Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/1pYkybGgKOUsse4DTksz46U1UVk.roa
File:                     1pYkybGgKOUsse4DTksz46U1UVk.roa (raw, json)
Hash identifier:          TAfzGG00BI7uAR7rTZh0yLg+7xDY58D62iiCBqbod3s=
Subject key identifier:   D6:96:24:C9:B1:A0:28:E5:2C:B1:EE:03:4E:4B:33:E3:A5:35:51:59
Certificate issuer:       /CN=217b7ab062bc828b348d05306e65354748b9d6d6
Certificate serial:       01973B022B4260698F61322E1D92803AA939
Authority key identifier: 21:7B:7A:B0:62:BC:82:8B:34:8D:05:30:6E:65:35:47:48:B9:D6:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/1pYkybGgKOUsse4DTksz46U1UVk.roa
Signing time:             Wed 04 Jun 2025 12:54:47 +0000
ROA not before:           Wed 04 Jun 2025 12:54:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215882
IP address blocks:        146.19.59.0/24 maxlen: 24
                          146.19.59.0/25 maxlen: 25
                          146.19.59.128/25 maxlen: 25
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/IXt6sGK8gos0jQUwbmU1R0i51tY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/IXt6sGK8gos0jQUwbmU1R0i51tY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3b:02:2b:42:60:69:8f:61:32:2e:1d:92:80:3a:a9:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=217b7ab062bc828b348d05306e65354748b9d6d6
        Validity
            Not Before: Jun  4 12:54:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d69624c9b1a028e52cb1ee034e4b33e3a5355159
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c2:be:54:04:55:8e:26:5e:7e:59:c0:21:30:
                    cc:27:0a:29:73:5f:d6:52:f6:5a:52:92:ff:dc:97:
                    4d:47:6e:14:1e:3c:3d:c9:8e:74:7c:e2:d2:31:82:
                    0e:29:5c:34:cc:fc:17:b2:a7:cb:d1:90:60:4f:60:
                    5a:06:56:c6:44:36:ae:45:da:90:9f:f1:8e:10:89:
                    ac:cb:9a:d6:ba:bb:63:f6:9c:2b:dd:05:14:3f:03:
                    21:5b:3c:e3:fc:ce:16:88:b3:22:41:db:a1:5b:f2:
                    0a:83:a0:e2:6e:4e:d0:28:c4:d5:cb:ca:7f:f1:ea:
                    ba:00:bf:e6:a8:a7:f0:ad:29:b3:a0:11:2b:55:97:
                    d9:df:68:e6:46:63:84:0a:e8:37:60:22:e4:92:de:
                    b4:c7:b4:f5:60:b8:fb:81:d9:91:a4:c4:07:83:9a:
                    11:49:55:d9:12:de:f7:c9:7a:58:47:64:19:8d:33:
                    8b:2a:41:00:8b:af:d0:bf:35:00:05:42:27:e9:78:
                    f2:04:0a:96:c2:a6:2e:d7:15:2e:66:21:dc:ce:32:
                    11:29:e6:d1:94:ab:2f:62:42:39:f4:24:e2:78:f7:
                    f6:35:60:aa:77:9e:70:59:53:ee:9b:b9:21:ee:cb:
                    d7:50:9e:88:c1:5a:c2:42:83:83:f2:76:22:24:3f:
                    42:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:96:24:C9:B1:A0:28:E5:2C:B1:EE:03:4E:4B:33:E3:A5:35:51:59
            X509v3 Authority Key Identifier:
