Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/Oz6CxX5tDe3A5bSmQL-hm13NWqU.roa
File:                     Oz6CxX5tDe3A5bSmQL-hm13NWqU.roa (raw, json)
Hash identifier:          LuZXcyXypc7PcVpBwbxA5S6ocF17II624uDCDByYtxs=
Subject key identifier:   3B:3E:82:C5:7E:6D:0D:ED:C0:E5:B4:A6:40:BF:A1:9B:5D:CD:5A:A5
Certificate issuer:       /CN=7df904ab14066c7a9fe61a521d5492a0e52965ca
Certificate serial:       01978282C5A19A11DF7777B70E3F24011697
Authority key identifier: 7D:F9:04:AB:14:06:6C:7A:9F:E6:1A:52:1D:54:92:A0:E5:29:65:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffkEqxQGbHqf5hpSHVSSoOUpZco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/Oz6CxX5tDe3A5bSmQL-hm13NWqU.roa
Signing time:             Wed 18 Jun 2025 10:08:17 +0000
ROA not before:           Wed 18 Jun 2025 10:08:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43260
IP address blocks:        185.143.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/ffkEqxQGbHqf5hpSHVSSoOUpZco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/ffkEqxQGbHqf5hpSHVSSoOUpZco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffkEqxQGbHqf5hpSHVSSoOUpZco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Jun 2025 04:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:82:82:c5:a1:9a:11:df:77:77:b7:0e:3f:24:01:16:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df904ab14066c7a9fe61a521d5492a0e52965ca
        Validity
            Not Before: Jun 18 10:08:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b3e82c57e6d0dedc0e5b4a640bfa19b5dcd5aa5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:bd:df:a8:d6:79:8a:0c:06:96:89:4b:43:d2:
                    c0:79:cc:8c:81:43:6c:f1:6e:c0:10:d9:46:c3:0c:
                    4e:01:fb:ec:3d:2d:ec:85:56:9b:31:a2:49:db:e0:
                    6d:08:37:ea:6c:25:b8:ae:98:42:42:15:14:ae:e5:
                    3c:12:9f:89:cd:49:ea:5e:dc:df:e2:9b:57:b0:18:
                    27:e3:dd:fb:ac:b7:a1:a6:93:7c:4a:8d:62:e3:47:
                    5b:a6:58:0e:c6:58:70:7a:21:dc:d9:59:dc:74:71:
                    1f:f9:11:84:1f:63:4a:d4:3d:4b:51:1f:1b:b3:f7:
                    9b:a4:d6:a4:97:72:d1:24:bf:6f:2a:2e:12:df:92:
                    a8:44:3e:40:4a:8b:78:eb:2d:e9:7a:d0:80:e0:05:
                    33:b8:4a:79:39:c9:e5:de:bc:53:0f:fb:cf:fd:f4:
                    62:6c:ed:4e:ae:9c:1e:47:17:19:3c:76:b3:83:25:
                    8f:de:4e:a2:b4:50:d7:ff:b6:36:c9:17:62:0a:da:
                    2a:17:7c:c2:f5:e2:4b:a6:17:e0:81:0d:25:de:b9:
                    b8:d1:cf:99:04:fd:82:2e:b4:e7:40:ce:f8:fd:01:
                    ee:04:18:82:28:83:9d:b1:18:3c:61:f1:12:5e:38:
                    4f:67:00:41:bf:1b:79:35:36:a1:a2:3c:f5:03:5f:
                    de:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:3E:82:C5:7E:6D:0D:ED:C0:E5:B4:A6:40:BF:A1:9B:5D:CD:5A:A5
            X509v3 Authority Key Identifier:
