Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/5Y2NPf-2wwHQNFwN222T-_ksWjs.roa
File:                     5Y2NPf-2wwHQNFwN222T-_ksWjs.roa (raw, json)
Hash identifier:          7vHIYZQTiGeFh0mU2zpcuuX7KVBld5DcIlwlMA6in8o=
Subject key identifier:   E5:8D:8D:3D:FF:B6:C3:01:D0:34:5C:0D:DB:6D:93:FB:F9:2C:5A:3B
Certificate issuer:       /CN=6b7d1f1e877c12798274e01334554f899f38eac1
Certificate serial:       019819138396A51007EEB67125AC352C11C5
Authority key identifier: 6B:7D:1F:1E:87:7C:12:79:82:74:E0:13:34:55:4F:89:9F:38:EA:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a30fHod8EnmCdOATNFVPiZ846sE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/5Y2NPf-2wwHQNFwN222T-_ksWjs.roa
Signing time:             Thu 17 Jul 2025 15:49:25 +0000
ROA not before:           Thu 17 Jul 2025 15:49:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        185.21.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/a30fHod8EnmCdOATNFVPiZ846sE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/a30fHod8EnmCdOATNFVPiZ846sE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a30fHod8EnmCdOATNFVPiZ846sE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 17:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:19:13:83:96:a5:10:07:ee:b6:71:25:ac:35:2c:11:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b7d1f1e877c12798274e01334554f899f38eac1
        Validity
            Not Before: Jul 17 15:49:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e58d8d3dffb6c301d0345c0ddb6d93fbf92c5a3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:69:c4:ac:0e:62:d0:63:5d:23:33:9e:80:20:
                    b3:a7:f5:25:93:90:3a:3a:96:57:a9:c8:ae:db:fa:
                    c9:fb:03:0e:95:f6:88:67:f1:c4:d6:a3:ee:27:0e:
                    13:af:c6:80:2d:d0:8f:75:ed:10:35:c4:c4:28:13:
                    06:be:03:93:13:59:0b:21:74:3b:5b:ac:3a:0f:3d:
                    c7:92:7c:68:d0:a0:ed:aa:54:6c:db:d1:2a:de:84:
                    b2:8f:1d:8d:1f:58:f7:55:ad:d5:71:c1:d1:50:e1:
                    f0:39:b3:5f:40:ae:25:de:f4:c9:2b:03:d7:60:a1:
                    60:01:e4:ad:5e:87:e4:75:ba:49:cd:29:f0:b5:20:
                    2b:5e:dd:34:49:bf:7b:ce:2c:21:f9:de:29:3e:02:
                    ad:c3:ca:1c:f7:61:c0:23:a9:9e:6a:a6:0c:25:cf:
                    f8:ec:63:31:6e:8a:59:d4:a2:d9:f9:2d:a3:2b:01:
                    3b:a0:85:c8:94:40:fa:b8:77:2d:61:a8:e6:3f:9f:
                    7c:c8:9e:8d:63:b1:43:53:f4:6e:0b:4e:00:bd:db:
                    9e:5b:2a:9c:ea:86:f3:e1:b3:04:62:26:3c:1a:82:
                    42:a6:79:6c:a4:66:ac:75:e8:e3:8f:f0:4e:41:f2:
                    ea:b8:4c:df:df:4e:18:db:a1:7b:f5:ea:04:46:dc:
                    63:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:8D:8D:3D:FF:B6:C3:01:D0:34:5C:0D:DB:6D:93:FB:F9:2C:5A:3B
            X509v3 Authority Key Identifier:
