Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/vXPTyysQHOVObsKKEAFtH7q315E.roa
File:                     vXPTyysQHOVObsKKEAFtH7q315E.roa (raw, json)
Hash identifier:          lI+/yZ2gGV4/ggbMTC60vpO7jOr8waqbE3ifKvdm6hA=
Subject key identifier:   BD:73:D3:CB:2B:10:1C:E5:4E:6E:C2:8A:10:01:6D:1F:BA:B7:D7:91
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       01964D173C375E06F62254014383B49B19FC
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/vXPTyysQHOVObsKKEAFtH7q315E.roa
Signing time:             Sat 19 Apr 2025 08:08:10 +0000
ROA not before:           Sat 19 Apr 2025 08:08:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25198
IP address blocks:        195.211.188.0/24 maxlen: 24
                          2a01:7120:6::/48 maxlen: 48
                          2a01:7120:7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 16:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:4d:17:3c:37:5e:06:f6:22:54:01:43:83:b4:9b:19:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Apr 19 08:08:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd73d3cb2b101ce54e6ec28a10016d1fbab7d791
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:cf:b3:ef:69:1c:79:b3:87:06:a6:18:27:78:
                    5f:8f:17:6e:bf:60:b5:36:d6:fd:f5:45:06:4b:d9:
                    fb:1f:1c:ac:ff:a5:12:4b:5e:91:a4:b9:d5:e6:d6:
                    86:d7:08:79:17:ef:21:97:9e:13:f0:d0:d1:49:18:
                    d9:5e:fd:56:74:f9:b8:28:42:90:f1:49:7e:05:4d:
                    97:5b:16:48:46:d5:4d:b6:58:fb:b3:78:c8:61:56:
                    6c:61:d4:6f:fe:87:4f:67:e5:87:a3:24:67:d9:66:
                    89:5f:fe:27:b3:21:d4:d4:85:a6:a2:fe:0a:66:9b:
                    70:79:f7:0b:ac:a0:32:a9:00:1e:c6:f2:70:75:fe:
                    46:ca:87:2a:9e:96:54:08:d1:a5:a1:b3:22:2b:e9:
                    f7:2a:e3:6c:8f:97:25:8e:d9:da:bc:99:a4:49:0c:
                    04:c7:5d:4f:b6:30:82:9b:40:0a:47:65:ed:65:f3:
                    82:02:e5:57:1c:1a:54:2f:e1:72:cf:c6:56:c3:92:
                    d6:88:60:e1:a5:f4:32:1d:17:5d:04:36:f1:7e:0d:
                    75:c9:11:77:4c:af:c8:7a:f5:99:59:45:cb:b7:65:
                    ef:41:f3:f5:37:86:46:cf:39:fe:01:a8:ec:8f:6a:
                    b9:68:b4:69:cc:72:47:24:01:46:ca:63:26:d9:54:
                    d2:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:73:D3:CB:2B:10:1C:E5:4E:6E:C2:8A:10:01:6D:1F:BA:B7:D7:91
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/vXPTyysQHOVObsKKEAFtH7q315E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.211.188.0/24
                IPv6:
                  2a01:7120:6::/47

    Signature Algorithm: sha256WithRSAEncryption
         0d:1e:e8:f9:84:ac:34:dc:2d:dd:3b:8d:73:e9:b5:4c:c3:71:
         9c:36:02:fc:68:d8:43:d5:8a:9d:77:bd:f7:41:80:9d:dd:0e:
         99:44:db:54:49:44:9b:42:8c:dd:a1:67:df:d5:8b:8b:b2:e7:
         54:59:6d:57:57:72:8a:b3:85:c3:56:16:7a:59:d4:cc:d3:5a:
         6a:2b:ab:0c:11:57:a8:04:91:e5:eb:a5:77:b8:98:91:4b:5f:
         fb:90:ea:42:cc:66:3a:d7:04:2e:c3:9e:58:65:02:16:a9:5a:
         a6:fb:b8:da:11:01:72:b6:06:cf:ee:c7:b2:b3:66:40:2e:f7:
         b5:68:58:1f:0e:32:08:d5:a2:7d:db:3d:0a:3f:68:63:38:1a:
         bd:bc:9d:3d:64:fb:03:ca:61:2b:c5:fd:04:a6:b5:c9:12:ca:
         82:21:70:e9:fa:7d:6d:15:13:47:5e:44:ef:3a:3d:de:a2:cb:
         53:ab:00:74:c7:b0:35:dd:0e:3e:91:02:74:ff:0f:3f:eb:20:
         d0:3b:50:41:18:33:d8:8f:0a:9b:33:b0:2b:07:20:69:aa:af:
         26:8c:c9:fc:ff:99:77:48:99:55:4a:39:0b:5c:ac:81:33:b5:
         f9:54:70:d2:52:c4:91:89:bb:a2:ed:80:3c:40:2f:12:b6:2f:
         ab:40:7e:76
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZZNFzw3Xgb2IlQBQ4O0mxn8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwNDE5MDgwODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDczZDNjYjJiMTAxY2U1NGU2ZWMyOGExMDAxNmQxZmJhYjdkNzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoM+z72kcebOHBqYYJ3hfjxduv2C1
Ntb99UUGS9n7Hxys/6USS16RpLnV5taG1wh5F+8hl54T8NDRSRjZXv1WdPm4KEKQ
8Ul+BU2XWxZIRtVNtlj7s3jIYVZsYdRv/odPZ+WHoyRn2WaJX/4nsyHU1IWmov4K
ZptwefcLrKAyqQAexvJwdf5GyocqnpZUCNGlobMiK+n3KuNsj5cljtnavJmkSQwE
x11PtjCCm0AKR2XtZfOCAuVXHBpUL+Fyz8ZWw5LWiGDhpfQyHRddBDbxfg11yRF3
TK/IevWZWUXLt2XvQfP1N4ZGzzn+Aajsj2q5aLRpzHJHJAFGymMm2VTSMQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFL1z08srEBzlTm7CihABbR+6t9eRMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvdlhQVHl5c1FIT1ZPYnNLS0VBRnRIN3EzMTVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw9O8MA8E
AgACMAkDBwEqAXEgAAYwDQYJKoZIhvcNAQELBQADggEBAA0e6PmErDTcLd07jXPp
tUzDcZw2Avxo2EPVip13vfdBgJ3dDplE21RJRJtCjN2hZ9/Vi4uy51RZbVdXcoqz
hcNWFnpZ1MzTWmorqwwRV6gEkeXrpXe4mJFLX/uQ6kLMZjrXBC7DnlhlAhapWqb7
uNoRAXK2Bs/ux7KzZkAu97VoWB8OMgjVon3bPQo/aGM4Gr28nT1k+wPKYSvF/QSm
tckSyoIhcOn6fW0VE0deRO86Pd6iy1OrAHTHsDXdDj6RAnT/Dz/rINA7UEEYM9iP
CpszsCsHIGmqryaMyfz/mXdImVVKOQtcrIEztflUcNJSxJGJu6LtgDxALxK2L6tA
fnY=
-----END CERTIFICATE-----