Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/02vGpL6-3nXJHwSBvN9lXUgbi74.roa
File:                     02vGpL6-3nXJHwSBvN9lXUgbi74.roa (raw, json)
Hash identifier:          ksLKWo621jduGsOvhJ7s2q3Q8Y3l+tWFD99a19w6yRA=
Subject key identifier:   D3:6B:C6:A4:BE:BE:DE:75:C9:1F:04:81:BC:DF:65:5D:48:1B:8B:BE
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       0196ECA49322E65D88F11E44B1AA1EC877D9
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/02vGpL6-3nXJHwSBvN9lXUgbi74.roa
Signing time:             Tue 20 May 2025 07:42:10 +0000
ROA not before:           Tue 20 May 2025 07:42:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214783
IP address blocks:        86.105.224.0/24 maxlen: 24
                          146.19.172.0/24 maxlen: 24
                          185.234.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 12 Jun 2025 15:40:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ec:a4:93:22:e6:5d:88:f1:1e:44:b1:aa:1e:c8:77:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: May 20 07:42:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d36bc6a4bebede75c91f0481bcdf655d481b8bbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:3f:62:b0:41:88:bc:b3:4d:97:2f:5c:7c:82:
                    4a:64:bc:46:21:a1:a2:a4:ae:d8:4d:21:35:ab:97:
                    0a:89:8a:8f:24:75:54:67:f2:b1:32:69:73:57:6e:
                    f3:ce:9b:be:72:47:ab:fa:4e:27:8d:9f:06:1c:38:
                    97:ac:6c:43:eb:b7:70:1e:65:b5:3b:d0:4a:12:ff:
                    69:a0:b1:8c:bf:89:94:e5:d1:c7:37:d9:42:e6:7b:
                    ae:bd:b8:cc:16:49:c0:28:6a:bc:bb:b6:eb:41:e4:
                    b3:32:da:7d:ce:2b:e0:8c:95:ef:ea:76:38:00:06:
                    99:41:52:6b:8b:0b:2e:e1:2b:4f:aa:36:39:60:65:
                    27:16:6c:0e:de:f0:a1:17:5e:62:2b:bd:3e:92:38:
                    7a:b0:da:c4:d9:02:ee:7f:67:41:c7:a8:ec:3f:56:
                    5f:9b:7f:af:e1:97:1b:94:4e:1b:bf:34:50:8a:84:
                    ec:32:6c:31:63:b8:d3:77:c2:3c:12:4e:3f:41:cd:
                    de:a1:b4:c5:b3:ad:0a:af:71:37:3d:11:9a:f5:55:
                    de:66:0e:90:90:5f:fa:80:03:7b:20:0c:11:06:7b:
                    2d:52:41:ec:41:f4:94:89:10:48:b8:77:d9:de:55:
                    eb:43:f7:e8:b8:4e:2b:1b:f1:5c:45:14:fb:34:40:
                    d9:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:6B:C6:A4:BE:BE:DE:75:C9:1F:04:81:BC:DF:65:5D:48:1B:8B:BE
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/02vGpL6-3nXJHwSBvN9lXUgbi74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.105.224.0/24
                  146.19.172.0/24
                  185.234.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:54:50:4e:c2:3d:d3:77:2b:73:9c:b8:0a:b9:a9:88:ec:f6:
         55:32:5a:ed:3d:8f:f7:46:cc:a4:f8:18:5f:c5:bb:7f:a4:a6:
         a6:0c:22:f9:64:97:c3:c6:e3:a5:89:f7:d4:e1:a2:fc:2c:4a:
         55:aa:f2:d2:6e:22:36:13:5a:6a:31:4c:7b:80:a3:44:0b:f6:
         d2:f6:a8:67:a5:92:b6:4e:7d:aa:21:8e:d3:8d:7c:87:69:f9:
         d7:8d:78:d1:fc:40:17:2a:6d:7c:11:18:8a:33:fa:b2:15:cb:
         5c:f2:40:e7:6b:f2:6e:98:9b:0c:76:72:81:2a:43:8a:7c:73:
         e0:7b:11:8c:d7:7e:e9:6e:22:a0:74:5c:37:c5:04:eb:13:2e:
         3d:8d:d4:7c:0e:f0:4c:a7:5c:9b:e3:fb:2c:a7:67:46:2a:49:
         41:ea:b0:8f:ee:8f:7b:5a:35:a3:e7:94:06:06:74:44:b3:4f:
         00:d8:43:b1:5a:42:10:55:68:d4:97:f6:43:00:fd:11:04:dd:
         42:8b:b8:89:44:18:4d:8c:05:6f:fb:76:b6:76:ea:ba:87:a2:
         38:a2:00:23:86:1d:2e:6e:3b:6a:d0:4c:33:1d:98:f0:98:7e:
         d5:01:ad:86:86:f8:2c:6f:6b:37:98:80:f5:57:80:cf:0e:e2:
         f3:f3:78:b4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZbspJMi5l2I8R5EsaoeyHfZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjUwNTIwMDc0MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzZiYzZhNGJlYmVkZTc1YzkxZjA0ODFiY2RmNjU1ZDQ4MWI4YmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuT9isEGIvLNNly9cfIJKZLxGIaGi
pK7YTSE1q5cKiYqPJHVUZ/KxMmlzV27zzpu+cker+k4njZ8GHDiXrGxD67dwHmW1
O9BKEv9poLGMv4mU5dHHN9lC5nuuvbjMFknAKGq8u7brQeSzMtp9zivgjJXv6nY4
AAaZQVJriwsu4StPqjY5YGUnFmwO3vChF15iK70+kjh6sNrE2QLuf2dBx6jsP1Zf
m3+v4ZcblE4bvzRQioTsMmwxY7jTd8I8Ek4/Qc3eobTFs60Kr3E3PRGa9VXeZg6Q
kF/6gAN7IAwRBnstUkHsQfSUiRBIuHfZ3lXrQ/fouE4rG/FcRRT7NEDZGwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNNrxqS+vt51yR8EgbzfZV1IG4u+MB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvMDJ2R3BMNi0zblhKSHdTQnZOOWxYVWdiaTc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVmngAwQA
khOsAwQAueoNMA0GCSqGSIb3DQEBCwUAA4IBAQBoVFBOwj3TdytznLgKuamI7PZV
MlrtPY/3Rsyk+Bhfxbt/pKamDCL5ZJfDxuOliffU4aL8LEpVqvLSbiI2E1pqMUx7
gKNEC/bS9qhnpZK2Tn2qIY7TjXyHafnXjXjR/EAXKm18ERiKM/qyFctc8kDna/Ju
mJsMdnKBKkOKfHPgexGM137pbiKgdFw3xQTrEy49jdR8DvBMp1yb4/ssp2dGKklB
6rCP7o97WjWj55QGBnREs08A2EOxWkIQVWjUl/ZDAP0RBN1Ci7iJRBhNjAVv+3a2
duq6h6I4ogAjhh0ubjtq0EwzHZjwmH7VAa2Ghvgsb2s3mID1V4DPDuLz83i0
-----END CERTIFICATE-----