Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/b2nv7c16taiMY7lqlyo1vW0yars.roa
File:                     b2nv7c16taiMY7lqlyo1vW0yars.roa (raw, json)
Hash identifier:          cEulSKA26PCcgT5q7VJTUwPAnJnY+2U0A9I6b42tRhY=
Subject key identifier:   6F:69:EF:ED:CD:7A:B5:A8:8C:63:B9:6A:97:2A:35:BD:6D:32:6A:BB
Certificate issuer:       /CN=588cabf6f523f26e267db03b524347841aaaa465
Certificate serial:       0197A64CCCF17BEB9A1DB37513CE2229A252
Authority key identifier: 58:8C:AB:F6:F5:23:F2:6E:26:7D:B0:3B:52:43:47:84:1A:AA:A4:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIyr9vUj8m4mfbA7UkNHhBqqpGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/b2nv7c16taiMY7lqlyo1vW0yars.roa
Signing time:             Wed 25 Jun 2025 08:55:40 +0000
ROA not before:           Wed 25 Jun 2025 08:55:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202916
IP address blocks:        86.109.20.0/24 maxlen: 24
                          2a04:1cc0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/WIyr9vUj8m4mfbA7UkNHhBqqpGU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/WIyr9vUj8m4mfbA7UkNHhBqqpGU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIyr9vUj8m4mfbA7UkNHhBqqpGU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 02:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a6:4c:cc:f1:7b:eb:9a:1d:b3:75:13:ce:22:29:a2:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=588cabf6f523f26e267db03b524347841aaaa465
        Validity
            Not Before: Jun 25 08:55:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f69efedcd7ab5a88c63b96a972a35bd6d326abb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:17:d4:1f:91:f3:d7:6b:fa:bd:9d:93:65:82:
                    a3:86:7b:98:78:6e:a1:de:28:bb:ef:84:00:fe:95:
                    1f:d3:6d:42:bf:f8:23:3d:12:fe:60:20:cb:41:af:
                    69:c0:a6:9f:2e:23:05:26:e2:45:d3:da:5f:ac:cf:
                    f8:43:e7:2b:1d:2c:ef:d3:c1:2b:bf:ec:57:4d:c5:
                    e5:d8:f3:b0:81:92:9b:ab:1f:e9:09:34:fd:88:7d:
                    e8:e4:a5:39:a9:35:67:3f:02:6f:b7:fa:97:55:b6:
                    a5:15:6f:c7:5b:9d:d6:85:ad:c3:39:22:c1:44:89:
                    16:22:7b:00:72:5b:57:2a:f1:4d:0c:b9:19:f2:ee:
                    ff:08:b9:35:bc:09:46:7d:9a:6b:59:f8:d6:f5:d8:
                    a3:39:a9:f2:0f:fc:57:63:04:0c:d8:79:4f:0d:a2:
                    1c:6f:15:8d:9f:fc:f5:97:59:d6:a7:96:4d:bd:f9:
                    bd:c4:53:73:87:a6:d7:69:c0:79:06:b9:d7:8d:c3:
                    ac:8c:89:1d:02:b9:3d:62:0b:23:4a:84:db:29:9e:
                    f6:23:dd:10:c4:a2:22:9c:ff:99:28:ba:33:d4:87:
                    e1:42:6f:8b:a9:d8:96:09:a2:5c:55:c7:59:25:df:
                    2d:0a:6f:40:16:dd:11:e8:81:f7:db:71:5b:bd:b2:
                    bd:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:69:EF:ED:CD:7A:B5:A8:8C:63:B9:6A:97:2A:35:BD:6D:32:6A:BB
            X509v3 Authority Key Identifier:
