Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/XBbWlDtkaQ_YQj-lOcFRZsR4QS4.roa
File:                     XBbWlDtkaQ_YQj-lOcFRZsR4QS4.roa (raw, json)
Hash identifier:          pp7r6Abd9Ss2uZLn9bwC0PyAqi0RWKysnSc/agfhI6A=
Subject key identifier:   5C:16:D6:94:3B:64:69:0F:D8:42:3F:A5:39:C1:51:66:C4:78:41:2E
Certificate issuer:       /CN=6c3250a5c1bdab74b1bd23c01c54a8d70b6def20
Certificate serial:       01972F9D699386739DE181ABC9621B5B41B9
Authority key identifier: 6C:32:50:A5:C1:BD:AB:74:B1:BD:23:C0:1C:54:A8:D7:0B:6D:EF:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bDJQpcG9q3SxvSPAHFSo1wtt7yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/XBbWlDtkaQ_YQj-lOcFRZsR4QS4.roa
Signing time:             Mon 02 Jun 2025 07:48:54 +0000
ROA not before:           Mon 02 Jun 2025 07:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15415
IP address blocks:        185.211.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/bDJQpcG9q3SxvSPAHFSo1wtt7yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/bDJQpcG9q3SxvSPAHFSo1wtt7yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bDJQpcG9q3SxvSPAHFSo1wtt7yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Jun 2025 15:17:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:2f:9d:69:93:86:73:9d:e1:81:ab:c9:62:1b:5b:41:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c3250a5c1bdab74b1bd23c01c54a8d70b6def20
        Validity
            Not Before: Jun  2 07:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c16d6943b64690fd8423fa539c15166c478412e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:68:df:71:01:f0:38:53:b7:ef:e9:b2:6e:c3:
                    f3:13:49:18:01:dc:59:60:de:e0:1b:2a:14:25:44:
                    e8:1b:af:83:8d:29:94:71:78:24:43:84:e3:a2:8d:
                    36:e1:71:42:6a:aa:cf:59:0c:86:c2:f4:3f:25:c0:
                    5d:a6:19:c0:bb:9d:4d:19:ca:42:d5:dd:18:2f:90:
                    ae:79:84:da:a8:00:4b:55:20:56:58:63:8e:92:df:
                    73:10:21:3b:16:dd:99:5f:82:92:96:38:e4:6b:da:
                    30:28:88:bb:77:5d:4f:6b:ac:ac:46:52:de:e6:bd:
                    c0:08:cb:14:79:e3:3e:15:34:1d:a4:3f:cb:26:cf:
                    7f:16:fa:37:6b:33:18:38:88:06:a0:a9:cc:0b:8d:
                    1b:be:3b:f4:7b:39:cb:eb:0f:58:fc:92:20:da:da:
                    69:a4:03:40:81:d7:d3:c3:56:f7:8d:99:04:8a:e3:
                    c9:dc:65:ab:cb:09:29:35:25:4c:3a:8c:ab:90:f2:
                    83:f6:67:24:ea:db:b0:19:72:a6:3a:52:fc:a9:b6:
                    ef:81:b0:a3:7f:bd:16:ee:ba:45:ce:de:0a:2b:48:
                    94:72:7d:9b:dc:3f:c1:54:26:78:90:90:50:d6:83:
                    88:0d:08:71:a8:dd:c7:c8:66:98:e1:37:85:fe:be:
                    bb:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:16:D6:94:3B:64:69:0F:D8:42:3F:A5:39:C1:51:66:C4:78:41:2E
            X509v3 Authority Key Identifier:
