Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/afd6b9-6c4e-40e0-ae96-b4da20a757cf/1/5Dk0AIyQ8366dMD1Y4_Uei8F_xA.roa
File:                     5Dk0AIyQ8366dMD1Y4_Uei8F_xA.roa (raw, json)
Hash identifier:          zRbpvOB6g3fcUQ2lDKrBbTaTLHRrCOPhGnLFNdn6z9I=
Subject key identifier:   E4:39:34:00:8C:90:F3:7E:BA:74:C0:F5:63:8F:D4:7A:2F:05:FF:10
Certificate issuer:       /CN=b754652a9e989145a059f78883d536e92c43b53f
Certificate serial:       01978C592B06DB33A822F6C187CE69802606
Authority key identifier: B7:54:65:2A:9E:98:91:45:A0:59:F7:88:83:D5:36:E9:2C:43:B5:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t1RlKp6YkUWgWfeIg9U26SxDtT8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/afd6b9-6c4e-40e0-ae96-b4da20a757cf/1/5Dk0AIyQ8366dMD1Y4_Uei8F_xA.roa
Signing time:             Fri 20 Jun 2025 07:59:03 +0000
ROA not before:           Fri 20 Jun 2025 07:59:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199878
IP address blocks:        82.118.146.0/24 maxlen: 24
                          82.118.147.0/24 maxlen: 24
                          95.171.236.0/24 maxlen: 24
                          95.171.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/afd6b9-6c4e-40e0-ae96-b4da20a757cf/1/t1RlKp6YkUWgWfeIg9U26SxDtT8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/afd6b9-6c4e-40e0-ae96-b4da20a757cf/1/t1RlKp6YkUWgWfeIg9U26SxDtT8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t1RlKp6YkUWgWfeIg9U26SxDtT8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 13:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8c:59:2b:06:db:33:a8:22:f6:c1:87:ce:69:80:26:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b754652a9e989145a059f78883d536e92c43b53f
        Validity
            Not Before: Jun 20 07:59:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e43934008c90f37eba74c0f5638fd47a2f05ff10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:ff:30:c9:4d:7d:6f:37:14:32:9e:84:5a:1e:
                    68:1e:b1:32:19:34:3a:60:60:93:a9:d4:bf:be:2d:
                    45:4e:9e:f3:e8:da:c1:5f:b4:59:7e:17:bf:b1:1b:
                    9b:11:70:60:a1:24:29:bb:50:cd:b4:ad:2e:06:ba:
                    a9:ee:8c:a4:f7:6c:58:c0:c0:79:1e:a8:f6:65:08:
                    7f:b7:17:cf:31:04:99:bc:32:ce:23:c4:97:c3:ea:
                    df:8e:5f:65:6d:eb:59:64:26:df:75:d3:19:ea:e7:
                    34:85:2b:cc:52:22:14:c8:38:b3:b1:93:ed:8f:9d:
                    ba:12:bf:dc:71:8a:c1:8a:8d:3a:01:70:31:63:6e:
                    3f:10:36:ad:41:5b:b9:f5:34:31:02:55:62:e6:e4:
                    54:dd:ef:53:5b:0a:5d:31:f3:7d:b7:88:20:c4:0d:
                    22:56:ca:c0:52:b0:f6:06:78:9a:24:77:34:74:5c:
                    6d:a9:f1:e9:f0:84:ad:fe:3d:48:d3:d5:98:de:dd:
                    9a:d0:ba:7c:75:5d:2f:76:c4:9b:ed:7f:9c:a8:b6:
                    b0:d5:57:aa:62:83:2d:68:99:ac:5f:db:a4:4b:1f:
                    cd:de:3f:05:40:f8:04:52:5a:db:aa:9f:f6:5f:59:
                    ba:3c:cd:36:21:60:ee:df:8b:fb:4a:42:fd:12:b5:
                    d0:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:39:34:00:8C:90:F3:7E:BA:74:C0:F5:63:8F:D4:7A:2F:05:FF:10
