Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/ee5cd7-b30e-466b-aaad-6c3b87443e06/1/RKT_evyL3NUG3_cWZQQfxnmmdao.roa
File:                     RKT_evyL3NUG3_cWZQQfxnmmdao.roa (raw, json)
Hash identifier:          VGkvt16btIeqbgaf/Hbqyj4Pp4ltwgVCqh4eRSNtObc=
Subject key identifier:   44:A4:FF:7A:FC:8B:DC:D5:06:DF:F7:16:65:04:1F:C6:79:A6:75:AA
Certificate issuer:       /CN=79d565f99ff5e0ffb5bdf9995ed7a808d41406e5
Certificate serial:       01970B7744DC8C55248D5338D06682E24B3A
Authority key identifier: 79:D5:65:F9:9F:F5:E0:FF:B5:BD:F9:99:5E:D7:A8:08:D4:14:06:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/edVl-Z_14P-1vfmZXteoCNQUBuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/ee5cd7-b30e-466b-aaad-6c3b87443e06/1/RKT_evyL3NUG3_cWZQQfxnmmdao.roa
Signing time:             Mon 26 May 2025 07:20:55 +0000
ROA not before:           Mon 26 May 2025 07:20:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202468
IP address blocks:        130.185.120.0/23 maxlen: 23
                          185.204.168.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/ee5cd7-b30e-466b-aaad-6c3b87443e06/1/edVl-Z_14P-1vfmZXteoCNQUBuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/ee5cd7-b30e-466b-aaad-6c3b87443e06/1/edVl-Z_14P-1vfmZXteoCNQUBuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/edVl-Z_14P-1vfmZXteoCNQUBuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0b:77:44:dc:8c:55:24:8d:53:38:d0:66:82:e2:4b:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79d565f99ff5e0ffb5bdf9995ed7a808d41406e5
        Validity
            Not Before: May 26 07:20:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44a4ff7afc8bdcd506dff71665041fc679a675aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:d7:82:81:a7:f2:59:81:96:7f:0e:c2:60:db:
                    5c:81:9e:fa:79:ec:65:a5:37:35:98:6e:0a:1d:46:
                    e0:fd:70:3a:48:bf:80:33:64:d5:15:d4:bc:b8:05:
                    7b:97:60:6f:c0:21:c0:73:54:19:3d:19:28:a7:80:
                    ac:79:21:10:72:fe:6b:86:9b:5b:28:24:cd:3b:b5:
                    90:30:d2:9d:2a:a4:76:d8:f2:da:e5:ee:ce:63:29:
                    c6:52:b5:5b:ef:e4:36:ce:0a:e1:3c:be:16:42:c1:
                    53:41:54:13:3b:3e:f8:86:48:0b:7c:b3:84:48:09:
                    89:37:e7:e1:3a:76:c9:3a:e1:66:f2:6b:34:d3:7f:
                    5d:e6:1f:1e:f5:a2:c4:71:e6:a3:7b:13:c8:b9:26:
                    23:ee:8d:c5:11:c5:ad:de:4a:55:0d:d7:41:db:28:
                    0f:c3:83:bf:2d:2d:d6:57:d4:d9:e4:e3:6d:a3:1b:
                    6f:90:72:7e:34:d5:0a:14:6f:62:68:0b:dd:d7:68:
                    78:df:85:30:3a:b1:6d:27:5b:45:43:32:da:9b:47:
                    47:c3:90:41:85:87:47:6b:8e:37:1f:c2:ee:00:89:
                    67:4a:59:d3:78:c4:d6:2a:2a:e2:9d:50:d0:d2:a5:
                    6e:b9:54:1b:8b:12:53:77:67:2a:10:da:3a:e3:e4:
                    4b:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:A4:FF:7A:FC:8B:DC:D5:06:DF:F7:16:65:04:1F:C6:79:A6:75:AA
            X509v3 Authority Key Identifier:
                keyid:79:D5:65:F9:9F:F5:E0:FF:B5:BD:F9:99:5E:D7:A8:08:D4:14:06:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/edVl-Z_14P-1vfmZXteoCNQUBuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/ee5cd7-b30e-466b-aaad-6c3b87443e06/1/RKT_evyL3NUG3_cWZQQfxnmmdao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/ee5cd7-b30e-466b-aaad-6c3b87443e06/1/edVl-Z_14P-1vfmZXteoCNQUBuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.185.120.0/23
                  185.204.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bb:eb:3b:d6:25:d5:03:0e:a7:e1:f9:3a:dc:10:da:30:6c:65:
         a5:fc:b9:d8:4a:54:b2:32:bf:b1:d4:a2:b3:33:58:df:63:f1:
         90:d2:de:53:a0:0f:14:8e:d1:19:9d:69:e4:0b:6c:73:f1:b8:
         5c:91:9e:d8:21:c2:f1:fc:1b:9e:07:91:5b:2f:56:ec:fc:c5:
         93:66:0f:2b:13:ab:1e:39:75:c6:a3:f7:a9:6f:04:33:b0:33:
         b2:b1:2a:d4:56:48:2f:66:84:ea:27:d2:ba:20:17:3e:32:d8:
         1d:ae:73:ed:9e:b6:59:f7:26:d6:15:33:75:2a:db:7e:0b:34:
         89:54:80:c4:d6:49:46:14:14:fa:0c:20:de:4c:4c:a9:6b:c5:
         eb:2d:d9:1c:65:a3:ee:af:ce:3f:66:45:1b:39:29:5e:ea:95:
         1a:57:20:3c:64:e4:93:a5:f9:5f:ab:9c:8f:55:2d:8d:97:18:
         45:03:c6:1e:7c:e9:4f:aa:08:67:ce:b6:f1:cf:07:22:72:02:
         87:5e:e1:fd:ae:5c:71:a0:9b:d6:e2:41:6c:2b:06:c4:49:21:
         d4:12:43:25:63:d1:36:c8:6e:88:53:27:61:13:f4:73:3a:76:
         de:05:b2:b6:a4:e9:b1:47:91:f8:95:54:79:0b:9f:e3:a2:a1:
         70:4d:c8:d6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcLd0TcjFUkjVM40GaC4ks6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5ZDU2NWY5OWZmNWUwZmZiNWJkZjk5OTVlZDdhODA4ZDQx
NDA2ZTUwHhcNMjUwNTI2MDcyMDU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGE0ZmY3YWZjOGJkY2Q1MDZkZmY3MTY2NTA0MWZjNjc5YTY3NWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1NeCgafyWYGWfw7CYNtcgZ76eexl
pTc1mG4KHUbg/XA6SL+AM2TVFdS8uAV7l2BvwCHAc1QZPRkop4CseSEQcv5rhptb
KCTNO7WQMNKdKqR22PLa5e7OYynGUrVb7+Q2zgrhPL4WQsFTQVQTOz74hkgLfLOE
SAmJN+fhOnbJOuFm8ms0039d5h8e9aLEceajexPIuSYj7o3FEcWt3kpVDddB2ygP
w4O/LS3WV9TZ5ONtoxtvkHJ+NNUKFG9iaAvd12h434UwOrFtJ1tFQzLam0dHw5BB
hYdHa443H8LuAIlnSlnTeMTWKirinVDQ0qVuuVQbixJTd2cqENo64+RLRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFESk/3r8i9zVBt/3FmUEH8Z5pnWqMB8GA1UdIwQY
MBaAFHnVZfmf9eD/tb35mV7XqAjUFAblMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWRWbC1aXzE0UC0xdmZtWlh0ZW9DTlFVQnVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9lZTVjZDctYjMwZS00NjZiLWFhYWQt
NmMzYjg3NDQzZTA2LzEvUktUX2V2eUwzTlVHM19jV1pRUWZ4bm1tZGFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9lZTVjZDctYjMwZS00NjZiLWFhYWQtNmMzYjg3NDQzZTA2
LzEvZWRWbC1aXzE0UC0xdmZtWlh0ZW9DTlFVQnVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBgrl4AwQC
ucyoMA0GCSqGSIb3DQEBCwUAA4IBAQC76zvWJdUDDqfh+TrcENowbGWl/LnYSlSy
Mr+x1KKzM1jfY/GQ0t5ToA8UjtEZnWnkC2xz8bhckZ7YIcLx/BueB5FbL1bs/MWT
Zg8rE6seOXXGo/epbwQzsDOysSrUVkgvZoTqJ9K6IBc+MtgdrnPtnrZZ9ybWFTN1
Ktt+CzSJVIDE1klGFBT6DCDeTEypa8XrLdkcZaPur84/ZkUbOSle6pUaVyA8ZOST
pflfq5yPVS2NlxhFA8YefOlPqghnzrbxzwcicgKHXuH9rlxxoJvW4kFsKwbESSHU
EkMlY9E2yG6IUydhE/RzOnbeBbK2pOmxR5H4lVR5C5/joqFwTcjW
-----END CERTIFICATE-----