Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/5d31cb-46c6-4b58-8279-d5aefccc9522/1/ZStJjyYeeW80s3UrenWKL6Fviiw.roa
File:                     ZStJjyYeeW80s3UrenWKL6Fviiw.roa (raw, json)
Hash identifier:          QylBnhEyvnv79g3JL425L8t6RW7UscFPY8hGIf7mOwQ=
Subject key identifier:   65:2B:49:8F:26:1E:79:6F:34:B3:75:2B:7A:75:8A:2F:A1:6F:8A:2C
Certificate issuer:       /CN=90878c39624aede3929e17ccd95878c292b2f351
Certificate serial:       0197208FF54F6844484252204A9B2D5FEB4A
Authority key identifier: 90:87:8C:39:62:4A:ED:E3:92:9E:17:CC:D9:58:78:C2:92:B2:F3:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kIeMOWJK7eOSnhfM2Vh4wpKy81E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/5d31cb-46c6-4b58-8279-d5aefccc9522/1/ZStJjyYeeW80s3UrenWKL6Fviiw.roa
Signing time:             Fri 30 May 2025 09:39:54 +0000
ROA not before:           Fri 30 May 2025 09:39:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41135
IP address blocks:        81.201.80.0/20 maxlen: 24
                          185.47.148.0/22 maxlen: 24
                          2a03:b500::/32 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/5d31cb-46c6-4b58-8279-d5aefccc9522/1/kIeMOWJK7eOSnhfM2Vh4wpKy81E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/5d31cb-46c6-4b58-8279-d5aefccc9522/1/kIeMOWJK7eOSnhfM2Vh4wpKy81E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kIeMOWJK7eOSnhfM2Vh4wpKy81E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:20:8f:f5:4f:68:44:48:42:52:20:4a:9b:2d:5f:eb:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90878c39624aede3929e17ccd95878c292b2f351
        Validity
            Not Before: May 30 09:39:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=652b498f261e796f34b3752b7a758a2fa16f8a2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e3:fc:57:34:11:6d:7a:9e:e3:67:65:a4:43:
                    55:69:f7:9d:09:08:da:df:76:56:e9:84:46:1d:65:
                    1a:c8:8d:b6:50:2e:cc:ed:a2:75:bc:b9:0e:e7:25:
                    90:46:2e:1b:14:eb:07:86:95:da:ff:6c:40:4e:d0:
                    ea:c2:48:6b:91:ad:52:e5:5e:f6:64:05:4f:c0:fc:
                    01:e4:29:6f:0a:42:03:cb:31:2c:86:57:cc:5e:23:
                    3d:33:3c:59:3c:b4:06:7d:aa:7e:09:88:56:56:17:
                    f9:3d:1d:3f:62:ea:f8:ec:c9:21:15:9d:dc:68:a6:
                    e6:ec:81:f5:d9:0f:ca:28:24:48:fb:48:02:79:6d:
                    04:27:70:b1:53:83:44:bb:a9:d8:fd:c0:3c:6b:5e:
                    76:3a:1f:7a:48:42:4b:84:27:18:11:70:8e:06:eb:
                    c2:41:7f:12:e6:45:de:62:8b:d1:e4:cd:c4:49:74:
                    1d:19:50:e7:18:02:c3:a1:fd:ad:77:8b:bf:9a:d7:
                    6b:e1:18:5f:b3:60:bf:46:e8:9d:bf:ae:15:9c:f4:
                    45:55:77:c6:11:e8:b9:90:ac:e0:16:f3:12:ff:47:
                    23:d2:fc:92:dd:44:39:7f:4a:77:31:d9:0b:aa:81:
                    1c:96:92:63:41:3d:1c:5b:85:fa:72:6a:2e:92:83:
                    b1:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:2B:49:8F:26:1E:79:6F:34:B3:75:2B:7A:75:8A:2F:A1:6F:8A:2C
            X509v3 Authority Key Identifier:
