMl9HWktCam9MRlhxYjBacWNheGNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVVrAwQA
udl3MA0GCSqGSIb3DQEBCwUAA4IBAQAv8AHg8IHhzUPRRYfqui2nO0dQ4Ql6VDiv
mf8Aa7OLz59qA/35of6F6Ep9XsF7SSwssJw/xrUh8b6PkEfmeRnnV7UQm9G7Szpt
0CBmShWkrR37ALxCtUT0mJwd2vu5jyfOiqEhCGAlbyY94yzyfvOx6heAW8uEmHeC
yRII3tMzGCAL99rfvsY3Fpoz2oyGWN07fhW0XghX0aEubFTuQJqnuibUwMD6czhE
8vj9nbea2saOVmSxZIxZGEyEI32fDRocyayv1xQjQCjuym+2K7fpqWMafEJAvfur
byxnmkkek7rvdYmd14+9NBUDKXI76BDT66NyBMrB/emPdBnsu87w
-----END CERTIFICATE-----