Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/1yKKrsNupGDzzD03jZOpe8iPhUA.roa
File:                     1yKKrsNupGDzzD03jZOpe8iPhUA.roa (raw, json)
Hash identifier:          HrCCQdsLhhK0Dd1/JhgsMNYCYEDcKrntK3e2NJtO0xE=
Subject key identifier:   D7:22:8A:AE:C3:6E:A4:60:F3:CC:3D:37:8D:93:A9:7B:C8:8F:85:40
Certificate issuer:       /CN=bfb097a36c2325d1031ff4091ba00a86459d4288
Certificate serial:       019536B1E4E5B5B982D3045AA13292D38248
Authority key identifier: BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/1yKKrsNupGDzzD03jZOpe8iPhUA.roa
Signing time:             Mon 24 Feb 2025 06:43:02 +0000
ROA not before:           Mon 24 Feb 2025 06:43:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203583
IP address blocks:        213.253.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:36:b1:e4:e5:b5:b9:82:d3:04:5a:a1:32:92:d3:82:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb097a36c2325d1031ff4091ba00a86459d4288
        Validity
            Not Before: Feb 24 06:43:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7228aaec36ea460f3cc3d378d93a97bc88f8540
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b7:7b:7e:2c:64:e9:3f:da:84:d4:64:04:f8:
                    04:95:b1:d8:25:a9:eb:76:6e:2a:6f:2a:6e:f1:6c:
                    59:a9:55:e8:2b:fe:69:94:2f:27:f9:5e:e9:98:1e:
                    fe:c9:c1:a6:05:a3:bc:e6:ad:32:cf:28:bd:30:54:
                    a9:3e:bb:64:1c:79:f0:d3:d9:9c:92:60:b3:09:83:
                    41:7c:5e:5f:31:db:92:6b:8d:3a:34:bb:c5:b4:86:
                    73:86:7b:97:78:f6:a8:35:ea:43:93:86:66:b0:75:
                    f5:29:c9:54:0f:73:3b:6c:b0:86:95:b1:b1:3a:c2:
                    d7:61:c6:e7:fe:26:9b:f5:c2:3c:25:f8:7f:00:26:
                    0d:6e:0b:31:bf:de:3c:5b:ab:14:3b:18:34:31:b7:
                    3e:31:bc:7b:5a:4f:06:f7:cf:e8:8a:12:cb:ff:0e:
                    91:90:a3:8a:c8:43:07:99:1c:97:80:5a:29:c2:49:
                    9c:d6:cf:a7:b9:72:28:18:52:2b:e4:61:aa:bc:50:
                    f6:34:dd:8a:75:d5:f1:59:07:d5:11:80:36:c3:4a:
                    d6:df:c0:b2:32:58:34:72:a9:da:2a:28:bd:a9:f2:
                    48:32:aa:01:4e:46:64:ff:00:c6:b2:1c:f4:52:93:
                    af:dc:72:00:d1:e4:37:bb:ff:ee:59:ff:03:7d:ee:
                    01:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:22:8A:AE:C3:6E:A4:60:F3:CC:3D:37:8D:93:A9:7B:C8:8F:85:40
            X509v3 Authority Key Identifier:
                keyid:BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/1yKKrsNupGDzzD03jZOpe8iPhUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.253.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:45:da:18:7b:18:92:c6:2d:19:8d:f3:03:f5:23:ad:55:dd:
         2f:76:c1:67:c2:3b:e3:97:5f:17:a4:4b:14:6a:44:59:e0:bb:
         2c:ca:31:d9:ac:7c:51:db:92:90:7e:b0:87:c1:bf:a0:71:e2:
         55:57:21:d6:75:69:c3:e7:54:5e:45:78:4e:4d:61:dd:41:99:
         ba:34:08:b7:89:72:b7:fe:2d:d7:4f:c9:92:3b:3e:a4:2b:41:
         c6:b1:de:61:40:fb:28:18:13:7e:d4:c2:54:fc:a3:36:68:dc:
         25:21:91:3d:35:df:93:d7:9e:94:43:4e:19:b0:da:bd:d9:23:
         a7:6a:c1:c5:b7:e8:d9:36:58:67:00:1f:2d:d8:5b:b6:2a:2c:
         e3:b9:a0:67:31:5e:f4:35:7f:f6:e5:e6:5c:10:66:96:1f:6a:
         02:f2:7a:94:eb:96:7e:e1:a7:9e:e3:c1:3a:78:d1:bf:b2:61:
         af:47:ea:2e:77:90:d8:f4:cf:b9:c9:f2:1f:a4:31:9c:c9:c9:
         c9:49:16:70:50:a1:a7:aa:e8:89:ca:11:8b:af:a7:4d:3b:b4:
         26:a9:9e:23:c5:cd:05:ca:58:a8:f0:01:6f:7a:e3:05:51:a8:
         16:29:5c:2f:7d:45:fd:1f:a7:73:ad:79:c4:f0:e3:ff:4d:ec:
         a9:bc:96:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZU2seTltbmC0wRaoTKS04JIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjA5N2EzNmMyMzI1ZDEwMzFmZjQwOTFiYTAwYTg2NDU5
ZDQyODgwHhcNMjUwMjI0MDY0MzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzIyOGFhZWMzNmVhNDYwZjNjYzNkMzc4ZDkzYTk3YmM4OGY4NTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLd7fixk6T/ahNRkBPgElbHYJanr
dm4qbypu8WxZqVXoK/5plC8n+V7pmB7+ycGmBaO85q0yzyi9MFSpPrtkHHnw09mc
kmCzCYNBfF5fMduSa406NLvFtIZzhnuXePaoNepDk4ZmsHX1KclUD3M7bLCGlbGx
OsLXYcbn/iab9cI8Jfh/ACYNbgsxv948W6sUOxg0Mbc+Mbx7Wk8G98/oihLL/w6R
kKOKyEMHmRyXgFopwkmc1s+nuXIoGFIr5GGqvFD2NN2KddXxWQfVEYA2w0rW38Cy
Mlg0cqnaKii9qfJIMqoBTkZk/wDGshz0UpOv3HIA0eQ3u//uWf8Dfe4BywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNciiq7DbqRg88w9N42TqXvIj4VAMB8GA1UdIwQY
MBaAFL+wl6NsIyXRAx/0CRugCoZFnUKIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2It
ZWNjNDliZGMyYWQ4LzEvMXlLS3JzTnVwR0R6ekQwM2paT3BlOGlQaFVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2ItZWNjNDliZGMyYWQ4
LzEvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1f3XMA0G
CSqGSIb3DQEBCwUAA4IBAQAhRdoYexiSxi0ZjfMD9SOtVd0vdsFnwjvjl18XpEsU
akRZ4LssyjHZrHxR25KQfrCHwb+gceJVVyHWdWnD51ReRXhOTWHdQZm6NAi3iXK3
/i3XT8mSOz6kK0HGsd5hQPsoGBN+1MJU/KM2aNwlIZE9Nd+T156UQ04ZsNq92SOn
asHFt+jZNlhnAB8t2Fu2KizjuaBnMV70NX/25eZcEGaWH2oC8nqU65Z+4aee48E6
eNG/smGvR+oud5DY9M+5yfIfpDGcycnJSRZwUKGnquiJyhGLr6dNO7QmqZ4jxc0F
ylio8AFveuMFUagWKVwvfUX9H6dzrXnE8OP/TeypvJb2
-----END CERTIFICATE-----