Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/djyQgKDBzjTtDqekGHCbyDvwrGE.roa
File:                     djyQgKDBzjTtDqekGHCbyDvwrGE.roa (raw, json)
Hash identifier:          cybcX12xZijqQUsvS6pf9buN4wQXxjv+dDk5QDV0/Ys=
Subject key identifier:   76:3C:90:80:A0:C1:CE:34:ED:0E:A7:A4:18:70:9B:C8:3B:F0:AC:61
Certificate issuer:       /CN=db1d6eba463b7564abfae938b46ed47187de0ec0
Certificate serial:       0197103196DDFA7F579DD776EB37B8175D0E
Authority key identifier: DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/djyQgKDBzjTtDqekGHCbyDvwrGE.roa
Signing time:             Tue 27 May 2025 05:22:54 +0000
ROA not before:           Tue 27 May 2025 05:22:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51765
IP address blocks:        146.19.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:10:31:96:dd:fa:7f:57:9d:d7:76:eb:37:b8:17:5d:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db1d6eba463b7564abfae938b46ed47187de0ec0
        Validity
            Not Before: May 27 05:22:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=763c9080a0c1ce34ed0ea7a418709bc83bf0ac61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:63:41:f2:f1:3d:fc:ad:8a:fe:ef:f8:7e:58:
                    9d:62:d2:99:73:9e:03:87:10:91:ac:d3:3f:d5:f6:
                    90:dc:9e:44:32:70:ff:49:a0:6a:de:e4:d6:9e:2b:
                    29:0c:81:a2:08:a1:e7:85:60:54:39:76:2e:51:25:
                    71:e6:bf:63:d4:10:f8:2a:e0:54:24:20:96:fd:c6:
                    a7:a6:8a:43:f1:b0:87:d2:d5:24:78:0c:54:cc:e4:
                    7c:0c:a4:f1:75:47:81:5c:8c:0e:9d:3e:e7:60:18:
                    6c:58:6b:5c:23:7f:28:19:0a:20:b8:8d:36:cf:d1:
                    cc:c0:de:11:bb:a5:e1:b5:16:10:ad:c8:4f:6d:08:
                    3b:54:f5:e3:eb:3f:d8:44:e5:18:14:6d:d1:8f:4b:
                    e9:54:43:8a:4a:70:6b:33:e3:52:e9:d3:14:dd:33:
                    ed:e9:14:09:54:da:d4:b8:4a:07:fc:95:62:25:f0:
                    3b:26:04:88:90:0d:8d:e3:7e:21:77:8d:ec:69:03:
                    5e:d2:19:43:8d:b4:49:8c:c1:a9:5a:5a:8f:43:18:
                    2a:a0:37:25:e5:eb:78:1f:e0:cb:b5:09:d6:d8:71:
                    67:8a:58:00:13:4b:a1:fb:84:36:7a:dd:3e:f8:d3:
                    63:5a:3b:13:3f:64:e2:3b:28:60:d5:b9:c8:21:2e:
                    9a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:3C:90:80:A0:C1:CE:34:ED:0E:A7:A4:18:70:9B:C8:3B:F0:AC:61
            X509v3 Authority Key Identifier:
                keyid:DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/djyQgKDBzjTtDqekGHCbyDvwrGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:88:60:06:86:05:98:92:b9:56:c1:aa:39:5b:0f:78:36:48:
         af:43:f2:21:6d:d5:e8:fe:6a:b9:ad:53:c8:43:35:f3:74:65:
         59:ab:bf:1d:55:44:3e:26:e5:30:d4:1d:72:82:1b:05:3a:83:
         f3:47:1d:1b:70:60:ce:8c:82:0b:5d:72:c0:e1:87:03:2f:74:
         8d:87:42:65:56:b5:2e:cb:20:9b:2a:c2:7e:d1:40:93:32:8a:
         a4:2c:22:af:78:78:c6:ea:4d:91:6b:5d:69:06:37:26:d9:4e:
         40:5b:f9:44:c7:1a:4a:71:91:55:01:39:97:bd:ed:19:56:37:
         84:ef:d6:a6:9f:25:b3:e5:f9:0d:81:ed:13:ea:81:fd:30:5b:
         51:37:90:a8:c5:2b:0a:16:90:7b:6c:e9:d1:f4:f6:42:3e:78:
         64:88:a8:f1:bc:c5:ec:87:fa:5c:92:6c:b2:fc:e6:3d:8d:e8:
         07:d4:53:08:74:e9:67:b0:57:45:47:05:3e:5d:19:e0:9f:d6:
         94:7e:85:68:4b:e5:8a:2c:22:ba:4d:45:3b:a9:21:cc:31:28:
         3d:5e:5f:cd:8d:ae:cc:34:69:39:b7:90:42:b9:d6:f2:37:0e:
         8a:97:9e:b3:da:99:5a:29:ed:0b:2b:c6:b8:b2:7c:21:6d:cb:
         dc:78:39:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcQMZbd+n9Xndd26ze4F10OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMWQ2ZWJhNDYzYjc1NjRhYmZhZTkzOGI0NmVkNDcxODdk
ZTBlYzAwHhcNMjUwNTI3MDUyMjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjNjOTA4MGEwYzFjZTM0ZWQwZWE3YTQxODcwOWJjODNiZjBhYzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2WNB8vE9/K2K/u/4flidYtKZc54D
hxCRrNM/1faQ3J5EMnD/SaBq3uTWnispDIGiCKHnhWBUOXYuUSVx5r9j1BD4KuBU
JCCW/canpopD8bCH0tUkeAxUzOR8DKTxdUeBXIwOnT7nYBhsWGtcI38oGQoguI02
z9HMwN4Ru6XhtRYQrchPbQg7VPXj6z/YROUYFG3Rj0vpVEOKSnBrM+NS6dMU3TPt
6RQJVNrUuEoH/JViJfA7JgSIkA2N434hd43saQNe0hlDjbRJjMGpWlqPQxgqoDcl
5et4H+DLtQnW2HFnilgAE0uh+4Q2et0++NNjWjsTP2TiOyhg1bnIIS6ahwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHY8kICgwc407Q6npBhwm8g78KxhMB8GA1UdIwQY
MBaAFNsdbrpGO3Vkq/rpOLRu1HGH3g7AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAt
NmYyY2Y0ZjAzY2ViLzEvZGp5UWdLREJ6alR0RHFla0dIQ2J5RHZ3ckdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAtNmYyY2Y0ZjAzY2Vi
LzEvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhOMMA0G
CSqGSIb3DQEBCwUAA4IBAQCgiGAGhgWYkrlWwao5Ww94NkivQ/IhbdXo/mq5rVPI
QzXzdGVZq78dVUQ+JuUw1B1yghsFOoPzRx0bcGDOjIILXXLA4YcDL3SNh0JlVrUu
yyCbKsJ+0UCTMoqkLCKveHjG6k2Ra11pBjcm2U5AW/lExxpKcZFVATmXve0ZVjeE
79amnyWz5fkNge0T6oH9MFtRN5CoxSsKFpB7bOnR9PZCPnhkiKjxvMXsh/pckmyy
/OY9jegH1FMIdOlnsFdFRwU+XRngn9aUfoVoS+WKLCK6TUU7qSHMMSg9Xl/Nja7M
NGk5t5BCudbyNw6Kl56z2plaKe0LK8a4snwhbcvceDnK
-----END CERTIFICATE-----