Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/ZDayT6lDLS2GCPR-v8fqvcLoQK4.roa
File:                     ZDayT6lDLS2GCPR-v8fqvcLoQK4.roa (raw, json)
Hash identifier:          +ziQ7srcO8pPuSJWXnBHZoMe2FpncGGdN6aXUGmO+8s=
Subject key identifier:   64:36:B2:4F:A9:43:2D:2D:86:08:F4:7E:BF:C7:EA:BD:C2:E8:40:AE
Certificate issuer:       /CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
Certificate serial:       0197FEAF95190547CA5B261E2091AC63DA66
Authority key identifier: A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/ZDayT6lDLS2GCPR-v8fqvcLoQK4.roa
Signing time:             Sat 12 Jul 2025 12:50:09 +0000
ROA not before:           Sat 12 Jul 2025 12:50:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216383
IP address blocks:        87.248.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:fe:af:95:19:05:47:ca:5b:26:1e:20:91:ac:63:da:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
        Validity
            Not Before: Jul 12 12:50:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6436b24fa9432d2d8608f47ebfc7eabdc2e840ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:34:6d:29:14:38:5a:4f:ce:01:b7:83:c5:a6:
                    cd:0b:52:11:75:7f:40:2d:91:21:88:20:e3:82:b3:
                    65:9f:2e:d2:b3:73:ce:36:e7:a5:57:51:86:e4:c2:
                    19:b2:45:a6:6c:ec:a9:1d:36:42:21:56:22:1f:66:
                    a0:06:08:ea:eb:c2:17:17:d6:29:9c:00:e4:ff:c3:
                    7c:0c:81:8b:fc:e0:a7:9e:4d:f2:ab:6f:59:8c:3e:
                    65:72:d5:0c:1f:fa:55:32:5a:c6:65:08:72:18:f2:
                    4c:47:b1:66:03:f9:cb:6f:7d:ed:ec:82:76:fa:f1:
                    d5:08:12:21:c3:11:5a:ae:32:d3:ab:0f:2d:93:2c:
                    4e:21:f0:73:2a:35:cb:17:03:26:31:13:cd:c0:99:
                    09:b6:b4:56:95:f6:c9:a1:02:2c:50:84:7a:da:ba:
                    1e:f7:73:90:99:9a:73:8b:31:78:47:1c:36:f1:2e:
                    b9:f1:6d:f0:ac:60:9b:c7:f7:27:16:57:36:df:22:
                    e7:19:e3:c8:61:ce:df:03:92:21:65:2d:c3:71:29:
                    ed:08:c0:8f:c6:fa:5a:79:af:5a:ee:59:8b:cd:05:
                    ad:ca:ae:83:91:df:b4:a0:09:b6:6f:8b:de:ff:c4:
                    97:d0:a5:fe:90:b6:65:c4:eb:09:63:d1:52:dc:77:
                    96:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:36:B2:4F:A9:43:2D:2D:86:08:F4:7E:BF:C7:EA:BD:C2:E8:40:AE
            X509v3 Authority Key Identifier:
                keyid:A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/ZDayT6lDLS2GCPR-v8fqvcLoQK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:c3:0a:93:50:53:50:ff:f6:5f:14:5e:4b:b9:a8:f2:11:ec:
         28:84:7a:ad:2e:41:65:0a:03:1c:c7:4f:26:c0:12:d7:5e:41:
         e2:25:b6:6d:21:ff:2b:d3:de:4d:b0:73:3a:b0:a6:fc:27:9a:
         62:e8:36:c9:90:f6:6d:2a:6c:cc:18:49:af:2f:67:41:25:37:
         07:a0:81:94:ae:f8:88:d0:80:cd:07:5f:22:30:d3:64:1d:2f:
         38:8a:bd:bd:f6:b9:42:e9:c3:8c:ee:12:aa:2f:82:3b:fa:95:
         fc:a7:84:fd:ce:41:4f:98:b4:2a:c0:07:58:4e:e4:f1:96:42:
         b0:52:47:ac:35:4e:e6:4a:8e:c4:d6:76:68:12:20:24:6a:3e:
         06:35:2c:88:b5:54:a5:b4:db:20:43:c0:43:44:be:9f:a5:c6:
         2b:94:4f:43:67:fc:fc:dc:61:f8:60:3c:14:bb:43:e2:dc:af:
         a6:1f:1e:b6:f2:79:0d:45:c5:b9:e4:fd:91:3a:ac:c9:9d:0e:
         82:38:35:0f:fa:63:41:20:f4:f5:9f:e6:18:31:ad:94:b3:bf:
         7b:99:fc:be:81:cd:13:b7:68:34:54:0d:24:f4:dd:d7:04:4d:
         30:fb:92:55:2d:b5:d8:c9:b4:cf:95:28:f4:5b:6b:dc:88:57:
         31:d2:cb:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf+r5UZBUfKWyYeIJGsY9pmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MGNlZTc1ODJlOTc1OWJlMDE2YzkzMWFiMzRkOTI4NWQy
ZmM4YjQwHhcNMjUwNzEyMTI1MDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDM2YjI0ZmE5NDMyZDJkODYwOGY0N2ViZmM3ZWFiZGMyZTg0MGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTRtKRQ4Wk/OAbeDxabNC1IRdX9A
LZEhiCDjgrNlny7Ss3PONuelV1GG5MIZskWmbOypHTZCIVYiH2agBgjq68IXF9Yp
nADk/8N8DIGL/OCnnk3yq29ZjD5lctUMH/pVMlrGZQhyGPJMR7FmA/nLb33t7IJ2
+vHVCBIhwxFarjLTqw8tkyxOIfBzKjXLFwMmMRPNwJkJtrRWlfbJoQIsUIR62roe
93OQmZpzizF4Rxw28S658W3wrGCbx/cnFlc23yLnGePIYc7fA5IhZS3DcSntCMCP
xvpaea9a7lmLzQWtyq6Dkd+0oAm2b4ve/8SX0KX+kLZlxOsJY9FS3HeWSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQ2sk+pQy0thgj0fr/H6r3C6ECuMB8GA1UdIwQY
MBaAFKYM7nWC6XWb4BbJMas02ShdL8i0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTct
ZDNiMzhjZTlkYzM0LzEvWkRheVQ2bERMUzJHQ1BSLXY4ZnF2Y0xvUUs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTctZDNiMzhjZTlkYzM0
LzEvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/iBMA0G
CSqGSIb3DQEBCwUAA4IBAQAvwwqTUFNQ//ZfFF5LuajyEewohHqtLkFlCgMcx08m
wBLXXkHiJbZtIf8r095NsHM6sKb8J5pi6DbJkPZtKmzMGEmvL2dBJTcHoIGUrviI
0IDNB18iMNNkHS84ir299rlC6cOM7hKqL4I7+pX8p4T9zkFPmLQqwAdYTuTxlkKw
UkesNU7mSo7E1nZoEiAkaj4GNSyItVSltNsgQ8BDRL6fpcYrlE9DZ/z83GH4YDwU
u0Pi3K+mHx628nkNRcW55P2ROqzJnQ6CODUP+mNBIPT1n+YYMa2Us797mfy+gc0T
t2g0VA0k9N3XBE0w+5JVLbXYybTPlSj0W2vciFcx0stE
-----END CERTIFICATE-----