            X509v3 Authority Key Identifier:
                keyid:B7:54:65:2A:9E:98:91:45:A0:59:F7:88:83:D5:36:E9:2C:43:B5:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t1RlKp6YkUWgWfeIg9U26SxDtT8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/afd6b9-6c4e-40e0-ae96-b4da20a757cf/1/5Dk0AIyQ8366dMD1Y4_Uei8F_xA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/afd6b9-6c4e-40e0-ae96-b4da20a757cf/1/t1RlKp6YkUWgWfeIg9U26SxDtT8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.118.146.0/23
                  95.171.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a6:3f:2b:b0:ca:7b:7e:01:e5:e6:f6:8f:a9:67:bc:b0:4d:b6:
         ab:df:19:5a:05:55:6f:a3:17:b5:ec:8b:b0:6a:97:06:9d:59:
         a8:67:5c:da:e5:0b:15:ea:c4:e4:fe:7b:14:a6:ec:ce:16:63:
         cf:b7:ab:77:25:f3:6a:12:63:4a:51:99:bf:a8:cc:f5:3c:51:
         3f:03:29:80:c9:d0:44:d1:4e:d9:29:b1:ad:d6:86:10:85:dd:
         f9:db:98:2d:72:ce:fc:f8:e0:48:bb:e0:e4:20:45:c5:1c:b7:
         53:f6:0c:71:cb:5c:54:c4:42:6e:22:c7:e1:1a:a6:cf:c5:c9:
         24:91:c2:d4:41:40:1b:93:60:15:76:d7:83:14:95:e4:12:be:
         16:cc:62:62:c8:91:cf:ee:d1:fa:12:f1:cc:de:3a:08:aa:14:
         6d:2e:5d:37:c5:48:ce:50:f4:ab:7e:b4:06:73:4e:dc:09:3e:
         7e:c3:c7:fc:57:78:72:1d:ac:19:34:57:72:24:77:67:cd:bd:
         ea:b9:a3:c4:12:51:00:31:34:8f:6b:a2:7f:ff:60:5e:e0:8a:
         ba:d2:52:fc:7e:e5:f9:d7:d5:45:d5:e1:f6:47:bf:78:16:ca:
         3b:4f:0a:4c:09:72:62:cd:8a:03:3d:de:dd:65:89:79:1d:37:
         a7:ec:85:27
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZeMWSsG2zOoIvbBh85pgCYGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3NTQ2NTJhOWU5ODkxNDVhMDU5Zjc4ODgzZDUzNmU5MmM0
M2I1M2YwHhcNMjUwNjIwMDc1OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDM5MzQwMDhjOTBmMzdlYmE3NGMwZjU2MzhmZDQ3YTJmMDVmZjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/8wyU19bzcUMp6EWh5oHrEyGTQ6
YGCTqdS/vi1FTp7z6NrBX7RZfhe/sRubEXBgoSQpu1DNtK0uBrqp7oyk92xYwMB5
Hqj2ZQh/txfPMQSZvDLOI8SXw+rfjl9lbetZZCbfddMZ6uc0hSvMUiIUyDizsZPt
j526Er/ccYrBio06AXAxY24/EDatQVu59TQxAlVi5uRU3e9TWwpdMfN9t4ggxA0i
VsrAUrD2BniaJHc0dFxtqfHp8ISt/j1I09WY3t2a0Lp8dV0vdsSb7X+cqLaw1Veq
YoMtaJmsX9ukSx/N3j8FQPgEUlrbqp/2X1m6PM02IWDu34v7SkL9ErXQAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOQ5NACMkPN+unTA9WOP1HovBf8QMB8GA1UdIwQY
MBaAFLdUZSqemJFFoFn3iIPVNuksQ7U/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDFSbEtwNllrVVdnV2ZlSWc5VTI2U3hEdFQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9hZmQ2YjktNmM0ZS00MGUwLWFlOTYt
YjRkYTIwYTc1N2NmLzEvNURrMEFJeVE4MzY2ZE1EMVk0X1VlaThGX3hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9hZmQ2YjktNmM0ZS00MGUwLWFlOTYtYjRkYTIwYTc1N2Nm
LzEvdDFSbEtwNllrVVdnV2ZlSWc5VTI2U3hEdFQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUnaSAwQB
X6vsMA0GCSqGSIb3DQEBCwUAA4IBAQCmPyuwynt+AeXm9o+pZ7ywTbar3xlaBVVv
oxe17IuwapcGnVmoZ1za5QsV6sTk/nsUpuzOFmPPt6t3JfNqEmNKUZm/qMz1PFE/
AymAydBE0U7ZKbGt1oYQhd3525gtcs78+OBIu+DkIEXFHLdT9gxxy1xUxEJuIsfh
GqbPxckkkcLUQUAbk2AVdteDFJXkEr4WzGJiyJHP7tH6EvHM3joIqhRtLl03xUjO
UPSrfrQGc07cCT5+w8f8V3hyHawZNFdyJHdnzb3quaPEElEAMTSPa6J//2Be4Iq6
0lL8fuX519VF1eH2R794Fso7TwpMCXJizYoDPd7dZYl5HTen7IUn
-----END CERTIFICATE-----