Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/tR6Fa03gzifqR6_y9F-SUYuYgcc.roa
File:                     tR6Fa03gzifqR6_y9F-SUYuYgcc.roa (raw, json)
Hash identifier:          uncWfY5Wy22Nief+j+lCY37qfqCxhpjeMeXy7CgUPqE=
Subject key identifier:   B5:1E:85:6B:4D:E0:CE:27:EA:47:AF:F2:F4:5F:92:51:8B:98:81:C7
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       019523FCC4104D674D46EF85485B35031D23
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/tR6Fa03gzifqR6_y9F-SUYuYgcc.roa
Signing time:             Thu 20 Feb 2025 15:32:02 +0000
ROA not before:           Thu 20 Feb 2025 15:32:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397423
IP address blocks:        195.216.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:23:fc:c4:10:4d:67:4d:46:ef:85:48:5b:35:03:1d:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Feb 20 15:32:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b51e856b4de0ce27ea47aff2f45f92518b9881c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:9c:5f:00:b6:08:e5:7d:1e:71:a2:68:12:61:
                    6e:d9:99:d3:cd:6f:9b:9e:8a:57:92:4a:45:c8:d8:
                    2d:71:64:32:ff:e9:80:87:bf:71:52:6a:8e:d9:97:
                    b0:a1:2b:81:13:a5:2d:5a:1c:f1:20:81:31:9c:07:
                    cc:9d:11:ca:39:d5:b6:c7:fe:4d:e1:d2:b8:5e:0e:
                    b6:81:2d:43:7e:c2:61:89:64:46:d2:60:61:58:51:
                    75:23:69:6a:13:db:f0:23:df:5a:89:30:d5:15:3d:
                    dd:32:e2:f9:d4:a8:b7:6a:ce:b0:e9:24:19:d3:e9:
                    68:49:85:ff:00:b4:b8:f7:ef:61:1a:fb:fb:7f:08:
                    95:37:2e:ea:0c:05:eb:8c:50:fb:dc:b5:61:09:49:
                    98:df:d6:9f:b0:18:36:84:1d:53:9e:4e:bf:ab:b5:
                    ac:a6:a5:c5:c5:3a:28:a8:8b:27:2d:fb:c1:ab:4b:
                    c0:89:53:38:d5:59:4c:50:d5:31:f7:21:09:41:65:
                    47:9a:7d:79:0b:dc:3b:f2:60:fe:48:44:b8:df:df:
                    43:56:1f:8c:1f:e1:35:51:4e:b3:22:e4:17:1b:5d:
                    3f:7f:8a:31:87:20:32:6f:ef:73:96:0d:f6:8a:f4:
                    ee:ba:25:e4:91:57:bb:f8:ad:b3:2a:b5:a7:b1:6f:
                    11:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:1E:85:6B:4D:E0:CE:27:EA:47:AF:F2:F4:5F:92:51:8B:98:81:C7
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/tR6Fa03gzifqR6_y9F-SUYuYgcc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:7a:6c:c1:91:6f:ce:31:72:59:6f:82:b5:57:7b:3f:64:03:
         f7:29:bc:59:32:a3:8f:60:b7:1c:65:9e:d6:f0:b9:e4:5b:ba:
         75:07:ca:25:7e:56:c4:ac:78:db:01:ad:d7:7c:71:fb:ae:ef:
         f1:af:a4:08:28:44:29:15:85:0a:85:e0:cf:0d:68:96:dd:50:
         08:8a:4d:f2:13:20:3a:ab:08:cb:90:98:b2:1c:0c:82:75:c2:
         b2:0d:4f:bf:fc:0f:34:88:4e:55:38:c3:71:cd:b4:fe:84:57:
         28:97:4c:20:fc:60:1f:cd:37:04:bb:92:60:1c:8e:ee:55:fd:
         a4:1a:cd:6f:c2:bc:99:d5:80:d9:ac:21:3e:4a:b6:dd:6c:db:
         32:ee:a4:77:ee:74:97:f4:eb:5b:41:d9:67:6f:44:80:36:0e:
         b5:fb:89:74:92:5d:d6:c7:57:85:75:18:20:1e:b6:bc:ef:5f:
         4f:19:1b:f9:a6:62:b5:7f:92:55:08:72:62:94:17:72:ff:13:
         25:a5:1f:85:02:0c:b4:cd:d9:b0:60:de:ca:c1:77:45:35:4e:
         4e:da:38:a1:55:ec:11:f0:1d:df:7c:07:76:40:90:21:f4:10:
         d8:42:68:d4:c6:b4:56:d0:40:89:73:e2:0c:45:7a:96:d6:ff:
         4b:4a:3f:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUj/MQQTWdNRu+FSFs1Ax0jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjUwMjIwMTUzMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTFlODU2YjRkZTBjZTI3ZWE0N2FmZjJmNDVmOTI1MThiOTg4MWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpxfALYI5X0ecaJoEmFu2ZnTzW+b
nopXkkpFyNgtcWQy/+mAh79xUmqO2ZewoSuBE6UtWhzxIIExnAfMnRHKOdW2x/5N
4dK4Xg62gS1DfsJhiWRG0mBhWFF1I2lqE9vwI99aiTDVFT3dMuL51Ki3as6w6SQZ
0+loSYX/ALS49+9hGvv7fwiVNy7qDAXrjFD73LVhCUmY39afsBg2hB1Tnk6/q7Ws
pqXFxTooqIsnLfvBq0vAiVM41VlMUNUx9yEJQWVHmn15C9w78mD+SES4399DVh+M
H+E1UU6zIuQXG10/f4oxhyAyb+9zlg32ivTuuiXkkVe7+K2zKrWnsW8RaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLUehWtN4M4n6kev8vRfklGLmIHHMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvdFI2RmEwM2d6aWZxUjZfeTlGLVNVWXVZZ2NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9i1MA0G
CSqGSIb3DQEBCwUAA4IBAQB9emzBkW/OMXJZb4K1V3s/ZAP3KbxZMqOPYLccZZ7W
8LnkW7p1B8olflbErHjbAa3XfHH7ru/xr6QIKEQpFYUKheDPDWiW3VAIik3yEyA6
qwjLkJiyHAyCdcKyDU+//A80iE5VOMNxzbT+hFcol0wg/GAfzTcEu5JgHI7uVf2k
Gs1vwryZ1YDZrCE+SrbdbNsy7qR37nSX9OtbQdlnb0SANg61+4l0kl3Wx1eFdRgg
Hra8719PGRv5pmK1f5JVCHJilBdy/xMlpR+FAgy0zdmwYN7KwXdFNU5O2jihVewR
8B3ffAd2QJAh9BDYQmjUxrRW0ECJc+IMRXqW1v9LSj+y
-----END CERTIFICATE-----