Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/iuwR3gymafKwUArlmGbUUJNbSa8.roa
File:                     iuwR3gymafKwUArlmGbUUJNbSa8.roa (raw, json)
Hash identifier:          EtXzdV3cLqZcZzSgtMiBpL5x/7d8YbZUcgnJOjOuNu0=
Subject key identifier:   8A:EC:11:DE:0C:A6:69:F2:B0:50:0A:E5:98:66:D4:50:93:5B:49:AF
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       01977F646F710912F777AF815771E8EF2C9E
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/iuwR3gymafKwUArlmGbUUJNbSa8.roa
Signing time:             Tue 17 Jun 2025 19:36:17 +0000
ROA not before:           Tue 17 Jun 2025 19:36:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215362
IP address blocks:        188.209.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 13:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7f:64:6f:71:09:12:f7:77:af:81:57:71:e8:ef:2c:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Jun 17 19:36:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8aec11de0ca669f2b0500ae59866d450935b49af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:5d:18:20:d1:5c:96:4b:91:9f:35:80:73:e4:
                    1a:e1:88:8d:63:c5:0b:4b:d6:4d:4e:9d:f3:96:7c:
                    9d:30:cb:37:c3:8b:f1:6b:af:f6:ab:48:04:01:25:
                    bc:98:ac:a6:d8:da:a9:84:38:83:31:29:22:e3:cc:
                    82:e2:36:b9:0b:f9:a1:4c:37:a7:b4:bc:90:c3:d6:
                    aa:92:f6:4e:36:be:9b:3b:76:c5:c1:7b:4e:b4:5a:
                    d0:b1:aa:57:f9:e1:53:f3:ba:a7:10:af:2e:c6:ae:
                    0f:79:4f:e8:0a:72:3c:24:8e:5f:40:e9:ca:53:17:
                    90:25:df:37:dd:16:9c:81:fa:d2:f0:60:d1:19:b5:
                    d7:0f:38:f8:c2:b7:f8:53:e8:0d:f6:f8:e3:99:3d:
                    73:cf:bd:05:4c:eb:3b:df:3e:0d:48:42:6b:59:90:
                    7d:30:1d:5b:98:c1:47:8c:b5:74:0d:2e:00:9e:67:
                    ee:93:71:46:60:c1:32:11:48:99:fc:51:e4:5d:1a:
                    50:0f:51:f3:a4:c4:f6:e5:d0:d6:89:5e:ca:35:a0:
                    cf:c8:59:a4:f8:7a:35:83:3d:c2:4b:d8:1b:9e:b0:
                    76:1b:95:55:36:bf:db:c7:37:be:b6:a2:b8:2e:b1:
                    44:12:2d:00:6e:4d:02:c3:35:86:9c:93:dd:c9:7e:
                    a0:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:EC:11:DE:0C:A6:69:F2:B0:50:0A:E5:98:66:D4:50:93:5B:49:AF
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/iuwR3gymafKwUArlmGbUUJNbSa8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:38:0c:bb:9f:72:1a:62:9e:68:dc:e7:df:20:13:e3:5a:17:
         a0:5b:18:44:9a:c0:8b:e9:cc:7f:8f:38:77:18:d2:06:3a:01:
         2b:7d:4f:ad:24:a3:2f:2a:60:cd:e6:fa:cf:38:60:bf:26:89:
         a4:c0:ca:60:96:22:e9:25:3b:7f:ba:47:da:e0:9a:d2:f1:1a:
         07:39:a8:3d:42:77:76:ef:b0:cb:a7:d9:9e:17:0c:c1:21:7f:
         fb:70:32:b5:ba:39:08:c6:d9:3e:d6:1c:a0:74:04:cb:a9:22:
         8c:ed:66:16:ad:b4:65:2f:69:00:ad:4d:fd:34:a5:56:ce:1b:
         67:0b:a3:7c:fb:c8:13:df:8c:a1:a7:2f:4b:9e:f0:e1:d9:39:
         d9:f1:b5:cd:a3:dd:cc:a0:b9:96:ba:67:77:20:a1:ce:b2:9f:
         cf:bb:ee:c5:25:81:12:51:27:2c:8d:44:6e:22:1e:22:dc:44:
         d1:c8:99:7d:d3:2e:21:ed:aa:99:44:64:ba:0f:a8:31:cb:34:
         3b:3d:38:33:ff:02:22:5c:a1:81:d6:1d:f4:b5:0d:db:ee:f2:
         3f:2d:b2:b5:84:52:33:36:9d:d0:36:56:23:b5:c8:8c:b3:1c:
         e3:ed:6b:ff:5a:f6:db:fb:c4:53:41:ba:e0:c7:0a:57:5d:36:
         e0:aa:2a:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd/ZG9xCRL3d6+BV3Ho7yyeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUwNjE3MTkzNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWVjMTFkZTBjYTY2OWYyYjA1MDBhZTU5ODY2ZDQ1MDkzNWI0OWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0l0YINFclkuRnzWAc+Qa4YiNY8UL
S9ZNTp3zlnydMMs3w4vxa6/2q0gEASW8mKym2NqphDiDMSki48yC4ja5C/mhTDen
tLyQw9aqkvZONr6bO3bFwXtOtFrQsapX+eFT87qnEK8uxq4PeU/oCnI8JI5fQOnK
UxeQJd833RacgfrS8GDRGbXXDzj4wrf4U+gN9vjjmT1zz70FTOs73z4NSEJrWZB9
MB1bmMFHjLV0DS4Anmfuk3FGYMEyEUiZ/FHkXRpQD1HzpMT25dDWiV7KNaDPyFmk
+Ho1gz3CS9gbnrB2G5VVNr/bxze+tqK4LrFEEi0Abk0CwzWGnJPdyX6gUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIrsEd4MpmnysFAK5Zhm1FCTW0mvMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvaXV3UjNneW1hZkt3VUFybG1HYlVVSk5iU2E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNGBMA0G
CSqGSIb3DQEBCwUAA4IBAQAOOAy7n3IaYp5o3OffIBPjWhegWxhEmsCL6cx/jzh3
GNIGOgErfU+tJKMvKmDN5vrPOGC/JomkwMpgliLpJTt/ukfa4JrS8RoHOag9Qnd2
77DLp9meFwzBIX/7cDK1ujkIxtk+1hygdATLqSKM7WYWrbRlL2kArU39NKVWzhtn
C6N8+8gT34yhpy9LnvDh2TnZ8bXNo93MoLmWumd3IKHOsp/Pu+7FJYESUScsjURu
Ih4i3ETRyJl90y4h7aqZRGS6D6gxyzQ7PTgz/wIiXKGB1h30tQ3b7vI/LbK1hFIz
Np3QNlYjtciMsxzj7Wv/Wvbb+8RTQbrgxwpXXTbgqio6
-----END CERTIFICATE-----