Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/bzR5sR7--9CYt4UZgeDQmJcNPbM.roa
File:                     bzR5sR7--9CYt4UZgeDQmJcNPbM.roa (raw, json)
Hash identifier:          PBw9SU/vozscGdpCsqQVl/91nCQFWQTTNC6lvz1MmQw=
Subject key identifier:   6F:34:79:B1:1E:FE:FB:D0:98:B7:85:19:81:E0:D0:98:97:0D:3D:B3
Certificate issuer:       /CN=e58024b729d99f05133ec6d14390c73eb36db99e
Certificate serial:       01981474C1F33207A97875E7556A76AB8A30
Authority key identifier: E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/bzR5sR7--9CYt4UZgeDQmJcNPbM.roa
Signing time:             Wed 16 Jul 2025 18:17:32 +0000
ROA not before:           Wed 16 Jul 2025 18:17:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214382
IP address blocks:        213.146.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 03:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:14:74:c1:f3:32:07:a9:78:75:e7:55:6a:76:ab:8a:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e58024b729d99f05133ec6d14390c73eb36db99e
        Validity
            Not Before: Jul 16 18:17:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f3479b11efefbd098b7851981e0d098970d3db3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:24:aa:3a:1d:dd:2a:e5:31:a3:27:74:0c:9e:
                    7e:5f:26:61:53:4a:6d:16:8d:70:8e:a6:7d:8d:cd:
                    21:46:89:e0:e9:6c:c9:3a:84:53:fc:36:67:9e:27:
                    0b:93:ca:39:db:2a:a8:01:51:42:3e:97:7a:63:47:
                    11:83:72:3b:2b:ad:d7:ca:ff:0c:f7:3f:58:1b:a4:
                    ee:ef:95:2a:a9:06:e3:06:89:c2:8f:11:0f:bb:3c:
                    4a:1c:50:e6:3f:74:fa:ce:bd:4b:63:e4:0b:7e:9e:
                    8e:17:1b:33:6c:fc:d8:8f:08:aa:fc:2f:b2:ad:0e:
                    91:5d:75:f1:95:70:83:df:ad:0c:22:e0:1d:4c:1d:
                    e9:37:33:40:94:a3:54:85:44:aa:f4:2f:f6:bb:10:
                    b4:2a:fe:34:3e:a8:7f:f2:36:b0:36:7d:d5:99:33:
                    88:86:40:b4:a5:66:cc:dd:da:88:c9:32:48:88:50:
                    c1:09:f9:ec:d3:f1:0d:64:68:d7:a1:65:28:1b:87:
                    9b:bf:15:6a:75:28:35:8f:9c:3f:89:ba:aa:d1:8b:
                    b6:10:ed:cf:d1:f2:a9:6d:2f:69:5c:e3:62:b7:a7:
                    7a:50:8a:1d:d7:0a:4d:ce:c7:c1:d6:45:41:c7:6c:
                    ef:b7:41:8f:b9:cb:6d:dc:05:53:39:ea:87:b7:3a:
                    8f:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:34:79:B1:1E:FE:FB:D0:98:B7:85:19:81:E0:D0:98:97:0D:3D:B3
            X509v3 Authority Key Identifier:
                keyid:E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/bzR5sR7--9CYt4UZgeDQmJcNPbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.146.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:f2:c5:a1:60:85:79:bf:60:6b:bf:a2:3b:c5:82:54:8f:a3:
         e5:c9:88:6c:f3:16:0e:59:d8:e8:8d:ab:78:57:52:75:81:7a:
         d9:d3:94:03:52:ff:8e:60:49:8c:a7:10:e9:4f:40:54:b7:e2:
         cb:f5:ea:65:19:a8:e0:25:1b:a1:a3:e3:0f:39:02:10:db:02:
         71:40:c1:28:36:5e:65:4b:43:2c:9f:7e:6f:1c:d0:57:80:de:
         c9:15:d1:66:ef:fb:cc:2b:9b:bd:58:67:c2:a4:33:93:77:ab:
         e3:40:98:46:5d:37:ab:9c:cc:eb:95:2e:96:21:94:11:93:37:
         18:3b:2e:be:6d:fd:30:25:42:da:ef:ec:e2:42:8b:4b:7f:be:
         17:5b:cf:94:fd:88:f5:38:0d:22:91:80:c9:5d:cf:79:dc:0f:
         5f:c3:a5:3a:7f:66:b3:75:fc:96:0f:ee:4c:7a:fe:c8:93:41:
         4d:67:1b:7e:05:05:40:da:91:98:60:cb:47:5f:6c:4d:5f:04:
         6a:f2:12:41:41:22:97:99:9a:bb:47:4e:65:18:2e:8a:41:cc:
         e9:ad:02:84:7d:63:86:f5:0b:19:02:ad:ed:15:2f:3e:53:f9:
         31:a8:d0:77:9e:b9:2f:95:bc:3c:9b:e5:6d:4f:a7:15:bc:63:
         79:8f:8e:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgUdMHzMgepeHXnVWp2q4owMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODAyNGI3MjlkOTlmMDUxMzNlYzZkMTQzOTBjNzNlYjM2
ZGI5OWUwHhcNMjUwNzE2MTgxNzMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjM0NzliMTFlZmVmYmQwOThiNzg1MTk4MWUwZDA5ODk3MGQzZGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSSqOh3dKuUxoyd0DJ5+XyZhU0pt
Fo1wjqZ9jc0hRong6WzJOoRT/DZnnicLk8o52yqoAVFCPpd6Y0cRg3I7K63Xyv8M
9z9YG6Tu75UqqQbjBonCjxEPuzxKHFDmP3T6zr1LY+QLfp6OFxszbPzYjwiq/C+y
rQ6RXXXxlXCD360MIuAdTB3pNzNAlKNUhUSq9C/2uxC0Kv40Pqh/8jawNn3VmTOI
hkC0pWbM3dqIyTJIiFDBCfns0/ENZGjXoWUoG4ebvxVqdSg1j5w/ibqq0Yu2EO3P
0fKpbS9pXONit6d6UIod1wpNzsfB1kVBx2zvt0GPuctt3AVTOeqHtzqP1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG80ebEe/vvQmLeFGYHg0JiXDT2zMB8GA1UdIwQY
MBaAFOWAJLcp2Z8FEz7G0UOQxz6zbbmeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQt
OTU2ZjZiNWM2MTcwLzEvYnpSNXNSNy0tOUNZdDRVWmdlRFFtSmNOUGJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQtOTU2ZjZiNWM2MTcw
LzEvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZKlMA0G
CSqGSIb3DQEBCwUAA4IBAQA28sWhYIV5v2Brv6I7xYJUj6PlyYhs8xYOWdjojat4
V1J1gXrZ05QDUv+OYEmMpxDpT0BUt+LL9eplGajgJRuho+MPOQIQ2wJxQMEoNl5l
S0Msn35vHNBXgN7JFdFm7/vMK5u9WGfCpDOTd6vjQJhGXTernMzrlS6WIZQRkzcY
Oy6+bf0wJULa7+ziQotLf74XW8+U/Yj1OA0ikYDJXc953A9fw6U6f2azdfyWD+5M
ev7Ik0FNZxt+BQVA2pGYYMtHX2xNXwRq8hJBQSKXmZq7R05lGC6KQczprQKEfWOG
9QsZAq3tFS8+U/kxqNB3nrkvlbw8m+VtT6cVvGN5j47y
-----END CERTIFICATE-----