Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/ATdlvsN-8JjBYiFvV0fLXKNBL1w.roa
File:                     ATdlvsN-8JjBYiFvV0fLXKNBL1w.roa (raw, json)
Hash identifier:          rGaQHa7VU05B9zcOaNjgX5A81WiKe8oN0pECOQZ/WDk=
Subject key identifier:   01:37:65:BE:C3:7E:F0:98:C1:62:21:6F:57:47:CB:5C:A3:41:2F:5C
Certificate issuer:       /CN=1847b59d21ea36b3062fca80ce75c1616af5119a
Certificate serial:       01979C375DFE88DFAE9DAB797BA6B36D9921
Authority key identifier: 18:47:B5:9D:21:EA:36:B3:06:2F:CA:80:CE:75:C1:61:6A:F5:11:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GEe1nSHqNrMGL8qAznXBYWr1EZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/ATdlvsN-8JjBYiFvV0fLXKNBL1w.roa
Signing time:             Mon 23 Jun 2025 09:56:03 +0000
ROA not before:           Mon 23 Jun 2025 09:56:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61106
IP address blocks:        81.162.54.0/23 maxlen: 24
                          82.115.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/GEe1nSHqNrMGL8qAznXBYWr1EZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/GEe1nSHqNrMGL8qAznXBYWr1EZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GEe1nSHqNrMGL8qAznXBYWr1EZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9c:37:5d:fe:88:df:ae:9d:ab:79:7b:a6:b3:6d:99:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1847b59d21ea36b3062fca80ce75c1616af5119a
        Validity
            Not Before: Jun 23 09:56:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=013765bec37ef098c162216f5747cb5ca3412f5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5a:69:ea:ce:b3:e4:d3:88:a0:35:48:17:77:
                    bb:ad:37:9f:5c:77:24:d4:99:04:e9:cb:77:78:9b:
                    5b:65:22:0f:be:ce:3b:51:ba:0e:90:de:8f:10:fa:
                    c4:ee:33:51:f8:df:bd:46:0f:bf:64:e0:3a:50:b5:
                    3f:f1:0d:37:56:70:ca:3b:97:98:b7:2b:31:0d:8d:
                    3d:e3:a1:ff:cd:63:d3:4f:7b:c2:41:8e:46:7a:24:
                    c6:53:7b:87:6d:5c:77:c7:a4:50:78:cf:c3:e3:32:
                    d1:f5:75:3b:12:78:64:7d:21:21:2a:b7:fd:21:a0:
                    51:80:b9:74:40:79:4e:74:26:8e:71:99:e6:87:f7:
                    1d:7c:18:22:c9:fd:99:13:f6:7f:6a:f6:09:6c:6e:
                    15:df:f3:20:ea:cd:01:a8:c4:3b:41:e2:f6:25:89:
                    45:47:8c:3a:50:5d:d3:7e:1b:e3:3d:57:bc:60:eb:
                    b3:e6:3d:ff:68:e4:b5:eb:9d:29:77:38:a3:c5:7d:
                    17:52:0f:bc:44:3a:ef:1b:3f:08:52:be:c3:21:b7:
                    ca:8b:bd:3c:19:30:be:77:fa:b0:38:da:c0:85:05:
                    33:51:45:df:99:98:63:0d:ac:a0:9d:2e:e1:c3:1e:
                    0d:11:1f:7a:46:93:80:f6:27:f1:c0:4c:aa:68:53:
                    62:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:37:65:BE:C3:7E:F0:98:C1:62:21:6F:57:47:CB:5C:A3:41:2F:5C
            X509v3 Authority Key Identifier:
                keyid:18:47:B5:9D:21:EA:36:B3:06:2F:CA:80:CE:75:C1:61:6A:F5:11:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GEe1nSHqNrMGL8qAznXBYWr1EZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/ATdlvsN-8JjBYiFvV0fLXKNBL1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/GEe1nSHqNrMGL8qAznXBYWr1EZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.162.54.0/23
                  82.115.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:de:a1:57:f5:d3:43:03:07:65:33:cc:9c:bf:a2:c7:52:83:
         2c:b2:f6:ce:d6:89:e9:da:db:c1:f4:2e:58:08:1a:de:48:08:
         d3:c7:17:7d:72:8a:03:8c:0b:49:86:52:f1:34:73:4c:2f:70:
         c5:42:3d:b7:c5:58:80:68:fa:7a:65:44:d5:ef:a8:30:7c:4e:
         b9:30:97:19:91:78:e0:0c:31:97:77:a2:67:a4:39:bf:27:87:
         8f:fd:a5:b7:f4:41:55:d8:8d:64:82:2f:bd:2b:02:5d:7f:a5:
         d4:56:70:7a:e9:f7:4f:17:70:67:52:fc:1b:20:c7:5b:5b:46:
         df:0b:9d:fd:39:dc:f8:90:d0:91:61:34:bb:76:33:65:12:c2:
         88:eb:33:23:8d:e0:db:e4:bc:fb:5f:64:f4:eb:c0:d7:96:a7:
         16:de:8e:42:30:e9:af:9e:f3:3c:65:e7:f6:b3:08:dc:6c:a3:
         b5:6d:c5:bb:3b:29:90:72:88:f8:06:5d:71:4e:81:93:77:83:
         6c:3b:50:31:99:99:06:9b:7d:7c:6d:ba:c5:cc:86:d5:88:8d:
         72:08:f8:5f:41:df:2e:84:71:cd:fe:ab:f2:dd:b5:9b:73:7b:
         4c:fc:f0:20:9a:5d:1d:e1:9a:60:ce:71:44:00:6b:2b:de:fc:
         23:d9:7c:a4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZecN13+iN+unat5e6azbZkhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4NDdiNTlkMjFlYTM2YjMwNjJmY2E4MGNlNzVjMTYxNmFm
NTExOWEwHhcNMjUwNjIzMDk1NjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTM3NjViZWMzN2VmMDk4YzE2MjIxNmY1NzQ3Y2I1Y2EzNDEyZjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFpp6s6z5NOIoDVIF3e7rTefXHck
1JkE6ct3eJtbZSIPvs47UboOkN6PEPrE7jNR+N+9Rg+/ZOA6ULU/8Q03VnDKO5eY
tysxDY0946H/zWPTT3vCQY5GeiTGU3uHbVx3x6RQeM/D4zLR9XU7EnhkfSEhKrf9
IaBRgLl0QHlOdCaOcZnmh/cdfBgiyf2ZE/Z/avYJbG4V3/Mg6s0BqMQ7QeL2JYlF
R4w6UF3TfhvjPVe8YOuz5j3/aOS1650pdzijxX0XUg+8RDrvGz8IUr7DIbfKi708
GTC+d/qwONrAhQUzUUXfmZhjDaygnS7hwx4NER96RpOA9ifxwEyqaFNiAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAE3Zb7DfvCYwWIhb1dHy1yjQS9cMB8GA1UdIwQY
MBaAFBhHtZ0h6jazBi/KgM51wWFq9RGaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0VlMW5TSHFOck1HTDhxQXpuWEJZV3IxRVpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi8zODI0Y2QtZTUyNy00YWRjLWE0MTIt
ZjkxYmI1MTc5MjE3LzEvQVRkbHZzTi04SmpCWWlGdlYwZkxYS05CTDF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi8zODI0Y2QtZTUyNy00YWRjLWE0MTItZjkxYmI1MTc5MjE3
LzEvR0VlMW5TSHFOck1HTDhxQXpuWEJZV3IxRVpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUaI2AwQA
UnMyMA0GCSqGSIb3DQEBCwUAA4IBAQBG3qFX9dNDAwdlM8ycv6LHUoMssvbO1onp
2tvB9C5YCBreSAjTxxd9cooDjAtJhlLxNHNML3DFQj23xViAaPp6ZUTV76gwfE65
MJcZkXjgDDGXd6JnpDm/J4eP/aW39EFV2I1kgi+9KwJdf6XUVnB66fdPF3BnUvwb
IMdbW0bfC539Odz4kNCRYTS7djNlEsKI6zMjjeDb5Lz7X2T068DXlqcW3o5CMOmv
nvM8Zef2swjcbKO1bcW7OymQcoj4Bl1xToGTd4NsO1AxmZkGm318bbrFzIbViI1y
CPhfQd8uhHHN/qvy3bWbc3tM/PAgml0d4ZpgznFEAGsr3vwj2Xyk
-----END CERTIFICATE-----