Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/rXg2JiPJpfAU79JRlEbsnp3pLc8.roa
File:                     rXg2JiPJpfAU79JRlEbsnp3pLc8.roa (raw, json)
Hash identifier:          MQVzfSubZdxq5yFhe68zUL+Rr+rpOcHAqeIz000zyLw=
Subject key identifier:   AD:78:36:26:23:C9:A5:F0:14:EF:D2:51:94:46:EC:9E:9D:E9:2D:CF
Certificate issuer:       /CN=e58024b729d99f05133ec6d14390c73eb36db99e
Certificate serial:       0197C11C8A6166E13E3C1F446AD77601B723
Authority key identifier: E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/rXg2JiPJpfAU79JRlEbsnp3pLc8.roa
Signing time:             Mon 30 Jun 2025 13:52:42 +0000
ROA not before:           Mon 30 Jun 2025 13:52:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215596
IP address blocks:        82.129.10.0/23 maxlen: 23
                          82.129.36.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 03:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c1:1c:8a:61:66:e1:3e:3c:1f:44:6a:d7:76:01:b7:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e58024b729d99f05133ec6d14390c73eb36db99e
        Validity
            Not Before: Jun 30 13:52:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad78362623c9a5f014efd2519446ec9e9de92dcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:de:a5:8b:dc:cd:1c:0c:aa:6d:c8:d4:06:5a:
                    01:45:4c:ff:49:0d:df:26:ff:b1:a3:36:d8:1d:a9:
                    b9:b0:c9:a0:d6:75:69:2d:e6:6c:e4:31:c3:d6:c0:
                    5d:0a:99:de:a2:ca:5f:9b:a8:64:cf:14:f3:ed:23:
                    3c:37:68:07:86:c7:6b:b8:f7:15:46:bd:d2:87:d1:
                    fa:20:e9:5b:81:d5:86:05:46:f2:36:d7:df:46:7f:
                    3e:3f:06:44:44:b4:62:db:a5:17:62:5b:be:69:e3:
                    8b:dc:80:89:6b:a6:1a:88:72:69:f8:0c:77:8e:66:
                    0d:b8:7c:a6:2f:39:4e:5f:f0:b9:50:e6:36:ab:07:
                    2d:38:6f:15:e1:c6:0d:56:9f:f2:7a:6a:64:64:e9:
                    e0:c3:1f:02:87:b2:91:97:85:dd:a3:38:10:44:d2:
                    67:08:34:93:8d:fe:7b:ec:9e:d3:e9:17:26:93:9d:
                    18:c8:12:4d:8d:87:9b:de:5f:3b:f7:6f:f1:75:d8:
                    84:1a:d4:49:96:70:04:08:3a:94:72:ee:a7:3e:91:
                    eb:d6:64:d1:62:a4:aa:d0:90:85:4e:6b:5e:12:b5:
                    8f:83:a5:2a:f9:3a:48:e8:40:06:0a:6a:c8:b2:e8:
                    d7:87:74:2b:fb:4a:56:eb:3d:b3:06:d4:71:7f:ab:
                    b0:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:78:36:26:23:C9:A5:F0:14:EF:D2:51:94:46:EC:9E:9D:E9:2D:CF
            X509v3 Authority Key Identifier:
                keyid:E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/rXg2JiPJpfAU79JRlEbsnp3pLc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.129.10.0/23
                  82.129.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:bb:d2:dc:59:ef:ba:9a:cf:2d:22:fb:53:f6:6e:5e:75:40:
         e4:24:08:75:43:36:02:ce:4a:66:3d:4d:37:3e:92:5e:16:b2:
         90:6e:9e:17:d2:3a:2e:ea:d4:29:0f:75:62:7d:63:39:01:06:
         3a:01:4e:a5:e5:5d:35:3c:35:fb:33:2d:05:b1:be:8e:de:16:
         c8:bc:12:8c:a5:27:3b:fe:0c:60:9e:cc:b9:38:dc:43:09:69:
         44:a7:4f:05:89:3b:17:64:85:97:98:45:14:c7:b0:64:eb:c8:
         88:9f:12:34:15:19:94:15:d2:43:a9:7c:38:1e:d2:d2:1c:a5:
         c4:cf:a5:ae:3a:38:34:ff:bf:fb:9d:05:93:c5:99:fc:c6:fc:
         7c:97:c3:f7:29:d6:a6:8c:6d:0d:70:9f:ec:59:5a:4c:08:42:
         9a:51:f6:73:b7:d0:2d:37:6a:cc:b1:30:28:55:1a:c8:0a:a6:
         f6:7c:41:f4:a8:48:ad:89:6c:c3:f6:ba:09:74:47:4a:18:b9:
         fb:68:71:9a:e7:3b:60:11:49:78:e6:69:aa:d3:76:f0:aa:87:
         c4:66:ec:7e:d1:81:0d:ea:2d:b0:a4:e5:8e:35:7d:77:e4:26:
         f1:39:10:16:e0:f4:1f:88:9d:c7:69:f8:41:cd:c4:86:ae:82:
         14:8c:1e:3d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfBHIphZuE+PB9Eatd2AbcjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODAyNGI3MjlkOTlmMDUxMzNlYzZkMTQzOTBjNzNlYjM2
ZGI5OWUwHhcNMjUwNjMwMTM1MjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDc4MzYyNjIzYzlhNWYwMTRlZmQyNTE5NDQ2ZWM5ZTlkZTkyZGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1d6li9zNHAyqbcjUBloBRUz/SQ3f
Jv+xozbYHam5sMmg1nVpLeZs5DHD1sBdCpneospfm6hkzxTz7SM8N2gHhsdruPcV
Rr3Sh9H6IOlbgdWGBUbyNtffRn8+PwZERLRi26UXYlu+aeOL3ICJa6YaiHJp+Ax3
jmYNuHymLzlOX/C5UOY2qwctOG8V4cYNVp/yempkZOngwx8Ch7KRl4XdozgQRNJn
CDSTjf577J7T6Rcmk50YyBJNjYeb3l8792/xddiEGtRJlnAECDqUcu6nPpHr1mTR
YqSq0JCFTmteErWPg6Uq+TpI6EAGCmrIsujXh3Qr+0pW6z2zBtRxf6uwIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK14NiYjyaXwFO/SUZRG7J6d6S3PMB8GA1UdIwQY
MBaAFOWAJLcp2Z8FEz7G0UOQxz6zbbmeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQt
OTU2ZjZiNWM2MTcwLzEvclhnMkppUEpwZkFVNzlKUmxFYnNucDNwTGM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQtOTU2ZjZiNWM2MTcw
LzEvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUoEKAwQB
UoEkMA0GCSqGSIb3DQEBCwUAA4IBAQAfu9LcWe+6ms8tIvtT9m5edUDkJAh1QzYC
zkpmPU03PpJeFrKQbp4X0jou6tQpD3VifWM5AQY6AU6l5V01PDX7My0Fsb6O3hbI
vBKMpSc7/gxgnsy5ONxDCWlEp08FiTsXZIWXmEUUx7Bk68iInxI0FRmUFdJDqXw4
HtLSHKXEz6WuOjg0/7/7nQWTxZn8xvx8l8P3KdamjG0NcJ/sWVpMCEKaUfZzt9At
N2rMsTAoVRrICqb2fEH0qEitiWzD9roJdEdKGLn7aHGa5ztgEUl45mmq03bwqofE
Zux+0YEN6i2wpOWONX135CbxORAW4PQfiJ3HafhBzcSGroIUjB49
-----END CERTIFICATE-----