Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/T3qIKwMZ3nfLIfch_dy2fZSjQaY.roa
File:                     T3qIKwMZ3nfLIfch_dy2fZSjQaY.roa (raw, json)
Hash identifier:          6HN6rywRWQ7fJbbHh/llhTU7kBXwaGTnXKxLYyZbPG0=
Subject key identifier:   4F:7A:88:2B:03:19:DE:77:CB:21:F7:21:FD:DC:B6:7D:94:A3:41:A6
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       0196AEFFA1E75F51A2E69F9F6B1B3592B9EC
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/T3qIKwMZ3nfLIfch_dy2fZSjQaY.roa
Signing time:             Thu 08 May 2025 08:25:10 +0000
ROA not before:           Thu 08 May 2025 08:25:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201364
IP address blocks:        213.238.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ae:ff:a1:e7:5f:51:a2:e6:9f:9f:6b:1b:35:92:b9:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: May  8 08:25:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f7a882b0319de77cb21f721fddcb67d94a341a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:89:41:c4:26:16:67:c9:7c:8e:58:f7:5f:6c:
                    90:5f:89:b8:5b:af:3c:03:5b:62:de:74:8f:29:85:
                    ec:17:30:cc:28:98:4e:86:60:ab:31:65:36:02:d7:
                    b7:02:7f:4c:d3:3e:4e:68:d5:e0:f3:9e:97:e8:d8:
                    a3:5c:e8:90:13:df:74:4e:86:48:8d:e2:54:df:9e:
                    ad:25:1a:c5:51:1c:b3:cb:10:62:6f:35:d2:9e:58:
                    23:73:39:50:71:0b:04:7d:f3:2c:f6:9d:ee:8f:11:
                    11:72:2e:30:37:26:82:a4:b5:78:d4:79:0f:c4:7c:
                    d1:11:75:3e:96:2d:9c:f3:d8:f0:86:f3:ee:8f:8c:
                    da:a4:fd:7c:67:68:21:5a:f7:e4:19:c2:f1:61:bc:
                    0d:6d:b8:ba:c7:5e:7d:5f:cc:49:32:54:e2:7f:16:
                    36:5c:8f:78:f2:e7:75:a9:c7:97:e1:37:8a:ab:bc:
                    c3:bf:e5:90:ce:3c:02:f1:6f:2d:cb:21:2e:db:cf:
                    d9:f2:fe:20:4c:7c:f0:45:a1:31:cf:a7:b4:3f:95:
                    a1:1f:63:8d:5a:15:c0:5f:2e:6b:1a:1b:0c:f2:6e:
                    6a:e9:f9:92:20:a3:b8:fc:66:51:e8:81:56:14:1e:
                    20:23:89:14:62:47:ba:63:3b:51:51:d0:6e:94:d3:
                    e5:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:7A:88:2B:03:19:DE:77:CB:21:F7:21:FD:DC:B6:7D:94:A3:41:A6
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/T3qIKwMZ3nfLIfch_dy2fZSjQaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:43:0c:4c:3e:4b:16:77:ae:e1:d1:9a:52:cd:31:85:55:b9:
         52:c5:ca:00:9a:5e:51:82:72:c0:6e:35:02:21:fe:6e:a0:61:
         91:da:19:29:7b:65:50:09:db:c2:57:db:82:88:2b:e4:1f:49:
         f9:1b:b7:eb:75:cd:ef:c5:af:97:bc:ae:eb:56:d1:07:f4:92:
         60:e5:58:5b:7e:fc:75:6e:66:23:34:80:91:f5:39:ae:4f:dd:
         f4:11:92:43:5f:6d:7c:c3:ce:7f:b8:56:2b:2d:b3:3c:4f:07:
         a9:d9:41:d9:a6:f0:3a:60:7c:fb:66:10:28:7a:3a:5d:bc:1d:
         34:4a:23:1f:66:56:fe:c5:46:9e:6c:dc:03:ac:3d:df:d0:b5:
         cd:15:14:8e:1a:1d:e7:1d:c0:16:48:04:36:80:fa:01:81:e3:
         de:c2:12:7a:e9:0c:de:a5:63:18:58:ee:90:e2:04:27:b6:2f:
         6c:ca:6d:29:cc:0a:74:c4:f6:38:e9:4a:da:7c:ea:1c:a2:97:
         37:d0:73:c9:78:a2:8e:0e:5d:44:de:18:fd:70:69:78:79:b2:
         12:e8:17:82:73:6c:37:a3:68:8e:88:60:b9:7b:8b:f9:e8:cf:
         d8:eb:2d:4e:ab:aa:8e:74:aa:a0:ee:fa:5c:7e:07:91:6a:35:
         ae:53:12:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZau/6HnX1Gi5p+faxs1krnsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjUwNTA4MDgyNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjdhODgyYjAzMTlkZTc3Y2IyMWY3MjFmZGRjYjY3ZDk0YTM0MWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIlBxCYWZ8l8jlj3X2yQX4m4W688
A1ti3nSPKYXsFzDMKJhOhmCrMWU2Ate3An9M0z5OaNXg856X6NijXOiQE990ToZI
jeJU356tJRrFURyzyxBibzXSnlgjczlQcQsEffMs9p3ujxERci4wNyaCpLV41HkP
xHzREXU+li2c89jwhvPuj4zapP18Z2ghWvfkGcLxYbwNbbi6x159X8xJMlTifxY2
XI948ud1qceX4TeKq7zDv+WQzjwC8W8tyyEu28/Z8v4gTHzwRaExz6e0P5WhH2ON
WhXAXy5rGhsM8m5q6fmSIKO4/GZR6IFWFB4gI4kUYke6YztRUdBulNPlswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE96iCsDGd53yyH3If3ctn2Uo0GmMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvVDNxSUt3TVozbmZMSWZjaF9keTJmWlNqUWFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e6tMA0G
CSqGSIb3DQEBCwUAA4IBAQBiQwxMPksWd67h0ZpSzTGFVblSxcoAml5RgnLAbjUC
If5uoGGR2hkpe2VQCdvCV9uCiCvkH0n5G7frdc3vxa+XvK7rVtEH9JJg5Vhbfvx1
bmYjNICR9TmuT930EZJDX218w85/uFYrLbM8Twep2UHZpvA6YHz7ZhAoejpdvB00
SiMfZlb+xUaebNwDrD3f0LXNFRSOGh3nHcAWSAQ2gPoBgePewhJ66QzepWMYWO6Q
4gQnti9sym0pzAp0xPY46UrafOocopc30HPJeKKODl1E3hj9cGl4ebIS6BeCc2w3
o2iOiGC5e4v56M/Y6y1Oq6qOdKqg7vpcfgeRajWuUxJS
-----END CERTIFICATE-----