                keyid:21:7B:7A:B0:62:BC:82:8B:34:8D:05:30:6E:65:35:47:48:B9:D6:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/1pYkybGgKOUsse4DTksz46U1UVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/IXt6sGK8gos0jQUwbmU1R0i51tY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:3b:06:6f:2e:71:65:3c:17:4e:ec:81:01:74:1d:1e:45:e1:
         e6:b6:a5:eb:3e:04:0b:10:67:47:0a:d0:6f:a9:d9:95:ba:a7:
         2a:24:21:74:d2:16:88:2e:3a:da:af:14:f7:07:cf:b8:46:76:
         0b:ac:7d:2b:64:a4:09:63:38:8a:ba:8a:e0:0e:f5:cf:1d:11:
         45:d9:ad:18:44:03:cc:21:31:52:86:00:b8:b2:0d:88:99:2b:
         76:42:52:0f:f4:7d:a4:db:ba:42:3e:aa:77:68:4f:57:e8:a5:
         b4:f5:f6:ff:1e:4c:55:54:0f:f9:0a:ca:0a:8e:51:95:b9:46:
         9b:9c:8a:3e:2c:e6:12:e2:92:8e:47:17:66:39:60:02:26:28:
         4f:15:84:85:db:db:53:7b:54:b3:46:13:9d:5a:fe:3d:91:fd:
         28:23:b7:69:e5:26:d8:0f:15:68:2f:23:20:58:4e:b3:83:20:
         9c:a4:54:6c:07:a6:86:56:18:15:98:46:be:1e:6b:fb:37:99:
         f2:9d:37:ac:17:d1:45:02:cf:10:14:77:c2:f8:ea:fe:e8:73:
         7f:a3:64:fe:6d:16:49:0f:db:f1:42:3c:ea:0a:92:2a:fa:27:
         0a:8b:0d:20:ee:ae:73:68:6c:d3:cc:8b:8d:c2:93:27:db:20:
         70:53:23:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc7AitCYGmPYTIuHZKAOqk5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxN2I3YWIwNjJiYzgyOGIzNDhkMDUzMDZlNjUzNTQ3NDhi
OWQ2ZDYwHhcNMjUwNjA0MTI1NDQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjk2MjRjOWIxYTAyOGU1MmNiMWVlMDM0ZTRiMzNlM2E1MzU1MTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncK+VARVjiZeflnAITDMJwopc1/W
UvZaUpL/3JdNR24UHjw9yY50fOLSMYIOKVw0zPwXsqfL0ZBgT2BaBlbGRDauRdqQ
n/GOEImsy5rWurtj9pwr3QUUPwMhWzzj/M4WiLMiQduhW/IKg6Dibk7QKMTVy8p/
8eq6AL/mqKfwrSmzoBErVZfZ32jmRmOECug3YCLkkt60x7T1YLj7gdmRpMQHg5oR
SVXZEt73yXpYR2QZjTOLKkEAi6/QvzUABUIn6XjyBAqWwqYu1xUuZiHczjIRKebR
lKsvYkI59CTiePf2NWCqd55wWVPum7kh7svXUJ6IwVrCQoOD8nYiJD9CfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNaWJMmxoCjlLLHuA05LM+OlNVFZMB8GA1UdIwQY
MBaAFCF7erBivIKLNI0FMG5lNUdIudbWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVh0NnNHSzhnb3MwalFVd2JtVTFSMGk1MXRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9hOGRhZGMtNjExYi00MDYzLWFkYjYt
NTViNjU5Y2Q4MmJiLzEvMXBZa3liR2dLT1Vzc2U0RFRrc3o0NlUxVVZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9hOGRhZGMtNjExYi00MDYzLWFkYjYtNTViNjU5Y2Q4MmJi
LzEvSVh0NnNHSzhnb3MwalFVd2JtVTFSMGk1MXRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhM7MA0G
CSqGSIb3DQEBCwUAA4IBAQBIOwZvLnFlPBdO7IEBdB0eReHmtqXrPgQLEGdHCtBv
qdmVuqcqJCF00haILjrarxT3B8+4RnYLrH0rZKQJYziKuorgDvXPHRFF2a0YRAPM
ITFShgC4sg2ImSt2QlIP9H2k27pCPqp3aE9X6KW09fb/HkxVVA/5CsoKjlGVuUab
nIo+LOYS4pKORxdmOWACJihPFYSF29tTe1SzRhOdWv49kf0oI7dp5SbYDxVoLyMg
WE6zgyCcpFRsB6aGVhgVmEa+Hmv7N5nynTesF9FFAs8QFHfC+Or+6HN/o2T+bRZJ
D9vxQjzqCpIq+icKiw0g7q5zaGzTzIuNwpMn2yBwUyMo
-----END CERTIFICATE-----