Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/0a567c-af6b-461a-a7a0-dcfbc28f4731/1/crXLrPic8k9vyE5SxEPR-_3DVks.roa
File:                     crXLrPic8k9vyE5SxEPR-_3DVks.roa (raw, json)
Hash identifier:          isyyv0lSga2YsVBxt0riFZT/vQhsYIIC7MEzRQbYvEg=
Subject key identifier:   72:B5:CB:AC:F8:9C:F2:4F:6F:C8:4E:52:C4:43:D1:FB:FD:C3:56:4B
Certificate issuer:       /CN=e4a54e42b6b788d8e48b488442dd918b2485ac35
Certificate serial:       0197C4BBF84248FF6DF11016569E533E49E6
Authority key identifier: E4:A5:4E:42:B6:B7:88:D8:E4:8B:48:84:42:DD:91:8B:24:85:AC:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5KVOQra3iNjki0iEQt2RiySFrDU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/0a567c-af6b-461a-a7a0-dcfbc28f4731/1/crXLrPic8k9vyE5SxEPR-_3DVks.roa
Signing time:             Tue 01 Jul 2025 06:45:42 +0000
ROA not before:           Tue 01 Jul 2025 06:45:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        194.113.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/0a567c-af6b-461a-a7a0-dcfbc28f4731/1/5KVOQra3iNjki0iEQt2RiySFrDU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/0a567c-af6b-461a-a7a0-dcfbc28f4731/1/5KVOQra3iNjki0iEQt2RiySFrDU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5KVOQra3iNjki0iEQt2RiySFrDU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 00:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c4:bb:f8:42:48:ff:6d:f1:10:16:56:9e:53:3e:49:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4a54e42b6b788d8e48b488442dd918b2485ac35
        Validity
            Not Before: Jul  1 06:45:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72b5cbacf89cf24f6fc84e52c443d1fbfdc3564b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:bb:70:11:b8:14:41:b9:5e:a7:d0:a4:c3:83:
                    bd:cc:e2:98:0a:0e:2a:78:88:bb:74:4c:76:57:4e:
                    80:c1:27:7b:68:a3:1b:2f:f6:71:e5:38:f8:2e:e4:
                    be:e1:c1:a1:b9:e4:3c:d5:7f:fa:00:0f:27:f0:03:
                    4a:26:05:ef:d1:a1:e2:45:84:10:ed:e1:28:91:e3:
                    d6:c4:5e:68:bc:5b:02:97:7f:2e:a2:b3:fb:09:f1:
                    4b:c2:c4:f3:ca:c1:9d:a7:76:84:dd:82:d6:3c:b2:
                    25:fb:92:9a:ea:e8:cf:e4:42:bc:72:da:5b:9a:db:
                    f3:4c:e6:87:41:2f:1e:38:95:ca:ce:bb:25:ee:73:
                    94:a0:a8:a5:8b:c3:55:bf:7e:1a:de:fb:af:2e:93:
                    61:29:f0:20:0f:22:2f:c1:7d:6d:8b:5c:6b:94:f0:
                    b0:60:66:94:55:43:ce:80:b7:b3:71:ea:8a:12:91:
                    b6:be:e7:35:5c:a2:57:5d:41:8c:94:79:ae:90:fd:
                    a7:21:0a:f7:5e:76:ce:25:c6:d1:d5:fd:f2:64:fb:
                    60:01:54:31:1f:56:78:b8:30:95:85:d8:fa:36:a1:
                    af:08:aa:2c:dc:4f:f9:79:6c:96:21:d5:19:8f:14:
                    68:93:92:30:13:b2:d8:ad:a3:9e:86:ec:40:f7:d5:
                    be:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:B5:CB:AC:F8:9C:F2:4F:6F:C8:4E:52:C4:43:D1:FB:FD:C3:56:4B
            X509v3 Authority Key Identifier:
                keyid:E4:A5:4E:42:B6:B7:88:D8:E4:8B:48:84:42:DD:91:8B:24:85:AC:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5KVOQra3iNjki0iEQt2RiySFrDU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/0a567c-af6b-461a-a7a0-dcfbc28f4731/1/crXLrPic8k9vyE5SxEPR-_3DVks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/0a567c-af6b-461a-a7a0-dcfbc28f4731/1/5KVOQra3iNjki0iEQt2RiySFrDU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:08:74:8c:26:14:cd:7f:f9:4d:96:3c:d4:39:ba:27:a4:1c:
         40:b7:f6:da:e3:14:ea:19:08:19:96:1d:d4:8c:3a:f8:c4:eb:
         53:d2:95:f3:68:45:48:7b:cc:c5:8f:49:b2:d0:b3:2f:39:ae:
         f2:3f:f8:e0:10:5d:c7:84:3f:38:8c:44:b7:52:cd:8e:b1:d1:
         60:cb:c6:bf:d0:8d:aa:94:30:ee:2d:ef:83:7d:0d:7e:1e:55:
         da:4b:9f:b7:f5:05:74:55:01:a7:63:96:1b:c2:3d:3c:c6:25:
         93:ec:a2:f7:c6:fa:35:93:5c:aa:90:7c:a6:07:cc:45:c2:ce:
         d0:ff:19:b0:79:f7:cc:9f:36:db:4a:61:ae:e3:2a:ac:40:71:
         df:12:bf:88:4a:ba:f1:ab:59:ef:5d:42:71:27:7c:5e:56:e8:
         ed:9c:b5:5d:be:bd:5c:20:83:ab:0f:87:f8:44:7f:6a:03:9a:
         ac:7f:95:3d:5f:8d:86:3d:b3:51:2a:43:10:0d:26:4a:1c:eb:
         1a:7e:21:fd:63:6e:ac:43:0b:66:1d:40:bf:4d:a0:7c:7e:53:
         4a:2b:44:94:bd:13:c7:1a:c8:6f:85:22:d3:ea:ff:ce:fe:64:
         5d:2f:c8:dd:a0:59:33:d8:be:a3:bf:ff:79:29:5b:0a:77:25:
         bf:91:2a:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfEu/hCSP9t8RAWVp5TPknmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YTU0ZTQyYjZiNzg4ZDhlNDhiNDg4NDQyZGQ5MThiMjQ4
NWFjMzUwHhcNMjUwNzAxMDY0NTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmI1Y2JhY2Y4OWNmMjRmNmZjODRlNTJjNDQzZDFmYmZkYzM1NjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbtwEbgUQblep9Ckw4O9zOKYCg4q
eIi7dEx2V06AwSd7aKMbL/Zx5Tj4LuS+4cGhueQ81X/6AA8n8ANKJgXv0aHiRYQQ
7eEokePWxF5ovFsCl38uorP7CfFLwsTzysGdp3aE3YLWPLIl+5Ka6ujP5EK8ctpb
mtvzTOaHQS8eOJXKzrsl7nOUoKili8NVv34a3vuvLpNhKfAgDyIvwX1ti1xrlPCw
YGaUVUPOgLezceqKEpG2vuc1XKJXXUGMlHmukP2nIQr3XnbOJcbR1f3yZPtgAVQx
H1Z4uDCVhdj6NqGvCKos3E/5eWyWIdUZjxRok5IwE7LYraOehuxA99W+pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHK1y6z4nPJPb8hOUsRD0fv9w1ZLMB8GA1UdIwQY
MBaAFOSlTkK2t4jY5ItIhELdkYskhaw1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUtWT1FyYTNpTmpraTBpRVF0MlJpeVNGckRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8wYTU2N2MtYWY2Yi00NjFhLWE3YTAt
ZGNmYmMyOGY0NzMxLzEvY3JYTHJQaWM4azl2eUU1U3hFUFItXzNEVmtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8wYTU2N2MtYWY2Yi00NjFhLWE3YTAtZGNmYmMyOGY0NzMx
LzEvNUtWT1FyYTNpTmpraTBpRVF0MlJpeVNGckRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnHmMA0G
CSqGSIb3DQEBCwUAA4IBAQCeCHSMJhTNf/lNljzUObonpBxAt/ba4xTqGQgZlh3U
jDr4xOtT0pXzaEVIe8zFj0my0LMvOa7yP/jgEF3HhD84jES3Us2OsdFgy8a/0I2q
lDDuLe+DfQ1+HlXaS5+39QV0VQGnY5Ybwj08xiWT7KL3xvo1k1yqkHymB8xFws7Q
/xmweffMnzbbSmGu4yqsQHHfEr+ISrrxq1nvXUJxJ3xeVujtnLVdvr1cIIOrD4f4
RH9qA5qsf5U9X42GPbNRKkMQDSZKHOsafiH9Y26sQwtmHUC/TaB8flNKK0SUvRPH
GshvhSLT6v/O/mRdL8jdoFkz2L6jv/95KVsKdyW/kSoM
-----END CERTIFICATE-----