Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/ODbufxXXrhTdMdFySYsUtuuXSjA.roa
File:                     ODbufxXXrhTdMdFySYsUtuuXSjA.roa (raw, json)
Hash identifier:          p2sZcd16HOFuL2f2wS89qEK/jKaiZ38X3u4IhgHLvKw=
Subject key identifier:   38:36:EE:7F:15:D7:AE:14:DD:31:D1:72:49:8B:14:B6:EB:97:4A:30
Certificate issuer:       /CN=bd252a75c961ad338fd91147d461dd8b3d20cf51
Certificate serial:       0197D4C7072F9046F38A9477AEB19801CD82
Authority key identifier: BD:25:2A:75:C9:61:AD:33:8F:D9:11:47:D4:61:DD:8B:3D:20:CF:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vSUqdclhrTOP2RFH1GHdiz0gz1E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/ODbufxXXrhTdMdFySYsUtuuXSjA.roa
Signing time:             Fri 04 Jul 2025 09:31:42 +0000
ROA not before:           Fri 04 Jul 2025 09:31:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        5.182.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/vSUqdclhrTOP2RFH1GHdiz0gz1E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/vSUqdclhrTOP2RFH1GHdiz0gz1E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vSUqdclhrTOP2RFH1GHdiz0gz1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Jul 2025 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d4:c7:07:2f:90:46:f3:8a:94:77:ae:b1:98:01:cd:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd252a75c961ad338fd91147d461dd8b3d20cf51
        Validity
            Not Before: Jul  4 09:31:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3836ee7f15d7ae14dd31d172498b14b6eb974a30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:46:de:25:ff:db:8f:97:1d:2b:73:ad:68:43:
                    c0:38:31:db:0f:d0:81:df:54:65:06:0b:e2:9a:ee:
                    45:4a:90:91:60:97:43:6c:da:01:55:4a:ef:5e:69:
                    ae:5b:fc:25:f2:c8:1d:fc:5c:2d:39:76:48:99:bf:
                    25:25:09:41:31:18:ff:b6:ec:8b:73:58:9d:d3:3a:
                    46:db:10:90:c2:95:ba:d3:ba:06:72:6e:4e:ba:ab:
                    31:8c:96:93:4d:b5:c3:9f:e2:65:f1:07:30:c8:13:
                    f3:3c:c9:be:07:34:5a:d5:f6:dc:f2:68:9e:2b:cb:
                    1a:94:31:0f:23:88:10:df:96:71:0f:9e:ef:00:02:
                    bb:53:37:f9:1d:10:2a:b7:be:06:d5:58:c7:37:bb:
                    1c:75:63:c8:57:69:cc:6f:be:20:12:74:69:0a:64:
                    45:ba:60:47:1a:c7:e4:fa:fe:64:af:f0:05:b4:b1:
                    51:9d:60:af:97:e0:64:37:5b:b7:b9:91:de:f8:47:
                    ac:f4:97:41:6d:41:be:52:ac:90:1a:fa:9f:31:89:
                    8f:c1:64:5e:8a:af:50:92:87:21:c1:d4:ee:c5:a4:
                    f5:b4:84:18:49:b4:48:2f:cb:69:c6:d7:82:3e:c3:
                    87:59:d0:c1:c5:a7:d6:9f:69:81:37:86:ea:93:5d:
                    5c:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:36:EE:7F:15:D7:AE:14:DD:31:D1:72:49:8B:14:B6:EB:97:4A:30
            X509v3 Authority Key Identifier:
