Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/7a7dc1-e168-4d47-b46d-40ea80892f03/1/k47IkFzsvbAU-luJwFSjcXBgPII.roa
File:                     k47IkFzsvbAU-luJwFSjcXBgPII.roa (raw, json)
Hash identifier:          LRzevFO33ciORneOuJWjPwolGOd6frxZBqlkG2Q4ros=
Subject key identifier:   93:8E:C8:90:5C:EC:BD:B0:14:FA:5B:89:C0:54:A3:71:70:60:3C:82
Certificate issuer:       /CN=59d36a21e9b368d748bab8c77bebdde2c227c6c3
Certificate serial:       0196D412E5878D7FC1308599F6E408C82CE0
Authority key identifier: 59:D3:6A:21:E9:B3:68:D7:48:BA:B8:C7:7B:EB:DD:E2:C2:27:C6:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WdNqIemzaNdIurjHe-vd4sInxsM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/7a7dc1-e168-4d47-b46d-40ea80892f03/1/k47IkFzsvbAU-luJwFSjcXBgPII.roa
Signing time:             Thu 15 May 2025 13:12:10 +0000
ROA not before:           Thu 15 May 2025 13:12:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210305
IP address blocks:        204.99.140.0/24 maxlen: 24
                          2a07:e480:110::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/7a7dc1-e168-4d47-b46d-40ea80892f03/1/WdNqIemzaNdIurjHe-vd4sInxsM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/7a7dc1-e168-4d47-b46d-40ea80892f03/1/WdNqIemzaNdIurjHe-vd4sInxsM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WdNqIemzaNdIurjHe-vd4sInxsM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d4:12:e5:87:8d:7f:c1:30:85:99:f6:e4:08:c8:2c:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59d36a21e9b368d748bab8c77bebdde2c227c6c3
        Validity
            Not Before: May 15 13:12:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=938ec8905cecbdb014fa5b89c054a37170603c82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f5:17:fa:46:65:45:3e:0e:80:bf:be:00:38:
                    66:c0:c3:a6:49:43:5b:e2:00:e0:3e:94:91:08:25:
                    0f:1e:43:ff:a2:56:cf:13:90:18:c2:0d:be:34:c5:
                    c1:ad:c4:ed:eb:58:ad:dd:48:ca:8c:51:ff:ea:6f:
                    62:ee:46:45:b2:aa:a5:85:81:f4:54:4a:84:10:3d:
                    6a:85:c2:25:92:34:b9:d5:9d:60:e6:b8:66:ac:1c:
                    7c:2b:56:a6:67:3e:f5:3c:f4:b4:69:30:e9:7f:64:
                    81:62:ce:43:20:34:74:03:86:2a:82:1f:6c:23:25:
                    7e:cc:d3:a6:a4:64:8b:e8:05:0b:d6:57:f2:93:6a:
                    c9:09:4c:78:62:e4:93:db:37:81:b6:e3:b5:7c:e2:
                    d4:25:26:a1:3d:ba:a6:37:44:c5:5b:f6:87:51:47:
                    9f:16:45:99:41:ed:44:59:6b:d5:40:7b:21:5e:da:
                    dc:b9:1a:eb:47:58:c2:d3:cf:7d:eb:bb:6b:df:e8:
                    d0:51:3c:80:fc:16:db:d6:73:28:f8:5b:f1:a4:f3:
                    78:d2:36:92:7e:7e:23:17:63:f9:44:85:5d:c8:c8:
                    21:72:53:29:26:b4:23:aa:8e:5d:c2:3f:79:70:ef:
                    e1:7a:3c:4e:b7:24:6f:96:d4:06:90:3f:39:9b:a5:
                    fa:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:8E:C8:90:5C:EC:BD:B0:14:FA:5B:89:C0:54:A3:71:70:60:3C:82
            X509v3 Authority Key Identifier:
