Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/842e7f-0350-4b02-a994-f71a49eba48a/1/ie21omNrQcDm6s8rAnnCfP0t5RQ.roa
File:                     ie21omNrQcDm6s8rAnnCfP0t5RQ.roa (raw, json)
Hash identifier:          mEaLFd1UOa9vUWrxCFXqOi9Y8DlDh7A8FeEm27sklyo=
Subject key identifier:   89:ED:B5:A2:63:6B:41:C0:E6:EA:CF:2B:02:79:C2:7C:FD:2D:E5:14
Certificate issuer:       /CN=a4f131e3e15058d93ffddb60ac7083bef89d2e86
Certificate serial:       019740D51CA848CE383827B1F8D653F9B41A
Authority key identifier: A4:F1:31:E3:E1:50:58:D9:3F:FD:DB:60:AC:70:83:BE:F8:9D:2E:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pPEx4-FQWNk__dtgrHCDvvidLoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/842e7f-0350-4b02-a994-f71a49eba48a/1/ie21omNrQcDm6s8rAnnCfP0t5RQ.roa
Signing time:             Thu 05 Jun 2025 16:03:17 +0000
ROA not before:           Thu 05 Jun 2025 16:03:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216243
IP address blocks:        192.100.143.0/24 maxlen: 24
                          2001:67c:458::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/842e7f-0350-4b02-a994-f71a49eba48a/1/pPEx4-FQWNk__dtgrHCDvvidLoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/842e7f-0350-4b02-a994-f71a49eba48a/1/pPEx4-FQWNk__dtgrHCDvvidLoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pPEx4-FQWNk__dtgrHCDvvidLoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 22:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:40:d5:1c:a8:48:ce:38:38:27:b1:f8:d6:53:f9:b4:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4f131e3e15058d93ffddb60ac7083bef89d2e86
        Validity
            Not Before: Jun  5 16:03:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=89edb5a2636b41c0e6eacf2b0279c27cfd2de514
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:48:91:33:d5:47:fc:2d:5e:b7:0f:5b:5d:65:
                    4f:45:04:bc:74:2c:92:e3:05:3a:c4:c8:8b:45:17:
                    ce:67:97:ab:dd:62:04:1b:27:f1:c1:12:11:24:67:
                    21:48:e5:ed:ca:b2:51:4e:48:5b:5c:9c:a9:21:9c:
                    da:71:66:96:57:be:2a:7c:e0:e2:b6:13:a5:3b:0a:
                    02:31:e4:b9:57:cd:a6:8c:68:3f:40:ca:37:5f:b9:
                    7c:ec:2d:0e:20:dd:b2:c2:3a:20:02:52:e7:06:f2:
                    aa:a2:94:f5:fa:29:48:40:34:5e:87:10:6e:80:fc:
                    54:50:41:02:d1:31:ef:9a:7e:48:e2:f2:60:d8:c6:
                    19:3d:93:ec:07:0d:e6:fe:4d:95:93:00:95:e3:95:
                    66:8a:ec:0a:5b:89:92:19:2e:64:18:f6:15:16:d1:
                    9d:22:e3:5c:16:cd:06:b9:75:f7:22:b4:fd:dc:61:
                    f7:3c:ba:df:b0:4f:1d:a3:18:31:2e:25:51:68:8c:
                    ec:75:0c:cd:fe:b0:5d:c3:9a:06:4a:19:cc:0a:e5:
                    1c:d3:b3:16:55:e4:4b:e5:4f:23:9a:e9:27:e6:26:
                    ec:2b:23:ba:8a:84:4f:7c:16:78:90:ab:b7:3a:5e:
                    55:5c:2f:0c:83:07:1c:87:28:a2:98:96:25:e9:85:
                    5f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:ED:B5:A2:63:6B:41:C0:E6:EA:CF:2B:02:79:C2:7C:FD:2D:E5:14
            X509v3 Authority Key Identifier:
