Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/eXDm_6OYuMWWyuj46gTZdWhVSIw.roa
File:                     eXDm_6OYuMWWyuj46gTZdWhVSIw.roa (raw, json)
Hash identifier:          TQYZhuWpF5eSI4bhd3lqjncDgdol94wNQrxqLCPyHc4=
Subject key identifier:   79:70:E6:FF:A3:98:B8:C5:96:CA:E8:F8:EA:04:D9:75:68:55:48:8C
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       0198315F9AC7B5232CA8FA503C2E108E5BED
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/eXDm_6OYuMWWyuj46gTZdWhVSIw.roa
Signing time:             Tue 22 Jul 2025 09:03:25 +0000
ROA not before:           Tue 22 Jul 2025 09:03:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210369
IP address blocks:        213.21.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 12:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:31:5f:9a:c7:b5:23:2c:a8:fa:50:3c:2e:10:8e:5b:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Jul 22 09:03:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7970e6ffa398b8c596cae8f8ea04d9756855488c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:76:97:79:f6:be:0f:59:01:4a:1c:eb:b6:46:
                    5f:6c:99:7e:cd:1b:72:ee:8d:1b:e1:63:c8:03:3f:
                    e0:5e:78:24:12:0c:56:24:af:db:8c:4e:08:6b:06:
                    5b:f7:98:87:9a:93:77:98:7a:4b:2e:4e:3b:b3:18:
                    1c:c5:46:66:5a:af:24:40:64:b9:c0:af:10:fe:bb:
                    41:04:04:f4:c0:de:84:2a:d0:0e:80:97:e2:02:d0:
                    94:3b:5c:2b:62:ce:5a:76:37:4b:b2:ad:85:de:ea:
                    21:97:e4:19:d7:3d:af:7f:32:83:90:db:52:9f:c3:
                    19:10:4f:cd:9e:24:24:9f:13:63:95:dd:f6:00:2e:
                    06:fa:98:aa:1e:8a:78:66:33:80:59:45:a6:cd:ad:
                    0a:33:0b:aa:77:45:9a:22:e8:bc:60:dc:8c:a3:43:
                    ca:aa:3f:bc:d7:b3:e3:9b:15:43:93:6d:bb:57:09:
                    07:2a:63:f6:96:3b:0b:ea:58:a2:32:ed:f0:0c:a4:
                    d7:ea:b8:d1:ca:39:5b:42:e6:a7:02:eb:d8:d7:3b:
                    b7:9b:2a:73:50:4a:56:5e:ca:40:05:7e:cf:57:4c:
                    5d:b8:0b:d9:65:e7:27:e4:d4:28:3a:93:e7:f2:fe:
                    11:4e:b8:c1:61:03:1d:a3:d5:80:40:5e:a1:ef:db:
                    2a:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:70:E6:FF:A3:98:B8:C5:96:CA:E8:F8:EA:04:D9:75:68:55:48:8C
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/eXDm_6OYuMWWyuj46gTZdWhVSIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.21.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:51:31:00:f3:cf:43:d9:12:35:fb:16:8e:8e:23:2c:a4:79:
         2a:bc:f7:9d:f0:c1:2a:c5:cd:7e:f8:1f:86:9a:2c:29:d2:b3:
         95:47:92:47:c1:be:37:22:76:cc:f6:32:4d:68:c0:f9:af:3f:
         6a:53:2d:ab:e7:09:10:1c:fb:bb:12:db:da:cc:78:37:ca:bb:
         05:a4:8f:77:8d:01:be:d1:88:3b:75:7d:3f:91:8e:a6:bb:2e:
         75:f1:ac:e4:fd:82:a9:7b:97:89:8c:16:0d:a6:a0:e6:2d:88:
         5f:45:4b:92:d4:56:27:b6:0c:95:81:6e:28:23:6f:cc:88:22:
         42:26:07:ad:6a:93:a0:d8:df:6a:83:59:66:60:db:87:31:49:
         ba:bf:b5:a5:d7:0f:41:e5:46:f2:43:b4:a6:3f:b8:34:77:db:
         85:fc:e3:99:b6:73:c8:3c:9c:a3:1a:3c:66:a4:b7:31:95:37:
         ea:bd:f1:b0:a3:2b:cf:68:76:82:31:5f:74:f8:b5:c2:83:e7:
         8d:a3:28:94:a0:2a:88:6b:39:3b:9b:82:51:5a:a0:93:c4:28:
         d0:4a:68:07:fa:12:78:75:31:30:de:2a:de:4e:ba:ec:15:a0:
         0f:dc:5c:ad:83:46:8f:9d:01:33:85:c1:88:c9:1b:0f:21:b8:
         b6:ce:c7:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgxX5rHtSMsqPpQPC4QjlvtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjUwNzIyMDkwMzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTcwZTZmZmEzOThiOGM1OTZjYWU4ZjhlYTA0ZDk3NTY4NTU0ODhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHaXefa+D1kBShzrtkZfbJl+zRty
7o0b4WPIAz/gXngkEgxWJK/bjE4IawZb95iHmpN3mHpLLk47sxgcxUZmWq8kQGS5
wK8Q/rtBBAT0wN6EKtAOgJfiAtCUO1wrYs5adjdLsq2F3uohl+QZ1z2vfzKDkNtS
n8MZEE/NniQknxNjld32AC4G+piqHop4ZjOAWUWmza0KMwuqd0WaIui8YNyMo0PK
qj+817PjmxVDk227VwkHKmP2ljsL6liiMu3wDKTX6rjRyjlbQuanAuvY1zu3mypz
UEpWXspABX7PV0xduAvZZecn5NQoOpPn8v4RTrjBYQMdo9WAQF6h79sqTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHlw5v+jmLjFlsro+OoE2XVoVUiMMB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvZVhEbV82T1l1TVdXeXVqNDZnVFpkV2hWU0l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1RX1MA0G
CSqGSIb3DQEBCwUAA4IBAQBaUTEA889D2RI1+xaOjiMspHkqvPed8MEqxc1++B+G
miwp0rOVR5JHwb43InbM9jJNaMD5rz9qUy2r5wkQHPu7EtvazHg3yrsFpI93jQG+
0Yg7dX0/kY6muy518azk/YKpe5eJjBYNpqDmLYhfRUuS1FYntgyVgW4oI2/MiCJC
JgetapOg2N9qg1lmYNuHMUm6v7Wl1w9B5UbyQ7SmP7g0d9uF/OOZtnPIPJyjGjxm
pLcxlTfqvfGwoyvPaHaCMV90+LXCg+eNoyiUoCqIazk7m4JRWqCTxCjQSmgH+hJ4
dTEw3ireTrrsFaAP3Fytg0aPnQEzhcGIyRsPIbi2zsfd
-----END CERTIFICATE-----