Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/ISR-pV2ZluI4E4ixONrXH5gwU7Q.roa
File:                     ISR-pV2ZluI4E4ixONrXH5gwU7Q.roa (raw, json)
Hash identifier:          1rZftc+tUwLP5QVvrnLnHEP0/icfaGdNPpSiCDUA5dI=
Subject key identifier:   21:24:7E:A5:5D:99:96:E2:38:13:88:B1:38:DA:D7:1F:98:30:53:B4
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       0197172CB3BC8044F7216D8CEE9E4B735D57
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/ISR-pV2ZluI4E4ixONrXH5gwU7Q.roa
Signing time:             Wed 28 May 2025 13:54:54 +0000
ROA not before:           Wed 28 May 2025 13:54:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213520
IP address blocks:        147.45.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 08:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:17:2c:b3:bc:80:44:f7:21:6d:8c:ee:9e:4b:73:5d:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: May 28 13:54:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21247ea55d9996e2381388b138dad71f983053b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:90:42:20:13:0a:f9:e3:e9:b1:1c:fc:e9:54:
                    dc:56:4e:79:fd:19:cc:fc:95:31:c7:88:60:ad:e7:
                    c1:d6:97:a1:5a:46:19:77:a7:f6:2c:f0:a5:dd:52:
                    39:8e:44:6d:85:51:28:98:58:12:fe:3e:64:01:e0:
                    0f:4d:29:58:e8:1d:44:35:98:0d:57:e0:2a:28:73:
                    85:1f:40:3c:44:09:1c:e8:dc:46:92:cc:67:26:b4:
                    ab:75:5a:a1:b5:0e:ce:b9:eb:68:c2:a4:ed:f2:43:
                    d0:2e:ea:de:bf:2e:01:6a:a4:63:e6:19:19:e7:bb:
                    95:0f:96:e9:62:6f:88:38:9a:ec:6f:4d:29:a8:ce:
                    38:c7:4f:89:60:28:31:df:c5:ed:d7:50:9f:4a:61:
                    9b:55:a9:cf:c0:70:83:4a:a5:d9:56:a7:73:63:9a:
                    a9:d0:f3:4b:50:f1:10:9b:13:53:e8:bd:b7:0a:03:
                    8a:ba:78:21:97:7c:0a:f4:48:62:e0:39:1a:d0:29:
                    e5:a3:6e:8d:d2:ed:d7:8f:06:91:99:7a:fb:85:96:
                    35:ea:40:d5:f1:ad:ea:81:70:0b:c1:ae:19:88:06:
                    33:aa:c0:9b:a5:54:5d:c9:55:cd:fc:c0:bb:eb:40:
                    dd:b8:18:be:44:22:5f:00:21:17:33:5c:ac:19:97:
                    05:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:24:7E:A5:5D:99:96:E2:38:13:88:B1:38:DA:D7:1F:98:30:53:B4
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/ISR-pV2ZluI4E4ixONrXH5gwU7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:36:b7:6e:49:e6:1d:04:0f:c1:b6:82:54:92:9f:62:76:ac:
         b4:86:34:bc:15:06:9b:3d:38:ba:6b:fa:2c:82:11:94:7e:9b:
         f6:a4:e3:f0:5f:af:91:57:7c:10:dc:f1:c4:3d:bb:5b:d2:52:
         ff:24:3d:8e:d1:d7:74:5c:ad:24:07:33:9c:9d:82:8c:11:6e:
         11:26:bd:10:f9:af:dd:2d:2b:90:db:a6:59:7b:da:48:b0:ac:
         33:a8:a2:ff:39:28:f9:c7:18:c5:15:ef:92:93:f1:d8:22:49:
         88:88:3c:cd:ce:c1:13:82:03:ab:cd:1a:7a:39:1b:35:c7:ab:
         f3:7a:2a:67:2e:4b:8e:db:cf:07:71:d0:01:72:8f:25:0a:ec:
         52:4a:ca:30:16:19:47:c1:54:ec:80:31:8f:72:06:e5:cd:d9:
         f4:f0:4b:13:46:01:84:ce:4d:31:65:bd:ea:7a:c8:1b:fe:e3:
         b9:34:a7:25:31:e4:3f:6f:d0:97:82:2e:5e:90:4d:e9:13:f5:
         a0:4c:46:43:38:ae:22:e3:ea:88:fe:b7:16:6e:03:f4:e9:58:
         84:6d:b0:90:af:62:52:09:dd:61:cd:55:4a:cf:4e:d0:cc:1f:
         66:bb:c9:a4:21:0b:6d:af:82:ba:8e:cc:12:1f:c0:5e:79:c7:
         47:da:ea:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcXLLO8gET3IW2M7p5Lc11XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwNTI4MTM1NDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTI0N2VhNTVkOTk5NmUyMzgxMzg4YjEzOGRhZDcxZjk4MzA1M2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZBCIBMK+ePpsRz86VTcVk55/RnM
/JUxx4hgrefB1pehWkYZd6f2LPCl3VI5jkRthVEomFgS/j5kAeAPTSlY6B1ENZgN
V+AqKHOFH0A8RAkc6NxGksxnJrSrdVqhtQ7OuetowqTt8kPQLurevy4BaqRj5hkZ
57uVD5bpYm+IOJrsb00pqM44x0+JYCgx38Xt11CfSmGbVanPwHCDSqXZVqdzY5qp
0PNLUPEQmxNT6L23CgOKunghl3wK9Ehi4Dka0Cnlo26N0u3XjwaRmXr7hZY16kDV
8a3qgXALwa4ZiAYzqsCbpVRdyVXN/MC760DduBi+RCJfACEXM1ysGZcFhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCEkfqVdmZbiOBOIsTja1x+YMFO0MB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvSVNSLXBWMlpsdUk0RTRpeE9OclhINWd3VTdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAky3fMA0G
CSqGSIb3DQEBCwUAA4IBAQAMNrduSeYdBA/BtoJUkp9idqy0hjS8FQabPTi6a/os
ghGUfpv2pOPwX6+RV3wQ3PHEPbtb0lL/JD2O0dd0XK0kBzOcnYKMEW4RJr0Q+a/d
LSuQ26ZZe9pIsKwzqKL/OSj5xxjFFe+Sk/HYIkmIiDzNzsETggOrzRp6ORs1x6vz
eipnLkuO288HcdABco8lCuxSSsowFhlHwVTsgDGPcgblzdn08EsTRgGEzk0xZb3q
esgb/uO5NKclMeQ/b9CXgi5ekE3pE/WgTEZDOK4i4+qI/rcWbgP06ViEbbCQr2JS
Cd1hzVVKz07QzB9mu8mkIQttr4K6jswSH8BeecdH2uqj
-----END CERTIFICATE-----