                keyid:6C:32:50:A5:C1:BD:AB:74:B1:BD:23:C0:1C:54:A8:D7:0B:6D:EF:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bDJQpcG9q3SxvSPAHFSo1wtt7yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/XBbWlDtkaQ_YQj-lOcFRZsR4QS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/bDJQpcG9q3SxvSPAHFSo1wtt7yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:fb:09:23:48:6f:02:1d:f7:c7:21:c5:6a:e9:66:cf:df:df:
         ff:07:67:4b:05:9a:e1:e9:23:6e:f1:cd:f4:12:2a:e4:8b:f3:
         90:62:23:24:23:29:a7:f6:49:ae:6a:4b:ad:5d:23:1f:a6:ad:
         56:e2:29:d6:01:14:82:2f:c4:9b:dd:86:68:fa:92:8d:b8:94:
         1d:a3:38:31:d5:36:8f:1c:52:ee:da:21:d6:a0:6c:25:22:33:
         6c:56:06:5d:8a:59:1c:ac:64:a3:d1:22:4f:a0:80:87:b6:e4:
         0c:af:d1:19:77:23:4f:21:d8:a8:cd:ae:80:a8:3a:16:6e:f2:
         5a:66:59:7b:8d:78:4d:95:f1:d5:b8:86:45:bd:bf:90:67:a6:
         31:0c:83:6a:68:6d:3b:86:b2:56:af:19:0c:3c:38:b7:f8:98:
         8a:78:bd:e2:67:c2:be:0b:90:d9:30:54:38:e0:53:d2:ed:6f:
         7f:22:77:25:b3:ed:c3:84:f0:94:d0:c0:3e:1b:30:98:56:24:
         bf:1f:eb:c8:06:8f:63:27:03:60:04:75:3b:f2:f8:9f:d7:e2:
         fc:25:e5:16:60:c8:d0:58:d7:2e:77:6d:d1:98:ed:2e:81:39:
         39:2d:32:3e:3f:a0:0c:e3:29:66:ff:73:e2:5e:05:38:eb:a6:
         29:ff:fe:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcvnWmThnOd4YGryWIbW0G5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMzI1MGE1YzFiZGFiNzRiMWJkMjNjMDFjNTRhOGQ3MGI2
ZGVmMjAwHhcNMjUwNjAyMDc0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzE2ZDY5NDNiNjQ2OTBmZDg0MjNmYTUzOWMxNTE2NmM0Nzg0MTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmjfcQHwOFO37+mybsPzE0kYAdxZ
YN7gGyoUJUToG6+DjSmUcXgkQ4Tjoo024XFCaqrPWQyGwvQ/JcBdphnAu51NGcpC
1d0YL5CueYTaqABLVSBWWGOOkt9zECE7Ft2ZX4KSljjka9owKIi7d11Pa6ysRlLe
5r3ACMsUeeM+FTQdpD/LJs9/Fvo3azMYOIgGoKnMC40bvjv0eznL6w9Y/JIg2tpp
pANAgdfTw1b3jZkEiuPJ3GWrywkpNSVMOoyrkPKD9mck6tuwGXKmOlL8qbbvgbCj
f70W7rpFzt4KK0iUcn2b3D/BVCZ4kJBQ1oOIDQhxqN3HyGaY4TeF/r67FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFwW1pQ7ZGkP2EI/pTnBUWbEeEEuMB8GA1UdIwQY
MBaAFGwyUKXBvat0sb0jwBxUqNcLbe8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkRKUXBjRzlxM1N4dlNQQUhGU28xd3R0N3lBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS83MjRjOTctZjE0OS00NDZmLWJiZjEt
MjU0NDY4M2FhMTI1LzEvWEJiV2xEdGthUV9ZUWotbE9jRlJac1I0UVM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS83MjRjOTctZjE0OS00NDZmLWJiZjEtMjU0NDY4M2FhMTI1
LzEvYkRKUXBjRzlxM1N4dlNQQUhGU28xd3R0N3lBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudNmMA0G
CSqGSIb3DQEBCwUAA4IBAQCo+wkjSG8CHffHIcVq6WbP39//B2dLBZrh6SNu8c30
Eirki/OQYiMkIymn9kmuakutXSMfpq1W4inWARSCL8Sb3YZo+pKNuJQdozgx1TaP
HFLu2iHWoGwlIjNsVgZdilkcrGSj0SJPoICHtuQMr9EZdyNPIdioza6AqDoWbvJa
Zll7jXhNlfHVuIZFvb+QZ6YxDINqaG07hrJWrxkMPDi3+JiKeL3iZ8K+C5DZMFQ4
4FPS7W9/Incls+3DhPCU0MA+GzCYViS/H+vIBo9jJwNgBHU78vif1+L8JeUWYMjQ
WNcud23RmO0ugTk5LTI+P6AM4ylm/3PiXgU466Yp//5J
-----END CERTIFICATE-----