Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/I5aarYiM-goUW477Ov8AhLUgl5k.roa
File:                     I5aarYiM-goUW477Ov8AhLUgl5k.roa (raw, json)
Hash identifier:          CgJlVudWPHeCj96sK9qKukfdq52UuVvM4VWhcidna2c=
Subject key identifier:   23:96:9A:AD:88:8C:FA:0A:14:5B:8E:FB:3A:FF:00:84:B5:20:97:99
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       01990F1E186A510A31FA9A490A4FBF3F69B6
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/I5aarYiM-goUW477Ov8AhLUgl5k.roa
Signing time:             Wed 03 Sep 2025 10:27:34 +0000
ROA not before:           Wed 03 Sep 2025 10:27:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29066
IP address blocks:        213.21.228.0/24 maxlen: 24
                          213.21.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 10:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0f:1e:18:6a:51:0a:31:fa:9a:49:0a:4f:bf:3f:69:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Sep  3 10:27:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23969aad888cfa0a145b8efb3aff0084b5209799
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:51:5a:26:01:94:8a:75:f6:4f:6f:78:0d:36:
                    82:fc:37:30:19:73:94:65:30:82:8a:91:5a:54:ca:
                    c3:4f:f9:b6:73:5a:63:f0:32:c3:fe:ad:ab:87:89:
                    c3:3b:19:f8:7e:e5:95:9a:95:cc:26:13:a1:29:d5:
                    bf:ea:23:d0:a6:40:1e:ed:4c:ec:b5:1e:c7:12:7a:
                    f1:ce:e4:75:57:0c:93:37:ea:52:26:b9:72:cb:e1:
                    88:db:40:d0:8c:52:1d:c9:d8:21:4e:2a:fa:34:5b:
                    69:be:7f:40:23:3a:d7:00:f8:e0:80:a0:1f:22:e3:
                    01:64:29:90:84:41:31:55:ed:ac:31:51:00:41:bf:
                    1b:ef:9c:17:8e:ea:82:a4:9d:0d:ce:47:f7:f4:92:
                    4b:52:4b:bf:60:b2:e9:4e:03:34:bc:47:22:94:92:
                    ef:1e:21:2c:88:14:98:3b:df:16:6b:3c:c8:67:f9:
                    96:bd:d5:6a:7f:00:f3:2e:89:d8:ab:2a:20:c7:2a:
                    e5:14:32:8c:d4:25:23:8a:1a:89:0e:fd:e8:fb:12:
                    d2:85:c7:05:3a:55:05:c4:40:4f:eb:1d:27:9f:d6:
                    4f:02:94:c9:90:b7:77:04:54:c1:57:8e:df:8d:6d:
                    dc:94:e0:c5:af:3a:82:60:ca:06:7c:03:9e:5f:5b:
                    e2:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:96:9A:AD:88:8C:FA:0A:14:5B:8E:FB:3A:FF:00:84:B5:20:97:99
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/I5aarYiM-goUW477Ov8AhLUgl5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.21.228.0/24
                  213.21.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:58:d3:21:e1:64:5d:91:72:12:14:52:6d:f7:e1:ac:29:b8:
         2b:1a:e5:ac:96:f6:0e:f4:4a:50:db:f0:df:ea:84:df:0b:a3:
         b7:86:fc:20:bd:e5:d5:fe:f2:63:25:cc:7d:b9:54:8f:bd:2a:
         2b:24:df:af:fa:d2:dc:06:e7:1e:1c:09:ed:fc:7c:df:ee:d2:
         2d:9b:49:08:e5:60:70:22:55:29:63:33:b1:e3:0c:35:66:41:
         58:a8:03:89:a3:21:62:b9:38:74:eb:ec:d9:39:2a:68:04:aa:
         8a:1d:5c:72:4f:82:d5:4a:0d:6f:10:b2:58:d8:60:70:31:64:
         63:c4:3d:7c:d1:30:d8:7b:a2:6c:5a:0d:38:b3:4f:0b:48:f6:
         47:a0:72:92:88:3f:a6:a3:d2:e8:f2:63:44:45:b6:e6:aa:ba:
         e7:0a:62:6e:7b:e8:cd:9c:3a:9d:57:63:7b:d9:39:34:35:39:
         77:4a:70:22:62:0c:ef:4b:b9:54:c1:3c:d7:cc:d3:8f:31:51:
         9a:1a:3e:3c:b1:b8:0c:00:c2:94:04:8d:b0:58:71:a1:7b:22:
         12:6f:c9:c1:11:4c:28:61:51:0b:84:a7:68:8a:44:4b:ca:29:
         5c:d7:0f:8e:92:8d:2a:3a:e4:eb:35:03:e1:ba:ff:24:50:ea:
         9a:0b:40:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZkPHhhqUQox+ppJCk+/P2m2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjUwOTAzMTAyNzM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzk2OWFhZDg4OGNmYTBhMTQ1YjhlZmIzYWZmMDA4NGI1MjA5Nzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFFaJgGUinX2T294DTaC/DcwGXOU
ZTCCipFaVMrDT/m2c1pj8DLD/q2rh4nDOxn4fuWVmpXMJhOhKdW/6iPQpkAe7Uzs
tR7HEnrxzuR1VwyTN+pSJrlyy+GI20DQjFIdydghTir6NFtpvn9AIzrXAPjggKAf
IuMBZCmQhEExVe2sMVEAQb8b75wXjuqCpJ0Nzkf39JJLUku/YLLpTgM0vEcilJLv
HiEsiBSYO98WazzIZ/mWvdVqfwDzLonYqyogxyrlFDKM1CUjihqJDv3o+xLShccF
OlUFxEBP6x0nn9ZPApTJkLd3BFTBV47fjW3clODFrzqCYMoGfAOeX1vixwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCOWmq2IjPoKFFuO+zr/AIS1IJeZMB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvSTVhYXJZaU0tZ29VVzQ3N092OEFoTFVnbDVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1RXkAwQA
1RXyMA0GCSqGSIb3DQEBCwUAA4IBAQBhWNMh4WRdkXISFFJt9+GsKbgrGuWslvYO
9EpQ2/Df6oTfC6O3hvwgveXV/vJjJcx9uVSPvSorJN+v+tLcBuceHAnt/Hzf7tIt
m0kI5WBwIlUpYzOx4ww1ZkFYqAOJoyFiuTh06+zZOSpoBKqKHVxyT4LVSg1vELJY
2GBwMWRjxD180TDYe6JsWg04s08LSPZHoHKSiD+mo9Lo8mNERbbmqrrnCmJue+jN
nDqdV2N72Tk0NTl3SnAiYgzvS7lUwTzXzNOPMVGaGj48sbgMAMKUBI2wWHGheyIS
b8nBEUwoYVELhKdoikRLyilc1w+Oko0qOuTrNQPhuv8kUOqaC0Cg
-----END CERTIFICATE-----