Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/dJQPbgWI8AmReeTutcEKP6qgZao.roa
File:                     dJQPbgWI8AmReeTutcEKP6qgZao.roa (raw, json)
Hash identifier:          zLJcx+TLfGEvrOgBlevkyn93Y9f1C7t89t2Tys0y/dw=
Subject key identifier:   74:94:0F:6E:05:88:F0:09:91:79:E4:EE:B5:C1:0A:3F:AA:A0:65:AA
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0197A59C1A7E20DA246EBADDD0897EBC6C13
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/dJQPbgWI8AmReeTutcEKP6qgZao.roa
Signing time:             Wed 25 Jun 2025 05:42:40 +0000
ROA not before:           Wed 25 Jun 2025 05:42:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400696
IP address blocks:        45.133.0.0/24 maxlen: 24
                          89.33.14.0/24 maxlen: 24
                          2a10:7405::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a5:9c:1a:7e:20:da:24:6e:ba:dd:d0:89:7e:bc:6c:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jun 25 05:42:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74940f6e0588f0099179e4eeb5c10a3faaa065aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:13:5c:3f:ee:16:ae:98:42:f9:f7:6d:3c:74:
                    20:46:56:5c:c2:07:9b:ca:7d:bc:e6:2f:1f:36:d2:
                    c9:02:d1:80:4e:09:e8:25:e4:c1:2b:a1:25:d5:da:
                    69:d0:ac:6b:11:b9:02:7a:7d:38:51:00:08:82:aa:
                    27:04:9e:7f:23:65:c5:89:c5:39:81:5b:98:a4:14:
                    09:4a:3e:88:61:f7:b4:7d:ed:69:0c:2f:62:61:39:
                    cb:99:0c:0c:48:3b:c5:84:f9:b1:77:17:a6:0b:3d:
                    32:c7:6d:51:0d:f2:94:29:c3:d5:a3:80:4c:9e:92:
                    da:02:0a:3c:5b:1a:de:cb:a8:4c:90:fe:7b:d4:f6:
                    54:31:29:6b:94:d0:d2:11:ba:47:35:76:e6:a6:c0:
                    d4:22:b6:81:48:e6:57:47:5e:93:15:9a:53:41:b8:
                    4c:19:08:f1:d2:04:6e:37:23:21:a1:3c:2c:74:0e:
                    13:58:7e:45:77:e4:76:d1:77:15:50:5a:f6:02:f7:
                    79:a2:2f:30:8d:0f:5f:f1:4c:5f:6a:14:1c:cf:22:
                    ae:38:43:fb:53:a2:05:de:9b:c3:d8:65:43:e3:49:
                    6b:3a:23:85:32:b8:2c:f3:4d:13:83:68:c1:62:e7:
                    20:3e:1a:8a:94:5c:cc:dd:1a:4f:2a:f7:23:9e:f4:
                    0b:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:94:0F:6E:05:88:F0:09:91:79:E4:EE:B5:C1:0A:3F:AA:A0:65:AA
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/dJQPbgWI8AmReeTutcEKP6qgZao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.0.0/24
                  89.33.14.0/24
                IPv6:
                  2a10:7405::/32

    Signature Algorithm: sha256WithRSAEncryption
         49:22:14:66:d9:6d:3d:32:2f:e7:03:43:05:0a:41:11:ac:eb:
         88:12:9f:27:d9:ab:9e:ec:ca:f9:37:10:ef:94:1f:d7:b6:52:
         79:67:00:25:9a:78:73:67:ad:32:1a:9c:98:94:e3:3d:74:a7:
         1e:32:f3:dd:a7:79:ca:8f:e9:db:a2:2c:b3:f8:57:4f:a7:5b:
         b2:31:61:e4:f8:69:ff:50:fb:82:43:d0:3e:2d:4e:0a:55:ff:
         cb:ee:80:c8:8e:af:05:e3:3a:35:f2:b4:e9:9a:4f:54:5f:85:
         d8:b0:48:0b:3e:aa:2e:05:05:9d:52:30:e2:0b:4e:03:2b:dd:
         91:16:a8:d9:7f:20:19:10:a5:80:79:24:cd:a7:10:e7:1f:07:
         e9:a3:01:83:df:5f:66:51:d3:61:82:7f:41:3d:67:4a:9a:2b:
         4f:b5:97:2d:ac:1b:13:1a:68:0e:41:6e:4e:f8:ee:96:ab:e8:
         81:e3:e7:c1:4a:54:0a:0c:80:b1:32:36:da:86:4e:f4:a0:34:
         a0:18:29:25:a6:10:e9:c1:1d:f2:70:aa:62:9d:65:3b:c0:c0:
         dc:9c:03:52:4d:db:3e:67:46:76:eb:e4:c8:0b:e1:b6:f1:48:
         23:bb:e4:cc:d7:6e:65:c0:da:25:42:74:4d:2c:f0:53:70:52:
         ee:75:4c:25
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZelnBp+INokbrrd0Il+vGwTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwNjI1MDU0MjQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDk0MGY2ZTA1ODhmMDA5OTE3OWU0ZWViNWMxMGEzZmFhYTA2NWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxNcP+4WrphC+fdtPHQgRlZcwgeb
yn285i8fNtLJAtGATgnoJeTBK6El1dpp0KxrEbkCen04UQAIgqonBJ5/I2XFicU5
gVuYpBQJSj6IYfe0fe1pDC9iYTnLmQwMSDvFhPmxdxemCz0yx21RDfKUKcPVo4BM
npLaAgo8Wxrey6hMkP571PZUMSlrlNDSEbpHNXbmpsDUIraBSOZXR16TFZpTQbhM
GQjx0gRuNyMhoTwsdA4TWH5Fd+R20XcVUFr2Avd5oi8wjQ9f8UxfahQczyKuOEP7
U6IF3pvD2GVD40lrOiOFMrgs800Tg2jBYucgPhqKlFzM3RpPKvcjnvQLXQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHSUD24FiPAJkXnk7rXBCj+qoGWqMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvZEpRUGJnV0k4QW1SZWVUdXRjRUtQNnFnWmFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQALYUAAwQA
WSEOMA0EAgACMAcDBQAqEHQFMA0GCSqGSIb3DQEBCwUAA4IBAQBJIhRm2W09Mi/n
A0MFCkERrOuIEp8n2aue7Mr5NxDvlB/XtlJ5ZwAlmnhzZ60yGpyYlOM9dKceMvPd
p3nKj+nboiyz+FdPp1uyMWHk+Gn/UPuCQ9A+LU4KVf/L7oDIjq8F4zo18rTpmk9U
X4XYsEgLPqouBQWdUjDiC04DK92RFqjZfyAZEKWAeSTNpxDnHwfpowGD319mUdNh
gn9BPWdKmitPtZctrBsTGmgOQW5O+O6Wq+iB4+fBSlQKDICxMjbahk70oDSgGCkl
phDpwR3ycKpinWU7wMDcnANSTds+Z0Z26+TIC+G28Ugju+TM125lwNolQnRNLPBT
cFLudUwl
-----END CERTIFICATE-----