Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/2b7fe9-2a87-4c57-b108-9214278108a8/1/f1b7by6SkYswASAnSv-cgB5XP2Y.roa
File:                     f1b7by6SkYswASAnSv-cgB5XP2Y.roa (raw, json)
Hash identifier:          x+DctqLC1gEcaYW0QmBitaKdQAwlen0XRAIQGmNrAQ4=
Subject key identifier:   7F:56:FB:6F:2E:92:91:8B:30:01:20:27:4A:FF:9C:80:1E:57:3F:66
Certificate issuer:       /CN=e50c22c66b85fac98de83d761ef4243437ab0393
Certificate serial:       0197C53128097CF03EA111F1B56E0C32541C
Authority key identifier: E5:0C:22:C6:6B:85:FA:C9:8D:E8:3D:76:1E:F4:24:34:37:AB:03:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5QwixmuF-smN6D12HvQkNDerA5M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/2b7fe9-2a87-4c57-b108-9214278108a8/1/f1b7by6SkYswASAnSv-cgB5XP2Y.roa
Signing time:             Tue 01 Jul 2025 08:53:42 +0000
ROA not before:           Tue 01 Jul 2025 08:53:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13170
IP address blocks:        213.255.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/2b7fe9-2a87-4c57-b108-9214278108a8/1/5QwixmuF-smN6D12HvQkNDerA5M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/2b7fe9-2a87-4c57-b108-9214278108a8/1/5QwixmuF-smN6D12HvQkNDerA5M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5QwixmuF-smN6D12HvQkNDerA5M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Jul 2025 11:08:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c5:31:28:09:7c:f0:3e:a1:11:f1:b5:6e:0c:32:54:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e50c22c66b85fac98de83d761ef4243437ab0393
        Validity
            Not Before: Jul  1 08:53:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f56fb6f2e92918b300120274aff9c801e573f66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:93:f8:d7:63:4a:52:ed:2b:e0:46:ec:dc:c6:
                    26:62:a2:7c:2f:46:53:2a:45:98:d2:79:e8:22:fc:
                    88:aa:00:b0:b3:b7:22:6f:74:78:b6:e5:7b:21:91:
                    09:99:a7:b9:71:b2:43:20:9a:50:85:1b:5c:70:d5:
                    ed:1f:41:54:2e:7a:ac:15:af:17:25:ab:a1:92:86:
                    ac:d4:01:bc:b1:aa:47:16:bc:a7:e0:b4:88:80:ba:
                    09:bc:1a:69:67:57:26:a0:2d:ca:d7:97:fc:29:ed:
                    39:f0:fd:0b:4e:b5:e3:2f:2e:1c:fc:2d:e9:1a:1c:
                    47:6f:80:94:28:da:6f:4b:5d:55:36:d2:9d:bd:84:
                    58:2a:b9:19:67:6a:d6:c3:81:5a:0c:a4:d9:78:64:
                    dd:a7:ed:07:b0:9a:2a:1e:79:28:0f:5b:28:8f:be:
                    b4:c8:3e:1c:78:92:67:1a:38:df:5b:26:0d:27:be:
                    f0:76:57:a2:4e:28:e7:47:a9:09:47:99:76:1b:07:
                    b3:bd:e7:1d:82:83:d4:46:b0:fe:08:38:8d:bd:bb:
                    3d:bc:00:72:44:3e:da:e7:2e:21:74:99:e5:ce:ce:
                    f7:1b:a8:c2:49:08:31:81:80:de:b6:62:7f:59:7d:
                    66:bb:8a:da:3d:7e:de:9c:86:27:b2:86:28:99:d8:
                    2a:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:56:FB:6F:2E:92:91:8B:30:01:20:27:4A:FF:9C:80:1E:57:3F:66
            X509v3 Authority Key Identifier:
