Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/02bd8e-2eb8-4515-956b-e15250392887/1/c13kxnbsyODzPHyzkeCp6V26ajY.roa
File:                     c13kxnbsyODzPHyzkeCp6V26ajY.roa (raw, json)
Hash identifier:          5unbD6+O2W5c+EmMfdgbVE1U7HYHEYdfAi2loQA1vSE=
Subject key identifier:   73:5D:E4:C6:76:EC:C8:E0:F3:3C:7C:B3:91:E0:A9:E9:5D:BA:6A:36
Certificate issuer:       /CN=f10b734df4fa6aee12ea990657b035a162b4a9e6
Certificate serial:       0197355FC3E5F58134F80F029609D3F55E32
Authority key identifier: F1:0B:73:4D:F4:FA:6A:EE:12:EA:99:06:57:B0:35:A1:62:B4:A9:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8QtzTfT6au4S6pkGV7A1oWK0qeY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/02bd8e-2eb8-4515-956b-e15250392887/1/c13kxnbsyODzPHyzkeCp6V26ajY.roa
Signing time:             Tue 03 Jun 2025 10:39:17 +0000
ROA not before:           Tue 03 Jun 2025 10:39:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209925
IP address blocks:        185.116.232.0/24 maxlen: 24
                          2a14:fa80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/02bd8e-2eb8-4515-956b-e15250392887/1/8QtzTfT6au4S6pkGV7A1oWK0qeY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/02bd8e-2eb8-4515-956b-e15250392887/1/8QtzTfT6au4S6pkGV7A1oWK0qeY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8QtzTfT6au4S6pkGV7A1oWK0qeY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:35:5f:c3:e5:f5:81:34:f8:0f:02:96:09:d3:f5:5e:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f10b734df4fa6aee12ea990657b035a162b4a9e6
        Validity
            Not Before: Jun  3 10:39:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=735de4c676ecc8e0f33c7cb391e0a9e95dba6a36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:c2:68:55:d1:28:bb:9f:85:04:ca:5d:8a:23:
                    3a:20:7f:76:9a:2f:fa:e3:9f:42:44:7e:7b:8a:48:
                    fe:49:08:65:ba:4a:88:a1:30:90:8e:92:f0:84:a0:
                    d8:d5:66:b2:22:b2:97:6f:d0:06:4c:f7:1a:80:4e:
                    8c:06:d9:15:ec:f3:37:af:2b:d4:82:09:c4:f5:a3:
                    85:f0:f1:8a:e0:f2:6c:bc:15:ca:3e:34:46:97:ea:
                    ef:4e:92:07:93:a3:51:8a:2d:9f:e7:09:73:ba:b9:
                    8d:78:90:fb:91:e8:14:28:d0:16:c1:34:4b:45:d5:
                    95:ab:36:02:ca:11:48:84:51:ea:73:b7:33:c2:91:
                    6f:13:fb:2b:07:37:0f:fd:ec:ef:87:93:e4:0f:81:
                    ae:0a:f3:d7:c7:5e:82:d6:e1:d0:27:3b:36:3b:9d:
                    34:95:29:85:4e:2d:de:86:d8:17:dd:8e:1e:57:83:
                    63:e3:86:c7:57:18:a0:d6:96:1e:38:0c:25:d2:f3:
                    53:9c:c8:e4:27:e5:53:5d:21:8d:92:f2:57:88:71:
                    50:1a:fa:39:ea:96:c8:60:d9:d1:e3:6f:39:b8:41:
                    a3:4e:42:9e:7c:bc:21:5b:25:e5:4e:f5:cd:5f:cb:
                    de:e4:9f:59:f1:e1:c5:24:95:be:71:f5:c2:48:1d:
                    c0:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:5D:E4:C6:76:EC:C8:E0:F3:3C:7C:B3:91:E0:A9:E9:5D:BA:6A:36
            X509v3 Authority Key Identifier:
