Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/00c3ab-4a7f-4f74-b556-a488bd42024f/1/8kHzjF6JFCHpsRwergAzR6Hl5jY.roa
File:                     8kHzjF6JFCHpsRwergAzR6Hl5jY.roa (raw, json)
Hash identifier:          mffmLDMT2QFZfhtMRkhlhhueq/UkFuS4pA75sqzvXFs=
Subject key identifier:   F2:41:F3:8C:5E:89:14:21:E9:B1:1C:1E:AE:00:33:47:A1:E5:E6:36
Certificate issuer:       /CN=9588d8b4c7aa45a9b2cd737c614871eb7181babe
Certificate serial:       0197418DD58A8C758EEA914B1DBD2818DEBF
Authority key identifier: 95:88:D8:B4:C7:AA:45:A9:B2:CD:73:7C:61:48:71:EB:71:81:BA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lYjYtMeqRamyzXN8YUhx63GBur4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/00c3ab-4a7f-4f74-b556-a488bd42024f/1/8kHzjF6JFCHpsRwergAzR6Hl5jY.roa
Signing time:             Thu 05 Jun 2025 19:25:03 +0000
ROA not before:           Thu 05 Jun 2025 19:25:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210064
IP address blocks:        185.187.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/00c3ab-4a7f-4f74-b556-a488bd42024f/1/lYjYtMeqRamyzXN8YUhx63GBur4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/00c3ab-4a7f-4f74-b556-a488bd42024f/1/lYjYtMeqRamyzXN8YUhx63GBur4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lYjYtMeqRamyzXN8YUhx63GBur4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:41:8d:d5:8a:8c:75:8e:ea:91:4b:1d:bd:28:18:de:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9588d8b4c7aa45a9b2cd737c614871eb7181babe
        Validity
            Not Before: Jun  5 19:25:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f241f38c5e891421e9b11c1eae003347a1e5e636
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ff:27:95:aa:44:54:94:40:44:f8:32:6b:25:
                    00:a4:4c:90:3a:3f:49:92:cc:6b:b3:79:c9:43:f8:
                    b9:7d:40:d3:cf:5b:5d:57:eb:5d:48:42:63:d5:e3:
                    d1:a4:ff:ff:8c:52:59:c7:b8:29:ca:2c:9d:b2:67:
                    3b:ce:6f:55:60:26:d0:8d:36:45:60:a6:60:85:8d:
                    f0:01:67:cc:58:22:29:bd:3b:30:5f:05:f1:c3:8f:
                    50:f5:ed:90:f1:05:1f:6a:13:e3:21:c7:f4:69:56:
                    19:48:ff:76:5e:8e:cf:35:4d:b9:a2:1f:16:34:aa:
                    81:03:16:b9:b7:5b:3b:1f:b2:7a:a2:d2:6b:1b:57:
                    0b:0c:82:0b:8f:30:bc:e4:45:ac:40:81:06:73:61:
                    f0:ce:77:90:ae:6c:77:c9:44:5c:e7:5f:a7:4c:7d:
                    b4:41:da:b3:00:50:1d:25:bd:b7:3e:17:23:f4:a6:
                    6f:e2:ed:c3:53:0a:24:ff:a1:cd:89:f2:6b:ce:18:
                    b9:38:85:8f:69:51:1e:f8:c5:7c:fd:4a:68:eb:c3:
                    9b:c5:26:e6:6b:28:2d:73:b9:e4:e0:76:d8:5a:30:
                    56:2c:74:6a:ac:0e:81:3f:14:f3:5a:cd:e4:05:ce:
                    97:57:b7:16:92:3a:3e:ea:10:5f:ef:bf:57:37:b1:
                    4d:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:41:F3:8C:5E:89:14:21:E9:B1:1C:1E:AE:00:33:47:A1:E5:E6:36
            X509v3 Authority Key Identifier:
                keyid:95:88:D8:B4:C7:AA:45:A9:B2:CD:73:7C:61:48:71:EB:71:81:BA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lYjYtMeqRamyzXN8YUhx63GBur4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/00c3ab-4a7f-4f74-b556-a488bd42024f/1/8kHzjF6JFCHpsRwergAzR6Hl5jY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/00c3ab-4a7f-4f74-b556-a488bd42024f/1/lYjYtMeqRamyzXN8YUhx63GBur4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:79:42:a6:ae:c5:06:62:60:4a:73:71:a3:66:11:14:c4:54:
         42:e2:3d:11:83:af:1c:f7:54:83:ab:2e:59:ea:68:77:53:ef:
         e4:99:73:b1:b6:e4:49:0c:57:02:58:5b:62:37:07:07:07:d9:
         bc:8c:be:af:85:d7:d9:71:f5:8c:36:38:a7:5e:c2:31:c0:a6:
         f2:e4:28:a2:63:f9:3f:6f:5a:39:08:63:27:a7:ef:eb:94:be:
         98:86:77:cb:4d:45:71:49:43:9b:6f:1d:0b:65:f4:b1:c4:78:
         cf:97:94:2a:cb:7e:ea:19:b3:e8:61:c3:0d:4c:8e:30:75:f2:
         15:81:82:75:e3:46:43:8b:3b:f4:e3:ac:cc:f4:4e:c8:41:97:
         4e:78:95:cd:a5:80:9c:4e:a2:7d:5b:19:46:8e:32:9c:a2:98:
         63:f7:f8:10:1f:e9:cb:9f:07:25:f8:fa:cb:fa:30:0f:9e:f9:
         88:20:82:d5:ae:f9:70:cc:29:fd:0e:da:a2:2d:d7:40:90:c6:
         5c:cc:fe:e6:18:8b:ab:6b:48:0d:eb:c1:2c:95:ae:24:c8:6b:
         5e:36:26:ea:ad:ff:45:14:99:92:df:13:7d:61:64:52:0d:5b:
         fb:b0:65:2b:a6:db:b2:57:a2:fb:3f:28:cc:ca:ca:f2:b2:76:
         0c:1e:e1:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdBjdWKjHWO6pFLHb0oGN6/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ODhkOGI0YzdhYTQ1YTliMmNkNzM3YzYxNDg3MWViNzE4
MWJhYmUwHhcNMjUwNjA1MTkyNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjQxZjM4YzVlODkxNDIxZTliMTFjMWVhZTAwMzM0N2ExZTVlNjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtf8nlapEVJRARPgyayUApEyQOj9J
ksxrs3nJQ/i5fUDTz1tdV+tdSEJj1ePRpP//jFJZx7gpyiydsmc7zm9VYCbQjTZF
YKZghY3wAWfMWCIpvTswXwXxw49Q9e2Q8QUfahPjIcf0aVYZSP92Xo7PNU25oh8W
NKqBAxa5t1s7H7J6otJrG1cLDIILjzC85EWsQIEGc2HwzneQrmx3yURc51+nTH20
QdqzAFAdJb23Phcj9KZv4u3DUwok/6HNifJrzhi5OIWPaVEe+MV8/Upo68ObxSbm
aygtc7nk4HbYWjBWLHRqrA6BPxTzWs3kBc6XV7cWkjo+6hBf779XN7FNRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJB84xeiRQh6bEcHq4AM0eh5eY2MB8GA1UdIwQY
MBaAFJWI2LTHqkWpss1zfGFIcetxgbq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFlqWXRNZXFSYW15elhOOFlVaHg2M0dCdXI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8wMGMzYWItNGE3Zi00Zjc0LWI1NTYt
YTQ4OGJkNDIwMjRmLzEvOGtIempGNkpGQ0hwc1J3ZXJnQXpSNkhsNWpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8wMGMzYWItNGE3Zi00Zjc0LWI1NTYtYTQ4OGJkNDIwMjRm
LzEvbFlqWXRNZXFSYW15elhOOFlVaHg2M0dCdXI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubszMA0G
CSqGSIb3DQEBCwUAA4IBAQDGeUKmrsUGYmBKc3GjZhEUxFRC4j0Rg68c91SDqy5Z
6mh3U+/kmXOxtuRJDFcCWFtiNwcHB9m8jL6vhdfZcfWMNjinXsIxwKby5CiiY/k/
b1o5CGMnp+/rlL6YhnfLTUVxSUObbx0LZfSxxHjPl5Qqy37qGbPoYcMNTI4wdfIV
gYJ140ZDizv046zM9E7IQZdOeJXNpYCcTqJ9WxlGjjKcophj9/gQH+nLnwcl+PrL
+jAPnvmIIILVrvlwzCn9DtqiLddAkMZczP7mGIura0gN68Esla4kyGteNibqrf9F
FJmS3xN9YWRSDVv7sGUrptuyV6L7PyjMysrysnYMHuG2
-----END CERTIFICATE-----