                keyid:59:D3:6A:21:E9:B3:68:D7:48:BA:B8:C7:7B:EB:DD:E2:C2:27:C6:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WdNqIemzaNdIurjHe-vd4sInxsM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/7a7dc1-e168-4d47-b46d-40ea80892f03/1/k47IkFzsvbAU-luJwFSjcXBgPII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/7a7dc1-e168-4d47-b46d-40ea80892f03/1/WdNqIemzaNdIurjHe-vd4sInxsM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.99.140.0/24
                IPv6:
                  2a07:e480:110::/48

    Signature Algorithm: sha256WithRSAEncryption
         63:ab:60:1e:53:07:d9:7d:27:24:91:6b:58:50:a0:46:bb:ea:
         be:62:9f:57:22:9c:db:e2:1f:f5:56:a8:3e:a3:89:f2:39:33:
         e0:4e:69:f6:58:89:1e:57:a8:a8:76:fb:33:fa:0e:09:f3:8e:
         7b:4a:3f:1f:4c:4f:65:26:91:4e:ec:c3:be:a1:cd:cb:1b:49:
         c2:64:57:81:51:a4:c3:0f:4b:96:92:1a:70:58:35:80:2d:ab:
         21:5a:72:e8:ef:87:f7:79:4f:59:33:20:8a:96:d0:e5:87:c8:
         db:96:24:c3:a2:5e:92:17:a5:52:cd:d9:2d:c2:43:12:f0:8b:
         6d:b2:18:cf:6f:38:79:f2:a6:4d:59:e3:73:c8:9a:be:ab:65:
         b7:cd:2b:8b:4e:14:1d:ea:f7:81:37:ea:1c:40:a9:99:37:d7:
         e8:41:c7:01:ab:02:06:47:ff:34:82:b3:41:74:32:a5:25:d6:
         6f:1a:1c:90:ae:82:fe:d5:25:ec:df:97:8c:b3:fd:21:56:3b:
         20:85:a3:4e:12:49:90:4c:3e:6c:e5:90:b7:7e:5e:a5:f7:10:
         c8:cc:0b:5c:88:59:3f:9c:8f:d6:b4:f3:0c:27:78:d8:32:3f:
         64:cd:00:cc:5a:a8:6f:3a:3c:0e:62:ba:87:d3:5c:28:5c:8c:
         18:69:f8:7b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZbUEuWHjX/BMIWZ9uQIyCzgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5ZDM2YTIxZTliMzY4ZDc0OGJhYjhjNzdiZWJkZGUyYzIy
N2M2YzMwHhcNMjUwNTE1MTMxMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzhlYzg5MDVjZWNiZGIwMTRmYTViODljMDU0YTM3MTcwNjAzYzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvUX+kZlRT4OgL++ADhmwMOmSUNb
4gDgPpSRCCUPHkP/olbPE5AYwg2+NMXBrcTt61it3UjKjFH/6m9i7kZFsqqlhYH0
VEqEED1qhcIlkjS51Z1g5rhmrBx8K1amZz71PPS0aTDpf2SBYs5DIDR0A4Yqgh9s
IyV+zNOmpGSL6AUL1lfyk2rJCUx4YuST2zeBtuO1fOLUJSahPbqmN0TFW/aHUUef
FkWZQe1EWWvVQHshXtrcuRrrR1jC089967tr3+jQUTyA/Bbb1nMo+FvxpPN40jaS
fn4jF2P5RIVdyMghclMpJrQjqo5dwj95cO/hejxOtyRvltQGkD85m6X67QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJOOyJBc7L2wFPpbicBUo3FwYDyCMB8GA1UdIwQY
MBaAFFnTaiHps2jXSLq4x3vr3eLCJ8bDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2ROcUllbXphTmRJdXJqSGUtdmQ0c0lueHNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS83YTdkYzEtZTE2OC00ZDQ3LWI0NmQt
NDBlYTgwODkyZjAzLzEvazQ3SWtGenN2YkFVLWx1SndGU2pjWEJnUElJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS83YTdkYzEtZTE2OC00ZDQ3LWI0NmQtNDBlYTgwODkyZjAz
LzEvV2ROcUllbXphTmRJdXJqSGUtdmQ0c0lueHNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAzGOMMA8E
AgACMAkDBwAqB+SAARAwDQYJKoZIhvcNAQELBQADggEBAGOrYB5TB9l9JySRa1hQ
oEa76r5in1cinNviH/VWqD6jifI5M+BOafZYiR5XqKh2+zP6DgnzjntKPx9MT2Um
kU7sw76hzcsbScJkV4FRpMMPS5aSGnBYNYAtqyFacujvh/d5T1kzIIqW0OWHyNuW
JMOiXpIXpVLN2S3CQxLwi22yGM9vOHnypk1Z43PImr6rZbfNK4tOFB3q94E36hxA
qZk31+hBxwGrAgZH/zSCs0F0MqUl1m8aHJCugv7VJezfl4yz/SFWOyCFo04SSZBM
PmzlkLd+XqX3EMjMC1yIWT+cj9a08wwneNgyP2TNAMxaqG86PA5iuofTXChcjBhp
+Hs=
-----END CERTIFICATE-----