Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/e7da9a-932a-467b-b2d2-97042891eb99/1/ztZZJGj8r4t9WJVtmGb2eSruYgQ.roa
File:                     ztZZJGj8r4t9WJVtmGb2eSruYgQ.roa (raw, json)
Hash identifier:          sP6jU6FXG4aQWAWvj/yoi9JuC2AeECQOGtHEuOPJslo=
Subject key identifier:   CE:D6:59:24:68:FC:AF:8B:7D:58:95:6D:98:66:F6:79:2A:EE:62:04
Certificate issuer:       /CN=f382cb13dde12658cdac18cacae91fbbf5c58090
Certificate serial:       0199A3208A9DFB227FC34B69972EE6014E54
Authority key identifier: F3:82:CB:13:DD:E1:26:58:CD:AC:18:CA:CA:E9:1F:BB:F5:C5:80:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/84LLE93hJljNrBjKyukfu_XFgJA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/e7da9a-932a-467b-b2d2-97042891eb99/1/ztZZJGj8r4t9WJVtmGb2eSruYgQ.roa
Signing time:             Thu 02 Oct 2025 04:14:02 +0000
ROA not before:           Thu 02 Oct 2025 04:14:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213221
IP address blocks:        178.236.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/e7da9a-932a-467b-b2d2-97042891eb99/1/84LLE93hJljNrBjKyukfu_XFgJA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/e7da9a-932a-467b-b2d2-97042891eb99/1/84LLE93hJljNrBjKyukfu_XFgJA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/84LLE93hJljNrBjKyukfu_XFgJA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a3:20:8a:9d:fb:22:7f:c3:4b:69:97:2e:e6:01:4e:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f382cb13dde12658cdac18cacae91fbbf5c58090
        Validity
            Not Before: Oct  2 04:14:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ced6592468fcaf8b7d58956d9866f6792aee6204
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:99:85:44:79:c3:45:0b:fe:8d:4c:c4:cf:ac:
                    fc:e0:69:19:67:65:35:f3:dc:2d:49:2e:5c:08:f5:
                    57:e6:88:90:d1:9a:5b:9f:84:ba:8c:a1:9c:3d:28:
                    d1:03:28:2f:7c:d3:2d:18:4c:6a:06:e0:1f:49:d1:
                    bd:b0:b4:37:ea:23:7a:a5:f9:50:db:59:29:9e:92:
                    6b:49:58:5d:26:d3:cb:63:cf:81:f1:09:12:3a:5e:
                    a1:3f:62:29:5b:b7:c7:30:c7:1e:c7:1a:7d:9e:99:
                    0b:cf:63:fe:5b:af:4c:b0:a9:9d:d8:6e:b1:64:29:
                    d5:90:69:8f:f1:01:a4:08:a3:1f:9e:c7:0a:60:c5:
                    81:ea:c8:d0:91:5c:68:f6:8b:11:81:ff:b5:1b:55:
                    52:75:0a:13:27:f3:09:ab:0f:ab:f5:24:34:c5:b5:
                    06:17:20:60:e7:46:8c:ec:8b:db:03:58:d5:7e:ef:
                    29:e5:6c:86:9a:35:2a:cd:d8:6a:f5:4c:c1:56:26:
                    b7:70:37:1a:1b:05:49:01:3e:d2:93:26:6f:ec:93:
                    e8:14:c3:4e:d8:eb:9e:c9:d8:4b:6d:b2:b9:37:c1:
                    e9:72:c3:eb:a6:26:93:4f:b6:a1:99:4c:fb:75:83:
                    fc:e0:bd:78:1b:58:b8:a6:7b:86:c2:b5:c1:f7:26:
                    8f:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:D6:59:24:68:FC:AF:8B:7D:58:95:6D:98:66:F6:79:2A:EE:62:04
            X509v3 Authority Key Identifier:
