Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/s34gFp_Dg8YCv8xU55YOYuR_tp0.roa
File:                     s34gFp_Dg8YCv8xU55YOYuR_tp0.roa (raw, json)
Hash identifier:          6OSop7WtLWi7lLLdg7yDCXvjXq4AkQqEA6GX04GSf58=
Subject key identifier:   B3:7E:20:16:9F:C3:83:C6:02:BF:CC:54:E7:96:0E:62:E4:7F:B6:9D
Certificate issuer:       /CN=464952bc165441ec6e2e2010c933dc830f361731
Certificate serial:       0196CF472C7DD4CFB9AFB3DDE54B926C7127
Authority key identifier: 46:49:52:BC:16:54:41:EC:6E:2E:20:10:C9:33:DC:83:0F:36:17:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/s34gFp_Dg8YCv8xU55YOYuR_tp0.roa
Signing time:             Wed 14 May 2025 14:51:10 +0000
ROA not before:           Wed 14 May 2025 14:51:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210141
IP address blocks:        188.213.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:cf:47:2c:7d:d4:cf:b9:af:b3:dd:e5:4b:92:6c:71:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=464952bc165441ec6e2e2010c933dc830f361731
        Validity
            Not Before: May 14 14:51:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b37e20169fc383c602bfcc54e7960e62e47fb69d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:8e:5d:92:6e:f6:9c:7d:da:f5:52:dd:6a:35:
                    ed:9d:ef:7a:71:27:64:e9:3b:2e:9c:b8:58:eb:bc:
                    54:13:f9:09:b9:85:bb:09:2f:b7:16:4e:13:a5:3f:
                    d7:73:07:56:a7:d2:bd:ce:1c:bb:b7:51:21:a3:65:
                    da:e1:5b:19:f9:6d:c9:dd:a3:b0:0c:26:13:41:ed:
                    a4:57:ba:77:ad:2b:bb:c3:b1:97:94:b9:fd:09:c5:
                    99:0c:25:ff:a5:5e:5c:d3:8e:b2:cb:cc:ec:d2:5d:
                    77:de:a4:b1:a8:95:f1:4b:69:c7:01:2e:a6:d3:6e:
                    fa:d8:94:11:4a:12:85:38:ab:17:f9:9a:a7:b8:e3:
                    51:f3:9a:84:cb:d7:e7:ba:be:f7:f6:de:23:c1:27:
                    c4:9b:26:53:5b:cd:a5:fa:31:53:69:b2:96:76:98:
                    f6:42:bc:97:e4:f1:a1:4e:50:f3:88:c2:56:5b:b6:
                    18:fe:9c:e1:6c:ba:60:6e:8a:9e:5e:dd:f8:15:6f:
                    e9:35:ae:a0:b1:ed:43:d1:aa:10:f4:bc:4a:17:62:
                    f8:1f:30:8a:20:11:0f:f2:1e:2d:9b:8d:82:44:f3:
                    9b:0b:9d:80:da:45:60:0e:c2:72:44:55:2b:e2:1f:
                    bd:30:59:2c:8b:dc:eb:0d:9d:f2:e5:b9:9a:04:40:
                    4d:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:7E:20:16:9F:C3:83:C6:02:BF:CC:54:E7:96:0E:62:E4:7F:B6:9D
            X509v3 Authority Key Identifier:
                keyid:46:49:52:BC:16:54:41:EC:6E:2E:20:10:C9:33:DC:83:0F:36:17:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/s34gFp_Dg8YCv8xU55YOYuR_tp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.213.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:a6:ea:6d:7f:fe:1e:87:33:3c:d1:a9:f8:7e:fe:3b:12:16:
