Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/Z_y1WsXx1jtBwikmLYsrNQ0u97Y.roa
File:                     Z_y1WsXx1jtBwikmLYsrNQ0u97Y.roa (raw, json)
Hash identifier:          JOry3wPpe1ZpS7Eexrwc4bHx5BJIx5iyu4lyAycRZfE=
Subject key identifier:   67:FC:B5:5A:C5:F1:D6:3B:41:C2:29:26:2D:8B:2B:35:0D:2E:F7:B6
Certificate issuer:       /CN=55fad96dd05af8c2d26192c841131f2f97459fed
Certificate serial:       0197156FC29138A968F482F4C1C01715FD02
Authority key identifier: 55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/Z_y1WsXx1jtBwikmLYsrNQ0u97Y.roa
Signing time:             Wed 28 May 2025 05:48:55 +0000
ROA not before:           Wed 28 May 2025 05:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201814
IP address blocks:        193.41.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:15:6f:c2:91:38:a9:68:f4:82:f4:c1:c0:17:15:fd:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55fad96dd05af8c2d26192c841131f2f97459fed
        Validity
            Not Before: May 28 05:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67fcb55ac5f1d63b41c229262d8b2b350d2ef7b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:13:20:05:ce:2b:a5:f7:99:0d:6a:80:30:c1:
                    e8:9e:a9:f0:83:89:86:61:5b:7d:a5:ca:27:bd:33:
                    17:57:10:ae:0c:49:97:18:0c:42:45:4c:10:73:7c:
                    23:34:f2:5a:f6:27:31:ef:27:95:b4:82:ed:b3:b3:
                    e3:0a:5c:48:73:35:1d:10:d7:dd:92:7f:2a:ff:75:
                    8a:9c:92:ff:6e:31:92:aa:40:b1:9f:52:5f:37:0e:
                    9c:d6:84:98:07:ad:35:ff:84:a5:09:c0:95:66:77:
                    06:c3:73:09:31:51:68:ec:3f:63:73:9e:a5:f6:01:
                    d1:fe:43:46:80:aa:84:be:1d:88:83:a0:11:3e:60:
                    0d:09:bd:eb:78:9e:f8:2a:e4:b9:0d:a2:ee:2c:48:
                    86:c6:4d:89:8d:e2:33:2a:44:47:8a:08:ac:43:d7:
                    e7:00:fc:19:d5:3a:96:8f:e4:32:37:27:d5:fe:2f:
                    35:9c:f7:a9:76:53:e9:e5:a5:e8:2d:96:66:ac:97:
                    4f:61:0f:c5:ff:ee:22:b2:fe:95:66:6f:c2:92:3e:
                    8b:bc:ff:da:eb:a8:1c:c4:1b:38:09:a0:36:1f:f9:
                    ee:01:70:90:c7:0a:ec:26:e2:86:ae:ea:e2:3e:ba:
                    56:71:1f:66:51:0d:dd:31:c0:d8:30:2d:ff:0b:6c:
                    3c:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:FC:B5:5A:C5:F1:D6:3B:41:C2:29:26:2D:8B:2B:35:0D:2E:F7:B6
            X509v3 Authority Key Identifier:
                keyid:55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/Z_y1WsXx1jtBwikmLYsrNQ0u97Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:a7:61:69:02:6a:eb:01:4b:7e:87:5f:ff:9a:01:b5:53:3d:
         27:fc:2a:af:0b:c8:26:c6:a3:8d:15:ad:8f:88:30:08:55:d2:
         f0:05:df:4f:75:cb:de:43:6d:64:dc:4c:12:d9:0f:02:1d:0d:
         d6:dd:f9:f1:e1:69:b8:e0:2a:19:20:3e:7d:7a:54:cd:0e:c9:
         89:35:6a:91:c7:5e:26:69:b9:90:9a:f6:1e:75:ba:a4:c7:7f:
         d6:a0:2e:48:84:0b:c0:3e:3d:84:72:46:b0:7d:30:27:1a:a7:
         29:4b:ef:e3:f6:2e:05:2c:ad:e3:c2:13:16:31:bb:e0:50:5a:
         7f:2a:f0:39:ef:dd:83:05:bd:92:1d:8e:12:1f:a6:34:e8:a5:
         bc:9b:01:c4:b3:2a:86:4a:bc:25:04:f4:e0:b6:3b:44:db:d5:
         5d:9a:63:48:4c:33:50:a1:5e:37:18:1e:d6:02:74:39:25:f6:
         6c:f8:0d:e9:fe:1d:a7:ae:9d:6d:cc:f9:22:60:62:ac:98:9c:
         a1:5c:e8:f4:91:cb:e7:48:9f:c5:2c:df:3b:8a:b0:9d:86:a7:
         2d:8b:e0:21:11:f7:22:43:33:e0:22:c4:5c:6c:c2:65:15:d7:
         9f:26:06:a2:8e:20:8b:9a:a3:f3:60:a2:df:56:0e:e7:c5:b7:
         93:a2:40:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcVb8KROKlo9IL0wcAXFf0CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ZmFkOTZkZDA1YWY4YzJkMjYxOTJjODQxMTMxZjJmOTc0
NTlmZWQwHhcNMjUwNTI4MDU0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2ZjYjU1YWM1ZjFkNjNiNDFjMjI5MjYyZDhiMmIzNTBkMmVmN2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxMgBc4rpfeZDWqAMMHonqnwg4mG
YVt9pconvTMXVxCuDEmXGAxCRUwQc3wjNPJa9icx7yeVtILts7PjClxIczUdENfd
kn8q/3WKnJL/bjGSqkCxn1JfNw6c1oSYB601/4SlCcCVZncGw3MJMVFo7D9jc56l
9gHR/kNGgKqEvh2Ig6ARPmANCb3reJ74KuS5DaLuLEiGxk2JjeIzKkRHigisQ9fn
APwZ1TqWj+QyNyfV/i81nPepdlPp5aXoLZZmrJdPYQ/F/+4isv6VZm/Ckj6LvP/a
66gcxBs4CaA2H/nuAXCQxwrsJuKGruriPrpWcR9mUQ3dMcDYMC3/C2w8wwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGf8tVrF8dY7QcIpJi2LKzUNLve2MB8GA1UdIwQY
MBaAFFX62W3QWvjC0mGSyEETHy+XRZ/tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAt
MzBmZjJjODNmMDAxLzEvWl95MVdzWHgxanRCd2lrbUxZc3JOUTB1OTdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAtMzBmZjJjODNmMDAx
LzEvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSmBMA0G
CSqGSIb3DQEBCwUAA4IBAQBhp2FpAmrrAUt+h1//mgG1Uz0n/CqvC8gmxqONFa2P
iDAIVdLwBd9PdcveQ21k3EwS2Q8CHQ3W3fnx4Wm44CoZID59elTNDsmJNWqRx14m
abmQmvYedbqkx3/WoC5IhAvAPj2EckawfTAnGqcpS+/j9i4FLK3jwhMWMbvgUFp/
KvA5792DBb2SHY4SH6Y06KW8mwHEsyqGSrwlBPTgtjtE29VdmmNITDNQoV43GB7W
AnQ5JfZs+A3p/h2nrp1tzPkiYGKsmJyhXOj0kcvnSJ/FLN87irCdhqcti+AhEfci
QzPgIsRcbMJlFdefJgaijiCLmqPzYKLfVg7nxbeTokD7
-----END CERTIFICATE-----