Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/qWpzvRDGfVICOAas6EpA5TLROBI.roa
File:                     qWpzvRDGfVICOAas6EpA5TLROBI.roa (raw, json)
Hash identifier:          0F40XY0fiwK+HQCyTtXfsCoNfyawPos3cmHr8KSTvbw=
Subject key identifier:   A9:6A:73:BD:10:C6:7D:52:02:38:06:AC:E8:4A:40:E5:32:D1:38:12
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       0196DF2ADD6E5AC9C0596DF9A907BD0D8263
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/qWpzvRDGfVICOAas6EpA5TLROBI.roa
Signing time:             Sat 17 May 2025 16:54:10 +0000
ROA not before:           Sat 17 May 2025 16:54:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213990
IP address blocks:        195.216.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:df:2a:dd:6e:5a:c9:c0:59:6d:f9:a9:07:bd:0d:82:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: May 17 16:54:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a96a73bd10c67d52023806ace84a40e532d13812
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:f8:bf:c1:eb:79:29:53:f3:5b:4f:2c:1c:d8:
                    b7:5e:ef:24:75:b2:25:c8:1d:7d:8f:18:74:d7:ac:
                    3a:35:64:3a:62:27:1b:fb:ee:45:01:f1:22:1c:25:
                    f8:10:f1:b8:12:00:56:90:7d:f8:a3:c1:4b:65:f6:
                    42:a3:d3:b6:a1:66:53:55:90:ed:a0:dc:6c:8f:b0:
                    ab:e2:9a:42:5f:5f:cc:25:5e:1d:0e:25:eb:dc:80:
                    1c:7d:49:50:f8:75:c8:d5:c8:bd:57:5a:76:ea:cb:
                    23:fd:51:38:ca:33:d3:b2:75:98:cb:4b:b4:49:38:
                    bf:cb:bc:56:a2:e6:7d:83:47:a9:8d:eb:f2:4d:5e:
                    77:a5:bf:21:03:94:a6:58:05:92:67:e6:fd:39:ca:
                    a6:98:0d:68:4b:80:07:43:87:1c:cc:b0:6e:68:80:
                    49:a9:a3:b1:2b:4c:9e:35:9b:5d:49:a1:f8:c2:6b:
                    39:b3:c7:18:f5:64:4b:76:6e:ad:0f:74:7a:eb:8e:
                    84:fa:35:66:c1:7d:11:11:21:2c:dc:6a:0d:99:78:
                    e6:fc:1f:5b:b1:f2:3a:c3:14:36:ed:00:06:70:86:
                    ad:13:ed:ca:8a:9e:4c:9c:3a:a6:e9:a2:6e:82:ab:
                    fb:10:7a:38:2a:c3:14:67:79:b3:9d:6b:20:c1:e7:
                    e4:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:6A:73:BD:10:C6:7D:52:02:38:06:AC:E8:4A:40:E5:32:D1:38:12
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/qWpzvRDGfVICOAas6EpA5TLROBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:8c:34:d4:0a:3c:01:8d:b5:e2:c9:fd:1b:fe:66:8e:4b:62:
         dd:95:8c:4e:fa:fc:43:a1:28:b3:3c:90:a2:cc:73:37:e5:72:
         a5:98:eb:e7:fe:8f:cc:d5:d3:42:91:c3:7a:36:24:15:96:14:
         79:21:19:68:db:27:ac:f5:42:16:78:c6:7b:24:64:0e:6a:91:
         83:b0:62:95:95:01:fa:ad:b7:18:a1:d8:f7:c6:26:39:0f:c0:
         1b:d7:72:97:32:3d:cb:0a:1a:24:c8:43:67:ac:6f:16:eb:4f:
         5f:e0:a2:99:e2:ac:23:78:ea:26:eb:f1:af:c0:9c:5f:c9:8d:
         64:2d:9c:b6:9b:b3:0a:d9:4a:5c:08:2e:95:ba:03:ce:45:35:
         75:fa:e3:8a:87:c6:d8:4e:00:37:ce:d9:fc:73:25:dc:83:a1:
         8f:d6:22:48:15:35:0e:54:78:d3:13:c4:e1:6b:46:d2:80:99:
         b4:dc:70:e8:f5:69:4c:ad:60:00:74:e7:04:33:1e:fc:a4:6c:
         35:05:49:42:05:67:74:79:f3:10:f4:85:e3:af:17:77:d5:67:
         10:83:59:13:c6:c0:f6:f6:d0:d7:14:bb:c2:a8:a6:2a:3b:d0:
         9e:6c:e6:5b:b9:fa:0a:e3:4b:9a:cf:f7:e8:64:fb:77:9f:09:
         95:bb:58:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbfKt1uWsnAWW35qQe9DYJjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjUwNTE3MTY1NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTZhNzNiZDEwYzY3ZDUyMDIzODA2YWNlODRhNDBlNTMyZDEzODEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5/i/wet5KVPzW08sHNi3Xu8kdbIl
yB19jxh016w6NWQ6Yicb++5FAfEiHCX4EPG4EgBWkH34o8FLZfZCo9O2oWZTVZDt
oNxsj7Cr4ppCX1/MJV4dDiXr3IAcfUlQ+HXI1ci9V1p26ssj/VE4yjPTsnWYy0u0
STi/y7xWouZ9g0epjevyTV53pb8hA5SmWAWSZ+b9OcqmmA1oS4AHQ4cczLBuaIBJ
qaOxK0yeNZtdSaH4wms5s8cY9WRLdm6tD3R6646E+jVmwX0RESEs3GoNmXjm/B9b
sfI6wxQ27QAGcIatE+3Kip5MnDqm6aJugqv7EHo4KsMUZ3mznWsgwefkdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKlqc70Qxn1SAjgGrOhKQOUy0TgSMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvcVdwenZSREdmVklDT0FhczZFcEE1VExST0JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9i2MA0G
CSqGSIb3DQEBCwUAA4IBAQB0jDTUCjwBjbXiyf0b/maOS2LdlYxO+vxDoSizPJCi
zHM35XKlmOvn/o/M1dNCkcN6NiQVlhR5IRlo2yes9UIWeMZ7JGQOapGDsGKVlQH6
rbcYodj3xiY5D8Ab13KXMj3LChokyENnrG8W609f4KKZ4qwjeOom6/GvwJxfyY1k
LZy2m7MK2UpcCC6VugPORTV1+uOKh8bYTgA3ztn8cyXcg6GP1iJIFTUOVHjTE8Th
a0bSgJm03HDo9WlMrWAAdOcEMx78pGw1BUlCBWd0efMQ9IXjrxd31WcQg1kTxsD2
9tDXFLvCqKYqO9CebOZbufoK40uaz/foZPt3nwmVu1iQ
-----END CERTIFICATE-----