Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/DbkBMTTDNixpKcQlX7Vjn6DywuQ.roa
File:                     DbkBMTTDNixpKcQlX7Vjn6DywuQ.roa (raw, json)
Hash identifier:          Gck4ltKHtryoVjoaJQkK8R77SteNDlEKQtTpnFaqZ2s=
Subject key identifier:   0D:B9:01:31:34:C3:36:2C:69:29:C4:25:5F:B5:63:9F:A0:F2:C2:E4
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01964F41215B419D02E1CA3C57DBA317510C
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/DbkBMTTDNixpKcQlX7Vjn6DywuQ.roa
Signing time:             Sat 19 Apr 2025 18:13:10 +0000
ROA not before:           Sat 19 Apr 2025 18:13:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213622
IP address blocks:        185.121.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:4f:41:21:5b:41:9d:02:e1:ca:3c:57:db:a3:17:51:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr 19 18:13:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0db9013134c3362c6929c4255fb5639fa0f2c2e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:13:8b:39:a2:4d:54:d5:bf:2a:5e:9c:42:74:
                    de:ef:35:df:cf:87:40:82:30:0c:fd:28:b0:c1:ed:
                    80:7a:97:51:6b:9c:11:b6:d5:3d:1a:94:ae:cc:d6:
                    ba:52:99:50:a0:d2:76:07:69:32:9e:31:6a:5d:c7:
                    6f:9b:02:c3:42:0f:49:8d:65:bb:38:16:98:29:41:
                    40:b9:28:2a:ca:f4:53:2d:88:09:3f:82:3d:74:80:
                    ab:89:c0:97:64:ef:5d:e6:fa:ce:e6:fe:a5:ef:5c:
                    74:0d:1b:93:a9:b5:b9:14:26:fa:ab:59:c5:16:0a:
                    1c:63:27:8f:25:4c:23:08:a6:91:b5:64:62:3a:73:
                    83:cc:52:3a:d4:c9:4d:10:c9:6a:0b:88:11:45:5b:
                    1d:45:f1:55:d1:04:2b:af:73:0c:ea:2c:df:45:55:
                    94:d2:2d:84:b2:06:0e:f8:f3:19:19:10:af:cd:76:
                    4f:fe:fc:00:f7:3b:e1:8f:d1:a8:a4:b8:5d:02:a8:
                    a5:e0:b7:0c:fb:9b:7b:c2:c6:dc:9e:de:e9:fa:3a:
                    3d:44:5d:e2:d8:a3:91:0e:25:da:ea:04:71:96:00:
                    6e:8e:50:41:1e:d5:18:7a:9e:27:09:c3:68:ab:ad:
                    51:8f:96:e3:fe:29:94:0b:f8:a9:38:a8:5f:3a:a4:
                    d7:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:B9:01:31:34:C3:36:2C:69:29:C4:25:5F:B5:63:9F:A0:F2:C2:E4
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/DbkBMTTDNixpKcQlX7Vjn6DywuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:f1:e1:ce:00:89:f8:1b:42:73:e7:88:93:8e:aa:f8:e8:6e:
         33:a4:25:0e:11:eb:2b:97:67:ce:6c:2d:e1:e1:ca:0f:b0:a7:
         48:b6:1e:da:33:cf:2d:9d:8d:ee:b2:54:19:a9:bf:99:26:d0:
         42:57:90:90:a5:ed:89:15:d7:61:b6:7f:e4:e9:ff:b0:a2:8f:
         f8:02:07:47:e0:bd:b4:12:92:e2:bd:25:3d:aa:e4:b8:c0:f5:
         c7:e4:0e:3b:27:77:af:65:a2:d8:b7:5c:dd:49:ca:9b:ae:4d:
         f3:c6:49:fc:07:f6:1e:e7:f6:99:75:cb:49:67:ff:03:91:59:
         68:6e:3b:e2:e1:dc:63:c2:da:13:39:24:4d:f1:2c:77:b1:0b:
         e7:5f:4c:98:2c:72:f4:ca:c5:a6:f4:0c:8c:67:c8:3d:a5:7b:
         1c:34:3b:7b:31:86:b3:6d:c2:67:5b:45:50:9d:f7:00:7c:a2:
         a7:3d:a3:1f:e5:5c:46:c4:49:5c:1e:61:c9:3a:ab:83:f3:e5:
         8c:d1:c6:65:d2:d4:83:13:25:30:63:76:1f:86:b4:50:7d:d4:
         88:b5:fd:65:31:22:f3:80:fe:51:26:60:4b:c4:f1:44:bd:0d:
         96:bf:8e:9a:ff:6f:a4:35:6c:c4:12:cf:89:1e:40:e3:e5:d8:
         44:20:68:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZPQSFbQZ0C4co8V9ujF1EMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNDE5MTgxMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGI5MDEzMTM0YzMzNjJjNjkyOWM0MjU1ZmI1NjM5ZmEwZjJjMmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvROLOaJNVNW/Kl6cQnTe7zXfz4dA
gjAM/Siwwe2AepdRa5wRttU9GpSuzNa6UplQoNJ2B2kynjFqXcdvmwLDQg9JjWW7
OBaYKUFAuSgqyvRTLYgJP4I9dICricCXZO9d5vrO5v6l71x0DRuTqbW5FCb6q1nF
FgocYyePJUwjCKaRtWRiOnODzFI61MlNEMlqC4gRRVsdRfFV0QQrr3MM6izfRVWU
0i2EsgYO+PMZGRCvzXZP/vwA9zvhj9GopLhdAqil4LcM+5t7wsbcnt7p+jo9RF3i
2KORDiXa6gRxlgBujlBBHtUYep4nCcNoq61Rj5bj/imUC/ipOKhfOqTXcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA25ATE0wzYsaSnEJV+1Y5+g8sLkMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvRGJrQk1UVEROaXhwS2NRbFg3VmpuNkR5d3VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXlFMA0G
CSqGSIb3DQEBCwUAA4IBAQCt8eHOAIn4G0Jz54iTjqr46G4zpCUOEesrl2fObC3h
4coPsKdIth7aM88tnY3uslQZqb+ZJtBCV5CQpe2JFddhtn/k6f+woo/4AgdH4L20
EpLivSU9quS4wPXH5A47J3evZaLYt1zdScqbrk3zxkn8B/Ye5/aZdctJZ/8DkVlo
bjvi4dxjwtoTOSRN8Sx3sQvnX0yYLHL0ysWm9AyMZ8g9pXscNDt7MYazbcJnW0VQ
nfcAfKKnPaMf5VxGxElcHmHJOquD8+WM0cZl0tSDEyUwY3YfhrRQfdSItf1lMSLz
gP5RJmBLxPFEvQ2Wv46a/2+kNWzEEs+JHkDj5dhEIGhp
-----END CERTIFICATE-----