Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/dp_5byGPXCGbQvqYjPeo9uM021U.roa
File:                     dp_5byGPXCGbQvqYjPeo9uM021U.roa (raw, json)
Hash identifier:          heIFyAGkqEk9pZ8/LM8InXoMTEqO9qdygCNFzMgCzHI=
Subject key identifier:   76:9F:F9:6F:21:8F:5C:21:9B:42:FA:98:8C:F7:A8:F6:E3:34:DB:55
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       0197FE2D923514CAB0BAE3AA3800985033B7
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/dp_5byGPXCGbQvqYjPeo9uM021U.roa
Signing time:             Sat 12 Jul 2025 10:28:08 +0000
ROA not before:           Sat 12 Jul 2025 10:28:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        185.24.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:fe:2d:92:35:14:ca:b0:ba:e3:aa:38:00:98:50:33:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Jul 12 10:28:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=769ff96f218f5c219b42fa988cf7a8f6e334db55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f1:81:dd:02:4e:77:ca:5e:80:e0:ad:ed:47:
                    c3:0a:76:71:5f:a7:c4:1b:e3:6c:e7:b2:29:70:1d:
                    75:56:86:26:7e:5d:7d:16:93:3d:3b:69:9d:ad:06:
                    dd:01:fc:4f:4a:de:b8:86:ad:67:f2:6a:3d:b4:1c:
                    16:1a:97:c1:4e:ab:61:b6:87:b4:99:1b:cd:f4:ae:
                    77:29:29:65:94:62:36:9e:ae:fd:1f:d9:0d:0a:71:
                    59:b0:d0:bb:99:55:9a:de:15:a8:22:4f:f8:da:68:
                    bc:dd:bc:0a:25:28:04:1e:81:24:47:f2:1f:16:57:
                    20:a4:81:af:d4:c0:c1:f1:b0:6f:a0:69:d9:db:bf:
                    19:73:1f:c1:90:2b:30:e9:8d:64:e9:f8:cc:5d:85:
                    0b:a1:7b:10:82:80:f7:69:23:ba:ea:7e:50:32:41:
                    f2:10:7a:ae:d3:80:4a:c7:62:07:b5:f2:a3:08:16:
                    40:1c:4f:5c:4d:00:1e:e0:42:1a:70:14:86:da:a7:
                    f8:d9:70:73:b2:de:3d:31:01:d1:f4:87:d3:9e:d4:
                    84:27:e3:db:b1:0f:f9:f3:7a:b8:50:ef:f5:68:1c:
                    9a:80:1e:cb:c4:29:23:cd:f4:f2:85:70:4d:0f:55:
                    29:16:81:33:47:cd:29:c3:a5:32:89:e6:cd:d4:01:
                    3a:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:9F:F9:6F:21:8F:5C:21:9B:42:FA:98:8C:F7:A8:F6:E3:34:DB:55
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/dp_5byGPXCGbQvqYjPeo9uM021U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.24.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:8b:cd:e8:a3:0e:38:5c:58:4a:d6:42:e0:9f:ff:ae:e0:1c:
         bc:90:57:b7:e6:02:f5:6c:88:9c:11:86:75:c4:3e:8a:05:ba:
         eb:02:20:fe:fa:bc:33:41:47:a7:45:15:31:3e:83:b7:1f:72:
         3a:be:69:91:0b:f0:1e:d0:1a:74:70:14:21:8a:b3:64:cf:e8:
         05:ab:78:5f:99:f1:68:49:1d:a4:bc:7b:47:6a:75:4f:30:49:
         ee:f0:88:7d:af:c5:2a:40:1a:e2:3f:74:3e:93:0e:55:97:90:
         b0:4f:d6:5c:14:bf:27:b4:80:3f:e4:de:d2:76:da:74:92:17:
         c1:64:fa:fa:6f:96:56:00:89:eb:10:9c:36:02:d7:10:74:0d:
         11:70:e3:ac:7e:f7:2f:0c:07:af:16:d0:3e:71:9b:37:82:96:
         49:30:4e:34:44:11:63:0e:d0:47:56:86:d7:a2:d3:41:0e:d4:
         a8:f6:d8:58:4a:ea:c9:9b:f9:5a:ea:17:68:1f:b9:fd:87:c3:
         bc:36:2f:fb:61:f0:00:47:03:81:dc:89:65:c4:7b:63:dd:ca:
         23:25:64:eb:1b:02:df:72:f3:72:85:26:2c:90:b0:29:81:36:
         28:ef:bc:1a:4c:73:4d:86:f6:72:b0:d3:4b:ef:29:95:d9:a9:
         d0:d5:8b:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf+LZI1FMqwuuOqOACYUDO3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUwNzEyMTAyODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjlmZjk2ZjIxOGY1YzIxOWI0MmZhOTg4Y2Y3YThmNmUzMzRkYjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/GB3QJOd8pegOCt7UfDCnZxX6fE
G+Ns57IpcB11VoYmfl19FpM9O2mdrQbdAfxPSt64hq1n8mo9tBwWGpfBTqthtoe0
mRvN9K53KSlllGI2nq79H9kNCnFZsNC7mVWa3hWoIk/42mi83bwKJSgEHoEkR/If
FlcgpIGv1MDB8bBvoGnZ278Zcx/BkCsw6Y1k6fjMXYULoXsQgoD3aSO66n5QMkHy
EHqu04BKx2IHtfKjCBZAHE9cTQAe4EIacBSG2qf42XBzst49MQHR9IfTntSEJ+Pb
sQ/583q4UO/1aByagB7LxCkjzfTyhXBND1UpFoEzR80pw6UyiebN1AE62QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHaf+W8hj1whm0L6mIz3qPbjNNtVMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvZHBfNWJ5R1BYQ0diUXZxWWpQZW85dU0wMjFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRiWMA0G
CSqGSIb3DQEBCwUAA4IBAQAti83oow44XFhK1kLgn/+u4By8kFe35gL1bIicEYZ1
xD6KBbrrAiD++rwzQUenRRUxPoO3H3I6vmmRC/Ae0Bp0cBQhirNkz+gFq3hfmfFo
SR2kvHtHanVPMEnu8Ih9r8UqQBriP3Q+kw5Vl5CwT9ZcFL8ntIA/5N7Sdtp0khfB
ZPr6b5ZWAInrEJw2AtcQdA0RcOOsfvcvDAevFtA+cZs3gpZJME40RBFjDtBHVobX
otNBDtSo9thYSurJm/la6hdoH7n9h8O8Ni/7YfAARwOB3IllxHtj3cojJWTrGwLf
cvNyhSYskLApgTYo77waTHNNhvZysNNL7ymV2anQ1Yuv
-----END CERTIFICATE-----