Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/y5jk7A_2uM0azO24XUKFRlQ8ez0.roa
File:                     y5jk7A_2uM0azO24XUKFRlQ8ez0.roa (raw, json)
Hash identifier:          +zHyOoesQ7/l0J/q9PljXWm35J3B+xwWRgguNYco15M=
Subject key identifier:   CB:98:E4:EC:0F:F6:B8:CD:1A:CC:ED:B8:5D:42:85:46:54:3C:7B:3D
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019777CF844748E24EF43D277E8A91A94B15
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/y5jk7A_2uM0azO24XUKFRlQ8ez0.roa
Signing time:             Mon 16 Jun 2025 08:16:17 +0000
ROA not before:           Mon 16 Jun 2025 08:16:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        194.61.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Jul 2025 20:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:77:cf:84:47:48:e2:4e:f4:3d:27:7e:8a:91:a9:4b:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jun 16 08:16:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb98e4ec0ff6b8cd1accedb85d428546543c7b3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:7a:26:cf:75:e9:42:6c:7f:ba:76:8e:72:ee:
                    0e:7d:7e:b4:bb:b3:99:f9:d6:f7:1b:09:72:91:b9:
                    3a:a5:56:f6:2a:30:96:5b:90:10:2c:ed:f9:ab:df:
                    68:0c:4d:39:c6:db:83:1c:87:d4:2c:6b:6c:03:26:
                    e1:6a:69:88:44:df:8e:11:55:cf:24:01:2d:28:78:
                    aa:3b:90:d2:05:99:9d:43:13:65:a7:87:68:10:64:
                    ac:ca:0f:2e:8b:40:68:77:87:27:d1:b4:9b:d7:fc:
                    06:ca:35:18:f5:d3:4d:a3:9c:48:0d:63:e0:67:4e:
                    be:3a:04:3b:60:6a:aa:b3:5f:b6:d7:8e:7d:3f:ec:
                    f6:3c:34:6c:cd:06:19:14:91:dc:d6:69:bb:af:a9:
                    fb:a4:66:3f:2d:f0:f1:35:70:36:83:83:b4:5f:73:
                    e1:a8:a7:d1:57:9a:07:63:d7:4e:94:f9:66:e0:36:
                    04:a7:90:05:60:64:3d:01:ce:fe:a2:fb:f0:6c:cb:
                    9c:b4:81:60:3b:aa:97:74:96:6d:86:9b:89:be:e9:
                    9d:f7:c0:c9:0b:44:57:1c:94:6e:a6:eb:fe:a7:d7:
                    55:59:1b:90:73:31:6b:34:28:a2:64:23:dc:08:d5:
                    bd:ae:23:97:d4:cf:b3:b8:ee:45:b7:19:6e:85:26:
                    a5:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:98:E4:EC:0F:F6:B8:CD:1A:CC:ED:B8:5D:42:85:46:54:3C:7B:3D
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/y5jk7A_2uM0azO24XUKFRlQ8ez0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:22:e4:83:ae:be:d3:d3:d5:cb:01:83:83:43:8b:24:e6:01:
         5b:54:3d:72:6a:42:50:9a:cf:e0:b6:01:8f:b6:30:d3:a7:44:
         52:24:70:ff:a4:86:d4:c6:23:1e:47:a2:c2:0f:9c:c9:08:c5:
         b0:eb:5d:23:ff:64:aa:a5:9c:20:b1:13:9d:9a:e4:0c:5b:28:
         04:c6:d6:fc:f0:35:b6:c2:7d:ac:dc:ae:67:b0:34:65:82:ba:
         2e:3c:72:5d:f0:ea:92:3b:42:26:3c:82:1c:0e:12:a4:bf:bc:
         5d:04:51:98:ea:66:3c:15:d6:3f:5b:eb:65:2f:9d:aa:fc:06:
         17:f2:e4:34:97:63:2e:65:79:ad:45:0a:f1:49:c1:95:ec:2b:
         95:52:90:88:11:39:ba:36:f6:0e:8c:7b:26:b9:6d:e9:d9:ee:
         d0:e8:ba:99:df:41:fd:6a:00:87:a9:58:6d:ef:25:62:ab:a2:
         4c:01:73:9c:9a:ed:00:14:e4:cc:31:60:9b:9e:bf:c7:c8:6e:
         ec:8b:f8:25:db:1d:74:ed:50:91:f1:83:9a:70:fe:c2:45:a4:
         2d:aa:a5:ff:60:06:20:d8:9e:bf:6f:16:18:59:a3:bd:dd:1c:
         d4:7f:38:3d:c8:c1:7f:10:d4:20:50:32:79:52:b3:32:78:0c:
         60:48:c1:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd3z4RHSOJO9D0nfoqRqUsVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwNjE2MDgxNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjk4ZTRlYzBmZjZiOGNkMWFjY2VkYjg1ZDQyODU0NjU0M2M3YjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3omz3XpQmx/unaOcu4OfX60u7OZ
+db3Gwlykbk6pVb2KjCWW5AQLO35q99oDE05xtuDHIfULGtsAybhammIRN+OEVXP
JAEtKHiqO5DSBZmdQxNlp4doEGSsyg8ui0Bod4cn0bSb1/wGyjUY9dNNo5xIDWPg
Z06+OgQ7YGqqs1+21459P+z2PDRszQYZFJHc1mm7r6n7pGY/LfDxNXA2g4O0X3Ph
qKfRV5oHY9dOlPlm4DYEp5AFYGQ9Ac7+ovvwbMuctIFgO6qXdJZthpuJvumd98DJ
C0RXHJRupuv+p9dVWRuQczFrNCiiZCPcCNW9riOX1M+zuO5FtxluhSalOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMuY5OwP9rjNGsztuF1ChUZUPHs9MB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEveTVqazdBXzJ1TTBhek8yNFhVS0ZSbFE4ZXowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj1IMA0G
CSqGSIb3DQEBCwUAA4IBAQArIuSDrr7T09XLAYODQ4sk5gFbVD1yakJQms/gtgGP
tjDTp0RSJHD/pIbUxiMeR6LCD5zJCMWw610j/2SqpZwgsROdmuQMWygExtb88DW2
wn2s3K5nsDRlgrouPHJd8OqSO0ImPIIcDhKkv7xdBFGY6mY8FdY/W+tlL52q/AYX
8uQ0l2MuZXmtRQrxScGV7CuVUpCIETm6NvYOjHsmuW3p2e7Q6LqZ30H9agCHqVht
7yViq6JMAXOcmu0AFOTMMWCbnr/HyG7si/gl2x107VCR8YOacP7CRaQtqqX/YAYg
2J6/bxYYWaO93RzUfzg9yMF/ENQgUDJ5UrMyeAxgSMGr
-----END CERTIFICATE-----