Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/52a1e5-86f1-49f7-a773-cb3e29b6ad32/1/5wrNYPlSCkVTpZCOkOfJiVfHH1s.roa
File:                     5wrNYPlSCkVTpZCOkOfJiVfHH1s.roa (raw, json)
Hash identifier:          vV52rVETrxDxRFyAGhG26EED/lJXHQxzwHDXgoc8s8o=
Subject key identifier:   E7:0A:CD:60:F9:52:0A:45:53:A5:90:8E:90:E7:C9:89:57:C7:1F:5B
Certificate issuer:       /CN=b21e3b2ac50970fb126cbdf19d7fb315dcc1c45d
Certificate serial:       01973AD5C65B14F851684BB50BBEE7D029A8
Authority key identifier: B2:1E:3B:2A:C5:09:70:FB:12:6C:BD:F1:9D:7F:B3:15:DC:C1:C4:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sh47KsUJcPsSbL3xnX-zFdzBxF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/52a1e5-86f1-49f7-a773-cb3e29b6ad32/1/5wrNYPlSCkVTpZCOkOfJiVfHH1s.roa
Signing time:             Wed 04 Jun 2025 12:06:17 +0000
ROA not before:           Wed 04 Jun 2025 12:06:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208475
IP address blocks:        195.226.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/52a1e5-86f1-49f7-a773-cb3e29b6ad32/1/sh47KsUJcPsSbL3xnX-zFdzBxF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/52a1e5-86f1-49f7-a773-cb3e29b6ad32/1/sh47KsUJcPsSbL3xnX-zFdzBxF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sh47KsUJcPsSbL3xnX-zFdzBxF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3a:d5:c6:5b:14:f8:51:68:4b:b5:0b:be:e7:d0:29:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b21e3b2ac50970fb126cbdf19d7fb315dcc1c45d
        Validity
            Not Before: Jun  4 12:06:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e70acd60f9520a4553a5908e90e7c98957c71f5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:15:51:6b:08:d6:82:bf:8f:df:ff:a3:2e:e7:
                    63:b7:26:ef:72:a5:bc:12:45:66:7a:ef:ee:86:24:
                    1f:5a:6d:f1:1f:b7:5e:97:79:a1:c6:1a:a9:60:83:
                    15:cf:f8:29:19:6f:08:45:66:4d:20:4b:42:8e:cc:
                    c6:31:13:83:3d:af:e7:83:66:1d:bb:c5:d6:f4:32:
                    00:6d:b8:14:04:9e:e5:26:60:96:58:e7:1c:18:c4:
                    54:f9:0f:50:e9:d9:2f:76:99:f0:f3:fc:48:0e:bf:
                    76:0d:92:d8:5b:30:0c:f6:0f:9d:eb:9e:27:29:3d:
                    b6:a3:d7:f1:a6:eb:77:5c:5c:50:cd:44:d0:13:67:
                    8e:fd:79:bc:44:d8:7a:4c:8b:dd:27:78:e9:85:20:
                    6f:0a:79:02:98:f2:e3:6d:46:46:1e:75:2d:cf:59:
                    9b:f4:9c:22:6d:05:84:9b:11:ef:86:c0:2b:62:c4:
                    cf:ab:f2:57:88:93:ca:ae:f4:d8:1f:2f:17:d9:24:
                    d3:b0:17:52:29:a6:3a:7e:1b:92:d5:05:c6:bc:b4:
                    63:d5:43:f8:27:6c:e6:a6:7f:03:87:25:b9:60:b9:
                    60:c0:07:08:59:b5:2f:f9:e1:01:7d:12:ac:33:96:
                    b6:be:31:03:a4:ad:c8:cb:bb:c7:56:a7:8a:64:68:
                    3a:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:0A:CD:60:F9:52:0A:45:53:A5:90:8E:90:E7:C9:89:57:C7:1F:5B
            X509v3 Authority Key Identifier:
                keyid:B2:1E:3B:2A:C5:09:70:FB:12:6C:BD:F1:9D:7F:B3:15:DC:C1:C4:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sh47KsUJcPsSbL3xnX-zFdzBxF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/52a1e5-86f1-49f7-a773-cb3e29b6ad32/1/5wrNYPlSCkVTpZCOkOfJiVfHH1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/52a1e5-86f1-49f7-a773-cb3e29b6ad32/1/sh47KsUJcPsSbL3xnX-zFdzBxF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.226.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:50:28:f8:00:74:a2:f8:0a:61:eb:ff:4a:46:cf:29:9f:b8:
         3c:ee:d6:9d:0f:fe:12:d3:39:cc:67:b3:aa:c4:3b:b9:97:b0:
         02:c7:9d:b6:17:64:e1:60:56:96:a4:b0:fa:39:e2:5c:89:d6:
         fd:5c:06:46:9b:40:5c:f4:d3:d9:32:80:c3:70:ab:a5:9a:59:
         8c:2c:a6:59:7b:81:be:f1:49:8c:dd:15:04:9d:84:fd:d3:60:
         d6:d3:24:39:3f:44:c3:ea:5f:8a:05:6b:5f:2b:22:0e:76:37:
         65:e8:a4:73:83:48:53:f6:00:c1:d7:72:55:83:df:5f:8c:73:
         da:b2:a4:0f:fa:00:3c:0c:a5:d6:5e:b4:ba:0b:61:52:02:0f:
         7f:73:ef:08:c2:33:62:de:f0:3d:38:59:c6:74:9d:e6:cf:2f:
         29:9e:3a:88:6e:19:b9:0e:96:94:c2:6d:92:1a:e3:84:5e:a2:
         0b:60:6a:bf:00:cc:4a:47:c5:66:2a:48:66:04:54:0e:17:26:
         21:d4:7f:11:37:44:a0:36:25:40:ed:06:28:43:d6:9e:ed:44:
         61:2c:7b:57:d2:4d:cd:9a:1d:67:1d:f2:30:ed:dc:71:47:05:
         eb:b6:50:bf:6d:d0:e8:51:a9:e3:04:47:e9:66:17:0d:11:fe:
         77:22:98:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc61cZbFPhRaEu1C77n0CmoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyMWUzYjJhYzUwOTcwZmIxMjZjYmRmMTlkN2ZiMzE1ZGNj
MWM0NWQwHhcNMjUwNjA0MTIwNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzBhY2Q2MGY5NTIwYTQ1NTNhNTkwOGU5MGU3Yzk4OTU3YzcxZjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBVRawjWgr+P3/+jLudjtybvcqW8
EkVmeu/uhiQfWm3xH7del3mhxhqpYIMVz/gpGW8IRWZNIEtCjszGMRODPa/ng2Yd
u8XW9DIAbbgUBJ7lJmCWWOccGMRU+Q9Q6dkvdpnw8/xIDr92DZLYWzAM9g+d654n
KT22o9fxput3XFxQzUTQE2eO/Xm8RNh6TIvdJ3jphSBvCnkCmPLjbUZGHnUtz1mb
9JwibQWEmxHvhsArYsTPq/JXiJPKrvTYHy8X2STTsBdSKaY6fhuS1QXGvLRj1UP4
J2zmpn8DhyW5YLlgwAcIWbUv+eEBfRKsM5a2vjEDpK3Iy7vHVqeKZGg6VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOcKzWD5UgpFU6WQjpDnyYlXxx9bMB8GA1UdIwQY
MBaAFLIeOyrFCXD7Emy98Z1/sxXcwcRdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2g0N0tzVUpjUHNTYkwzeG5YLXpGZHpCeEYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy81MmExZTUtODZmMS00OWY3LWE3NzMt
Y2IzZTI5YjZhZDMyLzEvNXdyTllQbFNDa1ZUcFpDT2tPZkppVmZISDFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy81MmExZTUtODZmMS00OWY3LWE3NzMtY2IzZTI5YjZhZDMy
LzEvc2g0N0tzVUpjUHNTYkwzeG5YLXpGZHpCeEYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+LbMA0G
CSqGSIb3DQEBCwUAA4IBAQBDUCj4AHSi+Aph6/9KRs8pn7g87tadD/4S0znMZ7Oq
xDu5l7ACx522F2ThYFaWpLD6OeJcidb9XAZGm0Bc9NPZMoDDcKulmlmMLKZZe4G+
8UmM3RUEnYT902DW0yQ5P0TD6l+KBWtfKyIOdjdl6KRzg0hT9gDB13JVg99fjHPa
sqQP+gA8DKXWXrS6C2FSAg9/c+8IwjNi3vA9OFnGdJ3mzy8pnjqIbhm5DpaUwm2S
GuOEXqILYGq/AMxKR8VmKkhmBFQOFyYh1H8RN0SgNiVA7QYoQ9ae7URhLHtX0k3N
mh1nHfIw7dxxRwXrtlC/bdDoUanjBEfpZhcNEf53Ipi0
-----END CERTIFICATE-----