                keyid:58:8C:AB:F6:F5:23:F2:6E:26:7D:B0:3B:52:43:47:84:1A:AA:A4:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIyr9vUj8m4mfbA7UkNHhBqqpGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/b2nv7c16taiMY7lqlyo1vW0yars.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0187d6-8bfc-4c59-a6c4-6ad3252a1427/1/WIyr9vUj8m4mfbA7UkNHhBqqpGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.109.20.0/24
                IPv6:
                  2a04:1cc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         65:6f:8d:7d:33:98:d7:b0:9b:d3:be:8a:dd:d8:80:cb:f1:16:
         84:1a:40:71:34:6a:37:43:ff:25:84:a9:f2:2c:dd:1d:22:60:
         b3:3d:f4:a3:6d:33:7f:f2:13:7f:b3:49:4e:b3:0b:27:72:72:
         18:1b:02:97:62:17:e3:bc:fb:76:66:90:a9:26:84:05:40:ba:
         fe:ce:39:e5:c9:60:50:35:d7:f8:8a:c3:04:ba:d0:69:a4:c5:
         c9:ea:01:5d:12:2d:32:76:82:37:a1:3e:d6:2e:b4:52:e8:83:
         ac:1d:c6:ed:11:28:59:8a:df:ac:4d:4e:be:cb:b8:9b:9e:a6:
         ed:c2:a6:07:83:5b:bf:2a:77:8d:ed:94:fd:d9:7c:e9:4a:d4:
         40:29:38:b3:8a:b4:e7:25:24:92:10:80:f3:29:cf:f2:af:68:
         c3:48:77:90:d0:73:46:3e:f5:22:50:75:c0:20:b2:8b:9a:fe:
         0c:40:f1:c6:b4:0d:45:db:91:08:15:90:f3:dc:21:f8:02:78:
         c5:57:0e:88:f6:2b:c2:74:77:27:36:d3:e3:cd:a7:87:6e:a7:
         7b:6d:9a:fb:69:f3:f0:e0:48:3d:34:3f:cc:56:eb:69:3f:1e:
         c3:c6:9a:40:d5:49:0d:73:d1:b0:98:8b:c3:13:5b:27:83:28:
         f8:61:5a:43
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZemTMzxe+uaHbN1E84iKaJSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4OGNhYmY2ZjUyM2YyNmUyNjdkYjAzYjUyNDM0Nzg0MWFh
YWE0NjUwHhcNMjUwNjI1MDg1NTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjY5ZWZlZGNkN2FiNWE4OGM2M2I5NmE5NzJhMzViZDZkMzI2YWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhfUH5Hz12v6vZ2TZYKjhnuYeG6h
3ii774QA/pUf021Cv/gjPRL+YCDLQa9pwKafLiMFJuJF09pfrM/4Q+crHSzv08Er
v+xXTcXl2POwgZKbqx/pCTT9iH3o5KU5qTVnPwJvt/qXVbalFW/HW53Wha3DOSLB
RIkWInsAcltXKvFNDLkZ8u7/CLk1vAlGfZprWfjW9dijOanyD/xXYwQM2HlPDaIc
bxWNn/z1l1nWp5ZNvfm9xFNzh6bXacB5BrnXjcOsjIkdArk9YgsjSoTbKZ72I90Q
xKIinP+ZKLoz1IfhQm+LqdiWCaJcVcdZJd8tCm9AFt0R6IH323FbvbK9IQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG9p7+3NerWojGO5apcqNb1tMmq7MB8GA1UdIwQY
MBaAFFiMq/b1I/JuJn2wO1JDR4QaqqRlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0l5cjl2VWo4bTRtZmJBN1VrTkhoQnFxcEdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wMTg3ZDYtOGJmYy00YzU5LWE2YzQt
NmFkMzI1MmExNDI3LzEvYjJudjdjMTZ0YWlNWTdscWx5bzF2VzB5YXJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wMTg3ZDYtOGJmYy00YzU5LWE2YzQtNmFkMzI1MmExNDI3
LzEvV0l5cjl2VWo4bTRtZmJBN1VrTkhoQnFxcEdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAVm0UMA0E
AgACMAcDBQAqBBzAMA0GCSqGSIb3DQEBCwUAA4IBAQBlb419M5jXsJvTvord2IDL
8RaEGkBxNGo3Q/8lhKnyLN0dImCzPfSjbTN/8hN/s0lOswsncnIYGwKXYhfjvPt2
ZpCpJoQFQLr+zjnlyWBQNdf4isMEutBppMXJ6gFdEi0ydoI3oT7WLrRS6IOsHcbt
EShZit+sTU6+y7ibnqbtwqYHg1u/KneN7ZT92XzpStRAKTizirTnJSSSEIDzKc/y
r2jDSHeQ0HNGPvUiUHXAILKLmv4MQPHGtA1F25EIFZDz3CH4AnjFVw6I9ivCdHcn
NtPjzaeHbqd7bZr7afPw4Eg9ND/MVutpPx7DxppA1UkNc9GwmIvDE1sngyj4YVpD
-----END CERTIFICATE-----