Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/x_3yNA2PKdnI1wLd8Ez_YK-zxP4.roa
File:                     x_3yNA2PKdnI1wLd8Ez_YK-zxP4.roa (raw, json)
Hash identifier:          DlPSxcRx7THUf3XmSC4nmfhGWUpRLK3tS4Z99FqsNaQ=
Subject key identifier:   C7:FD:F2:34:0D:8F:29:D9:C8:D7:02:DD:F0:4C:FF:60:AF:B3:C4:FE
Certificate issuer:       /CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
Certificate serial:       0196E8F521B071277FA0232B9A9C0E92F8D6
Authority key identifier: 95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/x_3yNA2PKdnI1wLd8Ez_YK-zxP4.roa
Signing time:             Mon 19 May 2025 14:31:40 +0000
ROA not before:           Mon 19 May 2025 14:31:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213873
IP address blocks:        203.55.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e8:f5:21:b0:71:27:7f:a0:23:2b:9a:9c:0e:92:f8:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
        Validity
            Not Before: May 19 14:31:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7fdf2340d8f29d9c8d702ddf04cff60afb3c4fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:4a:87:54:48:d1:80:e9:45:e6:e6:f0:bc:ec:
                    37:1a:02:8a:01:99:4a:1e:bf:a5:83:f8:8e:c5:ea:
                    26:d4:b4:c9:38:c5:21:60:21:15:2e:4b:31:ce:2c:
                    0e:23:1d:61:1b:99:5e:b0:82:5a:55:4d:9e:33:86:
                    2f:00:28:94:eb:96:13:a1:fa:af:a4:74:2e:cb:18:
                    61:1a:66:a7:5a:6f:69:ae:f8:a7:ff:0e:7f:40:0e:
                    22:7c:08:12:0e:d1:f9:18:28:92:a6:06:ef:2f:ea:
                    f7:dc:1f:dd:71:95:50:dc:a1:b6:04:d9:f6:e1:c1:
                    76:0a:40:7e:53:4e:3a:5d:2e:6f:7b:9d:58:7a:fa:
                    6b:52:6d:85:12:41:4a:6b:29:0a:38:69:61:d9:29:
                    cd:82:19:da:00:48:78:14:5b:36:f2:f4:96:04:a2:
                    9a:95:b7:79:8f:97:ff:7c:54:39:a7:0c:d5:bf:15:
                    3b:68:0e:3d:9c:bb:89:32:48:c9:a4:5f:61:40:5c:
                    25:c1:f5:67:95:5a:5c:8f:f0:64:77:ed:68:a9:16:
                    50:ee:9b:8f:b9:a4:aa:28:dd:05:2d:6e:4f:17:4a:
                    81:d9:10:1d:af:1a:5a:fc:70:b4:4d:54:5f:9f:bc:
                    c4:22:c4:47:40:d2:9e:2d:61:e8:1b:c1:0e:cf:44:
                    89:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:FD:F2:34:0D:8F:29:D9:C8:D7:02:DD:F0:4C:FF:60:AF:B3:C4:FE
            X509v3 Authority Key Identifier:
                keyid:95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/x_3yNA2PKdnI1wLd8Ez_YK-zxP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.55.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:f7:79:bc:ef:18:cc:0f:54:2e:7d:52:37:f5:74:f2:17:6c:
         2d:09:a8:c4:70:c7:66:f5:17:d3:cf:15:e1:d6:fc:07:a1:7a:
         4b:13:5e:74:97:2d:4c:57:c5:0e:ab:5c:bc:dc:2c:ef:4c:7e:
         b8:e1:af:3e:17:f7:57:ff:be:b4:d0:ee:61:78:a3:bf:23:e2:
         78:2a:81:53:27:ce:aa:06:cc:2f:59:67:0c:8d:7b:1a:92:35:
         4d:3a:e2:68:33:2a:ae:c8:54:fe:93:78:b7:28:1f:c6:e8:4d:
         35:3e:89:22:5a:3e:4b:40:e9:71:6f:21:ae:97:6a:35:5b:ef:
         0f:34:5a:46:3d:68:4a:1a:48:24:0a:44:89:5b:55:79:08:30:
         57:fd:fb:02:c6:ef:da:d1:fc:bd:71:e5:8d:7f:f7:9c:0f:d1:
         0e:e9:2d:7d:bd:cb:e5:29:02:7f:9d:6f:42:e7:03:a5:df:4f:
         78:6f:bb:bb:40:e8:70:3b:9e:f1:e9:cf:5c:a4:a2:92:e4:6a:
         2d:36:20:52:e4:8b:fb:0f:f7:eb:e1:f4:29:29:c5:4c:67:b8:
         64:34:f3:40:fb:24:fb:5e:a7:86:3d:ba:8c:a6:40:76:56:20:
         2e:ab:35:a3:c7:d9:77:c2:27:55:4d:4c:1b:9a:7d:ff:14:55:
         a3:2c:4b:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbo9SGwcSd/oCMrmpwOkvjWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjJhYjY3OTIyY2UwMjc1ZThjNjFhYmZhODJkMmE3NTRh
ZjZkYzQwHhcNMjUwNTE5MTQzMTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2ZkZjIzNDBkOGYyOWQ5YzhkNzAyZGRmMDRjZmY2MGFmYjNjNGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEqHVEjRgOlF5ubwvOw3GgKKAZlK
Hr+lg/iOxeom1LTJOMUhYCEVLksxziwOIx1hG5lesIJaVU2eM4YvACiU65YTofqv
pHQuyxhhGmanWm9prvin/w5/QA4ifAgSDtH5GCiSpgbvL+r33B/dcZVQ3KG2BNn2
4cF2CkB+U046XS5ve51YevprUm2FEkFKaykKOGlh2SnNghnaAEh4FFs28vSWBKKa
lbd5j5f/fFQ5pwzVvxU7aA49nLuJMkjJpF9hQFwlwfVnlVpcj/Bkd+1oqRZQ7puP
uaSqKN0FLW5PF0qB2RAdrxpa/HC0TVRfn7zEIsRHQNKeLWHoG8EOz0SJDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMf98jQNjynZyNcC3fBM/2Cvs8T+MB8GA1UdIwQY
MBaAFJUiq2eSLOAnXoxhq/qC0qdUr23EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEt
ZTUyNmE5NDA5ZmI4LzEveF8zeU5BMlBLZG5JMXdMZDhFel9ZSy16eFA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEtZTUyNmE5NDA5ZmI4
LzEvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyzdRMA0G
CSqGSIb3DQEBCwUAA4IBAQAk93m87xjMD1QufVI39XTyF2wtCajEcMdm9RfTzxXh
1vwHoXpLE150ly1MV8UOq1y83CzvTH644a8+F/dX/7600O5heKO/I+J4KoFTJ86q
BswvWWcMjXsakjVNOuJoMyquyFT+k3i3KB/G6E01PokiWj5LQOlxbyGul2o1W+8P
NFpGPWhKGkgkCkSJW1V5CDBX/fsCxu/a0fy9ceWNf/ecD9EO6S19vcvlKQJ/nW9C
5wOl3094b7u7QOhwO57x6c9cpKKS5GotNiBS5Iv7D/fr4fQpKcVMZ7hkNPNA+yT7
XqeGPbqMpkB2ViAuqzWjx9l3widVTUwbmn3/FFWjLEtx
-----END CERTIFICATE-----