Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/uxY_rWmIuC9Ly4ciQ8wO9qpVQmo.roa
File:                     uxY_rWmIuC9Ly4ciQ8wO9qpVQmo.roa (raw, json)
Hash identifier:          DbUG2PWufzxC+fwgaTqlqha3pLKnlOIHxWqtJ19qFMw=
Subject key identifier:   BB:16:3F:AD:69:88:B8:2F:4B:CB:87:22:43:CC:0E:F6:AA:55:42:6A
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       01973A1B02823E71EE17ADFC308DFC6F1C49
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/uxY_rWmIuC9Ly4ciQ8wO9qpVQmo.roa
Signing time:             Wed 04 Jun 2025 08:42:17 +0000
ROA not before:           Wed 04 Jun 2025 08:42:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13034
IP address blocks:        193.252.138.0/24 maxlen: 24
                          193.252.242.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 20:42:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3a:1b:02:82:3e:71:ee:17:ad:fc:30:8d:fc:6f:1c:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jun  4 08:42:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb163fad6988b82f4bcb872243cc0ef6aa55426a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:62:82:f0:42:7e:3b:e6:a8:80:29:5e:df:ce:
                    ab:c6:09:64:03:93:ec:4c:dc:94:63:b0:8b:f3:5b:
                    b0:46:57:67:cf:c3:33:aa:0f:3b:13:cc:4d:68:50:
                    4e:27:52:be:72:cd:0c:87:26:b4:6f:8a:a8:88:74:
                    72:88:22:4e:70:e4:e4:41:14:a2:10:f2:dd:77:73:
                    2a:98:63:c2:4a:bb:6d:ff:65:6f:e0:28:6a:76:bf:
                    f8:09:52:24:20:a9:a3:05:da:74:17:2a:7d:82:99:
                    3e:7b:86:aa:89:f9:3a:d2:65:b9:ed:32:39:6a:18:
                    04:02:62:be:79:ab:11:36:6f:35:7a:e8:cd:f3:a1:
                    3f:b5:58:1c:37:d1:36:a0:34:0c:f1:d5:0b:62:05:
                    d3:9b:e2:83:8a:90:a2:7f:4c:09:85:22:86:22:e9:
                    0c:c3:bc:db:24:8e:a2:99:ca:83:81:9f:bf:8a:5e:
                    a6:33:6a:a2:66:63:ed:f9:b2:83:e9:eb:78:39:2b:
                    82:12:24:59:f2:18:49:32:fc:df:75:b2:32:b5:ce:
                    51:ac:19:4c:01:3b:6c:26:30:44:65:23:c9:ce:68:
                    11:66:f1:97:78:e2:2e:1e:f1:91:9a:c4:f7:64:f4:
                    3d:9e:0c:c0:95:d2:01:b5:0c:37:98:b2:e9:d0:0a:
                    f0:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:16:3F:AD:69:88:B8:2F:4B:CB:87:22:43:CC:0E:F6:AA:55:42:6A
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/uxY_rWmIuC9Ly4ciQ8wO9qpVQmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.252.138.0/24
                  193.252.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         43:e0:5a:71:ef:72:de:db:09:c9:04:e4:be:c2:ca:12:78:37:
         24:44:c4:49:ce:69:60:2e:7f:5d:b5:52:d0:64:0f:35:a5:ae:
         d4:c2:29:7f:46:f8:14:16:e7:7a:65:80:32:fd:74:14:2f:ee:
         3a:62:5f:01:8d:60:61:d5:ef:7e:d7:d0:6f:e0:0d:a6:69:81:
         26:c3:16:a7:cd:aa:54:ff:a0:9c:7a:33:44:a4:e7:de:37:08:
         bb:f9:bc:70:77:53:72:c0:bb:63:1e:e1:87:58:89:9c:f8:88:
         cb:be:41:6a:a8:df:04:9e:30:01:5d:ec:fe:ea:ce:30:7f:6d:
         b4:15:6d:b3:0e:e4:58:64:32:7c:15:db:d7:d6:8b:a4:23:82:
         4b:6c:47:73:02:a3:9b:0a:0e:32:04:e1:6d:6f:d4:79:43:fc:
         4c:d0:42:3c:87:ff:1d:18:66:8a:84:b3:61:23:c7:d1:3b:5f:
         5a:54:0f:fd:95:06:51:7c:19:e1:3f:63:47:5b:80:db:7a:73:
         da:c4:45:e8:6b:3b:21:fe:d9:c7:68:7a:34:85:ec:1f:94:ae:
         13:79:7b:e5:ae:7d:02:15:1e:a6:ff:a2:40:d2:29:0c:6f:28:
         5c:3b:bd:8b:24:a4:14:cc:68:41:58:67:00:2e:e3:d2:84:d7:
         76:36:9d:bf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZc6GwKCPnHuF638MI38bxxJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjUwNjA0MDg0MjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjE2M2ZhZDY5ODhiODJmNGJjYjg3MjI0M2NjMGVmNmFhNTU0MjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWKC8EJ+O+aogCle386rxglkA5Ps
TNyUY7CL81uwRldnz8Mzqg87E8xNaFBOJ1K+cs0Mhya0b4qoiHRyiCJOcOTkQRSi
EPLdd3MqmGPCSrtt/2Vv4Chqdr/4CVIkIKmjBdp0Fyp9gpk+e4aqifk60mW57TI5
ahgEAmK+easRNm81eujN86E/tVgcN9E2oDQM8dULYgXTm+KDipCif0wJhSKGIukM
w7zbJI6imcqDgZ+/il6mM2qiZmPt+bKD6et4OSuCEiRZ8hhJMvzfdbIytc5RrBlM
ATtsJjBEZSPJzmgRZvGXeOIuHvGRmsT3ZPQ9ngzAldIBtQw3mLLp0ArwvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLsWP61piLgvS8uHIkPMDvaqVUJqMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvdXhZX3JXbUl1QzlMeTRjaVE4d085cXBWUW1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwfyKAwQB
wfzyMA0GCSqGSIb3DQEBCwUAA4IBAQBD4Fpx73Le2wnJBOS+wsoSeDckRMRJzmlg
Ln9dtVLQZA81pa7Uwil/RvgUFud6ZYAy/XQUL+46Yl8BjWBh1e9+19Bv4A2maYEm
wxanzapU/6CcejNEpOfeNwi7+bxwd1NywLtjHuGHWImc+IjLvkFqqN8EnjABXez+
6s4wf220FW2zDuRYZDJ8FdvX1oukI4JLbEdzAqObCg4yBOFtb9R5Q/xM0EI8h/8d
GGaKhLNhI8fRO19aVA/9lQZRfBnhP2NHW4DbenPaxEXoazsh/tnHaHo0hewflK4T
eXvlrn0CFR6m/6JA0ikMbyhcO72LJKQUzGhBWGcALuPShNd2Np2/
-----END CERTIFICATE-----