Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/ZUCSxG1Mf3vh6H-OdsaFlysq2PI.roa
File:                     ZUCSxG1Mf3vh6H-OdsaFlysq2PI.roa (raw, json)
Hash identifier:          fnkgnNhLxDo5d76SFWWtb+XXfJOw/8ACHDWRYq3npqo=
Subject key identifier:   65:40:92:C4:6D:4C:7F:7B:E1:E8:7F:8E:76:C6:85:97:2B:2A:D8:F2
Certificate issuer:       /CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
Certificate serial:       01989E50613D7652DD677C37DC7E4C2E27FE
Authority key identifier: 95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/ZUCSxG1Mf3vh6H-OdsaFlysq2PI.roa
Signing time:             Tue 12 Aug 2025 12:45:24 +0000
ROA not before:           Tue 12 Aug 2025 12:45:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214309
IP address blocks:        45.112.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9e:50:61:3d:76:52:dd:67:7c:37:dc:7e:4c:2e:27:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
        Validity
            Not Before: Aug 12 12:45:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=654092c46d4c7f7be1e87f8e76c685972b2ad8f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:16:17:17:95:d0:53:2e:49:c6:a1:56:44:63:
                    0a:05:b9:90:4e:f6:c1:06:a9:fc:82:95:dc:dc:7f:
                    57:52:cf:d5:33:12:7a:ae:9a:48:94:2d:6b:af:aa:
                    39:a5:94:0d:71:1e:d4:43:bc:57:bd:a2:b4:43:cb:
                    77:46:d8:45:b8:9a:85:0d:47:26:bc:18:74:d7:ca:
                    f9:57:00:e9:b2:bf:c4:af:a0:ee:00:b0:d0:fa:81:
                    ab:09:3f:7e:9d:0e:ae:58:5c:2a:1d:15:71:f6:0b:
                    7a:71:50:a4:8f:ce:93:14:93:5d:7e:cf:be:ad:17:
                    44:93:b7:36:77:80:1f:7a:43:a1:a1:d4:12:49:e5:
                    c9:ff:78:5e:34:39:2b:42:99:4f:67:fd:e8:37:ba:
                    ae:e4:34:cc:c1:d0:ba:74:f6:09:97:91:c7:5b:40:
                    c0:30:3e:82:ec:43:6e:8b:5c:3c:e1:55:23:cf:1b:
                    41:30:fa:ae:4d:4a:74:35:cb:f1:6e:b2:fa:5a:31:
                    74:04:6e:f2:fd:01:ef:27:70:1e:ba:6d:49:55:ee:
                    0c:71:4b:c8:f5:2d:1e:ce:32:9e:b0:a1:1a:cb:ba:
                    8c:15:13:78:bb:1f:69:7e:e0:77:c1:2b:a1:1e:67:
                    41:3e:f8:ba:53:77:ed:22:26:20:86:6a:a1:32:da:
                    d1:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:40:92:C4:6D:4C:7F:7B:E1:E8:7F:8E:76:C6:85:97:2B:2A:D8:F2
            X509v3 Authority Key Identifier:
                keyid:95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/ZUCSxG1Mf3vh6H-OdsaFlysq2PI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.112.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:42:b8:f9:f0:e7:71:ee:c6:12:06:8f:ee:0c:d3:59:a3:25:
         dc:bb:4b:a0:b6:54:d4:0d:bf:5f:e6:68:63:ff:18:d0:00:d9:
         0a:b2:b1:60:62:f2:d3:89:e6:4b:6f:38:49:5d:e1:39:33:68:
         bd:90:19:f5:f8:82:2f:9c:65:b0:b7:c9:b7:df:de:79:e1:19:
         64:1b:8e:09:e7:c3:54:04:3a:15:c5:75:40:0a:22:b6:b7:33:
         92:01:05:a8:00:20:db:26:37:a6:74:6b:ae:bf:49:90:70:d1:
         35:2c:4c:54:4d:1e:40:77:7e:11:fa:2a:e7:16:88:75:81:be:
         c4:93:c0:5d:8b:19:29:cc:90:c8:6e:44:bb:e3:f3:e2:2a:eb:
         15:c8:e5:79:0a:2a:df:0f:ca:75:94:4b:68:17:80:89:51:18:
         5a:49:79:f3:25:cc:44:a0:f3:c6:09:8a:26:b7:9d:58:95:e5:
         f9:fb:86:9f:6b:3c:30:17:a8:3d:70:11:c5:1e:b1:6d:8b:1f:
         a2:76:c0:7e:da:44:97:d2:a7:c1:79:ca:57:ea:77:46:b9:c3:
         43:97:32:af:d8:39:43:47:c9:22:44:01:20:66:e8:b1:1d:8f:
         01:a8:fe:4f:46:44:b6:c8:ef:19:7e:36:29:3a:d6:24:29:be:
         16:46:1d:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZieUGE9dlLdZ3w33H5MLif+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjJhYjY3OTIyY2UwMjc1ZThjNjFhYmZhODJkMmE3NTRh
ZjZkYzQwHhcNMjUwODEyMTI0NTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTQwOTJjNDZkNGM3ZjdiZTFlODdmOGU3NmM2ODU5NzJiMmFkOGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1BYXF5XQUy5JxqFWRGMKBbmQTvbB
Bqn8gpXc3H9XUs/VMxJ6rppIlC1rr6o5pZQNcR7UQ7xXvaK0Q8t3RthFuJqFDUcm
vBh018r5VwDpsr/Er6DuALDQ+oGrCT9+nQ6uWFwqHRVx9gt6cVCkj86TFJNdfs++
rRdEk7c2d4AfekOhodQSSeXJ/3heNDkrQplPZ/3oN7qu5DTMwdC6dPYJl5HHW0DA
MD6C7ENui1w84VUjzxtBMPquTUp0NcvxbrL6WjF0BG7y/QHvJ3Aeum1JVe4McUvI
9S0ezjKesKEay7qMFRN4ux9pfuB3wSuhHmdBPvi6U3ftIiYghmqhMtrRPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGVAksRtTH974eh/jnbGhZcrKtjyMB8GA1UdIwQY
MBaAFJUiq2eSLOAnXoxhq/qC0qdUr23EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEt
ZTUyNmE5NDA5ZmI4LzEvWlVDU3hHMU1mM3ZoNkgtT2RzYUZseXNxMlBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEtZTUyNmE5NDA5ZmI4
LzEvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALXDAMA0G
CSqGSIb3DQEBCwUAA4IBAQCeQrj58Odx7sYSBo/uDNNZoyXcu0ugtlTUDb9f5mhj
/xjQANkKsrFgYvLTieZLbzhJXeE5M2i9kBn1+IIvnGWwt8m339554RlkG44J58NU
BDoVxXVACiK2tzOSAQWoACDbJjemdGuuv0mQcNE1LExUTR5Ad34R+irnFoh1gb7E
k8BdixkpzJDIbkS74/PiKusVyOV5CirfD8p1lEtoF4CJURhaSXnzJcxEoPPGCYom
t51YleX5+4afazwwF6g9cBHFHrFtix+idsB+2kSX0qfBecpX6ndGucNDlzKv2DlD
R8kiRAEgZuixHY8BqP5PRkS2yO8ZfjYpOtYkKb4WRh28
-----END CERTIFICATE-----