                keyid:6B:7D:1F:1E:87:7C:12:79:82:74:E0:13:34:55:4F:89:9F:38:EA:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a30fHod8EnmCdOATNFVPiZ846sE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/5Y2NPf-2wwHQNFwN222T-_ksWjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/a13c40-dc67-423c-979e-2fad9a2fc3ef/1/a30fHod8EnmCdOATNFVPiZ846sE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:2e:f0:76:c6:e8:1d:6e:ae:28:17:a2:a1:3e:51:f8:45:59:
         6e:79:b9:17:d4:04:c3:fc:a9:04:e0:ef:5e:77:34:cd:d8:11:
         61:6f:a9:ac:4b:28:0f:9c:26:cd:f0:95:0f:9f:80:6d:a3:0d:
         e5:74:43:af:0b:04:da:44:41:71:a5:bf:7f:cc:9f:54:00:9e:
         ff:c5:6d:e3:48:6d:d3:f5:4a:1c:58:91:29:7b:61:2f:a6:3a:
         ac:55:cd:a0:30:8e:41:9f:cf:62:ce:eb:a4:00:d8:39:82:c6:
         2d:e6:b2:b6:4b:36:59:f0:8a:75:dc:ad:e1:d3:2f:b5:57:20:
         75:ef:b6:96:f4:2e:c6:5a:92:d2:d2:36:05:41:35:f0:a8:51:
         fe:bc:12:5a:c1:be:b3:46:61:32:f7:5e:dc:fe:6f:0b:d9:db:
         84:5d:93:c5:96:1e:f0:f5:57:00:44:df:de:71:a8:99:b9:0d:
         92:6c:c8:99:d3:f9:0b:ec:32:48:55:93:47:f5:11:b3:ca:14:
         dc:47:ab:23:aa:70:01:4a:b0:33:56:49:16:0e:ea:6f:7d:34:
         67:e6:bf:59:0f:4a:7d:d5:b9:d9:d4:40:e3:59:51:f2:22:ed:
         70:17:86:b7:cb:9c:e9:ce:7d:c4:92:19:b3:2b:bd:b6:8e:83:
         16:e2:bb:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgZE4OWpRAH7rZxJaw1LBHFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiN2QxZjFlODc3YzEyNzk4Mjc0ZTAxMzM0NTU0Zjg5OWYz
OGVhYzEwHhcNMjUwNzE3MTU0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNThkOGQzZGZmYjZjMzAxZDAzNDVjMGRkYjZkOTNmYmY5MmM1YTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWnErA5i0GNdIzOegCCzp/Ulk5A6
OpZXqciu2/rJ+wMOlfaIZ/HE1qPuJw4Tr8aALdCPde0QNcTEKBMGvgOTE1kLIXQ7
W6w6Dz3Hknxo0KDtqlRs29Eq3oSyjx2NH1j3Va3VccHRUOHwObNfQK4l3vTJKwPX
YKFgAeStXofkdbpJzSnwtSArXt00Sb97ziwh+d4pPgKtw8oc92HAI6meaqYMJc/4
7GMxbopZ1KLZ+S2jKwE7oIXIlED6uHctYajmP598yJ6NY7FDU/RuC04AvdueWyqc
6obz4bMEYiY8GoJCpnlspGasdejjj/BOQfLquEzf304Y26F79eoERtxjiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOWNjT3/tsMB0DRcDdttk/v5LFo7MB8GA1UdIwQY
MBaAFGt9Hx6HfBJ5gnTgEzRVT4mfOOrBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTMwZkhvZDhFbm1DZE9BVE5GVlBpWjg0NnNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9hMTNjNDAtZGM2Ny00MjNjLTk3OWUt
MmZhZDlhMmZjM2VmLzEvNVkyTlBmLTJ3d0hRTkZ3TjIyMlQtX2tzV2pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9hMTNjNDAtZGM2Ny00MjNjLTk3OWUtMmZhZDlhMmZjM2Vm
LzEvYTMwZkhvZDhFbm1DZE9BVE5GVlBpWjg0NnNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRWAMA0G
CSqGSIb3DQEBCwUAA4IBAQB8LvB2xugdbq4oF6KhPlH4RVluebkX1ATD/KkE4O9e
dzTN2BFhb6msSygPnCbN8JUPn4Btow3ldEOvCwTaREFxpb9/zJ9UAJ7/xW3jSG3T
9UocWJEpe2EvpjqsVc2gMI5Bn89izuukANg5gsYt5rK2SzZZ8Ip13K3h0y+1VyB1
77aW9C7GWpLS0jYFQTXwqFH+vBJawb6zRmEy917c/m8L2duEXZPFlh7w9VcARN/e
caiZuQ2SbMiZ0/kL7DJIVZNH9RGzyhTcR6sjqnABSrAzVkkWDupvfTRn5r9ZD0p9
1bnZ1EDjWVHyIu1wF4a3y5zpzn3EkhmzK722joMW4ruu
-----END CERTIFICATE-----