Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/IZrh2fKkBSEsZhHZW1V-vS3SOsU.roa
File:                     IZrh2fKkBSEsZhHZW1V-vS3SOsU.roa (raw, json)
Hash identifier:          Bu6uRwEYKgZWKKUFSCHxc6kWVnShkzj76gtymj7qNwg=
Subject key identifier:   21:9A:E1:D9:F2:A4:05:21:2C:66:11:D9:5B:55:7E:BD:2D:D2:3A:C5
Certificate issuer:       /CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
Certificate serial:       019788524892D4B5C863DA4F2954646DAF52
Authority key identifier: 4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/IZrh2fKkBSEsZhHZW1V-vS3SOsU.roa
Signing time:             Thu 19 Jun 2025 13:13:03 +0000
ROA not before:           Thu 19 Jun 2025 13:13:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48678
IP address blocks:        80.208.221.0/24 maxlen: 24
                          185.174.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 10:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:88:52:48:92:d4:b5:c8:63:da:4f:29:54:64:6d:af:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
        Validity
            Not Before: Jun 19 13:13:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=219ae1d9f2a405212c6611d95b557ebd2dd23ac5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:f3:d0:86:d9:25:61:04:65:43:96:6f:f2:6a:
                    7d:0f:c0:42:af:3e:bf:b0:15:2a:02:58:61:2f:ee:
                    e0:ad:f3:e1:de:f5:97:50:1c:59:76:f8:ca:ae:4c:
                    d2:5f:9a:90:fd:de:e8:60:02:be:e6:19:f3:20:ad:
                    a5:70:13:ec:78:7c:a0:7f:f7:0d:3a:a6:23:0c:69:
                    51:41:5f:40:29:2e:c1:43:75:9c:0a:54:38:53:6a:
                    f2:73:76:76:3e:3c:99:f9:c4:f9:8e:da:8f:f3:99:
                    44:59:b2:ef:5e:27:38:3e:9f:ba:18:fd:97:3c:a5:
                    f7:f5:82:d0:0a:0f:3c:2f:59:78:f8:6e:3e:2e:17:
                    4d:b6:52:89:f7:5a:fe:21:71:7f:66:b5:79:d9:dd:
                    2c:1d:fd:d0:f3:35:b9:88:ea:bb:0b:08:35:94:5a:
                    0d:b8:55:69:39:63:cc:fe:4c:0f:1e:1f:fe:5f:c1:
                    d9:6e:c6:48:e3:61:38:a8:fc:60:83:82:c1:be:c0:
                    19:32:cb:8e:28:09:72:66:f8:b3:a8:ff:6b:6c:26:
                    54:54:fb:c1:50:05:5b:11:b8:05:0e:07:9c:20:32:
                    64:fa:cd:2f:c2:6f:aa:3d:2c:12:b5:c0:8a:f6:36:
                    5d:89:73:8a:c3:16:13:a0:1f:a0:76:43:2d:cd:3e:
                    fe:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:9A:E1:D9:F2:A4:05:21:2C:66:11:D9:5B:55:7E:BD:2D:D2:3A:C5
            X509v3 Authority Key Identifier:
                keyid:4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/IZrh2fKkBSEsZhHZW1V-vS3SOsU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.208.221.0/24
                  185.174.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:c4:02:a9:df:04:28:96:13:17:aa:78:5a:07:34:aa:f0:d3:
         38:3d:27:89:1b:49:56:d5:2c:49:68:c9:ab:1a:8d:a0:1f:24:
         16:ae:41:7a:c3:bb:d0:e4:6b:5b:8b:30:4e:a3:0e:22:19:42:
         d1:8c:31:5c:f8:f5:9a:33:18:ff:38:8d:d1:47:3e:b7:8b:b3:
         ae:d5:a5:4d:f0:de:4d:9b:e1:72:0e:93:ff:e1:c7:3c:49:99:
         97:3f:e1:58:af:d9:57:f8:4b:64:7f:16:3b:3c:a1:bd:b0:f8:
         84:8f:b8:d1:e1:28:22:64:91:37:a2:f7:92:29:e2:5a:82:76:
         0e:61:5d:8a:ef:08:83:2f:22:9e:17:32:26:22:21:62:a6:bf:
         ac:e6:db:10:4c:dc:ab:36:ab:8c:d1:1d:5e:dc:a4:5b:d0:ca:
         50:f3:da:80:3a:f9:48:d3:b7:c6:fe:2f:c9:62:3a:b5:0d:d0:
         5f:eb:af:d5:8e:d7:27:6a:75:4b:61:56:7e:f2:2c:5e:40:21:
         da:67:a1:9b:87:0b:14:e3:3c:7c:a5:ee:e4:0e:c9:54:a0:c1:
         91:ea:d4:f6:c8:ec:c6:1a:84:f0:e1:5c:56:f1:b1:11:06:19:
         32:05:db:1c:db:0b:8c:69:99:1d:58:6b:d9:c9:5c:98:ed:42:
         1f:e1:b3:6b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZeIUkiS1LXIY9pPKVRkba9SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYTg0ZDI0N2NlMzdjZGNjZjA2ZTE1NzFkMjI2YTJiODU2
NzdiY2QwHhcNMjUwNjE5MTMxMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTlhZTFkOWYyYTQwNTIxMmM2NjExZDk1YjU1N2ViZDJkZDIzYWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAufPQhtklYQRlQ5Zv8mp9D8BCrz6/
sBUqAlhhL+7grfPh3vWXUBxZdvjKrkzSX5qQ/d7oYAK+5hnzIK2lcBPseHygf/cN
OqYjDGlRQV9AKS7BQ3WcClQ4U2ryc3Z2PjyZ+cT5jtqP85lEWbLvXic4Pp+6GP2X
PKX39YLQCg88L1l4+G4+LhdNtlKJ91r+IXF/ZrV52d0sHf3Q8zW5iOq7Cwg1lFoN
uFVpOWPM/kwPHh/+X8HZbsZI42E4qPxgg4LBvsAZMsuOKAlyZvizqP9rbCZUVPvB
UAVbEbgFDgecIDJk+s0vwm+qPSwStcCK9jZdiXOKwxYToB+gdkMtzT7+7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCGa4dnypAUhLGYR2VtVfr0t0jrFMB8GA1UdIwQY
MBaAFE2oTSR843zczwbhVx0iaiuFZ3vNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGIt
NTU1OGE4YjUzZTNkLzEvSVpyaDJmS2tCU0VzWmhIWlcxVi12UzNTT3NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGItNTU1OGE4YjUzZTNk
LzEvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUNDdAwQA
ua5GMA0GCSqGSIb3DQEBCwUAA4IBAQA/xAKp3wQolhMXqnhaBzSq8NM4PSeJG0lW
1SxJaMmrGo2gHyQWrkF6w7vQ5GtbizBOow4iGULRjDFc+PWaMxj/OI3RRz63i7Ou
1aVN8N5Nm+FyDpP/4cc8SZmXP+FYr9lX+EtkfxY7PKG9sPiEj7jR4SgiZJE3oveS
KeJagnYOYV2K7wiDLyKeFzImIiFipr+s5tsQTNyrNquM0R1e3KRb0MpQ89qAOvlI
07fG/i/JYjq1DdBf66/VjtcnanVLYVZ+8ixeQCHaZ6GbhwsU4zx8pe7kDslUoMGR
6tT2yOzGGoTw4VxW8bERBhkyBdsc2wuMaZkdWGvZyVyY7UIf4bNr
-----END CERTIFICATE-----