Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/BaaDmaPl0eSa2fQRay2Gu-qwCW8.roa
File:                     BaaDmaPl0eSa2fQRay2Gu-qwCW8.roa (raw, json)
Hash identifier:          LL9KxES/MWnuM1OC4cAjz4vUD6cc9GLUb0KjIn7y6C4=
Subject key identifier:   05:A6:83:99:A3:E5:D1:E4:9A:D9:F4:11:6B:2D:86:BB:EA:B0:09:6F
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       0196AEFFA119BAC0E95B923242D719217025
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/BaaDmaPl0eSa2fQRay2Gu-qwCW8.roa
Signing time:             Thu 08 May 2025 08:25:10 +0000
ROA not before:           Thu 08 May 2025 08:25:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43260
IP address blocks:        213.238.166.0/24 maxlen: 24
                          213.238.173.0/24 maxlen: 24
                          213.238.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 17:53:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ae:ff:a1:19:ba:c0:e9:5b:92:32:42:d7:19:21:70:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: May  8 08:25:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=05a68399a3e5d1e49ad9f4116b2d86bbeab0096f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d3:f8:7b:38:f3:5f:5d:b2:16:a3:07:db:09:
                    79:2d:fe:31:3f:c3:35:4b:78:5a:81:b8:8d:ac:a2:
                    e2:4c:9c:b1:16:82:90:1f:06:ec:c8:14:10:89:74:
                    3d:38:3c:52:d4:f3:fc:04:71:84:28:af:c5:41:ff:
                    9d:c9:88:20:7c:69:36:36:b2:3b:c4:9a:bf:ff:0b:
                    39:4b:b2:7a:27:23:11:3f:95:37:49:77:18:17:b8:
                    0d:3a:9a:6f:95:d6:12:f2:5b:ae:b4:6d:f1:63:89:
                    6d:5a:01:4a:35:33:fe:f4:d1:97:5c:82:96:31:76:
                    8c:a8:9e:86:23:48:0e:bd:71:67:7c:08:7b:48:a6:
                    30:3e:c8:4e:5e:8d:c6:2e:a3:40:b0:60:41:3f:b7:
                    95:f6:28:88:f4:33:60:2c:64:dc:d4:40:fa:7d:c9:
                    54:3f:4f:af:a3:14:ec:62:52:22:fc:0a:97:a9:38:
                    58:4b:2a:4b:89:02:00:71:07:93:d1:00:c0:c1:19:
                    7c:c3:40:87:28:1b:1d:e6:71:b7:36:12:38:c8:b3:
                    fd:e5:8d:c7:8e:a1:70:69:3d:78:66:e1:ea:27:55:
                    2f:f1:ab:c2:d0:3c:45:ef:af:80:11:42:d5:1a:0f:
                    d8:9a:46:8e:f6:c0:8f:bc:de:d4:85:87:bd:3e:c5:
                    2b:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:A6:83:99:A3:E5:D1:E4:9A:D9:F4:11:6B:2D:86:BB:EA:B0:09:6F
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/BaaDmaPl0eSa2fQRay2Gu-qwCW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.166.0/24
                  213.238.173.0/24
                  213.238.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:fd:82:3b:f0:8b:20:74:ff:3c:85:4d:95:2f:77:f4:1b:27:
         2b:4e:e3:72:32:c4:c9:34:45:32:c9:af:59:2f:0b:e4:9c:e3:
         d3:c4:1a:05:b4:c4:3a:bc:56:c4:33:91:aa:ad:df:dc:e2:b1:
         91:7e:89:33:c7:be:4f:e5:42:c5:33:7a:7b:de:19:8e:89:2c:
         23:d8:20:70:25:ec:e9:c3:b7:3b:da:49:58:e6:1b:0c:bc:cc:
         2f:45:7b:ae:74:2b:4e:ec:37:a0:3a:e1:38:68:7f:39:8a:b9:
         b5:a6:10:69:f7:83:ec:d2:cf:66:c4:60:26:f9:6f:d5:13:f6:
         9e:01:f7:d2:8b:fe:a6:b3:bd:91:bd:ec:76:ff:87:51:dc:1b:
         83:6d:a2:7a:61:a5:61:48:a1:5b:04:93:a6:8b:e5:8b:18:cb:
         21:19:7e:d6:1a:91:85:5f:1c:a8:78:6b:3b:24:bc:63:f5:a7:
         fc:1a:ec:ed:75:3b:e6:b5:d8:4f:de:a8:dd:03:ad:b7:64:a3:
         43:05:67:f0:13:e4:33:ec:f9:83:2d:a2:5c:61:68:5e:fc:74:
         1d:d5:e4:94:86:1c:24:36:96:ec:68:3e:70:43:92:4b:75:8c:
         7e:73:b4:63:b9:50:e9:46:fb:2d:cc:02:f1:d0:e6:07:b8:5a:
         8e:22:5a:5a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZau/6EZusDpW5IyQtcZIXAlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjUwNTA4MDgyNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWE2ODM5OWEzZTVkMWU0OWFkOWY0MTE2YjJkODZiYmVhYjAwOTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9P4ezjzX12yFqMH2wl5Lf4xP8M1
S3hagbiNrKLiTJyxFoKQHwbsyBQQiXQ9ODxS1PP8BHGEKK/FQf+dyYggfGk2NrI7
xJq//ws5S7J6JyMRP5U3SXcYF7gNOppvldYS8luutG3xY4ltWgFKNTP+9NGXXIKW
MXaMqJ6GI0gOvXFnfAh7SKYwPshOXo3GLqNAsGBBP7eV9iiI9DNgLGTc1ED6fclU
P0+voxTsYlIi/AqXqThYSypLiQIAcQeT0QDAwRl8w0CHKBsd5nG3NhI4yLP95Y3H
jqFwaT14ZuHqJ1Uv8avC0DxF76+AEULVGg/YmkaO9sCPvN7UhYe9PsUrZQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAWmg5mj5dHkmtn0EWsthrvqsAlvMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvQmFhRG1hUGwwZVNhMmZRUmF5Mkd1LXF3Q1c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1e6mAwQA
1e6tAwQA1e64MA0GCSqGSIb3DQEBCwUAA4IBAQCU/YI78IsgdP88hU2VL3f0Gycr
TuNyMsTJNEUyya9ZLwvknOPTxBoFtMQ6vFbEM5Gqrd/c4rGRfokzx75P5ULFM3p7
3hmOiSwj2CBwJezpw7c72klY5hsMvMwvRXuudCtO7DegOuE4aH85irm1phBp94Ps
0s9mxGAm+W/VE/aeAffSi/6ms72Rvex2/4dR3BuDbaJ6YaVhSKFbBJOmi+WLGMsh
GX7WGpGFXxyoeGs7JLxj9af8GuztdTvmtdhP3qjdA623ZKNDBWfwE+Qz7PmDLaJc
YWhe/HQd1eSUhhwkNpbsaD5wQ5JLdYx+c7RjuVDpRvstzALx0OYHuFqOIlpa
-----END CERTIFICATE-----