Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/e25ef5-67bf-463b-858b-a56dc50121dd/1/2DOh93abUDEP7iIvARNzO8Baro0.roa
File:                     2DOh93abUDEP7iIvARNzO8Baro0.roa (raw, json)
Hash identifier:          Z/CdPO3BFU4U75w3sjAjZS7oL1oIaDik0hINZ7FE5ak=
Subject key identifier:   D8:33:A1:F7:76:9B:50:31:0F:EE:22:2F:01:13:73:3B:C0:5A:AE:8D
Certificate issuer:       /CN=cc1557b2c3adfbb25d37ea2a2dfd19b2d4ea510e
Certificate serial:       01978DBE39EE2531D1FD79E8EB2E41450A84
Authority key identifier: CC:15:57:B2:C3:AD:FB:B2:5D:37:EA:2A:2D:FD:19:B2:D4:EA:51:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zBVXssOt-7JdN-oqLf0ZstTqUQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/e25ef5-67bf-463b-858b-a56dc50121dd/1/2DOh93abUDEP7iIvARNzO8Baro0.roa
Signing time:             Fri 20 Jun 2025 14:29:03 +0000
ROA not before:           Fri 20 Jun 2025 14:29:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213196
IP address blocks:        145.250.128.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/e25ef5-67bf-463b-858b-a56dc50121dd/1/zBVXssOt-7JdN-oqLf0ZstTqUQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/e25ef5-67bf-463b-858b-a56dc50121dd/1/zBVXssOt-7JdN-oqLf0ZstTqUQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zBVXssOt-7JdN-oqLf0ZstTqUQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 02:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8d:be:39:ee:25:31:d1:fd:79:e8:eb:2e:41:45:0a:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc1557b2c3adfbb25d37ea2a2dfd19b2d4ea510e
        Validity
            Not Before: Jun 20 14:29:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d833a1f7769b50310fee222f0113733bc05aae8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:4f:34:3a:37:96:63:61:c3:42:e3:35:96:ea:
                    fd:49:d7:4c:21:96:d5:77:08:23:de:17:b0:cc:05:
                    9d:12:d1:d8:f1:ea:42:c3:24:43:22:79:f5:f8:df:
                    e1:7a:b0:e4:43:5c:7c:0a:85:7f:28:72:bb:f3:69:
                    e3:e4:05:97:9d:ac:db:c9:f8:00:9a:a1:25:8b:af:
                    e0:63:ce:0b:a8:57:dd:39:09:37:b6:36:93:a7:e1:
                    b1:b3:d5:ff:74:ca:a8:9c:be:70:66:88:34:c7:7b:
                    cc:9b:81:45:cf:8b:c0:82:d1:9d:47:e2:1f:1d:af:
                    7b:19:cf:f0:35:e4:32:57:69:28:a0:8d:65:cc:8a:
                    25:90:09:ed:8e:e3:8c:70:b7:06:0f:17:f0:91:ec:
                    78:a6:df:3a:eb:b3:be:78:6e:b6:e8:21:17:5c:c9:
                    52:a1:22:c1:a1:da:bf:d2:ab:b9:9f:c1:a4:66:de:
                    7e:d5:84:33:5c:29:64:75:cf:77:93:28:7a:93:b4:
                    9d:cc:b4:95:41:95:14:07:43:82:3f:fa:e2:ff:32:
                    c9:53:a8:95:a1:fe:4c:07:fb:2c:c5:3d:8d:55:52:
                    c4:d7:34:f3:97:90:c1:75:de:91:93:cf:62:b3:70:
                    08:82:52:6f:f6:76:e0:7e:e8:61:ef:e3:a2:92:26:
                    a9:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:33:A1:F7:76:9B:50:31:0F:EE:22:2F:01:13:73:3B:C0:5A:AE:8D
            X509v3 Authority Key Identifier:
                keyid:CC:15:57:B2:C3:AD:FB:B2:5D:37:EA:2A:2D:FD:19:B2:D4:EA:51:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zBVXssOt-7JdN-oqLf0ZstTqUQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/e25ef5-67bf-463b-858b-a56dc50121dd/1/2DOh93abUDEP7iIvARNzO8Baro0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/e25ef5-67bf-463b-858b-a56dc50121dd/1/zBVXssOt-7JdN-oqLf0ZstTqUQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.250.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         50:ff:4c:f0:9e:0d:44:6b:ad:fe:53:f7:8f:ee:91:ed:d9:1d:
         f6:a7:56:1d:e8:87:a9:da:05:cb:0e:9a:16:2e:c4:1d:96:cf:
         d2:f6:a9:db:15:34:6a:e3:d5:af:68:cd:c0:ee:c6:82:f4:a4:
         91:8a:f1:49:4d:7d:73:03:19:bf:db:92:e3:6c:34:79:ea:78:
         d8:d5:4d:29:ce:99:2c:43:4e:09:d9:ec:24:c8:c7:42:53:ed:
         74:4b:3f:2c:17:0d:88:04:50:7c:64:32:d9:40:66:23:e8:4c:
         47:f1:b7:13:b0:25:f8:c0:d7:c5:8a:48:46:ae:99:31:53:0a:
         06:7c:0d:c1:a6:5f:a8:c2:a0:2e:fb:d0:b6:55:e9:8e:8f:9e:
         ad:e2:bc:e4:c1:b4:b3:4d:9e:b5:d8:a4:28:34:63:00:0c:0b:
         42:72:55:0e:45:4f:ab:ee:0f:9c:b4:9f:ab:12:72:05:73:17:
         cc:23:fd:ad:63:e3:83:91:07:07:e1:f5:32:a0:50:16:7b:1c:
         c0:0f:b6:45:86:09:95:cb:b0:ec:94:4b:c5:dc:05:79:28:73:
         56:9b:d3:02:06:20:87:06:4d:1c:6f:c3:a1:24:94:df:29:3c:
         9f:65:3b:41:8e:be:99:a5:c7:ad:84:cd:a6:55:b3:8f:df:a6:
         cd:8c:bb:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeNvjnuJTHR/Xno6y5BRQqEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMTU1N2IyYzNhZGZiYjI1ZDM3ZWEyYTJkZmQxOWIyZDRl
YTUxMGUwHhcNMjUwNjIwMTQyOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODMzYTFmNzc2OWI1MDMxMGZlZTIyMmYwMTEzNzMzYmMwNWFhZThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtE80OjeWY2HDQuM1lur9SddMIZbV
dwgj3hewzAWdEtHY8epCwyRDInn1+N/herDkQ1x8CoV/KHK782nj5AWXnazbyfgA
mqEli6/gY84LqFfdOQk3tjaTp+Gxs9X/dMqonL5wZog0x3vMm4FFz4vAgtGdR+If
Ha97Gc/wNeQyV2kooI1lzIolkAntjuOMcLcGDxfwkex4pt8667O+eG626CEXXMlS
oSLBodq/0qu5n8GkZt5+1YQzXClkdc93kyh6k7SdzLSVQZUUB0OCP/ri/zLJU6iV
of5MB/ssxT2NVVLE1zTzl5DBdd6Rk89is3AIglJv9nbgfuhh7+OikiapcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNgzofd2m1AxD+4iLwETczvAWq6NMB8GA1UdIwQY
MBaAFMwVV7LDrfuyXTfqKi39GbLU6lEOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekJWWHNzT3QtN0pkTi1vcUxmMFpzdFRxVVE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9lMjVlZjUtNjdiZi00NjNiLTg1OGIt
YTU2ZGM1MDEyMWRkLzEvMkRPaDkzYWJVREVQN2lJdkFSTnpPOEJhcm8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9lMjVlZjUtNjdiZi00NjNiLTg1OGItYTU2ZGM1MDEyMWRk
LzEvekJWWHNzT3QtN0pkTi1vcUxmMFpzdFRxVVE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHkfqAMA0G
CSqGSIb3DQEBCwUAA4IBAQBQ/0zwng1Ea63+U/eP7pHt2R32p1Yd6Iep2gXLDpoW
LsQdls/S9qnbFTRq49WvaM3A7saC9KSRivFJTX1zAxm/25LjbDR56njY1U0pzpks
Q04J2ewkyMdCU+10Sz8sFw2IBFB8ZDLZQGYj6ExH8bcTsCX4wNfFikhGrpkxUwoG
fA3Bpl+owqAu+9C2VemOj56t4rzkwbSzTZ612KQoNGMADAtCclUORU+r7g+ctJ+r
EnIFcxfMI/2tY+ODkQcH4fUyoFAWexzAD7ZFhgmVy7DslEvF3AV5KHNWm9MCBiCH
Bk0cb8OhJJTfKTyfZTtBjr6ZpcethM2mVbOP36bNjLuW
-----END CERTIFICATE-----