Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/LdSX0TNAWu1GANikgGHJZKbN5ts.roa
File:                     LdSX0TNAWu1GANikgGHJZKbN5ts.roa (raw, json)
Hash identifier:          XzH2guM8uD41A2haqYmLeH+1CfMtNp2yUb4pKTWFFOk=
Subject key identifier:   2D:D4:97:D1:33:40:5A:ED:46:00:D8:A4:80:61:C9:64:A6:CD:E6:DB
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       019727CC124F18FEF04CEF99DBEA4C1EDF86
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/LdSX0TNAWu1GANikgGHJZKbN5ts.roa
Signing time:             Sat 31 May 2025 19:22:54 +0000
ROA not before:           Sat 31 May 2025 19:22:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24768
IP address blocks:        213.182.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 20:42:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:27:cc:12:4f:18:fe:f0:4c:ef:99:db:ea:4c:1e:df:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: May 31 19:22:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2dd497d133405aed4600d8a48061c964a6cde6db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ad:d9:31:b3:dc:84:24:67:7c:02:c9:04:c2:
                    ce:43:7b:56:55:2b:b4:26:e9:25:a0:1e:91:25:c4:
                    2a:a8:e7:18:d7:fb:08:72:9f:b9:7f:92:cf:56:a3:
                    8f:b1:87:d4:d6:a1:76:54:9b:ab:ba:8b:61:22:06:
                    77:42:7e:8a:8e:bd:c0:c9:56:14:a9:98:30:8b:ce:
                    66:19:d7:d4:42:93:83:e5:ea:e5:54:bd:19:cb:0d:
                    c6:89:41:56:71:c2:2b:62:e7:1a:89:a0:52:ec:63:
                    e7:d4:27:bf:e6:50:ae:6e:fb:41:cb:1a:53:ef:50:
                    cf:ca:08:78:a1:2d:c7:c1:23:05:97:de:15:c7:c0:
                    99:2d:15:c9:d0:57:37:ad:24:e3:3d:78:dd:49:4d:
                    63:17:29:c3:ea:f3:b1:c1:4a:83:05:fa:1b:44:70:
                    a6:73:64:cf:e7:2e:0b:33:d7:9a:a2:d9:4d:06:23:
                    d6:f6:d3:48:39:4f:fb:14:1b:c1:40:f2:e1:31:33:
                    10:5d:37:95:15:30:90:6c:98:69:b9:76:6f:cd:ad:
                    f6:17:07:38:26:0f:22:ab:6e:a0:76:fb:d8:16:f0:
                    af:f8:d5:7e:6e:d3:a0:09:f0:ab:77:f4:75:ba:d6:
                    fd:04:f6:a7:23:87:34:20:a2:53:f4:16:22:01:09:
                    fb:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:D4:97:D1:33:40:5A:ED:46:00:D8:A4:80:61:C9:64:A6:CD:E6:DB
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/LdSX0TNAWu1GANikgGHJZKbN5ts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.182.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:5e:74:02:81:c8:b4:6d:5d:64:ff:28:7b:1b:77:30:2d:f5:
         8a:5b:b9:51:c8:0a:f7:ef:db:a3:c8:cb:57:18:cd:a2:ab:d3:
         8d:27:05:6e:31:6f:70:51:c4:8b:e5:09:9d:02:73:90:49:46:
         fb:bb:a4:19:34:14:bc:62:36:27:37:6a:9d:0a:60:4b:1a:0b:
         4b:e0:a1:fa:1d:e8:8a:dc:2a:ec:15:c9:00:3d:b4:67:a6:30:
         76:8d:10:5d:c9:b1:9e:c3:bd:94:30:b4:d7:e7:7f:14:79:8f:
         c3:b7:5d:f4:8d:46:ee:28:8f:ab:12:3a:87:43:25:ee:c1:2b:
         21:98:9a:64:58:6d:a6:85:48:15:d3:62:33:1f:c3:f9:bc:a0:
         a0:fb:57:3e:07:a9:5a:6e:92:87:ef:04:cb:f4:49:22:9f:0c:
         4d:27:11:02:7e:63:79:60:c2:cb:d6:5e:e6:a7:4e:c3:88:a1:
         3b:fe:5d:6d:04:a8:df:e6:56:b7:04:1c:2e:04:13:4a:d8:cd:
         d3:cb:aa:16:36:9b:73:26:c8:a6:fc:89:cf:81:95:89:32:17:
         ae:36:f2:3f:b9:3e:58:e6:ab:28:39:45:68:65:7e:26:83:e4:
         e0:7e:c4:08:a0:e6:99:fa:8c:10:d4:af:7d:04:47:3e:a0:43:
         01:d4:5f:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcnzBJPGP7wTO+Z2+pMHt+GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjUwNTMxMTkyMjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGQ0OTdkMTMzNDA1YWVkNDYwMGQ4YTQ4MDYxYzk2NGE2Y2RlNmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr63ZMbPchCRnfALJBMLOQ3tWVSu0
JukloB6RJcQqqOcY1/sIcp+5f5LPVqOPsYfU1qF2VJuruothIgZ3Qn6Kjr3AyVYU
qZgwi85mGdfUQpOD5erlVL0Zyw3GiUFWccIrYucaiaBS7GPn1Ce/5lCubvtByxpT
71DPygh4oS3HwSMFl94Vx8CZLRXJ0Fc3rSTjPXjdSU1jFynD6vOxwUqDBfobRHCm
c2TP5y4LM9eaotlNBiPW9tNIOU/7FBvBQPLhMTMQXTeVFTCQbJhpuXZvza32Fwc4
Jg8iq26gdvvYFvCv+NV+btOgCfCrd/R1utb9BPanI4c0IKJT9BYiAQn71QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC3Ul9EzQFrtRgDYpIBhyWSmzebbMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvTGRTWDBUTkFXdTFHQU5pa2dHSEpaS2JONXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bbDMA0G
CSqGSIb3DQEBCwUAA4IBAQA2XnQCgci0bV1k/yh7G3cwLfWKW7lRyAr379ujyMtX
GM2iq9ONJwVuMW9wUcSL5QmdAnOQSUb7u6QZNBS8YjYnN2qdCmBLGgtL4KH6HeiK
3CrsFckAPbRnpjB2jRBdybGew72UMLTX538UeY/Dt130jUbuKI+rEjqHQyXuwSsh
mJpkWG2mhUgV02IzH8P5vKCg+1c+B6labpKH7wTL9EkinwxNJxECfmN5YMLL1l7m
p07DiKE7/l1tBKjf5la3BBwuBBNK2M3Ty6oWNptzJsim/InPgZWJMheuNvI/uT5Y
5qsoOUVoZX4mg+TgfsQIoOaZ+owQ1K99BEc+oEMB1F8m
-----END CERTIFICATE-----