                keyid:E5:0C:22:C6:6B:85:FA:C9:8D:E8:3D:76:1E:F4:24:34:37:AB:03:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5QwixmuF-smN6D12HvQkNDerA5M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/2b7fe9-2a87-4c57-b108-9214278108a8/1/f1b7by6SkYswASAnSv-cgB5XP2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/2b7fe9-2a87-4c57-b108-9214278108a8/1/5QwixmuF-smN6D12HvQkNDerA5M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.255.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:a2:e7:38:d8:9b:a4:24:ad:dc:bc:21:e7:75:c5:aa:54:5c:
         4d:97:e3:29:1a:66:86:2a:c8:16:74:3a:82:77:f6:a6:71:a6:
         5c:0c:ea:e7:52:fa:0b:15:5e:d3:ad:f0:28:be:09:12:14:99:
         0b:1f:fd:f8:53:ce:66:33:30:8c:8d:c5:38:ae:46:00:f9:60:
         45:a8:5d:c3:47:e2:2f:a6:82:60:3e:38:85:74:66:f7:c7:e3:
         8e:9c:4c:9a:c1:f7:fb:71:36:5c:15:c5:f4:ba:6e:46:d4:19:
         ff:80:76:fa:94:34:0b:3b:80:5f:ac:db:70:c2:22:c3:e7:aa:
         ba:22:ce:91:84:47:db:90:4c:3c:70:cd:a7:4f:e4:1a:17:ab:
         c7:24:b8:ae:9d:e1:65:de:3e:37:f4:a6:db:19:cd:77:0c:ec:
         f7:01:83:97:db:43:28:65:a9:29:e3:b2:b7:d2:8a:f5:b4:39:
         c5:29:b2:4a:39:51:74:a1:7c:5f:98:c3:b6:8d:1c:d2:bc:36:
         13:14:c4:32:6b:8b:03:86:33:8d:7b:79:b9:5d:b7:86:d9:bb:
         6f:37:da:5c:a3:01:0c:b9:97:43:65:8c:6b:74:9c:7f:5e:9f:
         04:ef:fa:02:31:4e:43:e7:23:d9:6e:4d:cb:0a:df:fc:b7:26:
         05:87:d3:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfFMSgJfPA+oRHxtW4MMlQcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MGMyMmM2NmI4NWZhYzk4ZGU4M2Q3NjFlZjQyNDM0Mzdh
YjAzOTMwHhcNMjUwNzAxMDg1MzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjU2ZmI2ZjJlOTI5MThiMzAwMTIwMjc0YWZmOWM4MDFlNTczZjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpP412NKUu0r4Ebs3MYmYqJ8L0ZT
KkWY0nnoIvyIqgCws7cib3R4tuV7IZEJmae5cbJDIJpQhRtccNXtH0FULnqsFa8X
Jauhkoas1AG8sapHFryn4LSIgLoJvBppZ1cmoC3K15f8Ke058P0LTrXjLy4c/C3p
GhxHb4CUKNpvS11VNtKdvYRYKrkZZ2rWw4FaDKTZeGTdp+0HsJoqHnkoD1soj760
yD4ceJJnGjjfWyYNJ77wdleiTijnR6kJR5l2GwezvecdgoPURrD+CDiNvbs9vABy
RD7a5y4hdJnlzs73G6jCSQgxgYDetmJ/WX1mu4raPX7enIYnsoYomdgqPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH9W+28ukpGLMAEgJ0r/nIAeVz9mMB8GA1UdIwQY
MBaAFOUMIsZrhfrJjeg9dh70JDQ3qwOTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVF3aXhtdUYtc21ONkQxMkh2UWtORGVyQTVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8yYjdmZTktMmE4Ny00YzU3LWIxMDgt
OTIxNDI3ODEwOGE4LzEvZjFiN2J5NlNrWXN3QVNBblN2LWNnQjVYUDJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8yYjdmZTktMmE4Ny00YzU3LWIxMDgtOTIxNDI3ODEwOGE4
LzEvNVF3aXhtdUYtc21ONkQxMkh2UWtORGVyQTVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1f+kMA0G
CSqGSIb3DQEBCwUAA4IBAQBrouc42JukJK3cvCHndcWqVFxNl+MpGmaGKsgWdDqC
d/amcaZcDOrnUvoLFV7TrfAovgkSFJkLH/34U85mMzCMjcU4rkYA+WBFqF3DR+Iv
poJgPjiFdGb3x+OOnEyawff7cTZcFcX0um5G1Bn/gHb6lDQLO4BfrNtwwiLD56q6
Is6RhEfbkEw8cM2nT+QaF6vHJLiuneFl3j439KbbGc13DOz3AYOX20MoZakp47K3
0or1tDnFKbJKOVF0oXxfmMO2jRzSvDYTFMQya4sDhjONe3m5XbeG2btvN9pcowEM
uZdDZYxrdJx/Xp8E7/oCMU5D5yPZbk3LCt/8tyYFh9ON
-----END CERTIFICATE-----