Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/YVwxp9vRo78D3Zkq4PWUJjvh2ys.roa
File:                     YVwxp9vRo78D3Zkq4PWUJjvh2ys.roa (raw, json)
Hash identifier:          6SWi7F6i8jnqxlALTm3akUKfwciw3a80Vo8UDIGTBq0=
Subject key identifier:   61:5C:31:A7:DB:D1:A3:BF:03:DD:99:2A:E0:F5:94:26:3B:E1:DB:2B
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       01942827ADE01A1B50A64340FED420D6C005
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/YVwxp9vRo78D3Zkq4PWUJjvh2ys.roa
Signing time:             Thu 02 Jan 2025 17:54:36 +0000
ROA not before:           Thu 02 Jan 2025 17:54:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26383
IP address blocks:        213.182.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:ad:e0:1a:1b:50:a6:43:40:fe:d4:20:d6:c0:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Jan  2 17:54:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=615c31a7dbd1a3bf03dd992ae0f594263be1db2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:86:f6:89:28:4f:5f:2e:3d:ee:6e:cc:37:20:
                    13:c2:42:07:de:35:b7:d5:38:4d:3a:de:0c:8e:8c:
                    e0:b0:89:48:00:4f:bd:29:af:1d:14:d6:7d:7d:39:
                    48:18:04:5c:a2:96:7f:4e:d4:88:5c:2b:61:1b:d4:
                    e8:6b:db:fb:74:fa:6a:77:57:34:b1:20:bf:1f:4d:
                    d7:b7:47:dd:00:ef:a3:1b:79:d3:8b:09:47:f5:57:
                    1d:ad:62:5e:04:0b:7a:00:37:d3:ff:ba:7b:c4:54:
                    48:5b:78:b8:3b:47:85:f3:45:47:77:4e:50:1b:90:
                    3e:b4:b9:90:a9:9b:e5:0e:ff:01:6d:54:64:c3:59:
                    c1:e9:e0:ba:b2:9d:d8:07:dc:1b:af:00:61:f3:7e:
                    e9:2c:be:07:17:14:c3:d3:0e:27:42:39:eb:c4:9f:
                    af:d5:1a:cd:41:ab:55:07:a1:9f:5d:2b:c0:43:25:
                    ea:35:06:66:39:2f:81:46:b6:19:05:cd:33:ba:b8:
                    a6:99:82:b8:e9:94:4b:f2:67:59:b5:b3:fa:22:e8:
                    dd:87:b4:4e:66:47:f7:c1:3c:7b:b9:07:50:a8:66:
                    78:d4:01:1c:65:e5:c0:5e:d8:76:55:2e:c3:15:76:
                    09:a2:8d:64:58:5a:b2:a6:9c:d6:b7:f9:4e:e6:34:
                    f0:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:5C:31:A7:DB:D1:A3:BF:03:DD:99:2A:E0:F5:94:26:3B:E1:DB:2B
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/YVwxp9vRo78D3Zkq4PWUJjvh2ys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.182.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:68:e4:bc:23:c9:a8:ea:56:85:56:30:94:62:e2:06:a5:84:
         92:31:02:cc:7f:2c:4e:a2:25:46:c8:26:ce:c2:1f:84:a8:2c:
         be:d6:43:c2:2b:45:a5:42:d4:a1:86:0b:c5:ee:24:76:84:3c:
         8b:ad:e0:a6:12:03:f5:03:83:19:77:42:50:e9:87:33:7b:01:
         af:1a:3c:18:eb:d1:1b:3e:74:33:92:5e:ff:00:9d:19:f4:b3:
         4e:2d:bd:0c:d8:92:c8:0e:cf:59:ce:c9:b8:8b:bf:ee:7c:d8:
         6a:bd:f9:72:70:5e:0f:e4:7e:8c:7f:68:a8:c0:4a:b0:69:b4:
         42:42:c6:06:f8:ff:d5:64:88:86:3e:62:87:ee:9c:ce:82:06:
         7b:26:b7:6c:27:78:4e:84:0c:14:5a:4e:4e:cc:33:97:f0:1f:
         b5:14:0d:94:d8:b0:cc:13:e7:6d:b6:bd:49:d9:27:8a:75:4c:
         11:aa:d0:68:eb:27:01:6b:85:3c:8d:c8:7c:ed:b5:11:6d:91:
         34:1a:68:f1:a1:ad:f5:ca:77:38:76:97:ed:a2:7b:f0:d7:d9:
         1f:c6:b4:3e:26:63:ce:98:a4:bd:25:3c:3b:ee:ba:70:bb:a8:
         67:ea:11:1b:1c:70:9b:cc:5a:04:00:7d:44:53:b5:74:9a:0a:
         d4:3a:28:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ63gGhtQpkNA/tQg1sAFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjUwMTAyMTc1NDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTVjMzFhN2RiZDFhM2JmMDNkZDk5MmFlMGY1OTQyNjNiZTFkYjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIb2iShPXy497m7MNyATwkIH3jW3
1ThNOt4MjozgsIlIAE+9Ka8dFNZ9fTlIGARcopZ/TtSIXCthG9Toa9v7dPpqd1c0
sSC/H03Xt0fdAO+jG3nTiwlH9VcdrWJeBAt6ADfT/7p7xFRIW3i4O0eF80VHd05Q
G5A+tLmQqZvlDv8BbVRkw1nB6eC6sp3YB9wbrwBh837pLL4HFxTD0w4nQjnrxJ+v
1RrNQatVB6GfXSvAQyXqNQZmOS+BRrYZBc0zurimmYK46ZRL8mdZtbP6Iujdh7RO
Zkf3wTx7uQdQqGZ41AEcZeXAXth2VS7DFXYJoo1kWFqyppzWt/lO5jTwaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGFcMafb0aO/A92ZKuD1lCY74dsrMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvWVZ3eHA5dlJvNzhEM1prcTRQV1VKanZoMnlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bbMMA0G
CSqGSIb3DQEBCwUAA4IBAQCHaOS8I8mo6laFVjCUYuIGpYSSMQLMfyxOoiVGyCbO
wh+EqCy+1kPCK0WlQtShhgvF7iR2hDyLreCmEgP1A4MZd0JQ6YczewGvGjwY69Eb
PnQzkl7/AJ0Z9LNOLb0M2JLIDs9Zzsm4i7/ufNhqvflycF4P5H6Mf2iowEqwabRC
QsYG+P/VZIiGPmKH7pzOggZ7JrdsJ3hOhAwUWk5OzDOX8B+1FA2U2LDME+dttr1J
2SeKdUwRqtBo6ycBa4U8jch87bURbZE0Gmjxoa31ync4dpftonvw19kfxrQ+JmPO
mKS9JTw77rpwu6hn6hEbHHCbzFoEAH1EU7V0mgrUOihZ
-----END CERTIFICATE-----