Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/ade881-ef45-4d09-b634-3a01c63f84f7/1/71VKnDjS2pIKav8fy7VWvbZMqKY.roa
File:                     71VKnDjS2pIKav8fy7VWvbZMqKY.roa (raw, json)
Hash identifier:          x3r/u2CpBN4vA9H4DRg1/AuBeG7a5/EYABNheKy1tXk=
Subject key identifier:   EF:55:4A:9C:38:D2:DA:92:0A:6A:FF:1F:CB:B5:56:BD:B6:4C:A8:A6
Certificate issuer:       /CN=1a6add3ea159f63ff58d6b3dffd2ca416ac033a2
Certificate serial:       01999A4A457BEB159C88DB46D70BF3B0EBDC
Authority key identifier: 1A:6A:DD:3E:A1:59:F6:3F:F5:8D:6B:3D:FF:D2:CA:41:6A:C0:33:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GmrdPqFZ9j_1jWs9_9LKQWrAM6I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/ade881-ef45-4d09-b634-3a01c63f84f7/1/71VKnDjS2pIKav8fy7VWvbZMqKY.roa
Signing time:             Tue 30 Sep 2025 11:03:02 +0000
ROA not before:           Tue 30 Sep 2025 11:03:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20483
IP address blocks:        178.21.24.0/21 maxlen: 21
                          217.150.0.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/ade881-ef45-4d09-b634-3a01c63f84f7/1/GmrdPqFZ9j_1jWs9_9LKQWrAM6I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/ade881-ef45-4d09-b634-3a01c63f84f7/1/GmrdPqFZ9j_1jWs9_9LKQWrAM6I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GmrdPqFZ9j_1jWs9_9LKQWrAM6I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9a:4a:45:7b:eb:15:9c:88:db:46:d7:0b:f3:b0:eb:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a6add3ea159f63ff58d6b3dffd2ca416ac033a2
        Validity
            Not Before: Sep 30 11:03:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef554a9c38d2da920a6aff1fcbb556bdb64ca8a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:cf:81:46:65:d6:0b:33:1a:47:87:af:54:1f:
                    0a:3f:e7:97:c3:f7:a1:d9:5b:14:da:54:d6:6b:f0:
                    8b:d2:01:57:a2:d3:1f:cf:e6:fb:0f:ec:0e:33:9e:
                    f4:9a:d5:35:17:53:bd:28:ec:0f:0b:f3:33:76:1d:
                    63:5d:a2:85:be:87:35:7a:8d:d7:de:38:23:35:1d:
                    04:de:49:4b:70:47:00:a4:bb:c0:3a:85:66:d3:ce:
                    65:ce:fd:7d:37:fd:9b:ff:71:0b:42:5f:cb:39:06:
                    8b:33:69:27:7b:a0:ea:95:24:5f:f6:09:27:17:f7:
                    07:08:4e:cd:fc:c6:52:08:7f:3e:fb:d0:53:41:fb:
                    c6:09:0e:b8:9a:b0:0d:a3:6d:3c:c1:c5:12:15:a1:
                    28:1b:67:b4:05:ce:7d:34:1e:5b:3f:9a:d7:7e:27:
                    de:5d:56:08:2b:c6:fa:92:f3:ba:75:60:a8:85:ee:
                    09:67:12:f7:8c:92:32:af:8c:a0:5b:a9:e2:87:44:
                    0a:ae:d2:6f:81:44:bf:17:75:26:7e:4b:98:41:e5:
                    be:74:c4:ec:f7:a9:fa:f6:a6:22:8a:ce:18:49:7a:
                    06:ae:7d:44:cf:b8:59:06:a1:a1:a4:26:3a:59:b8:
                    23:19:b7:51:90:19:84:7c:d2:7e:da:a1:6a:61:50:
                    ff:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:55:4A:9C:38:D2:DA:92:0A:6A:FF:1F:CB:B5:56:BD:B6:4C:A8:A6
            X509v3 Authority Key Identifier:
                keyid:1A:6A:DD:3E:A1:59:F6:3F:F5:8D:6B:3D:FF:D2:CA:41:6A:C0:33:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GmrdPqFZ9j_1jWs9_9LKQWrAM6I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ade881-ef45-4d09-b634-3a01c63f84f7/1/71VKnDjS2pIKav8fy7VWvbZMqKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ade881-ef45-4d09-b634-3a01c63f84f7/1/GmrdPqFZ9j_1jWs9_9LKQWrAM6I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.21.24.0/21
                  217.150.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a0:25:b3:d6:8a:66:23:d6:a5:18:4c:6c:d4:3d:d3:a0:82:f6:
         94:b3:8e:d0:c5:57:89:7b:d5:74:8c:4e:d4:0c:f3:86:08:00:
         e5:e4:9e:3f:5e:e9:6e:f9:cc:6e:f7:36:15:3b:37:ea:82:b1:
         7f:d6:0f:97:36:9a:e9:e2:a5:73:b5:b9:b1:ca:61:19:78:d5:
         64:76:d3:8b:e5:08:15:8c:e9:b9:72:f5:ba:88:68:cf:2e:b9:
         69:8c:2d:a8:9c:4c:2f:6e:ac:53:13:a4:d0:81:eb:55:58:2e:
         c3:b9:16:04:62:cf:fc:a3:a6:25:2e:d9:c0:52:36:03:67:75:
         d4:b5:4e:67:b3:1d:23:65:a2:5c:f5:b1:a8:c0:a2:f5:d6:80:
         e4:c2:42:32:ad:07:b5:64:d4:29:6f:72:c1:b3:7a:c1:15:a3:
         0b:05:3d:1b:7a:a0:05:7a:17:f7:8e:91:72:ae:99:0a:18:37:
         44:9b:89:04:f6:da:a3:2f:aa:ec:0f:ed:06:7b:69:1d:c8:03:
         cc:7b:ae:60:db:4c:8b:bc:52:e9:2f:8a:a3:eb:df:49:b0:21:
         7e:5c:49:6a:15:fc:35:52:9d:61:3b:c0:3f:03:5e:67:7a:d7:
         b2:8c:23:40:66:09:37:24:ef:df:df:27:32:c5:d0:7d:4b:cf:
         34:a7:9d:8e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmaSkV76xWciNtG1wvzsOvcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNmFkZDNlYTE1OWY2M2ZmNThkNmIzZGZmZDJjYTQxNmFj
MDMzYTIwHhcNMjUwOTMwMTEwMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjU1NGE5YzM4ZDJkYTkyMGE2YWZmMWZjYmI1NTZiZGI2NGNhOGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAps+BRmXWCzMaR4evVB8KP+eXw/eh
2VsU2lTWa/CL0gFXotMfz+b7D+wOM570mtU1F1O9KOwPC/Mzdh1jXaKFvoc1eo3X
3jgjNR0E3klLcEcApLvAOoVm085lzv19N/2b/3ELQl/LOQaLM2kne6DqlSRf9gkn
F/cHCE7N/MZSCH8++9BTQfvGCQ64mrANo208wcUSFaEoG2e0Bc59NB5bP5rXfife
XVYIK8b6kvO6dWCohe4JZxL3jJIyr4ygW6nih0QKrtJvgUS/F3UmfkuYQeW+dMTs
96n69qYiis4YSXoGrn1Ez7hZBqGhpCY6WbgjGbdRkBmEfNJ+2qFqYVD/ZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO9VSpw40tqSCmr/H8u1Vr22TKimMB8GA1UdIwQY
MBaAFBpq3T6hWfY/9Y1rPf/SykFqwDOiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR21yZFBxRlo5al8xaldzOV85TEtRV3JBTTZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9hZGU4ODEtZWY0NS00ZDA5LWI2MzQt
M2EwMWM2M2Y4NGY3LzEvNzFWS25EalMycElLYXY4Znk3Vld2YlpNcUtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9hZGU4ODEtZWY0NS00ZDA5LWI2MzQtM2EwMWM2M2Y4NGY3
LzEvR21yZFBxRlo5al8xaldzOV85TEtRV3JBTTZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDshUYAwQF
2ZYAMA0GCSqGSIb3DQEBCwUAA4IBAQCgJbPWimYj1qUYTGzUPdOggvaUs47QxVeJ
e9V0jE7UDPOGCADl5J4/Xulu+cxu9zYVOzfqgrF/1g+XNprp4qVztbmxymEZeNVk
dtOL5QgVjOm5cvW6iGjPLrlpjC2onEwvbqxTE6TQgetVWC7DuRYEYs/8o6YlLtnA
UjYDZ3XUtU5nsx0jZaJc9bGowKL11oDkwkIyrQe1ZNQpb3LBs3rBFaMLBT0beqAF
ehf3jpFyrpkKGDdEm4kE9tqjL6rsD+0Ge2kdyAPMe65g20yLvFLpL4qj699JsCF+
XElqFfw1Up1hO8A/A15neteyjCNAZgk3JO/f3ycyxdB9S880p52O
-----END CERTIFICATE-----