                keyid:F3:82:CB:13:DD:E1:26:58:CD:AC:18:CA:CA:E9:1F:BB:F5:C5:80:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/84LLE93hJljNrBjKyukfu_XFgJA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e7da9a-932a-467b-b2d2-97042891eb99/1/ztZZJGj8r4t9WJVtmGb2eSruYgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e7da9a-932a-467b-b2d2-97042891eb99/1/84LLE93hJljNrBjKyukfu_XFgJA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:6c:c6:34:0c:bc:15:41:b5:f7:99:e9:ab:a9:8f:42:d1:49:
         bd:36:be:5f:69:46:99:f3:1a:d8:6e:a9:bf:21:42:72:42:f7:
         5a:a4:d7:22:72:72:48:35:ff:57:9f:ec:e8:b0:6a:5c:d2:1d:
         9b:e0:28:84:89:a3:3b:b6:bd:a5:ef:dd:2a:e3:b7:75:99:fc:
         dc:58:5b:29:7f:a9:b1:be:d9:7a:43:ae:54:6d:6f:c4:75:f0:
         5c:fb:fc:7e:67:f0:be:33:4b:1e:c5:11:e6:04:f2:7f:44:91:
         00:02:de:3b:ba:6b:39:5e:5a:e6:60:a7:89:68:55:98:62:eb:
         6d:6e:80:08:4d:91:36:30:d7:ce:89:e1:a1:6f:30:48:e4:47:
         8b:bd:b6:70:79:8c:04:7a:ad:24:95:27:ce:dc:e0:95:27:ac:
         07:3a:8d:38:36:2d:5e:69:fe:0a:e2:95:8a:47:34:2f:84:29:
         0f:7e:9d:6a:fb:ef:2b:3d:5b:8c:88:21:55:f2:0b:be:22:a5:
         31:42:01:db:31:fd:76:53:72:8b:38:e9:bd:5e:e4:1a:a0:6a:
         8c:58:0d:d6:1b:d2:65:19:ad:24:40:82:f5:15:0f:60:89:75:
         53:eb:15:b0:76:8c:26:8e:76:13:0b:13:63:0c:65:8e:30:02:
         2a:2f:60:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmjIIqd+yJ/w0tply7mAU5UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzODJjYjEzZGRlMTI2NThjZGFjMThjYWNhZTkxZmJiZjVj
NTgwOTAwHhcNMjUxMDAyMDQxNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWQ2NTkyNDY4ZmNhZjhiN2Q1ODk1NmQ5ODY2ZjY3OTJhZWU2MjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpmFRHnDRQv+jUzEz6z84GkZZ2U1
89wtSS5cCPVX5oiQ0Zpbn4S6jKGcPSjRAygvfNMtGExqBuAfSdG9sLQ36iN6pflQ
21kpnpJrSVhdJtPLY8+B8QkSOl6hP2IpW7fHMMcexxp9npkLz2P+W69MsKmd2G6x
ZCnVkGmP8QGkCKMfnscKYMWB6sjQkVxo9osRgf+1G1VSdQoTJ/MJqw+r9SQ0xbUG
FyBg50aM7IvbA1jVfu8p5WyGmjUqzdhq9UzBVia3cDcaGwVJAT7SkyZv7JPoFMNO
2OueydhLbbK5N8HpcsPrpiaTT7ahmUz7dYP84L14G1i4pnuGwrXB9yaPlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM7WWSRo/K+LfViVbZhm9nkq7mIEMB8GA1UdIwQY
MBaAFPOCyxPd4SZYzawYysrpH7v1xYCQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODRMTEU5M2hKbGpOckJqS3l1a2Z1X1hGZ0pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9lN2RhOWEtOTMyYS00NjdiLWIyZDIt
OTcwNDI4OTFlYjk5LzEvenRaWkpHajhyNHQ5V0pWdG1HYjJlU3J1WWdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9lN2RhOWEtOTMyYS00NjdiLWIyZDItOTcwNDI4OTFlYjk5
LzEvODRMTEU5M2hKbGpOckJqS3l1a2Z1X1hGZ0pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsuwtMA0G
CSqGSIb3DQEBCwUAA4IBAQAqbMY0DLwVQbX3memrqY9C0Um9Nr5faUaZ8xrYbqm/
IUJyQvdapNcicnJINf9Xn+zosGpc0h2b4CiEiaM7tr2l790q47d1mfzcWFspf6mx
vtl6Q65UbW/EdfBc+/x+Z/C+M0sexRHmBPJ/RJEAAt47ums5XlrmYKeJaFWYYutt
boAITZE2MNfOieGhbzBI5EeLvbZweYwEeq0klSfO3OCVJ6wHOo04Ni1eaf4K4pWK
RzQvhCkPfp1q++8rPVuMiCFV8gu+IqUxQgHbMf12U3KLOOm9XuQaoGqMWA3WG9Jl
Ga0kQIL1FQ9giXVT6xWwdowmjnYTCxNjDGWOMAIqL2Cc
-----END CERTIFICATE-----