Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZeS20_oHUJMluTQ0NLKvA8MddlQ.roa
File:                     ZeS20_oHUJMluTQ0NLKvA8MddlQ.roa (raw, json)
Hash identifier:          dG98OYoIHXRu6CU/AFyTQ7Ffl0Qa040yf0xbzK4lVB0=
Subject key identifier:   65:E4:B6:D3:FA:07:50:93:25:B9:34:34:34:B2:AF:03:C3:1D:76:54
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       019956042329ADA774C647C897836952006F
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZeS20_oHUJMluTQ0NLKvA8MddlQ.roa
Signing time:             Wed 17 Sep 2025 04:52:15 +0000
ROA not before:           Wed 17 Sep 2025 04:52:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        213.182.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:56:04:23:29:ad:a7:74:c6:47:c8:97:83:69:52:00:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Sep 17 04:52:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=65e4b6d3fa07509325b9343434b2af03c31d7654
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:12:fb:7c:5f:14:a2:60:7c:e9:4e:c9:09:05:
                    ba:be:e5:8f:d9:4f:79:ad:70:89:c4:ab:f4:59:8c:
                    8e:92:50:f4:47:c4:0c:66:54:f0:cc:12:f3:87:c3:
                    ba:84:fc:a4:88:ba:c8:89:61:ba:56:83:f6:68:c9:
                    93:fd:5b:86:84:14:91:65:ad:db:48:d0:68:a2:80:
                    87:5f:60:04:83:05:e9:f2:51:66:7f:00:14:f9:62:
                    e0:ca:de:00:74:c3:21:aa:05:e2:ce:3f:50:c3:40:
                    74:5b:fa:cd:09:02:50:e8:cf:fd:7c:d7:e9:95:bf:
                    39:da:81:53:46:f1:32:56:47:e0:fd:09:a4:47:da:
                    ed:5a:40:cb:81:2f:5f:1f:d4:74:ad:fd:60:9f:ec:
                    66:a6:6d:32:e2:c3:41:8a:76:fc:98:18:ce:d7:f8:
                    ad:82:5e:67:ea:6b:20:f8:39:d1:29:eb:d8:35:7b:
                    76:3e:e3:70:f9:b5:14:c3:64:02:92:07:df:11:88:
                    8e:5f:8e:69:de:ea:9b:a0:be:6f:47:94:f7:45:e7:
                    23:17:00:5f:b9:07:7e:e1:ad:3a:16:4e:00:b8:27:
                    18:9a:ad:f2:b7:dd:3b:c9:11:51:9c:59:7e:21:31:
                    ff:dd:63:0f:0b:61:8b:fd:34:6d:26:67:e5:2c:ea:
                    e2:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:E4:B6:D3:FA:07:50:93:25:B9:34:34:34:B2:AF:03:C3:1D:76:54
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZeS20_oHUJMluTQ0NLKvA8MddlQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.182.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:ca:ad:52:36:3c:98:fe:7e:19:fd:77:6f:0c:ee:e7:74:c2:
         ef:da:a8:19:ca:8f:38:3a:e4:c0:46:08:b0:be:04:ab:22:a8:
         fe:d0:29:82:89:ad:84:4a:2d:44:9e:18:26:fb:dc:97:e4:49:
         c3:ef:71:34:f0:40:fa:3c:2b:ac:40:3b:a7:43:b1:ed:5b:89:
         c9:51:12:73:aa:bc:92:f4:c7:e6:4f:20:ac:1a:d6:b1:1d:b4:
         1a:2e:1c:1a:c3:d5:f6:0d:e6:43:ba:23:39:cc:54:bf:1a:06:
         1e:0b:2d:86:91:fe:5d:b3:11:9c:d0:61:df:69:a4:05:7e:99:
         4b:c3:a3:d1:59:44:4a:d9:75:64:5a:00:17:ba:d6:cf:0e:44:
         e6:e1:cb:bb:6a:1e:1e:d3:85:34:d7:a1:6c:99:24:e5:46:ba:
         f8:91:2b:e0:fe:17:25:00:d2:c0:11:86:45:2d:78:0b:71:b9:
         83:00:36:b1:c5:0d:72:e3:2b:9c:37:81:04:ee:fa:b6:87:6e:
         df:f9:23:f9:7b:05:84:2c:0f:60:c9:b4:f5:10:a4:27:32:ba:
         9a:f4:cb:87:f7:34:56:ef:f3:4d:24:f6:b0:9c:47:51:5d:76:
         11:b5:f3:9e:59:4d:ff:d5:e0:34:88:18:67:13:0d:21:f5:39:
         e5:a8:5c:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlWBCMprad0xkfIl4NpUgBvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjUwOTE3MDQ1MjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWU0YjZkM2ZhMDc1MDkzMjViOTM0MzQzNGIyYWYwM2MzMWQ3NjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRL7fF8UomB86U7JCQW6vuWP2U95
rXCJxKv0WYyOklD0R8QMZlTwzBLzh8O6hPykiLrIiWG6VoP2aMmT/VuGhBSRZa3b
SNBoooCHX2AEgwXp8lFmfwAU+WLgyt4AdMMhqgXizj9Qw0B0W/rNCQJQ6M/9fNfp
lb852oFTRvEyVkfg/QmkR9rtWkDLgS9fH9R0rf1gn+xmpm0y4sNBinb8mBjO1/it
gl5n6msg+DnRKevYNXt2PuNw+bUUw2QCkgffEYiOX45p3uqboL5vR5T3RecjFwBf
uQd+4a06Fk4AuCcYmq3yt907yRFRnFl+ITH/3WMPC2GL/TRtJmflLOrihQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGXkttP6B1CTJbk0NDSyrwPDHXZUMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvWmVTMjBfb0hVSk1sdVRRME5MS3ZBOE1kZGxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bbSMA0G
CSqGSIb3DQEBCwUAA4IBAQBsyq1SNjyY/n4Z/XdvDO7ndMLv2qgZyo84OuTARgiw
vgSrIqj+0CmCia2ESi1Enhgm+9yX5EnD73E08ED6PCusQDunQ7HtW4nJURJzqryS
9MfmTyCsGtaxHbQaLhwaw9X2DeZDuiM5zFS/GgYeCy2Gkf5dsxGc0GHfaaQFfplL
w6PRWURK2XVkWgAXutbPDkTm4cu7ah4e04U016FsmSTlRrr4kSvg/hclANLAEYZF
LXgLcbmDADaxxQ1y4yucN4EE7vq2h27f+SP5ewWELA9gybT1EKQnMrqa9MuH9zRW
7/NNJPawnEdRXXYRtfOeWU3/1eA0iBhnEw0h9TnlqFyF
-----END CERTIFICATE-----