                keyid:BD:25:2A:75:C9:61:AD:33:8F:D9:11:47:D4:61:DD:8B:3D:20:CF:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vSUqdclhrTOP2RFH1GHdiz0gz1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/ODbufxXXrhTdMdFySYsUtuuXSjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/vSUqdclhrTOP2RFH1GHdiz0gz1E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:c4:cb:83:9a:66:92:17:45:89:e6:5e:b7:11:1a:b0:4c:f8:
         2e:b2:53:ce:69:42:6f:3d:eb:92:79:c5:5f:b2:08:37:83:f6:
         eb:5b:e5:64:37:7f:af:f6:68:2e:2c:ec:ec:9c:04:cf:65:85:
         25:f1:0e:fb:eb:bf:22:d2:48:e2:78:e0:58:08:de:62:e5:8c:
         1a:19:ed:36:76:d9:58:51:3d:23:e0:65:38:25:e1:ae:c2:91:
         71:b2:02:50:74:e0:ca:73:c7:5a:6f:83:98:6b:23:e9:a8:ad:
         7f:7a:ab:dc:b5:ab:02:4a:02:44:2e:ac:72:88:eb:98:44:54:
         16:2d:bb:17:90:59:be:88:8b:dc:ab:61:fa:fe:0d:c1:39:59:
         b7:9f:2d:07:22:36:17:ba:ec:5b:6d:c5:41:c7:b2:84:c0:d5:
         af:b2:f5:f5:9c:f3:8c:51:65:d3:af:94:db:76:74:27:64:cd:
         bd:c6:24:2f:e7:fc:66:7d:07:f5:42:5a:21:50:15:79:f2:f2:
         a6:39:ef:d8:ec:92:5b:4d:d6:70:4f:08:ba:d9:33:b3:a5:db:
         2d:ed:67:19:18:e6:0d:d7:27:08:6e:9f:b9:0e:63:43:d4:eb:
         ea:25:b6:1f:57:a8:19:69:d4:0d:88:bf:01:bb:b3:4b:5f:ed:
         a3:5d:f9:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfUxwcvkEbzipR3rrGYAc2CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMjUyYTc1Yzk2MWFkMzM4ZmQ5MTE0N2Q0NjFkZDhiM2Qy
MGNmNTEwHhcNMjUwNzA0MDkzMTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODM2ZWU3ZjE1ZDdhZTE0ZGQzMWQxNzI0OThiMTRiNmViOTc0YTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkbeJf/bj5cdK3OtaEPAODHbD9CB
31RlBgvimu5FSpCRYJdDbNoBVUrvXmmuW/wl8sgd/FwtOXZImb8lJQlBMRj/tuyL
c1id0zpG2xCQwpW607oGcm5OuqsxjJaTTbXDn+Jl8QcwyBPzPMm+BzRa1fbc8mie
K8salDEPI4gQ35ZxD57vAAK7Uzf5HRAqt74G1VjHN7scdWPIV2nMb74gEnRpCmRF
umBHGsfk+v5kr/AFtLFRnWCvl+BkN1u3uZHe+Ees9JdBbUG+UqyQGvqfMYmPwWRe
iq9QkochwdTuxaT1tIQYSbRIL8tpxteCPsOHWdDBxafWn2mBN4bqk11cwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDg27n8V164U3THRckmLFLbrl0owMB8GA1UdIwQY
MBaAFL0lKnXJYa0zj9kRR9Rh3Ys9IM9RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlNVcWRjbGhyVE9QMlJGSDFHSGRpejBnejFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9kMWM3MGUtMjI2YS00NzgxLWI2NjIt
NzQxYWI5Mjk5N2QwLzEvT0RidWZ4WFhyaFRkTWRGeVNZc1V0dXVYU2pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9kMWM3MGUtMjI2YS00NzgxLWI2NjItNzQxYWI5Mjk5N2Qw
LzEvdlNVcWRjbGhyVE9QMlJGSDFHSGRpejBnejFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbaZMA0G
CSqGSIb3DQEBCwUAA4IBAQCCxMuDmmaSF0WJ5l63ERqwTPguslPOaUJvPeuSecVf
sgg3g/brW+VkN3+v9mguLOzsnATPZYUl8Q77678i0kjieOBYCN5i5YwaGe02dtlY
UT0j4GU4JeGuwpFxsgJQdODKc8dab4OYayPpqK1/eqvctasCSgJELqxyiOuYRFQW
LbsXkFm+iIvcq2H6/g3BOVm3ny0HIjYXuuxbbcVBx7KEwNWvsvX1nPOMUWXTr5Tb
dnQnZM29xiQv5/xmfQf1QlohUBV58vKmOe/Y7JJbTdZwTwi62TOzpdst7WcZGOYN
1ycIbp+5DmND1OvqJbYfV6gZadQNiL8Bu7NLX+2jXflJ
-----END CERTIFICATE-----