                keyid:7D:F9:04:AB:14:06:6C:7A:9F:E6:1A:52:1D:54:92:A0:E5:29:65:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffkEqxQGbHqf5hpSHVSSoOUpZco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/Oz6CxX5tDe3A5bSmQL-hm13NWqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/53fb34-25db-4684-984f-3b445f29f5b7/1/ffkEqxQGbHqf5hpSHVSSoOUpZco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:82:22:0f:22:eb:b4:71:a7:71:f5:b5:7e:22:3c:4b:11:52:
         45:3b:b7:e3:b6:2d:a4:22:4c:b2:38:84:c2:c1:06:6f:cd:69:
         f5:e7:10:55:af:81:de:b8:b4:a2:98:65:01:fa:79:00:63:ac:
         76:c7:1b:68:e8:21:7d:95:d6:4f:67:3b:1d:e0:8b:fa:79:53:
         09:00:49:f4:02:9e:ca:b8:f6:f8:e0:48:3a:09:22:ca:79:d6:
         66:e4:ab:a1:7a:22:49:b3:29:1a:1c:6f:83:59:19:29:da:29:
         f8:c4:1f:63:35:c5:90:59:08:7b:37:69:db:0f:f1:db:b9:10:
         27:02:a6:93:ff:c6:48:42:a6:d9:ac:f3:82:73:7f:d3:68:42:
         45:9e:4c:5f:3f:eb:88:4f:78:69:16:10:b4:fa:41:d3:ac:2f:
         a8:76:e0:b7:0a:1f:dc:74:9f:c2:98:cd:05:ca:13:d7:b2:87:
         51:28:12:c1:fc:12:46:64:92:40:4a:55:16:92:9d:75:57:82:
         c5:36:b0:14:c1:77:92:c1:e3:78:6e:f7:06:49:51:22:38:e3:
         10:63:c8:a2:c5:32:eb:b3:7f:14:89:84:a4:bf:24:95:d2:bf:
         7c:a7:d1:5d:c0:22:33:98:2e:b3:ac:e0:66:98:69:83:5d:80:
         73:e1:5b:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeCgsWhmhHfd3e3Dj8kARaXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjkwNGFiMTQwNjZjN2E5ZmU2MWE1MjFkNTQ5MmEwZTUy
OTY1Y2EwHhcNMjUwNjE4MTAwODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjNlODJjNTdlNmQwZGVkYzBlNWI0YTY0MGJmYTE5YjVkY2Q1YWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu73fqNZ5igwGlolLQ9LAecyMgUNs
8W7AENlGwwxOAfvsPS3shVabMaJJ2+BtCDfqbCW4rphCQhUUruU8Ep+JzUnqXtzf
4ptXsBgn4937rLehppN8So1i40dbplgOxlhweiHc2VncdHEf+RGEH2NK1D1LUR8b
s/ebpNakl3LRJL9vKi4S35KoRD5ASot46y3petCA4AUzuEp5Ocnl3rxTD/vP/fRi
bO1OrpweRxcZPHazgyWP3k6itFDX/7Y2yRdiCtoqF3zC9eJLphfggQ0l3rm40c+Z
BP2CLrTnQM74/QHuBBiCKIOdsRg8YfESXjhPZwBBvxt5NTahojz1A1/eCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDs+gsV+bQ3twOW0pkC/oZtdzVqlMB8GA1UdIwQY
MBaAFH35BKsUBmx6n+YaUh1UkqDlKWXKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZrRXF4UUdiSHFmNWhwU0hWU1NvT1VwWmNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS81M2ZiMzQtMjVkYi00Njg0LTk4NGYt
M2I0NDVmMjlmNWI3LzEvT3o2Q3hYNXREZTNBNWJTbVFMLWhtMTNOV3FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS81M2ZiMzQtMjVkYi00Njg0LTk4NGYtM2I0NDVmMjlmNWI3
LzEvZmZrRXF4UUdiSHFmNWhwU0hWU1NvT1VwWmNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY/tMA0G
CSqGSIb3DQEBCwUAA4IBAQBagiIPIuu0cadx9bV+IjxLEVJFO7fjti2kIkyyOITC
wQZvzWn15xBVr4HeuLSimGUB+nkAY6x2xxto6CF9ldZPZzsd4Iv6eVMJAEn0Ap7K
uPb44Eg6CSLKedZm5KuheiJJsykaHG+DWRkp2in4xB9jNcWQWQh7N2nbD/HbuRAn
AqaT/8ZIQqbZrPOCc3/TaEJFnkxfP+uIT3hpFhC0+kHTrC+oduC3Ch/cdJ/CmM0F
yhPXsodRKBLB/BJGZJJASlUWkp11V4LFNrAUwXeSweN4bvcGSVEiOOMQY8iixTLr
s38UiYSkvySV0r98p9FdwCIzmC6zrOBmmGmDXYBz4Vtd
-----END CERTIFICATE-----