Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/dn1vnZRa9kuqEddAwEi9P4Z3P3c.roa
File:                     dn1vnZRa9kuqEddAwEi9P4Z3P3c.roa (raw, json)
Hash identifier:          d4yd52wyrJsJedCN/uOwpkfdmbkjoSuZU6hNRlAqpK0=
Subject key identifier:   76:7D:6F:9D:94:5A:F6:4B:AA:11:D7:40:C0:48:BD:3F:86:77:3F:77
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196E1CD9D5FFF7DB770FE65CEF84F4A2818
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/dn1vnZRa9kuqEddAwEi9P4Z3P3c.roa
Signing time:             Sun 18 May 2025 05:11:10 +0000
ROA not before:           Sun 18 May 2025 05:11:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215951
IP address blocks:        37.202.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 19:08:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e1:cd:9d:5f:ff:7d:b7:70:fe:65:ce:f8:4f:4a:28:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 18 05:11:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=767d6f9d945af64baa11d740c048bd3f86773f77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:85:b9:7b:63:da:c9:47:99:73:d0:22:37:4f:
                    26:e5:f5:fc:bd:6b:86:35:4a:8a:16:2f:8d:27:3c:
                    0a:3e:2c:ab:25:05:25:30:e3:6f:5c:c8:9a:f3:d0:
                    5d:38:5b:bf:96:53:11:d8:49:0b:27:49:01:ae:b3:
                    7b:cd:f1:93:77:07:b2:fe:16:c9:6a:5b:6c:73:2c:
                    73:d6:5d:7f:70:1a:82:68:46:0d:ab:2b:db:37:fa:
                    23:09:b0:88:5d:be:98:11:7f:1f:d1:0e:0d:4f:bd:
                    f7:41:e7:c0:46:7a:37:09:11:a8:25:25:87:c4:0f:
                    8c:a2:1e:01:4d:90:cb:0b:ba:7a:8d:2b:30:23:dc:
                    eb:05:c2:6a:df:b4:ce:63:8f:e5:fa:e0:0e:64:be:
                    0f:9f:6b:a4:31:fc:44:c5:1e:69:a5:45:55:24:e9:
                    4e:5b:9d:1f:ce:05:3b:5a:d0:9d:f6:0e:37:74:0d:
                    a0:b6:98:2e:ff:db:1c:bc:60:8c:88:49:d4:fb:20:
                    96:5e:dd:f2:c0:27:37:5f:d5:fe:5c:2a:40:dd:18:
                    01:6b:0b:b9:16:17:37:6b:9c:c7:4d:2a:ba:5c:dc:
                    49:a4:49:49:24:f3:d7:9c:83:4d:54:ed:64:2b:a0:
                    12:a3:78:11:d1:82:49:13:9b:44:5e:52:64:83:8f:
                    2f:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:7D:6F:9D:94:5A:F6:4B:AA:11:D7:40:C0:48:BD:3F:86:77:3F:77
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/dn1vnZRa9kuqEddAwEi9P4Z3P3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:96:9d:52:65:12:f1:2a:81:4d:46:ad:88:3b:e2:62:9d:02:
         7d:c9:34:a2:26:70:f0:8a:d3:3c:0a:2d:17:f0:9a:a8:f1:80:
         02:5f:f2:d5:04:8f:4d:dc:aa:af:1d:b6:38:54:e4:8d:79:eb:
         41:09:4f:5d:e0:0e:02:b1:74:3e:d1:b3:6c:3e:ef:25:29:7a:
         e7:f2:8e:61:b4:18:77:77:54:45:15:04:27:b0:0b:b2:fd:f8:
         3a:52:b9:19:82:9c:dd:16:28:0e:d9:5b:46:41:87:3c:9e:96:
         8a:70:b7:0b:76:f5:14:94:5b:70:af:9e:92:72:e9:ae:99:8b:
         82:94:aa:86:8d:b1:b7:01:6e:8e:e8:ac:c9:35:1a:a5:d4:13:
         87:64:02:1b:0a:2d:34:44:40:ab:aa:e5:b2:c9:24:74:42:8b:
         99:0d:85:b7:9b:3f:a2:2f:24:a1:73:17:1e:e1:2a:fc:02:36:
         bc:aa:dc:23:a4:0b:fb:7b:fe:64:13:87:88:26:56:a1:4b:2a:
         cb:f7:dd:ab:a9:eb:2d:35:60:a5:54:e1:9b:02:35:f1:05:55:
         0c:18:ff:1a:00:42:0f:8c:1b:c3:8f:b8:51:12:bd:f1:af:a8:
         10:ab:5a:47:7d:47:43:cc:44:24:13:d0:89:f0:1f:1a:52:2d:
         0d:4d:08:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbhzZ1f/323cP5lzvhPSigYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTE4MDUxMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjdkNmY5ZDk0NWFmNjRiYWExMWQ3NDBjMDQ4YmQzZjg2NzczZjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0IW5e2PayUeZc9AiN08m5fX8vWuG
NUqKFi+NJzwKPiyrJQUlMONvXMia89BdOFu/llMR2EkLJ0kBrrN7zfGTdwey/hbJ
altscyxz1l1/cBqCaEYNqyvbN/ojCbCIXb6YEX8f0Q4NT733QefARno3CRGoJSWH
xA+Moh4BTZDLC7p6jSswI9zrBcJq37TOY4/l+uAOZL4Pn2ukMfxExR5ppUVVJOlO
W50fzgU7WtCd9g43dA2gtpgu/9scvGCMiEnU+yCWXt3ywCc3X9X+XCpA3RgBawu5
Fhc3a5zHTSq6XNxJpElJJPPXnINNVO1kK6ASo3gR0YJJE5tEXlJkg48vVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZ9b52UWvZLqhHXQMBIvT+Gdz93MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvZG4xdm5aUmE5a3VxRWRkQXdFaTlQNFozUDNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJcrDMA0G
CSqGSIb3DQEBCwUAA4IBAQC3lp1SZRLxKoFNRq2IO+JinQJ9yTSiJnDwitM8Ci0X
8Jqo8YACX/LVBI9N3KqvHbY4VOSNeetBCU9d4A4CsXQ+0bNsPu8lKXrn8o5htBh3
d1RFFQQnsAuy/fg6UrkZgpzdFigO2VtGQYc8npaKcLcLdvUUlFtwr56ScumumYuC
lKqGjbG3AW6O6KzJNRql1BOHZAIbCi00RECrquWyySR0QouZDYW3mz+iLyShcxce
4Sr8Aja8qtwjpAv7e/5kE4eIJlahSyrL992rqestNWClVOGbAjXxBVUMGP8aAEIP
jBvDj7hREr3xr6gQq1pHfUdDzEQkE9CJ8B8aUi0NTQjk
-----END CERTIFICATE-----