Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/1-CES3FR9UbzoTEzUN5ZiiMYeBq8.roa
File:                     1-CES3FR9UbzoTEzUN5ZiiMYeBq8.roa (raw, json)
Hash identifier:          Mx7tnLRZogKgAVJUpQmT5FDn0ojfnBYxv7dXF6PkiKk=
Subject key identifier:   F8:21:12:DC:54:7D:51:BC:E8:4C:4C:D4:37:96:62:88:C6:1E:06:AF
Certificate issuer:       /CN=bd252a75c961ad338fd91147d461dd8b3d20cf51
Certificate serial:       019816FDC296CAD87627CFA5C361D6AE20AC
Authority key identifier: BD:25:2A:75:C9:61:AD:33:8F:D9:11:47:D4:61:DD:8B:3D:20:CF:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vSUqdclhrTOP2RFH1GHdiz0gz1E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/1-CES3FR9UbzoTEzUN5ZiiMYeBq8.roa
Signing time:             Thu 17 Jul 2025 06:06:25 +0000
ROA not before:           Thu 17 Jul 2025 06:06:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        5.182.153.0/24 maxlen: 24
                          2a0e:901:d001::/48 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/vSUqdclhrTOP2RFH1GHdiz0gz1E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/vSUqdclhrTOP2RFH1GHdiz0gz1E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vSUqdclhrTOP2RFH1GHdiz0gz1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:16:fd:c2:96:ca:d8:76:27:cf:a5:c3:61:d6:ae:20:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd252a75c961ad338fd91147d461dd8b3d20cf51
        Validity
            Not Before: Jul 17 06:06:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f82112dc547d51bce84c4cd437966288c61e06af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:58:15:29:02:bc:37:54:01:06:e0:4e:dd:77:
                    b0:96:7f:54:95:99:3c:84:b7:12:da:03:60:04:c8:
                    7e:af:9e:58:df:d2:20:7b:e4:25:4b:4b:8f:36:6b:
                    9e:b7:da:cd:7e:24:ac:5a:f3:d1:fc:0b:d2:cd:ff:
                    e9:9f:f5:70:a1:0b:c9:b7:80:5f:20:b3:b2:96:4e:
                    9a:65:0d:e7:de:d7:71:27:ca:04:69:7c:aa:8a:eb:
                    ed:5c:90:18:6d:4a:ac:fd:f4:c8:c2:dc:b9:8a:9a:
                    2d:1b:2e:34:2e:a6:ef:46:5e:92:11:ef:63:15:01:
                    64:af:c1:a6:a7:3e:01:42:ce:49:63:a4:53:a1:15:
                    ac:84:69:8b:3b:a5:a8:20:7c:be:23:cc:1a:e3:b6:
                    3a:7b:0d:e2:f9:75:17:5f:ff:1d:e9:8e:18:40:31:
                    01:fa:0b:2f:86:1d:bf:23:be:75:aa:3b:c2:3c:bb:
                    f9:69:6f:5e:62:25:5b:79:42:49:ab:0b:79:0b:8e:
                    63:36:d7:ca:74:91:b9:5c:ed:87:8a:20:6b:90:b2:
                    27:b0:7c:e2:6f:8f:5a:94:93:2b:fb:67:d2:60:f2:
                    18:3c:67:32:6d:c6:3a:3c:be:fa:ef:d7:96:9d:d5:
                    23:32:b1:29:a4:61:38:a5:68:8a:81:93:3d:3e:94:
                    ba:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:21:12:DC:54:7D:51:BC:E8:4C:4C:D4:37:96:62:88:C6:1E:06:AF
            X509v3 Authority Key Identifier:
                keyid:BD:25:2A:75:C9:61:AD:33:8F:D9:11:47:D4:61:DD:8B:3D:20:CF:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vSUqdclhrTOP2RFH1GHdiz0gz1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/1-CES3FR9UbzoTEzUN5ZiiMYeBq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/vSUqdclhrTOP2RFH1GHdiz0gz1E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.153.0/24
                IPv6:
                  2a0e:901:d001::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:74:03:ac:4d:a2:bb:ed:5c:b6:13:0c:39:56:66:9a:ae:1c:
         58:47:a6:46:59:11:e2:8d:51:1e:17:41:7a:20:3b:8c:b0:65:
         28:2b:64:53:8b:9a:fb:df:8f:27:95:cb:20:d8:d0:fb:b6:2b:
         ae:ab:50:22:c9:fc:dd:36:97:42:41:0a:b0:92:ac:b9:10:9d:
         75:55:c9:f3:19:73:e4:ed:2a:9a:92:3e:ca:ea:98:d4:23:f1:
         91:a5:35:bb:4f:8a:cb:39:71:77:a7:ff:7b:c7:4b:f5:46:fe:
         0c:c9:cc:2d:eb:9c:9f:2c:b0:0c:92:76:1b:b9:d7:1d:06:ed:
         a1:02:4e:68:09:ae:8f:4a:3d:51:55:d5:95:92:3b:fe:46:11:
         77:9e:4e:2f:0e:91:fa:16:0a:43:80:19:38:8b:ea:3e:6d:3b:
         a7:26:70:53:20:40:c5:4e:b3:84:cf:73:c0:8b:01:4e:3a:ea:
         4f:c4:83:47:52:fe:cd:1b:a2:20:c7:ac:aa:c0:6a:f5:dc:26:
         f6:cb:08:4d:ed:49:b8:bf:b8:99:90:0f:b3:b1:9a:2b:c9:88:
         5e:c5:5d:69:32:14:1b:ad:c4:0f:66:42:e2:00:1a:84:a6:a9:
         db:81:69:11:19:55:91:2f:31:9c:a8:3a:41:4b:ad:33:ec:0c:
         aa:e6:9f:04
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZgW/cKWyth2J8+lw2HWriCsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMjUyYTc1Yzk2MWFkMzM4ZmQ5MTE0N2Q0NjFkZDhiM2Qy
MGNmNTEwHhcNMjUwNzE3MDYwNjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODIxMTJkYzU0N2Q1MWJjZTg0YzRjZDQzNzk2NjI4OGM2MWUwNmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlgVKQK8N1QBBuBO3Xewln9UlZk8
hLcS2gNgBMh+r55Y39Ige+QlS0uPNmuet9rNfiSsWvPR/AvSzf/pn/VwoQvJt4Bf
ILOylk6aZQ3n3tdxJ8oEaXyqiuvtXJAYbUqs/fTIwty5ipotGy40LqbvRl6SEe9j
FQFkr8Gmpz4BQs5JY6RToRWshGmLO6WoIHy+I8wa47Y6ew3i+XUXX/8d6Y4YQDEB
+gsvhh2/I751qjvCPLv5aW9eYiVbeUJJqwt5C45jNtfKdJG5XO2HiiBrkLInsHzi
b49alJMr+2fSYPIYPGcybcY6PL7679eWndUjMrEppGE4pWiKgZM9PpS69wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPghEtxUfVG86ExM1DeWYojGHgavMB8GA1UdIwQY
MBaAFL0lKnXJYa0zj9kRR9Rh3Ys9IM9RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlNVcWRjbGhyVE9QMlJGSDFHSGRpejBnejFFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9kMWM3MGUtMjI2YS00NzgxLWI2NjIt
NzQxYWI5Mjk5N2QwLzEvMS1DRVMzRlI5VWJ6b1RFelVONVppaU1ZZUJxOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODEvZDFjNzBlLTIyNmEtNDc4MS1iNjYyLTc0MWFiOTI5OTdk
MC8xL3ZTVXFkY2xoclRPUDJSRkgxR0hkaXowZ3oxRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEAAW2mTAP
BAIAAjAJAwcAKg4JAdABMA0GCSqGSIb3DQEBCwUAA4IBAQAcdAOsTaK77Vy2Eww5
VmaarhxYR6ZGWRHijVEeF0F6IDuMsGUoK2RTi5r7348nlcsg2ND7tiuuq1Aiyfzd
NpdCQQqwkqy5EJ11VcnzGXPk7Sqakj7K6pjUI/GRpTW7T4rLOXF3p/97x0v1Rv4M
ycwt65yfLLAMknYbudcdBu2hAk5oCa6PSj1RVdWVkjv+RhF3nk4vDpH6FgpDgBk4
i+o+bTunJnBTIEDFTrOEz3PAiwFOOupPxINHUv7NG6Igx6yqwGr13Cb2ywhN7Um4
v7iZkA+zsZoryYhexV1pMhQbrcQPZkLiABqEpqnbgWkRGVWRLzGcqDpBS60z7Ayq
5p8E
-----END CERTIFICATE-----