Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/y33SBpnij0Kjvfz-rw1jNAzGe9M.roa
File:                     y33SBpnij0Kjvfz-rw1jNAzGe9M.roa (raw, json)
Hash identifier:          +G4n27KUzm1afB/8sada6nItov0UFlI98LmgnjjGQ5c=
Subject key identifier:   CB:7D:D2:06:99:E2:8F:42:A3:BD:FC:FE:AF:0D:63:34:0C:C6:7B:D3
Certificate issuer:       /CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
Certificate serial:       0198FCEA1766DF822C3740FB04BBA5C8860E
Authority key identifier: 8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/y33SBpnij0Kjvfz-rw1jNAzGe9M.roa
Signing time:             Sat 30 Aug 2025 21:37:36 +0000
ROA not before:           Sat 30 Aug 2025 21:37:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39130
IP address blocks:        195.5.124.0/24 maxlen: 24
                          2a10:d80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 21:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:fc:ea:17:66:df:82:2c:37:40:fb:04:bb:a5:c8:86:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
        Validity
            Not Before: Aug 30 21:37:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb7dd20699e28f42a3bdfcfeaf0d63340cc67bd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:5b:60:3b:0c:47:ba:b9:ec:58:6f:e4:35:76:
                    bb:42:7d:57:3b:64:f7:81:09:be:89:ba:75:38:19:
                    88:6f:1b:82:7c:7d:6a:86:74:ff:d0:b2:6b:35:78:
                    51:1e:58:44:2c:f9:53:ce:d9:98:61:96:32:65:08:
                    8f:40:a6:48:86:91:e2:c8:78:a6:70:e3:3f:a8:c1:
                    73:72:fb:c4:64:47:b8:7d:1f:38:b0:9e:12:cf:1f:
                    df:15:f8:d2:2c:91:f9:41:bf:82:71:72:07:46:dc:
                    45:92:f5:f7:3e:91:36:75:b9:e0:df:43:c8:db:bb:
                    be:be:f7:15:60:26:4a:de:b2:c3:94:99:fe:d4:c2:
                    55:34:90:a4:25:fd:ac:2d:9a:ef:b4:19:66:b3:cc:
                    5e:c6:f6:d2:9a:e6:fd:83:54:ed:dd:29:ba:9c:33:
                    50:ff:7c:30:0f:14:df:39:1d:55:37:ec:f6:58:6b:
                    11:45:2d:cb:b6:79:c0:ca:94:be:24:24:70:a3:bb:
                    e2:c7:62:a5:7a:fc:30:27:46:43:21:ae:c7:15:54:
                    b1:ba:aa:c3:f4:5e:cf:21:74:68:bc:9c:11:a3:aa:
                    e1:5c:03:85:88:a6:a1:ac:94:8a:44:af:07:67:19:
                    63:92:55:ab:d0:cb:da:c1:58:b6:b7:5b:22:78:ae:
                    f4:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:7D:D2:06:99:E2:8F:42:A3:BD:FC:FE:AF:0D:63:34:0C:C6:7B:D3
            X509v3 Authority Key Identifier:
                keyid:8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/y33SBpnij0Kjvfz-rw1jNAzGe9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.5.124.0/24
                IPv6:
                  2a10:d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         75:65:95:a2:59:11:14:43:a6:32:39:23:12:5b:79:09:8b:3c:
         8b:0f:2c:7f:86:eb:fd:d4:78:4c:53:56:20:bc:15:e1:4c:aa:
         b7:e7:de:44:11:63:5f:21:14:ae:20:9a:be:77:0e:3a:b4:9a:
         27:3f:dd:99:7b:a4:10:31:73:55:2c:38:40:77:fd:c7:b5:1c:
         ff:1a:53:d7:07:f9:73:33:30:a7:83:75:4d:71:1c:25:9c:6f:
         4a:21:4a:b6:a8:40:bc:42:29:a7:f5:99:06:4f:2d:68:55:5b:
         63:10:d6:2d:81:14:b8:6d:a5:9b:25:d4:c3:5e:5e:c9:56:50:
         aa:c2:b5:44:4e:6d:74:8b:d0:a5:d4:1d:c6:63:74:e2:47:7b:
         1e:78:27:a6:39:6b:0b:94:cf:f1:82:71:1e:54:bb:51:3f:f7:
         44:3d:49:d3:67:ec:c5:35:5b:25:2c:23:40:7f:f2:10:b6:df:
         37:e2:cb:a6:46:27:c9:d8:28:c2:20:41:08:60:c1:0e:92:a6:
         4b:1d:26:17:da:11:9f:f7:b3:f9:b3:36:b5:2c:f9:40:e5:bd:
         b3:8b:59:e0:77:ad:01:78:f7:f5:7b:58:08:1b:7f:13:0a:9f:
         1f:ae:c4:0a:ed:61:61:a4:8e:52:cd:3f:cb:5e:27:f8:5e:06:
         a7:60:d9:c7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZj86hdm34IsN0D7BLulyIYOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGY3NmM1NGI5ZTY5MzVjMzBhOWI0YzliYTkzMDlhYzQ3
MGVjMDIwHhcNMjUwODMwMjEzNzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjdkZDIwNjk5ZTI4ZjQyYTNiZGZjZmVhZjBkNjMzNDBjYzY3YmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVtgOwxHurnsWG/kNXa7Qn1XO2T3
gQm+ibp1OBmIbxuCfH1qhnT/0LJrNXhRHlhELPlTztmYYZYyZQiPQKZIhpHiyHim
cOM/qMFzcvvEZEe4fR84sJ4Szx/fFfjSLJH5Qb+CcXIHRtxFkvX3PpE2dbng30PI
27u+vvcVYCZK3rLDlJn+1MJVNJCkJf2sLZrvtBlms8xexvbSmub9g1Tt3Sm6nDNQ
/3wwDxTfOR1VN+z2WGsRRS3LtnnAypS+JCRwo7vix2KlevwwJ0ZDIa7HFVSxuqrD
9F7PIXRovJwRo6rhXAOFiKahrJSKRK8HZxljklWr0MvawVi2t1sieK70TwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMt90gaZ4o9Co738/q8NYzQMxnvTMB8GA1UdIwQY
MBaAFIvfdsVLnmk1wwqbTJupMJrEcOwCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgt
OGQyMTg2NjUwMjdkLzEveTMzU0JwbmlqMEtqdmZ6LXJ3MWpOQXpHZTlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgtOGQyMTg2NjUwMjdk
LzEvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwwV8MA0E
AgACMAcDBQMqEA2AMA0GCSqGSIb3DQEBCwUAA4IBAQB1ZZWiWREUQ6YyOSMSW3kJ
izyLDyx/huv91HhMU1YgvBXhTKq3595EEWNfIRSuIJq+dw46tJonP92Ze6QQMXNV
LDhAd/3HtRz/GlPXB/lzMzCng3VNcRwlnG9KIUq2qEC8Qimn9ZkGTy1oVVtjENYt
gRS4baWbJdTDXl7JVlCqwrVETm10i9Cl1B3GY3TiR3seeCemOWsLlM/xgnEeVLtR
P/dEPUnTZ+zFNVslLCNAf/IQtt834sumRifJ2CjCIEEIYMEOkqZLHSYX2hGf97P5
sza1LPlA5b2zi1ngd60BePf1e1gIG38TCp8frsQK7WFhpI5SzT/LXif4XganYNnH
-----END CERTIFICATE-----