Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/0PYqCCYmpnWRIpgC2V35okWCfTw.roa
File:                     0PYqCCYmpnWRIpgC2V35okWCfTw.roa (raw, json)
Hash identifier:          bxKzGYneLjIYkKuNO/na6p0rkuSc5rsZFwEr/hlvZVw=
Subject key identifier:   D0:F6:2A:08:26:26:A6:75:91:22:98:02:D9:5D:F9:A2:45:82:7D:3C
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       01972F8C058E58CC146E680E8687CF6B053F
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/0PYqCCYmpnWRIpgC2V35okWCfTw.roa
Signing time:             Mon 02 Jun 2025 07:29:54 +0000
ROA not before:           Mon 02 Jun 2025 07:29:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29664
IP address blocks:        81.52.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:2f:8c:05:8e:58:cc:14:6e:68:0e:86:87:cf:6b:05:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jun  2 07:29:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d0f62a082626a67591229802d95df9a245827d3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:cc:57:94:b4:82:90:bc:d2:91:9d:d3:70:49:
                    b7:86:42:a5:d0:92:54:bf:85:13:82:90:05:b7:5c:
                    6b:de:68:d9:a6:fd:80:d4:88:80:64:9e:d0:4b:71:
                    3c:c4:b9:0e:e9:ce:97:d3:2f:2f:d5:74:2b:9b:72:
                    af:d6:c7:6f:55:e6:21:cf:14:d8:ad:f6:d8:a3:ce:
                    b4:fe:d0:e3:cd:11:28:c2:5c:10:e9:72:55:ed:33:
                    5f:59:79:9f:f5:c4:34:dc:6c:a8:4d:20:1a:49:b9:
                    87:1e:a8:5f:59:6a:11:92:f8:54:02:b3:5a:53:b0:
                    47:50:dc:f8:33:6d:f5:55:01:aa:4d:bb:ae:89:d0:
                    7f:50:7e:d9:ff:ff:79:0a:c7:3b:28:32:56:3c:40:
                    cd:21:56:7e:36:28:47:1f:8b:39:d0:ab:e1:45:50:
                    c1:f4:4a:4e:bc:90:95:d2:f6:9d:ac:96:9b:33:1f:
                    72:05:a9:e0:36:d7:b4:6e:ec:8f:87:4a:31:e3:8b:
                    e3:3f:ea:c7:35:64:08:41:5e:b9:13:1d:58:f8:00:
                    25:3f:27:9b:e2:48:fc:2c:4c:f5:ea:1b:2f:e9:3a:
                    03:22:8a:05:58:0c:87:2f:47:df:4a:b4:7e:d8:26:
                    8b:ed:2d:db:37:32:df:29:92:02:41:f5:ad:23:62:
                    83:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:F6:2A:08:26:26:A6:75:91:22:98:02:D9:5D:F9:A2:45:82:7D:3C
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/0PYqCCYmpnWRIpgC2V35okWCfTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.52.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:46:60:42:93:11:ee:61:0a:c1:6c:b0:2f:4d:52:7f:84:1f:
         b9:ae:a1:51:b1:86:c7:76:8e:94:87:1c:38:4c:2c:01:51:48:
         a5:da:9f:37:c1:ab:d1:05:4f:41:5d:a7:52:cd:f1:9e:8d:bf:
         3f:70:b6:77:c1:47:83:30:57:0f:86:76:66:89:bd:a7:6b:ac:
         56:ce:54:96:97:f3:2c:19:12:af:1a:d4:6e:9c:4e:58:96:9d:
         54:a5:cd:ad:b2:43:7a:65:7a:f7:fb:15:fd:84:a8:4c:5f:b2:
         24:aa:a3:7c:d2:2f:23:2a:3b:a3:fd:c1:1e:85:02:d0:a9:6b:
         b2:b2:7b:89:2e:94:0f:16:d9:3c:c6:3f:eb:ef:db:cb:d1:ea:
         ac:84:5d:a9:9f:f8:e0:13:77:a4:32:9b:74:00:97:22:f3:66:
         63:1b:4c:42:08:10:6c:81:c4:87:e0:75:da:10:70:9c:7c:5c:
         61:5e:f4:91:59:60:91:be:9c:c9:83:b2:61:54:99:d5:1c:c4:
         c6:c5:12:b1:a5:5c:38:b7:66:e4:f8:18:1e:fd:59:ea:3f:4b:
         23:4e:8c:82:a6:3f:34:b0:29:da:5b:53:a8:26:ac:f1:60:d9:
         8e:73:e7:e0:82:e9:f1:f0:ee:c0:94:00:3c:f1:aa:60:c3:94:
         44:d6:25:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcvjAWOWMwUbmgOhofPawU/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjUwNjAyMDcyOTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGY2MmEwODI2MjZhNjc1OTEyMjk4MDJkOTVkZjlhMjQ1ODI3ZDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsxXlLSCkLzSkZ3TcEm3hkKl0JJU
v4UTgpAFt1xr3mjZpv2A1IiAZJ7QS3E8xLkO6c6X0y8v1XQrm3Kv1sdvVeYhzxTY
rfbYo860/tDjzREowlwQ6XJV7TNfWXmf9cQ03GyoTSAaSbmHHqhfWWoRkvhUArNa
U7BHUNz4M231VQGqTbuuidB/UH7Z//95Csc7KDJWPEDNIVZ+NihHH4s50KvhRVDB
9EpOvJCV0vadrJabMx9yBangNte0buyPh0ox44vjP+rHNWQIQV65Ex1Y+AAlPyeb
4kj8LEz16hsv6ToDIooFWAyHL0ffSrR+2CaL7S3bNzLfKZICQfWtI2KDpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFND2KggmJqZ1kSKYAtld+aJFgn08MB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvMFBZcUNDWW1wbldSSXBnQzJWMzVva1dDZlR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUTTHMA0G
CSqGSIb3DQEBCwUAA4IBAQCuRmBCkxHuYQrBbLAvTVJ/hB+5rqFRsYbHdo6Uhxw4
TCwBUUil2p83wavRBU9BXadSzfGejb8/cLZ3wUeDMFcPhnZmib2na6xWzlSWl/Ms
GRKvGtRunE5Ylp1Upc2tskN6ZXr3+xX9hKhMX7IkqqN80i8jKjuj/cEehQLQqWuy
snuJLpQPFtk8xj/r79vL0eqshF2pn/jgE3ekMpt0AJci82ZjG0xCCBBsgcSH4HXa
EHCcfFxhXvSRWWCRvpzJg7JhVJnVHMTGxRKxpVw4t2bk+Bge/VnqP0sjToyCpj80
sCnaW1OoJqzxYNmOc+fggunx8O7AlAA88apgw5RE1iWs
-----END CERTIFICATE-----