                keyid:A4:F1:31:E3:E1:50:58:D9:3F:FD:DB:60:AC:70:83:BE:F8:9D:2E:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pPEx4-FQWNk__dtgrHCDvvidLoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/842e7f-0350-4b02-a994-f71a49eba48a/1/ie21omNrQcDm6s8rAnnCfP0t5RQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/842e7f-0350-4b02-a994-f71a49eba48a/1/pPEx4-FQWNk__dtgrHCDvvidLoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.100.143.0/24
                IPv6:
                  2001:67c:458::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:9c:e6:7a:4b:da:d2:b0:f9:e1:ae:ea:ac:c6:2a:de:58:e1:
         66:db:ca:e8:76:02:7f:79:14:82:f8:a7:95:45:b5:57:44:c7:
         ac:96:33:b5:16:cc:aa:ef:eb:00:9b:9c:66:fc:19:9f:fc:1e:
         76:aa:0a:35:74:64:cf:d3:5a:02:f1:db:1a:e9:69:d5:62:04:
         57:f7:bf:22:76:e9:e6:c9:62:b1:21:17:eb:92:0e:8b:14:b8:
         0f:4c:90:f7:e5:11:2b:64:77:b0:8a:d4:3f:d1:27:10:80:e3:
         71:20:fe:cc:82:86:d9:1f:35:42:5e:cf:62:1d:18:35:70:d2:
         29:f0:ce:05:76:04:bc:2f:47:b0:79:d8:c2:c6:bf:74:f3:77:
         0c:19:6a:f1:d0:a1:db:74:69:a9:60:9b:0d:15:70:2c:69:0e:
         3a:4d:15:26:3d:95:1e:2e:4e:e6:da:7c:32:44:a3:cc:b7:51:
         e2:61:a5:72:0e:5c:bb:82:71:e1:ae:aa:1b:f0:b0:5c:35:fa:
         0b:ae:d5:75:c4:9e:47:e4:8e:8d:36:5c:07:52:9d:b1:3c:17:
         03:e7:3b:cf:eb:96:4e:62:54:6d:64:fc:05:1f:49:65:b1:b3:
         79:a5:53:dd:37:9e:36:84:65:03:59:cd:a7:d2:44:ae:3c:09:
         ae:50:f9:31
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZdA1RyoSM44OCex+NZT+bQaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ZjEzMWUzZTE1MDU4ZDkzZmZkZGI2MGFjNzA4M2JlZjg5
ZDJlODYwHhcNMjUwNjA1MTYwMzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWVkYjVhMjYzNmI0MWMwZTZlYWNmMmIwMjc5YzI3Y2ZkMmRlNTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUiRM9VH/C1etw9bXWVPRQS8dCyS
4wU6xMiLRRfOZ5er3WIEGyfxwRIRJGchSOXtyrJRTkhbXJypIZzacWaWV74qfODi
thOlOwoCMeS5V82mjGg/QMo3X7l87C0OIN2ywjogAlLnBvKqopT1+ilIQDRehxBu
gPxUUEEC0THvmn5I4vJg2MYZPZPsBw3m/k2VkwCV45VmiuwKW4mSGS5kGPYVFtGd
IuNcFs0GuXX3IrT93GH3PLrfsE8doxgxLiVRaIzsdQzN/rBdw5oGShnMCuUc07MW
VeRL5U8jmukn5ibsKyO6ioRPfBZ4kKu3Ol5VXC8MgwcchyiimJYl6YVfhQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFInttaJja0HA5urPKwJ5wnz9LeUUMB8GA1UdIwQY
MBaAFKTxMePhUFjZP/3bYKxwg774nS6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFBFeDQtRlFXTmtfX2R0Z3JIQ0R2dmlkTG9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi84NDJlN2YtMDM1MC00YjAyLWE5OTQt
ZjcxYTQ5ZWJhNDhhLzEvaWUyMW9tTnJRY0RtNnM4ckFubkNmUDB0NVJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi84NDJlN2YtMDM1MC00YjAyLWE5OTQtZjcxYTQ5ZWJhNDhh
LzEvcFBFeDQtRlFXTmtfX2R0Z3JIQ0R2dmlkTG9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwGSPMA8E
AgACMAkDBwAgAQZ8BFgwDQYJKoZIhvcNAQELBQADggEBAJWc5npL2tKw+eGu6qzG
Kt5Y4Wbbyuh2An95FIL4p5VFtVdEx6yWM7UWzKrv6wCbnGb8GZ/8HnaqCjV0ZM/T
WgLx2xrpadViBFf3vyJ26ebJYrEhF+uSDosUuA9MkPflEStkd7CK1D/RJxCA43Eg
/syChtkfNUJez2IdGDVw0inwzgV2BLwvR7B52MLGv3TzdwwZavHQodt0aalgmw0V
cCxpDjpNFSY9lR4uTubafDJEo8y3UeJhpXIOXLuCceGuqhvwsFw1+guu1XXEnkfk
jo02XAdSnbE8FwPnO8/rlk5iVG1k/AUfSWWxs3mlU903njaEZQNZzafSRK48Ca5Q
+TE=
-----END CERTIFICATE-----