Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/xls96UEa5x8QQ0zNf0sviPf9i3k.roa
File:                     xls96UEa5x8QQ0zNf0sviPf9i3k.roa (raw, json)
Hash identifier:          m0eq2urB49dl+6zHn37E7MnUA3Q0Qt3aw5b2d8bC9Dc=
Subject key identifier:   C6:5B:3D:E9:41:1A:E7:1F:10:43:4C:CD:7F:4B:2F:88:F7:FD:8B:79
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       0196D62FF95D5B556F40C11E6E2CDE65E769
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/xls96UEa5x8QQ0zNf0sviPf9i3k.roa
Signing time:             Thu 15 May 2025 23:03:10 +0000
ROA not before:           Thu 15 May 2025 23:03:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213020
IP address blocks:        185.221.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d6:2f:f9:5d:5b:55:6f:40:c1:1e:6e:2c:de:65:e7:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: May 15 23:03:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c65b3de9411ae71f10434ccd7f4b2f88f7fd8b79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:4b:21:22:2f:c4:d8:45:8e:00:5a:2c:0e:44:
                    61:26:f2:c6:e8:b8:7a:2f:e0:28:1c:a8:24:35:71:
                    f8:19:0a:20:4c:73:3d:a4:e5:fc:a1:e2:c5:57:66:
                    a6:2c:03:b8:9d:e4:8c:7f:1e:a8:79:ad:37:3b:ce:
                    65:53:9f:c7:b2:87:02:00:44:6c:72:fe:1d:1e:30:
                    af:f1:ad:aa:78:18:cf:b9:02:68:c0:ef:47:5a:70:
                    ee:32:59:e7:aa:42:3a:9b:27:73:a7:b4:0f:c0:ba:
                    99:b3:16:99:02:ef:10:fa:89:45:a4:9c:d4:7b:79:
                    d7:41:3c:ac:ed:63:53:1b:43:c6:df:95:8a:5e:5f:
                    ce:04:18:2b:fb:80:4e:c1:cf:ba:7a:7c:89:3c:63:
                    72:cb:e6:74:52:fd:ed:c7:00:0d:fd:21:d0:d6:57:
                    a7:ea:61:9e:37:13:de:37:11:85:38:a6:b3:cb:d7:
                    5f:82:3e:7a:60:f7:ae:a7:4d:11:cc:fe:9f:21:eb:
                    e0:63:14:b5:c4:19:18:2b:79:13:a9:ff:f1:30:20:
                    00:6d:39:ad:3f:7b:bb:14:be:fb:34:23:0e:eb:86:
                    0f:51:b5:ae:31:e4:e9:45:ea:c8:46:4c:7c:d5:a6:
                    c8:d3:d2:ff:0c:21:d0:e1:b6:84:0c:af:4c:87:87:
                    45:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:5B:3D:E9:41:1A:E7:1F:10:43:4C:CD:7F:4B:2F:88:F7:FD:8B:79
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/xls96UEa5x8QQ0zNf0sviPf9i3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:87:12:db:5d:34:28:61:20:4f:91:db:c2:10:a8:51:51:5d:
         77:e8:68:bd:26:56:e9:7a:2b:97:c4:b0:a9:78:36:0c:2d:b8:
         66:f8:db:17:72:88:28:89:b6:6b:29:6b:13:71:b0:13:f3:b2:
         0e:3e:4b:c6:f4:df:2e:f7:54:87:8c:f9:48:6d:35:db:e6:78:
         b5:6d:8b:4f:7a:63:1f:27:f6:e4:05:bb:b3:5d:1b:0b:59:f3:
         88:7f:ed:c5:51:e2:23:d6:81:4a:b5:ff:cb:24:2e:9d:a4:43:
         38:7d:39:dd:6d:0f:c3:dd:15:4b:49:f8:6e:59:dc:2e:8f:d2:
         79:9d:c3:52:ba:b5:55:27:dc:77:cc:f7:1b:8a:43:6d:aa:83:
         e8:21:31:bc:56:64:56:28:6a:8d:94:b2:a7:10:eb:33:a0:0c:
         29:3c:35:76:5c:77:74:5e:97:cc:c3:f0:8d:00:f1:65:76:0f:
         06:19:ab:19:b4:ac:d0:93:ce:71:74:70:6c:b5:d4:cc:8f:df:
         b4:49:d0:d2:58:c2:1b:00:ad:cd:b0:68:9e:e5:8c:54:57:37:
         6b:d7:ef:f0:55:71:90:78:4c:3f:4f:f5:6d:d2:7e:0d:5a:6f:
         db:04:e3:50:dc:24:59:5f:f9:d9:8e:6f:06:ed:39:e9:29:12:
         f2:06:78:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbWL/ldW1VvQMEebizeZedpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjUwNTE1MjMwMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjViM2RlOTQxMWFlNzFmMTA0MzRjY2Q3ZjRiMmY4OGY3ZmQ4Yjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUshIi/E2EWOAFosDkRhJvLG6Lh6
L+AoHKgkNXH4GQogTHM9pOX8oeLFV2amLAO4neSMfx6oea03O85lU5/HsocCAERs
cv4dHjCv8a2qeBjPuQJowO9HWnDuMlnnqkI6mydzp7QPwLqZsxaZAu8Q+olFpJzU
e3nXQTys7WNTG0PG35WKXl/OBBgr+4BOwc+6enyJPGNyy+Z0Uv3txwAN/SHQ1len
6mGeNxPeNxGFOKazy9dfgj56YPeup00RzP6fIevgYxS1xBkYK3kTqf/xMCAAbTmt
P3u7FL77NCMO64YPUbWuMeTpRerIRkx81abI09L/DCHQ4baEDK9Mh4dFRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZbPelBGucfEENMzX9LL4j3/Yt5MB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEveGxzOTZVRWE1eDhRUTB6TmYwc3ZpUGY5aTNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud0bMA0G
CSqGSIb3DQEBCwUAA4IBAQAfhxLbXTQoYSBPkdvCEKhRUV136Gi9JlbpeiuXxLCp
eDYMLbhm+NsXcogoibZrKWsTcbAT87IOPkvG9N8u91SHjPlIbTXb5ni1bYtPemMf
J/bkBbuzXRsLWfOIf+3FUeIj1oFKtf/LJC6dpEM4fTndbQ/D3RVLSfhuWdwuj9J5
ncNSurVVJ9x3zPcbikNtqoPoITG8VmRWKGqNlLKnEOszoAwpPDV2XHd0XpfMw/CN
APFldg8GGasZtKzQk85xdHBstdTMj9+0SdDSWMIbAK3NsGie5YxUVzdr1+/wVXGQ
eEw/T/Vt0n4NWm/bBONQ3CRZX/nZjm8G7TnpKRLyBnjs
-----END CERTIFICATE-----