         3a:19:af:75:54:95:29:da:77:d0:3d:63:9a:1e:2a:5c:5e:b6:
         08:09:d8:de:47:3d:69:07:90:13:12:72:bd:4b:b2:90:ab:07:
         46:f4:df:db:e6:c7:95:82:57:77:f0:1d:3e:d6:8c:7c:68:36:
         c0:13:9c:db:20:2c:a5:5c:e4:ce:e9:1d:06:fb:f6:e7:20:15:
         9a:ee:76:12:00:65:15:c4:e8:b7:97:40:2a:e1:8c:86:61:71:
         12:0a:95:dd:17:f6:71:c2:9d:3f:f1:99:3b:63:34:65:53:d1:
         df:63:c0:0b:74:20:71:5e:46:c4:48:f6:18:bf:44:ce:59:ba:
         08:65:47:73:75:41:1e:c5:11:7d:68:73:db:12:33:e9:8e:7c:
         1e:91:b0:cc:df:12:cd:4e:26:f1:6f:ec:fd:b8:18:41:9f:35:
         ad:b1:99:53:32:e7:8d:7d:e3:79:0a:5d:1e:49:e2:ad:f8:03:
         c0:3a:90:de:82:1a:67:4f:3f:fa:82:0e:f7:ee:56:d1:9f:8a:
         3b:7e:aa:7f:50:7a:77:46:05:50:0b:3f:9b:58:19:7f:1b:ae:
         2b:60:5b:33:02:9c:e1:e3:fb:44:c0:ed:8e:4b:b1:c2:1d:fd:
         e6:4c:99:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbPRyx91M+5r7Pd5UuSbHEnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NDk1MmJjMTY1NDQxZWM2ZTJlMjAxMGM5MzNkYzgzMGYz
NjE3MzEwHhcNMjUwNTE0MTQ1MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzdlMjAxNjlmYzM4M2M2MDJiZmNjNTRlNzk2MGU2MmU0N2ZiNjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu45dkm72nH3a9VLdajXtne96cSdk
6TsunLhY67xUE/kJuYW7CS+3Fk4TpT/XcwdWp9K9zhy7t1Eho2Xa4VsZ+W3J3aOw
DCYTQe2kV7p3rSu7w7GXlLn9CcWZDCX/pV5c046yy8zs0l133qSxqJXxS2nHAS6m
02762JQRShKFOKsX+ZqnuONR85qEy9fnur739t4jwSfEmyZTW82l+jFTabKWdpj2
QryX5PGhTlDziMJWW7YY/pzhbLpgboqeXt34FW/pNa6gse1D0aoQ9LxKF2L4HzCK
IBEP8h4tm42CRPObC52A2kVgDsJyRFUr4h+9MFksi9zrDZ3y5bmaBEBNWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLN+IBafw4PGAr/MVOeWDmLkf7adMB8GA1UdIwQY
MBaAFEZJUrwWVEHsbi4gEMkz3IMPNhcxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmtsU3ZCWlVRZXh1TGlBUXlUUGNndzgyRnpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8wMTA1OGEtNGE4Mi00ODE4LTk3MmQt
ODQyODU4MTIyYmJjLzEvczM0Z0ZwX0RnOFlDdjh4VTU1WU9ZdVJfdHAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8wMTA1OGEtNGE4Mi00ODE4LTk3MmQtODQyODU4MTIyYmJj
LzEvUmtsU3ZCWlVRZXh1TGlBUXlUUGNndzgyRnpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNXVMA0G
CSqGSIb3DQEBCwUAA4IBAQC0puptf/4ehzM80an4fv47EhY6Ga91VJUp2nfQPWOa
HipcXrYICdjeRz1pB5ATEnK9S7KQqwdG9N/b5seVgld38B0+1ox8aDbAE5zbICyl
XOTO6R0G+/bnIBWa7nYSAGUVxOi3l0Aq4YyGYXESCpXdF/Zxwp0/8Zk7YzRlU9Hf
Y8ALdCBxXkbESPYYv0TOWboIZUdzdUEexRF9aHPbEjPpjnwekbDM3xLNTibxb+z9
uBhBnzWtsZlTMueNfeN5Cl0eSeKt+APAOpDeghpnTz/6gg737lbRn4o7fqp/UHp3
RgVQCz+bWBl/G64rYFszApzh4/tEwO2OS7HCHf3mTJn0
-----END CERTIFICATE-----