Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/4PZrnXIynG9h2ZMBx9asEBdm3wE.roa
File:                     4PZrnXIynG9h2ZMBx9asEBdm3wE.roa (raw, json)
Hash identifier:          aFm1C3meiCOJIBxRnGd21coUABGVTO8GUUm8r1ioR8s=
Subject key identifier:   E0:F6:6B:9D:72:32:9C:6F:61:D9:93:01:C7:D6:AC:10:17:66:DF:01
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019739A6BC200C7AD3DE15AC2CEB068BC816
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/4PZrnXIynG9h2ZMBx9asEBdm3wE.roa
Signing time:             Wed 04 Jun 2025 06:35:17 +0000
ROA not before:           Wed 04 Jun 2025 06:35:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     45815
IP address blocks:        94.249.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Jun 2025 07:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:39:a6:bc:20:0c:7a:d3:de:15:ac:2c:eb:06:8b:c8:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jun  4 06:35:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0f66b9d72329c6f61d99301c7d6ac101766df01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:e5:61:a7:c8:46:91:2e:4d:df:5d:dc:e7:16:
                    db:e6:30:62:f1:35:1e:cf:03:b6:b5:39:97:54:37:
                    69:8b:c2:ff:1d:be:aa:12:f6:cc:3c:65:d4:48:36:
                    24:0d:c7:4c:2f:ed:90:d2:d8:39:00:51:da:60:50:
                    f0:31:eb:fd:6c:0a:f3:49:f0:f6:13:cf:7c:d3:2a:
                    86:85:62:bc:44:f5:b7:02:89:2c:aa:e6:ac:9d:66:
                    0d:5a:29:5f:9b:fe:4f:f7:de:71:94:80:f3:1c:f2:
                    d6:d6:f9:4c:90:5b:70:76:4b:6b:be:f7:d7:2e:8f:
                    a0:3d:44:18:dd:47:6c:71:6f:bd:7d:98:e8:80:38:
                    8b:35:b4:dc:57:59:79:db:7d:26:28:7e:b2:ad:9d:
                    f4:53:15:91:11:67:ad:23:f9:e1:b9:fd:c2:c8:fd:
                    8c:27:8d:56:a6:ba:89:a1:ec:56:6e:c9:8a:fd:97:
                    ae:7d:ce:2c:95:13:94:3e:b7:f1:1d:56:af:3a:b4:
                    d0:e0:d5:64:31:15:29:a9:e4:56:ae:37:ec:a6:3b:
                    b6:c1:8f:b9:69:cb:be:8a:a3:76:d8:ab:37:9f:7a:
                    ac:df:fc:9d:be:31:2b:51:46:e8:f9:ba:d8:0e:56:
                    35:03:98:fc:28:b7:9c:54:5f:3d:e0:d7:ec:0f:fd:
                    23:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:F6:6B:9D:72:32:9C:6F:61:D9:93:01:C7:D6:AC:10:17:66:DF:01
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/4PZrnXIynG9h2ZMBx9asEBdm3wE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.249.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:e1:30:85:2a:a4:33:00:01:94:32:76:c3:cb:79:1a:ae:42:
         6f:53:51:bb:af:57:d4:90:ab:d6:9f:86:be:60:42:73:a0:42:
         c2:16:dc:61:17:22:71:5e:89:65:cf:58:c6:b0:fe:60:9e:4e:
         c0:29:ec:26:c0:ef:cc:db:1e:6b:c8:ad:d9:81:82:c8:a2:21:
         de:d8:9c:03:06:d2:38:40:e0:75:72:9a:ea:2d:b8:ed:5c:a2:
         eb:d6:47:4d:69:03:db:73:31:64:dd:27:d9:29:90:44:63:75:
         53:2a:d9:57:4d:cd:4e:00:5c:0e:bb:c0:ad:b9:e3:c5:17:f8:
         4d:4a:53:b9:b2:3a:f4:fa:ef:9d:4a:13:ed:a3:a8:58:81:5e:
         c1:5d:6d:19:98:4c:7b:43:20:53:b9:55:69:51:ec:32:55:7b:
         64:ec:fb:6d:22:7b:60:88:4a:b1:03:1a:8b:6b:51:7f:b8:2e:
         03:b1:ed:09:e7:65:6d:aa:b9:68:38:85:5e:31:7c:3a:79:ef:
         59:8c:6f:f5:d8:06:17:07:8a:69:ac:a3:6f:23:de:b4:89:ae:
         a8:2c:f3:87:9e:b7:af:16:a9:08:4e:c3:b9:26:84:27:a2:75:
         de:ff:9b:13:a4:74:e0:21:e9:d8:c5:d5:fa:a0:53:54:c2:93:
         4b:59:79:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc5prwgDHrT3hWsLOsGi8gWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNjA0MDYzNTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGY2NmI5ZDcyMzI5YzZmNjFkOTkzMDFjN2Q2YWMxMDE3NjZkZjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhOVhp8hGkS5N313c5xbb5jBi8TUe
zwO2tTmXVDdpi8L/Hb6qEvbMPGXUSDYkDcdML+2Q0tg5AFHaYFDwMev9bArzSfD2
E8980yqGhWK8RPW3AoksquasnWYNWilfm/5P995xlIDzHPLW1vlMkFtwdktrvvfX
Lo+gPUQY3UdscW+9fZjogDiLNbTcV1l5230mKH6yrZ30UxWREWetI/nhuf3CyP2M
J41WprqJoexWbsmK/Zeufc4slROUPrfxHVavOrTQ4NVkMRUpqeRWrjfspju2wY+5
acu+iqN22Ks3n3qs3/ydvjErUUbo+brYDlY1A5j8KLecVF894NfsD/0jsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOD2a51yMpxvYdmTAcfWrBAXZt8BMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvNFBacm5YSXluRzloMlpNQng5YXNFQmRtM3dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXvnVMA0G
CSqGSIb3DQEBCwUAA4IBAQAB4TCFKqQzAAGUMnbDy3karkJvU1G7r1fUkKvWn4a+
YEJzoELCFtxhFyJxXollz1jGsP5gnk7AKewmwO/M2x5ryK3ZgYLIoiHe2JwDBtI4
QOB1cprqLbjtXKLr1kdNaQPbczFk3SfZKZBEY3VTKtlXTc1OAFwOu8CtuePFF/hN
SlO5sjr0+u+dShPto6hYgV7BXW0ZmEx7QyBTuVVpUewyVXtk7PttIntgiEqxAxqL
a1F/uC4Dse0J52VtqrloOIVeMXw6ee9ZjG/12AYXB4pprKNvI960ia6oLPOHnrev
FqkITsO5JoQnonXe/5sTpHTgIenYxdX6oFNUwpNLWXkJ
-----END CERTIFICATE-----