Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/mSfH0G_iARcbQlaJSIXQlk05LS4.roa
File:                     mSfH0G_iARcbQlaJSIXQlk05LS4.roa (raw, json)
Hash identifier:          0FkMJZ2bnxCxc3Hk8tjYTkCS9FPgkLmBQCWnnshE9e0=
Subject key identifier:   99:27:C7:D0:6F:E2:01:17:1B:42:56:89:48:85:D0:96:4D:39:2D:2E
Certificate issuer:       /CN=65ea93d88a202d51d34d2a903597e76b8f17f0ea
Certificate serial:       019824CBB1FBE53ED0750D5E4224358E45B9
Authority key identifier: 65:EA:93:D8:8A:20:2D:51:D3:4D:2A:90:35:97:E7:6B:8F:17:F0:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZeqT2IogLVHTTSqQNZfna48X8Oo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/mSfH0G_iARcbQlaJSIXQlk05LS4.roa
Signing time:             Sat 19 Jul 2025 22:26:25 +0000
ROA not before:           Sat 19 Jul 2025 22:26:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199785
IP address blocks:        213.165.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/ZeqT2IogLVHTTSqQNZfna48X8Oo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/ZeqT2IogLVHTTSqQNZfna48X8Oo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZeqT2IogLVHTTSqQNZfna48X8Oo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:24:cb:b1:fb:e5:3e:d0:75:0d:5e:42:24:35:8e:45:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65ea93d88a202d51d34d2a903597e76b8f17f0ea
        Validity
            Not Before: Jul 19 22:26:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9927c7d06fe201171b4256894885d0964d392d2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:71:b2:f1:94:6b:64:3b:8b:a7:8a:49:86:58:
                    41:95:13:18:41:62:79:73:f4:96:6a:69:d2:49:28:
                    08:fa:41:98:09:3b:f4:5c:57:be:14:ba:2e:1c:43:
                    9e:ee:25:2d:24:bb:6c:50:5a:77:63:ad:9e:5c:cb:
                    f0:d6:0e:a9:3a:2b:d6:9b:9b:b4:45:4f:51:26:14:
                    71:58:a8:b5:32:95:ad:ec:b7:33:ea:c8:09:7c:ef:
                    1e:86:f8:3c:57:cd:13:4b:ca:cb:b5:ca:33:45:ae:
                    92:7a:cd:39:23:64:55:db:7f:d6:bb:f0:88:06:11:
                    33:47:44:9f:dd:23:9a:96:8b:a2:9e:63:c9:bf:36:
                    58:1e:3c:30:65:52:36:6e:21:22:5c:f4:dd:73:f2:
                    ab:8e:3b:8e:74:f9:07:67:33:fb:9d:7c:fc:ca:90:
                    45:8a:2c:11:29:ff:fd:22:db:a1:05:c4:c5:76:58:
                    d0:7d:fb:17:3e:db:1a:3d:80:4d:86:d7:dc:34:6e:
                    de:89:31:5e:92:ee:a4:97:8f:96:43:44:50:7e:8a:
                    e7:fe:50:aa:04:da:54:07:5d:38:98:1b:66:f7:1f:
                    f2:51:d4:a8:9d:f2:fc:cd:28:18:51:b1:c9:b8:ec:
                    3b:08:1d:56:f6:07:cd:5c:99:4e:44:20:74:23:06:
                    00:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:27:C7:D0:6F:E2:01:17:1B:42:56:89:48:85:D0:96:4D:39:2D:2E
            X509v3 Authority Key Identifier:
                keyid:65:EA:93:D8:8A:20:2D:51:D3:4D:2A:90:35:97:E7:6B:8F:17:F0:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZeqT2IogLVHTTSqQNZfna48X8Oo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/mSfH0G_iARcbQlaJSIXQlk05LS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/ZeqT2IogLVHTTSqQNZfna48X8Oo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.165.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:cd:02:f9:46:42:d1:60:99:4d:6c:e8:24:6b:fd:7b:e7:9c:
         1e:8f:ce:b9:3e:df:6f:f6:07:bf:0a:f8:fa:e0:b8:32:a3:31:
         9b:b2:71:bb:a0:93:46:45:0f:31:6c:38:af:7e:e4:a2:bd:3d:
         5c:1f:68:8f:c7:79:7b:26:21:e0:d5:88:4a:e7:97:8c:ea:22:
         98:5e:11:02:b0:3b:7e:06:2c:7e:89:bf:3b:9f:f1:5c:a5:9b:
         4e:ed:74:66:bd:39:2f:c6:27:be:8a:44:16:7d:aa:69:a0:5f:
         b9:ee:3f:73:52:18:8b:46:14:a3:a3:6d:a7:94:ff:c8:be:e0:
         0e:3c:a8:f4:37:8d:fb:ef:39:0d:f6:1f:d8:09:01:bb:17:bc:
         fc:84:d1:d8:b3:7c:3e:cf:bb:91:92:7b:e2:09:54:37:f4:14:
         4d:15:35:a1:3f:ff:2f:2d:65:72:01:eb:80:14:b1:f0:4d:a8:
         d5:6a:d2:1b:a4:56:3d:81:81:ed:47:08:15:4f:34:25:8f:b0:
         2e:38:74:b9:61:69:c3:b4:57:b3:2e:78:37:d5:6e:ac:3b:5c:
         f6:b4:39:08:62:fd:86:34:18:d8:1c:bc:ef:b0:d8:07:55:1f:
         fa:5f:7d:13:2e:dd:f1:56:f3:0c:14:2c:29:e9:12:d5:b6:77:
         21:d6:92:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgky7H75T7QdQ1eQiQ1jkW5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ZWE5M2Q4OGEyMDJkNTFkMzRkMmE5MDM1OTdlNzZiOGYx
N2YwZWEwHhcNMjUwNzE5MjIyNjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTI3YzdkMDZmZTIwMTE3MWI0MjU2ODk0ODg1ZDA5NjRkMzkyZDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnGy8ZRrZDuLp4pJhlhBlRMYQWJ5
c/SWamnSSSgI+kGYCTv0XFe+FLouHEOe7iUtJLtsUFp3Y62eXMvw1g6pOivWm5u0
RU9RJhRxWKi1MpWt7Lcz6sgJfO8ehvg8V80TS8rLtcozRa6Ses05I2RV23/Wu/CI
BhEzR0Sf3SOalouinmPJvzZYHjwwZVI2biEiXPTdc/KrjjuOdPkHZzP7nXz8ypBF
iiwRKf/9ItuhBcTFdljQffsXPtsaPYBNhtfcNG7eiTFeku6kl4+WQ0RQforn/lCq
BNpUB104mBtm9x/yUdSonfL8zSgYUbHJuOw7CB1W9gfNXJlORCB0IwYAUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJknx9Bv4gEXG0JWiUiF0JZNOS0uMB8GA1UdIwQY
MBaAFGXqk9iKIC1R000qkDWX52uPF/DqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmVxVDJJb2dMVkhUVFNxUU5aZm5hNDhYOE9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC81NGVhYzAtNzFmZC00NmU5LTllMWIt
Y2UxYmJhNjkxYjM3LzEvbVNmSDBHX2lBUmNiUWxhSlNJWFFsazA1TFM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC81NGVhYzAtNzFmZC00NmU5LTllMWItY2UxYmJhNjkxYjM3
LzEvWmVxVDJJb2dMVkhUVFNxUU5aZm5hNDhYOE9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1aU0MA0G
CSqGSIb3DQEBCwUAA4IBAQCazQL5RkLRYJlNbOgka/1755wej865Pt9v9ge/Cvj6
4LgyozGbsnG7oJNGRQ8xbDivfuSivT1cH2iPx3l7JiHg1YhK55eM6iKYXhECsDt+
Bix+ib87n/FcpZtO7XRmvTkvxie+ikQWfappoF+57j9zUhiLRhSjo22nlP/IvuAO
PKj0N4377zkN9h/YCQG7F7z8hNHYs3w+z7uRknviCVQ39BRNFTWhP/8vLWVyAeuA
FLHwTajVatIbpFY9gYHtRwgVTzQlj7AuOHS5YWnDtFezLng31W6sO1z2tDkIYv2G
NBjYHLzvsNgHVR/6X30TLt3xVvMMFCwp6RLVtnch1pIT
-----END CERTIFICATE-----