Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e52b07-f2a4-47c1-9460-1e4e0400844b/1/cFyLz0464YCDv1_wlpt751wWjv0.roa
File:                     cFyLz0464YCDv1_wlpt751wWjv0.roa (raw, json)
Hash identifier:          6oL3kHvs8+fXiSDYlf2hI6gNwQZ8WHh03nzI53rd4Nw=
Subject key identifier:   70:5C:8B:CF:4E:3A:E1:80:83:BF:5F:F0:96:9B:7B:E7:5C:16:8E:FD
Certificate issuer:       /CN=21351865b767dd7b9c22314bfc8055bd57db0065
Certificate serial:       0196391D19421CE78362BD380A04D88576A1
Authority key identifier: 21:35:18:65:B7:67:DD:7B:9C:22:31:4B:FC:80:55:BD:57:DB:00:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITUYZbdn3XucIjFL_IBVvVfbAGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e52b07-f2a4-47c1-9460-1e4e0400844b/1/cFyLz0464YCDv1_wlpt751wWjv0.roa
Signing time:             Tue 15 Apr 2025 11:02:10 +0000
ROA not before:           Tue 15 Apr 2025 11:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197328
IP address blocks:        185.220.58.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e52b07-f2a4-47c1-9460-1e4e0400844b/1/ITUYZbdn3XucIjFL_IBVvVfbAGU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e52b07-f2a4-47c1-9460-1e4e0400844b/1/ITUYZbdn3XucIjFL_IBVvVfbAGU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITUYZbdn3XucIjFL_IBVvVfbAGU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:39:1d:19:42:1c:e7:83:62:bd:38:0a:04:d8:85:76:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21351865b767dd7b9c22314bfc8055bd57db0065
        Validity
            Not Before: Apr 15 11:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=705c8bcf4e3ae18083bf5ff0969b7be75c168efd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d5:e5:b5:a0:d5:5c:21:3f:a6:f2:8b:a7:86:
                    a3:e2:d4:a6:ce:fc:e6:db:be:5a:fb:f1:aa:7b:8d:
                    a9:8c:d6:c7:74:1b:1f:41:62:05:ea:df:b9:e4:e3:
                    b7:fc:71:91:71:11:11:f3:78:ac:c9:78:20:3a:1b:
                    ef:27:c6:39:f9:57:80:a4:3b:d4:93:63:0d:ae:f5:
                    94:6e:9a:32:78:51:74:45:aa:f6:f1:66:58:5d:0c:
                    86:2b:e7:77:45:12:05:a6:51:f2:ff:3b:a8:5c:c9:
                    a8:1b:b8:18:c9:be:c3:2f:67:28:7b:3e:f1:8d:84:
                    3a:be:67:90:df:4b:bf:2f:41:e3:df:9d:3b:01:83:
                    2d:c1:55:46:20:2f:0f:43:92:ab:4d:0a:e7:cb:a9:
                    0a:51:0b:a2:63:fa:eb:3f:73:db:21:ac:22:71:b1:
                    43:fb:ac:86:fa:f4:e0:69:9b:03:23:d1:dd:0d:52:
                    3d:a9:e2:9a:58:46:14:b4:44:f7:09:4f:10:3b:67:
                    65:fd:ec:e3:40:ed:8c:33:ed:dc:e6:f8:80:51:e4:
                    73:a7:99:09:3a:55:48:a1:4c:20:d1:b7:c7:81:4b:
                    7a:bb:ca:32:de:ed:3f:8e:e7:ba:dd:56:a2:89:0e:
                    e2:45:fe:d9:f2:38:79:e7:f6:dd:d0:32:39:99:d4:
                    6b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:5C:8B:CF:4E:3A:E1:80:83:BF:5F:F0:96:9B:7B:E7:5C:16:8E:FD
            X509v3 Authority Key Identifier:
                keyid:21:35:18:65:B7:67:DD:7B:9C:22:31:4B:FC:80:55:BD:57:DB:00:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITUYZbdn3XucIjFL_IBVvVfbAGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e52b07-f2a4-47c1-9460-1e4e0400844b/1/cFyLz0464YCDv1_wlpt751wWjv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e52b07-f2a4-47c1-9460-1e4e0400844b/1/ITUYZbdn3XucIjFL_IBVvVfbAGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:ae:b2:f4:ed:b2:1b:ea:0a:18:30:b6:e7:dd:0c:7b:7b:4c:
         65:95:ca:d7:46:c6:aa:2d:ea:b4:5e:44:97:a9:d0:a8:b1:92:
         51:15:50:6b:1c:39:53:9b:83:51:8a:0d:4e:ee:94:b0:18:2b:
         ec:b9:16:76:69:bd:80:0d:b0:03:fd:fd:48:d7:e8:74:73:a2:
         91:5d:cc:87:c5:f2:69:54:ba:10:2a:3b:db:a6:54:30:b2:57:
         fd:6d:db:b9:b8:69:13:be:ad:46:2f:fe:75:54:d1:84:ee:8c:
         81:64:bb:0b:8e:46:34:49:47:91:7e:c1:07:b8:7d:74:a1:1e:
         f7:09:1f:40:1b:9c:d9:81:ff:4a:ad:46:5a:49:d3:85:3a:59:
         c1:56:a4:c0:81:8c:92:cd:be:71:72:97:ae:d7:e0:03:0f:74:
         93:72:1c:df:3d:70:9f:fd:7e:f2:a3:fe:9f:c3:e7:ca:83:56:
         88:4b:4f:39:2e:58:e5:e3:7a:f4:8e:9f:20:da:fc:c5:0c:3f:
         54:8b:bc:3b:22:7a:aa:6b:d8:4e:23:c4:9e:b2:a4:f9:09:f6:
         df:4e:a7:0d:3b:f3:a7:d9:4d:bd:1b:ac:dc:8f:e3:4d:0b:3d:
         39:93:ec:91:aa:99:34:0f:65:8c:9d:1e:44:36:6c:e7:7a:27:
         d2:03:dc:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY5HRlCHOeDYr04CgTYhXahMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzUxODY1Yjc2N2RkN2I5YzIyMzE0YmZjODA1NWJkNTdk
YjAwNjUwHhcNMjUwNDE1MTEwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDVjOGJjZjRlM2FlMTgwODNiZjVmZjA5NjliN2JlNzVjMTY4ZWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9XltaDVXCE/pvKLp4aj4tSmzvzm
275a+/Gqe42pjNbHdBsfQWIF6t+55OO3/HGRcRER83isyXggOhvvJ8Y5+VeApDvU
k2MNrvWUbpoyeFF0Rar28WZYXQyGK+d3RRIFplHy/zuoXMmoG7gYyb7DL2coez7x
jYQ6vmeQ30u/L0Hj3507AYMtwVVGIC8PQ5KrTQrny6kKUQuiY/rrP3PbIawicbFD
+6yG+vTgaZsDI9HdDVI9qeKaWEYUtET3CU8QO2dl/ezjQO2MM+3c5viAUeRzp5kJ
OlVIoUwg0bfHgUt6u8oy3u0/jue63VaiiQ7iRf7Z8jh55/bd0DI5mdRroQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHBci89OOuGAg79f8Jabe+dcFo79MB8GA1UdIwQY
MBaAFCE1GGW3Z917nCIxS/yAVb1X2wBlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRVWVpiZG4zWHVjSWpGTF9JQlZ2VmZiQUdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lNTJiMDctZjJhNC00N2MxLTk0NjAt
MWU0ZTA0MDA4NDRiLzEvY0Z5THowNDY0WUNEdjFfd2xwdDc1MXdXanYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lNTJiMDctZjJhNC00N2MxLTk0NjAtMWU0ZTA0MDA4NDRi
LzEvSVRVWVpiZG4zWHVjSWpGTF9JQlZ2VmZiQUdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudw6MA0G
CSqGSIb3DQEBCwUAA4IBAQBMrrL07bIb6goYMLbn3Qx7e0xllcrXRsaqLeq0XkSX
qdCosZJRFVBrHDlTm4NRig1O7pSwGCvsuRZ2ab2ADbAD/f1I1+h0c6KRXcyHxfJp
VLoQKjvbplQwslf9bdu5uGkTvq1GL/51VNGE7oyBZLsLjkY0SUeRfsEHuH10oR73
CR9AG5zZgf9KrUZaSdOFOlnBVqTAgYySzb5xcpeu1+ADD3STchzfPXCf/X7yo/6f
w+fKg1aIS085Lljl43r0jp8g2vzFDD9Ui7w7Inqqa9hOI8SesqT5CfbfTqcNO/On
2U29G6zcj+NNCz05k+yRqpk0D2WMnR5ENmzneifSA9yY
-----END CERTIFICATE-----