                keyid:90:87:8C:39:62:4A:ED:E3:92:9E:17:CC:D9:58:78:C2:92:B2:F3:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kIeMOWJK7eOSnhfM2Vh4wpKy81E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5d31cb-46c6-4b58-8279-d5aefccc9522/1/ZStJjyYeeW80s3UrenWKL6Fviiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5d31cb-46c6-4b58-8279-d5aefccc9522/1/kIeMOWJK7eOSnhfM2Vh4wpKy81E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.201.80.0/20
                  185.47.148.0/22
                IPv6:
                  2a03:b500::/32

    Signature Algorithm: sha256WithRSAEncryption
         8b:28:1e:c1:96:7a:1e:23:41:cc:dc:9f:e2:e9:b7:ce:f0:02:
         95:a1:b1:07:bc:f6:5a:1f:b6:50:a1:c1:b4:45:cf:b5:1e:3d:
         b9:d4:78:2e:7f:df:cd:48:86:b5:86:b9:e7:36:55:6d:76:c4:
         39:4d:43:4f:81:58:d0:96:de:c6:48:d4:46:ee:76:28:2b:72:
         92:37:2f:bf:fa:2e:76:90:01:39:32:44:5d:e5:56:08:27:cb:
         69:ae:44:fa:2b:d3:3b:a6:95:48:fd:23:46:e4:16:ce:c4:90:
         97:3d:19:cb:4f:a4:fd:97:c7:7d:0f:c2:49:69:f6:91:c2:ab:
         1a:d5:ca:fb:a2:bf:58:25:cf:90:f9:c9:75:e8:9f:3c:e9:20:
         96:67:43:3a:0a:59:cd:de:28:ea:14:b2:cf:b7:1c:6d:ac:8f:
         1e:1b:1b:6e:e3:56:3b:98:b5:97:ef:b0:43:c6:d3:31:80:12:
         9e:6f:21:19:53:9f:0b:90:d3:06:28:71:d8:cb:ac:2d:f9:d9:
         38:33:ac:90:81:94:47:f5:f8:3d:40:03:d9:3b:4c:54:e3:73:
         81:c6:ad:7d:bc:f6:80:07:75:58:1d:2b:ec:bc:a8:cc:36:83:
         51:ee:73:b9:66:30:59:8f:2d:92:44:5e:0c:fd:fe:eb:61:21:
         77:a0:4a:12
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZcgj/VPaERIQlIgSpstX+tKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwODc4YzM5NjI0YWVkZTM5MjllMTdjY2Q5NTg3OGMyOTJi
MmYzNTEwHhcNMjUwNTMwMDkzOTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTJiNDk4ZjI2MWU3OTZmMzRiMzc1MmI3YTc1OGEyZmExNmY4YTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+P8VzQRbXqe42dlpENVafedCQja
33ZW6YRGHWUayI22UC7M7aJ1vLkO5yWQRi4bFOsHhpXa/2xATtDqwkhrka1S5V72
ZAVPwPwB5ClvCkIDyzEshlfMXiM9MzxZPLQGfap+CYhWVhf5PR0/Yur47MkhFZ3c
aKbm7IH12Q/KKCRI+0gCeW0EJ3CxU4NEu6nY/cA8a152Oh96SEJLhCcYEXCOBuvC
QX8S5kXeYovR5M3ESXQdGVDnGALDof2td4u/mtdr4Rhfs2C/Ruidv64VnPRFVXfG
Eei5kKzgFvMS/0cj0vyS3UQ5f0p3MdkLqoEclpJjQT0cW4X6cmoukoOxOQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGUrSY8mHnlvNLN1K3p1ii+hb4osMB8GA1UdIwQY
MBaAFJCHjDliSu3jkp4XzNlYeMKSsvNRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0llTU9XSks3ZU9TbmhmTTJWaDR3cEt5ODFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi81ZDMxY2ItNDZjNi00YjU4LTgyNzkt
ZDVhZWZjY2M5NTIyLzEvWlN0Smp5WWVlVzgwczNVcmVuV0tMNkZ2aWl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi81ZDMxY2ItNDZjNi00YjU4LTgyNzktZDVhZWZjY2M5NTIy
LzEva0llTU9XSks3ZU9TbmhmTTJWaDR3cEt5ODFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEUclQAwQC
uS+UMA0EAgACMAcDBQAqA7UAMA0GCSqGSIb3DQEBCwUAA4IBAQCLKB7BlnoeI0HM
3J/i6bfO8AKVobEHvPZaH7ZQocG0Rc+1Hj251Hguf9/NSIa1hrnnNlVtdsQ5TUNP
gVjQlt7GSNRG7nYoK3KSNy+/+i52kAE5MkRd5VYIJ8tprkT6K9M7ppVI/SNG5BbO
xJCXPRnLT6T9l8d9D8JJafaRwqsa1cr7or9YJc+Q+cl16J886SCWZ0M6ClnN3ijq
FLLPtxxtrI8eGxtu41Y7mLWX77BDxtMxgBKebyEZU58LkNMGKHHYy6wt+dk4M6yQ
gZRH9fg9QAPZO0xU43OBxq19vPaAB3VYHSvsvKjMNoNR7nO5ZjBZjy2SRF4M/f7r
YSF3oEoS
-----END CERTIFICATE-----