Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/A65uyV26SsED-QTWYQKp5Gv0rNo.roa
File:                     A65uyV26SsED-QTWYQKp5Gv0rNo.roa (raw, json)
Hash identifier:          ZTOzPOdVS5PATBBOqZEZpuRX8yTK/iXDN/Fy3kOQjeE=
Subject key identifier:   03:AE:6E:C9:5D:BA:4A:C1:03:F9:04:D6:61:02:A9:E4:6B:F4:AC:DA
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       01970777B46178A1F356F939261E47670CBD
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/A65uyV26SsED-QTWYQKp5Gv0rNo.roa
Signing time:             Sun 25 May 2025 12:42:54 +0000
ROA not before:           Sun 25 May 2025 12:42:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200436
IP address blocks:        212.80.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 03:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:07:77:b4:61:78:a1:f3:56:f9:39:26:1e:47:67:0c:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: May 25 12:42:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=03ae6ec95dba4ac103f904d66102a9e46bf4acda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:26:98:4f:da:b3:4a:54:10:ea:44:73:66:a6:
                    14:5c:6f:5a:2a:2c:8b:2a:04:ff:2f:38:49:68:df:
                    4b:a7:05:f2:8e:64:f8:df:06:b1:21:f7:f5:bc:15:
                    37:92:fd:0c:ec:75:86:2d:bf:79:da:1a:40:f6:e1:
                    c5:8b:7c:1e:50:1a:f3:2a:42:47:4d:f4:5d:8f:6c:
                    a3:21:99:3d:66:09:2f:94:52:22:23:21:a3:d4:ee:
                    43:4e:76:30:80:8c:da:42:09:da:6a:f8:3f:e2:78:
                    7d:87:4a:63:f1:f4:07:ca:72:9e:68:0f:c4:4d:d0:
                    90:09:7f:a1:27:de:87:0d:6e:a3:06:ec:c8:f2:5a:
                    7f:47:40:9a:11:74:fd:17:ca:70:c2:0d:9a:9f:a3:
                    87:30:2c:f6:6f:73:f5:7b:82:7a:37:87:91:a7:a0:
                    53:b6:be:d1:44:a5:10:db:24:9e:75:13:d9:fd:66:
                    d7:34:01:9c:7e:c1:e3:d1:3e:69:71:b6:e7:ac:f4:
                    8f:1b:e2:9f:6b:56:84:97:1a:2d:cc:2a:85:9b:26:
                    ec:1f:f0:8e:f9:ed:5b:10:d5:28:08:dc:f1:bc:34:
                    a5:38:2c:fd:c5:cd:1b:7b:18:2c:15:a1:92:d2:71:
                    f1:1a:1a:1c:69:52:34:e2:d3:c5:58:0f:8d:3c:b2:
                    27:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:AE:6E:C9:5D:BA:4A:C1:03:F9:04:D6:61:02:A9:E4:6B:F4:AC:DA
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/A65uyV26SsED-QTWYQKp5Gv0rNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.80.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:91:92:f0:56:ce:ce:cf:de:ab:ed:c3:66:1b:2b:2d:a0:9e:
         f6:f9:87:46:de:bd:82:f4:d1:3e:6c:11:fd:2e:b9:6e:8b:95:
         bd:47:f8:b0:f9:91:5b:23:ad:7b:9f:6d:0f:93:17:09:90:32:
         b4:88:03:bf:8b:75:b4:32:93:3d:88:45:b8:7b:78:2d:28:89:
         20:1a:ac:ff:c7:05:0b:aa:73:6c:b4:aa:41:ec:b2:c3:8f:98:
         3c:98:17:75:69:2e:ac:40:79:39:db:14:6a:3d:16:52:be:30:
         0f:45:92:81:df:33:95:cc:69:03:a7:6d:71:70:1b:ac:cd:3f:
         23:a5:48:af:19:e2:76:4b:d1:3d:28:af:19:61:f4:40:bf:14:
         ba:f8:c3:bb:d3:3b:09:1c:c6:37:99:98:fb:f3:2a:a2:a4:90:
         06:bf:78:67:60:77:93:c3:60:1e:21:7e:e9:39:bf:df:7d:ff:
         1b:ff:5f:a5:d7:e9:f9:5d:fa:fa:bb:44:50:b2:37:6a:b1:f6:
         dd:ed:ca:1d:e5:a1:8f:fd:06:d4:20:1f:9f:8b:94:76:13:1a:
         6f:62:40:97:96:d7:ee:35:b9:b0:35:2e:35:cd:6c:23:84:5e:
         70:d1:20:c3:71:84:de:3d:66:4f:b8:70:80:f6:cd:2a:6a:8f:
         d1:5d:78:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcHd7RheKHzVvk5Jh5HZwy9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUwNTI1MTI0MjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2FlNmVjOTVkYmE0YWMxMDNmOTA0ZDY2MTAyYTllNDZiZjRhY2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiaYT9qzSlQQ6kRzZqYUXG9aKiyL
KgT/LzhJaN9LpwXyjmT43waxIff1vBU3kv0M7HWGLb952hpA9uHFi3weUBrzKkJH
TfRdj2yjIZk9ZgkvlFIiIyGj1O5DTnYwgIzaQgnaavg/4nh9h0pj8fQHynKeaA/E
TdCQCX+hJ96HDW6jBuzI8lp/R0CaEXT9F8pwwg2an6OHMCz2b3P1e4J6N4eRp6BT
tr7RRKUQ2ySedRPZ/WbXNAGcfsHj0T5pcbbnrPSPG+Kfa1aElxotzCqFmybsH/CO
+e1bENUoCNzxvDSlOCz9xc0bexgsFaGS0nHxGhocaVI04tPFWA+NPLInvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAOubsldukrBA/kE1mECqeRr9KzaMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvQTY1dXlWMjZTc0VELVFUV1lRS3A1R3Ywck5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FAfMA0G
CSqGSIb3DQEBCwUAA4IBAQA3kZLwVs7Oz96r7cNmGystoJ72+YdG3r2C9NE+bBH9
Lrlui5W9R/iw+ZFbI617n20PkxcJkDK0iAO/i3W0MpM9iEW4e3gtKIkgGqz/xwUL
qnNstKpB7LLDj5g8mBd1aS6sQHk52xRqPRZSvjAPRZKB3zOVzGkDp21xcBuszT8j
pUivGeJ2S9E9KK8ZYfRAvxS6+MO70zsJHMY3mZj78yqipJAGv3hnYHeTw2AeIX7p
Ob/fff8b/1+l1+n5Xfr6u0RQsjdqsfbd7cod5aGP/QbUIB+fi5R2ExpvYkCXltfu
NbmwNS41zWwjhF5w0SDDcYTePWZPuHCA9s0qao/RXXg5
-----END CERTIFICATE-----