Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/yEUQ_aJkjJZT7FqCL5XucJyCbH4.roa
File:                     yEUQ_aJkjJZT7FqCL5XucJyCbH4.roa (raw, json)
Hash identifier:          UhItDph40P0qmr9fzzHpHPa0fBJT60AEwUYsGPaQGNQ=
Subject key identifier:   C8:45:10:FD:A2:64:8C:96:53:EC:5A:82:2F:95:EE:70:9C:82:6C:7E
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       0197FE1882B8C3054E3A4CD26F7CCB443E90
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/yEUQ_aJkjJZT7FqCL5XucJyCbH4.roa
Signing time:             Sat 12 Jul 2025 10:05:08 +0000
ROA not before:           Sat 12 Jul 2025 10:05:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64267
IP address blocks:        213.209.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 16:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:fe:18:82:b8:c3:05:4e:3a:4c:d2:6f:7c:cb:44:3e:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jul 12 10:05:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c84510fda2648c9653ec5a822f95ee709c826c7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d3:e5:5f:8c:fd:4d:6e:20:92:e1:d4:89:9e:
                    83:e8:9b:65:22:f0:34:bd:b2:07:54:58:ec:9a:5d:
                    4d:57:1f:7c:6d:b5:e4:76:ae:45:8f:5f:18:71:69:
                    94:fe:0d:34:c1:f3:d0:89:79:09:6b:81:29:53:7b:
                    45:b7:8d:59:c7:1d:01:8e:d5:aa:65:1c:33:f2:f9:
                    3d:8a:2d:71:b2:a3:ab:af:a6:f2:86:70:97:d9:a4:
                    9f:14:01:c3:de:bf:c0:9a:6f:1b:4c:43:66:b5:0d:
                    55:2d:ad:1c:90:a9:fe:6d:75:67:95:56:1c:02:cb:
                    de:f9:73:05:80:c7:a7:4d:51:ee:ac:3f:ff:ef:78:
                    95:6f:26:b4:ed:ed:2b:86:c2:7a:e7:8d:4d:ff:f1:
                    77:25:54:b3:d5:21:70:3d:26:02:2d:4d:5b:2b:ea:
                    26:66:a5:19:43:cc:d9:5f:21:45:02:6d:bb:29:e9:
                    71:22:20:93:90:2e:55:b2:bd:84:65:f8:77:75:b9:
                    f8:76:e2:be:8d:48:2a:8c:ce:f9:ac:17:9a:e7:ec:
                    e2:0c:f1:ae:43:da:f7:04:66:d9:b2:10:cc:52:7e:
                    12:41:f6:89:3e:19:7d:c1:92:54:9a:56:3e:41:9f:
                    e6:f1:aa:fa:d7:4b:c7:4a:99:bd:82:d5:27:6b:0f:
                    ee:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:45:10:FD:A2:64:8C:96:53:EC:5A:82:2F:95:EE:70:9C:82:6C:7E
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/yEUQ_aJkjJZT7FqCL5XucJyCbH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.209.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:4f:a5:0b:4d:ae:0c:70:b6:01:4e:54:71:10:01:37:cf:df:
         97:7e:36:d7:ba:7a:42:e4:21:16:33:c9:fc:36:5b:28:1e:a4:
         a8:bf:14:ed:fc:b9:8b:76:3b:89:65:b0:4f:66:93:f8:5c:88:
         e1:1e:a0:be:de:b0:84:fa:cc:51:f5:6d:ff:d5:f6:69:b2:1a:
         7c:fb:33:d4:a9:61:b7:49:fd:4c:6c:c3:e8:e0:17:d0:e7:c6:
         14:98:e2:25:32:6d:84:8b:28:53:a5:f4:ae:04:01:1e:48:d7:
         ec:b4:91:c4:ee:1c:4d:22:79:66:ae:4f:59:96:2b:54:5c:b5:
         50:1c:16:51:30:3b:a4:32:9c:62:18:02:a7:6c:db:1f:bc:04:
         cd:6b:76:08:14:76:3b:e9:fd:b8:f2:9b:79:a8:79:26:97:d8:
         52:28:a7:06:be:db:6a:96:6b:02:e4:88:a4:65:5e:8e:3e:2c:
         58:2a:c1:9f:aa:8c:11:e8:55:85:9f:50:7b:09:bd:35:24:f4:
         c2:50:14:3a:63:d8:b7:1c:9b:0e:da:6c:84:e0:93:82:4c:56:
         2e:3e:1e:e5:a4:c3:fd:e7:3a:7e:11:84:6b:fe:41:f0:a6:cb:
         a5:bb:c7:28:db:ed:32:87:09:fe:3a:1c:07:cd:d6:68:a8:a8:
         36:e4:b7:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf+GIK4wwVOOkzSb3zLRD6QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjUwNzEyMTAwNTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODQ1MTBmZGEyNjQ4Yzk2NTNlYzVhODIyZjk1ZWU3MDljODI2YzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtPlX4z9TW4gkuHUiZ6D6JtlIvA0
vbIHVFjsml1NVx98bbXkdq5Fj18YcWmU/g00wfPQiXkJa4EpU3tFt41Zxx0BjtWq
ZRwz8vk9ii1xsqOrr6byhnCX2aSfFAHD3r/Amm8bTENmtQ1VLa0ckKn+bXVnlVYc
Asve+XMFgMenTVHurD//73iVbya07e0rhsJ6541N//F3JVSz1SFwPSYCLU1bK+om
ZqUZQ8zZXyFFAm27KelxIiCTkC5Vsr2EZfh3dbn4duK+jUgqjM75rBea5+ziDPGu
Q9r3BGbZshDMUn4SQfaJPhl9wZJUmlY+QZ/m8ar610vHSpm9gtUnaw/uIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMhFEP2iZIyWU+xagi+V7nCcgmx+MB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEveUVVUV9hSmtqSlpUN0ZxQ0w1WHVjSnlDYkg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dGRMA0G
CSqGSIb3DQEBCwUAA4IBAQClT6ULTa4McLYBTlRxEAE3z9+XfjbXunpC5CEWM8n8
NlsoHqSovxTt/LmLdjuJZbBPZpP4XIjhHqC+3rCE+sxR9W3/1fZpshp8+zPUqWG3
Sf1MbMPo4BfQ58YUmOIlMm2EiyhTpfSuBAEeSNfstJHE7hxNInlmrk9ZlitUXLVQ
HBZRMDukMpxiGAKnbNsfvATNa3YIFHY76f248pt5qHkml9hSKKcGvttqlmsC5Iik
ZV6OPixYKsGfqowR6FWFn1B7Cb01JPTCUBQ6Y9i3HJsO2myE4JOCTFYuPh7lpMP9
5zp+EYRr/kHwpsulu8co2+0yhwn+OhwHzdZoqKg25Lfw
-----END CERTIFICATE-----