Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/bdface-193c-49c8-b45d-db3fccfb7db1/1/zXilNDKWsxIaUq_LEMDiwJqBNJI.roa
File:                     zXilNDKWsxIaUq_LEMDiwJqBNJI.roa (raw, json)
Hash identifier:          Eo6IWAeJUaI2CdPXL2mpqljbcAx/G9eShos6ic97+nk=
Subject key identifier:   CD:78:A5:34:32:96:B3:12:1A:52:AF:CB:10:C0:E2:C0:9A:81:34:92
Certificate issuer:       /CN=9213f90aa4d8e47eabb348590157f4878bf746f8
Certificate serial:       0197403A64A8232ED19EAB7ACA67B4E99472
Authority key identifier: 92:13:F9:0A:A4:D8:E4:7E:AB:B3:48:59:01:57:F4:87:8B:F7:46:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/khP5CqTY5H6rs0hZAVf0h4v3Rvg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/bdface-193c-49c8-b45d-db3fccfb7db1/1/zXilNDKWsxIaUq_LEMDiwJqBNJI.roa
Signing time:             Thu 05 Jun 2025 13:14:17 +0000
ROA not before:           Thu 05 Jun 2025 13:14:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210005
IP address blocks:        185.218.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/bdface-193c-49c8-b45d-db3fccfb7db1/1/khP5CqTY5H6rs0hZAVf0h4v3Rvg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/bdface-193c-49c8-b45d-db3fccfb7db1/1/khP5CqTY5H6rs0hZAVf0h4v3Rvg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/khP5CqTY5H6rs0hZAVf0h4v3Rvg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:40:3a:64:a8:23:2e:d1:9e:ab:7a:ca:67:b4:e9:94:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9213f90aa4d8e47eabb348590157f4878bf746f8
        Validity
            Not Before: Jun  5 13:14:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd78a5343296b3121a52afcb10c0e2c09a813492
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:d8:98:28:8a:73:8e:bf:df:c2:62:21:a3:e2:
                    b7:3a:85:20:0d:7e:11:aa:ee:45:09:24:45:15:ea:
                    89:a8:4c:52:dd:a1:ee:90:e7:94:29:b3:cf:82:37:
                    96:8d:8c:3b:30:0c:bd:8e:1f:f1:67:15:50:a8:62:
                    5d:b0:a0:f8:2e:da:3e:f1:cb:5e:2c:cb:f5:fe:f0:
                    94:ac:31:7e:28:ff:01:0d:28:e2:54:bd:b2:cf:f5:
                    83:aa:a8:db:ef:12:45:3d:a2:a2:43:e0:4e:7e:97:
                    ac:29:ad:37:64:6d:6b:a0:be:9a:c1:12:0c:77:ef:
                    a7:0e:fa:48:aa:3d:f1:e0:b5:cc:64:ec:b0:ce:8e:
                    5b:55:65:18:cb:21:0b:4a:4a:b2:d1:95:67:0c:1b:
                    8f:73:d1:dd:35:26:ae:90:cc:b7:aa:3d:8a:89:2c:
                    e6:7d:d1:aa:68:01:bd:90:35:ac:49:88:09:70:11:
                    ec:2c:cb:9a:59:6d:10:94:a2:cc:47:b0:df:19:f8:
                    cc:cd:4b:ab:23:d8:4f:2e:0a:82:b4:aa:31:95:2b:
                    58:ef:ba:ca:ab:dc:12:88:19:1a:06:2a:f8:37:51:
                    68:c0:29:58:a3:3e:10:28:0c:e7:af:27:f0:4c:62:
                    d6:4f:28:43:49:e9:0e:c6:7e:9e:da:1b:e9:4f:04:
                    70:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:78:A5:34:32:96:B3:12:1A:52:AF:CB:10:C0:E2:C0:9A:81:34:92
            X509v3 Authority Key Identifier:
                keyid:92:13:F9:0A:A4:D8:E4:7E:AB:B3:48:59:01:57:F4:87:8B:F7:46:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/khP5CqTY5H6rs0hZAVf0h4v3Rvg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/bdface-193c-49c8-b45d-db3fccfb7db1/1/zXilNDKWsxIaUq_LEMDiwJqBNJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/bdface-193c-49c8-b45d-db3fccfb7db1/1/khP5CqTY5H6rs0hZAVf0h4v3Rvg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:6e:03:9c:d7:16:4d:84:93:e7:51:f3:23:f7:76:92:b5:13:
         e4:59:17:1a:2e:e8:4e:65:45:e1:70:d7:6c:47:b3:73:82:a4:
         c2:89:ad:02:65:df:4e:d3:9e:88:83:fc:ea:49:9e:53:c6:c0:
         cf:4b:ce:5f:b0:c3:c4:01:2a:d4:16:e3:61:5d:d3:27:75:a9:
         25:44:05:19:34:29:c3:ac:f9:8b:68:83:fa:44:a3:25:92:c7:
         ac:4f:4a:05:22:3f:58:b1:b9:e4:63:00:6b:89:ae:dd:1d:99:
         23:c6:0d:ad:22:6d:5c:01:d7:ed:3e:b2:62:1d:08:8d:0a:a0:
         89:14:dc:7e:13:3b:77:ce:c9:47:c1:a8:a8:0d:6a:a8:79:b6:
         23:d2:e0:df:2b:49:ad:9a:83:8a:12:af:84:b8:37:5a:f9:7a:
         f7:90:93:67:e0:11:fd:2c:60:fd:98:01:cf:75:6e:75:8c:65:
         ba:d4:1a:b1:a5:89:24:8b:a7:f6:69:ea:4c:5c:c6:d4:f1:20:
         c4:11:47:95:c0:f6:47:72:53:e2:f7:00:cc:35:27:bc:4c:e6:
         78:28:e8:40:3f:3d:91:16:66:07:e5:99:6c:00:28:4f:ed:30:
         34:b3:56:9c:79:6c:19:4a:c3:d8:56:6e:a6:1b:6c:3c:9b:04:
         6a:33:f3:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdAOmSoIy7Rnqt6yme06ZRyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMTNmOTBhYTRkOGU0N2VhYmIzNDg1OTAxNTdmNDg3OGJm
NzQ2ZjgwHhcNMjUwNjA1MTMxNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDc4YTUzNDMyOTZiMzEyMWE1MmFmY2IxMGMwZTJjMDlhODEzNDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2NiYKIpzjr/fwmIho+K3OoUgDX4R
qu5FCSRFFeqJqExS3aHukOeUKbPPgjeWjYw7MAy9jh/xZxVQqGJdsKD4Lto+8cte
LMv1/vCUrDF+KP8BDSjiVL2yz/WDqqjb7xJFPaKiQ+BOfpesKa03ZG1roL6awRIM
d++nDvpIqj3x4LXMZOywzo5bVWUYyyELSkqy0ZVnDBuPc9HdNSaukMy3qj2KiSzm
fdGqaAG9kDWsSYgJcBHsLMuaWW0QlKLMR7DfGfjMzUurI9hPLgqCtKoxlStY77rK
q9wSiBkaBir4N1FowClYoz4QKAznryfwTGLWTyhDSekOxn6e2hvpTwRw+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM14pTQylrMSGlKvyxDA4sCagTSSMB8GA1UdIwQY
MBaAFJIT+Qqk2OR+q7NIWQFX9IeL90b4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2hQNUNxVFk1SDZyczBoWkFWZjBoNHYzUnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9iZGZhY2UtMTkzYy00OWM4LWI0NWQt
ZGIzZmNjZmI3ZGIxLzEvelhpbE5ES1dzeElhVXFfTEVNRGl3SnFCTkpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9iZGZhY2UtMTkzYy00OWM4LWI0NWQtZGIzZmNjZmI3ZGIx
LzEva2hQNUNxVFk1SDZyczBoWkFWZjBoNHYzUnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudqPMA0G
CSqGSIb3DQEBCwUAA4IBAQAabgOc1xZNhJPnUfMj93aStRPkWRcaLuhOZUXhcNds
R7NzgqTCia0CZd9O056Ig/zqSZ5TxsDPS85fsMPEASrUFuNhXdMndaklRAUZNCnD
rPmLaIP6RKMlksesT0oFIj9YsbnkYwBria7dHZkjxg2tIm1cAdftPrJiHQiNCqCJ
FNx+Ezt3zslHwaioDWqoebYj0uDfK0mtmoOKEq+EuDda+Xr3kJNn4BH9LGD9mAHP
dW51jGW61BqxpYkki6f2aepMXMbU8SDEEUeVwPZHclPi9wDMNSe8TOZ4KOhAPz2R
FmYH5ZlsAChP7TA0s1aceWwZSsPYVm6mG2w8mwRqM/Ms
-----END CERTIFICATE-----