                keyid:F1:0B:73:4D:F4:FA:6A:EE:12:EA:99:06:57:B0:35:A1:62:B4:A9:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8QtzTfT6au4S6pkGV7A1oWK0qeY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/02bd8e-2eb8-4515-956b-e15250392887/1/c13kxnbsyODzPHyzkeCp6V26ajY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/02bd8e-2eb8-4515-956b-e15250392887/1/8QtzTfT6au4S6pkGV7A1oWK0qeY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.116.232.0/24
                IPv6:
                  2a14:fa80::/32

    Signature Algorithm: sha256WithRSAEncryption
         27:d2:0f:7c:1f:86:47:7a:80:f6:93:c3:99:98:f2:5e:c8:25:
         f5:4d:cc:ec:51:f0:70:ef:73:39:3e:85:56:28:89:16:0e:44:
         a9:a9:94:6d:c7:75:cd:d1:88:44:05:e1:68:9a:fb:70:d4:99:
         4c:9f:8b:cc:43:8e:5d:4e:ef:ec:d6:36:24:e9:fe:6a:e9:2d:
         0a:5c:ce:25:5a:57:a2:53:e0:b2:f0:ce:a5:d8:bc:fb:8e:1e:
         08:15:74:42:87:9f:40:4f:47:79:a2:65:c2:6c:9c:34:9e:7f:
         9b:e3:de:ab:3b:b0:78:a4:6a:15:bc:89:cf:a2:26:c3:7e:80:
         41:b0:0b:07:9a:d8:c1:0a:37:37:38:ca:31:ab:0b:25:9a:4f:
         63:d8:fa:3f:d7:5a:0e:62:78:55:61:e3:ac:76:cb:fb:db:f7:
         7a:81:87:8c:67:ae:c6:5d:7e:d3:87:ee:40:25:d0:b7:bc:08:
         bd:81:b8:3b:cb:2e:7b:f3:17:0e:b0:5c:dd:6c:79:78:93:25:
         43:41:bf:9b:e4:56:32:88:0d:f1:92:62:35:d3:9c:95:53:33:
         e7:51:db:3e:73:3c:7f:02:9c:19:f7:1d:66:aa:61:e2:62:07:
         9c:7a:3b:e0:de:91:c1:b7:94:0b:c0:f2:0d:a8:94:db:7f:be:
         46:f4:2f:36
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZc1X8Pl9YE0+A8ClgnT9V4yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMGI3MzRkZjRmYTZhZWUxMmVhOTkwNjU3YjAzNWExNjJi
NGE5ZTYwHhcNMjUwNjAzMTAzOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzVkZTRjNjc2ZWNjOGUwZjMzYzdjYjM5MWUwYTllOTVkYmE2YTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcJoVdEou5+FBMpdiiM6IH92mi/6
459CRH57ikj+SQhlukqIoTCQjpLwhKDY1WayIrKXb9AGTPcagE6MBtkV7PM3ryvU
ggnE9aOF8PGK4PJsvBXKPjRGl+rvTpIHk6NRii2f5wlzurmNeJD7kegUKNAWwTRL
RdWVqzYCyhFIhFHqc7czwpFvE/srBzcP/ezvh5PkD4GuCvPXx16C1uHQJzs2O500
lSmFTi3ehtgX3Y4eV4Nj44bHVxig1pYeOAwl0vNTnMjkJ+VTXSGNkvJXiHFQGvo5
6pbIYNnR4285uEGjTkKefLwhWyXlTvXNX8ve5J9Z8eHFJJW+cfXCSB3ALwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHNd5MZ27Mjg8zx8s5Hgqeldumo2MB8GA1UdIwQY
MBaAFPELc030+mruEuqZBlewNaFitKnmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFF0elRmVDZhdTRTNnBrR1Y3QTFvV0swcWVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMmJkOGUtMmViOC00NTE1LTk1NmIt
ZTE1MjUwMzkyODg3LzEvYzEza3huYnN5T0R6UEh5emtlQ3A2VjI2YWpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMmJkOGUtMmViOC00NTE1LTk1NmItZTE1MjUwMzkyODg3
LzEvOFF0elRmVDZhdTRTNnBrR1Y3QTFvV0swcWVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuXToMA0E
AgACMAcDBQAqFPqAMA0GCSqGSIb3DQEBCwUAA4IBAQAn0g98H4ZHeoD2k8OZmPJe
yCX1TczsUfBw73M5PoVWKIkWDkSpqZRtx3XN0YhEBeFomvtw1JlMn4vMQ45dTu/s
1jYk6f5q6S0KXM4lWleiU+Cy8M6l2Lz7jh4IFXRCh59AT0d5omXCbJw0nn+b496r
O7B4pGoVvInPoibDfoBBsAsHmtjBCjc3OMoxqwslmk9j2Po/11oOYnhVYeOsdsv7
2/d6gYeMZ67GXX7Th+5AJdC3vAi9gbg7yy578xcOsFzdbHl4kyVDQb+b5FYyiA3x
kmI105yVUzPnUds+czx/ApwZ9x1mqmHiYgecejvg3pHBt5QLwPINqJTbf75G9C82
-----END CERTIFICATE-----