Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/No384ukQ7PMzR7ysdXQqiI23V0U.roa
File:                     No384ukQ7PMzR7ysdXQqiI23V0U.roa (raw, json)
Hash identifier:          WQHcVAZUYgrUok+kLmgQEzlX1mU+gj90+MGfNi8ZR3g=
Subject key identifier:   36:8D:FC:E2:E9:10:EC:F3:33:47:BC:AC:75:74:2A:88:8D:B7:57:45
Certificate issuer:       /CN=65ea93d88a202d51d34d2a903597e76b8f17f0ea
Certificate serial:       019833C2444D7F8C45B427232483177452FB
Authority key identifier: 65:EA:93:D8:8A:20:2D:51:D3:4D:2A:90:35:97:E7:6B:8F:17:F0:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZeqT2IogLVHTTSqQNZfna48X8Oo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/No384ukQ7PMzR7ysdXQqiI23V0U.roa
Signing time:             Tue 22 Jul 2025 20:10:26 +0000
ROA not before:           Tue 22 Jul 2025 20:10:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215540
IP address blocks:        213.165.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/ZeqT2IogLVHTTSqQNZfna48X8Oo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/ZeqT2IogLVHTTSqQNZfna48X8Oo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZeqT2IogLVHTTSqQNZfna48X8Oo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 14:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:33:c2:44:4d:7f:8c:45:b4:27:23:24:83:17:74:52:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65ea93d88a202d51d34d2a903597e76b8f17f0ea
        Validity
            Not Before: Jul 22 20:10:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=368dfce2e910ecf33347bcac75742a888db75745
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:cd:70:f9:52:58:3d:84:7e:aa:08:81:a0:aa:
                    e0:b9:2e:9c:06:fd:14:8f:64:74:d9:45:a4:12:16:
                    79:62:2f:85:4a:b0:0e:b3:37:f9:89:b6:66:40:13:
                    27:32:16:c7:a6:19:02:b0:00:8c:f5:4b:e1:08:48:
                    48:48:f6:d5:24:ea:bd:16:24:e8:57:07:d9:07:82:
                    f8:8b:33:b5:7b:0b:e0:1f:07:fe:14:16:bb:48:22:
                    65:5d:98:13:1a:f0:8a:5d:ea:56:ab:c2:a6:59:81:
                    82:f3:5b:02:b5:00:c7:ef:d5:4c:33:e9:60:7c:2d:
                    dd:70:d8:35:7f:66:0e:3d:c7:21:1a:5b:70:21:58:
                    58:d9:32:3d:e6:8c:12:f1:e8:5d:01:5c:d7:9f:2e:
                    05:00:fe:49:13:89:fa:b2:6a:49:f3:43:b5:7c:25:
                    18:72:9f:37:df:4a:6a:cc:be:40:03:bc:af:31:3e:
                    70:e1:58:fc:ea:ca:f3:a0:6c:db:c4:e0:d4:0a:7e:
                    3b:05:75:3c:99:ac:02:e1:46:f5:b6:98:f5:ac:27:
                    fa:7f:c4:e4:49:ea:7d:52:6d:a8:af:b7:39:e2:01:
                    9e:85:19:ff:a9:a9:2a:52:6b:c3:0a:68:de:76:7d:
                    33:23:6e:1d:c8:15:35:17:11:43:52:28:40:2d:8d:
                    56:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:8D:FC:E2:E9:10:EC:F3:33:47:BC:AC:75:74:2A:88:8D:B7:57:45
            X509v3 Authority Key Identifier:
                keyid:65:EA:93:D8:8A:20:2D:51:D3:4D:2A:90:35:97:E7:6B:8F:17:F0:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZeqT2IogLVHTTSqQNZfna48X8Oo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/No384ukQ7PMzR7ysdXQqiI23V0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/54eac0-71fd-46e9-9e1b-ce1bba691b37/1/ZeqT2IogLVHTTSqQNZfna48X8Oo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.165.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:c2:c4:07:2d:13:58:14:53:fd:88:63:e2:a7:ca:a9:10:80:
         1c:79:00:3c:4c:dc:0a:d9:fc:ea:2d:bd:18:07:a9:08:16:14:
         8f:f5:f6:ae:ea:0d:8e:30:cc:8b:d5:65:6f:ad:9b:84:89:92:
         18:12:91:6c:19:a7:36:9a:3b:04:de:09:78:7c:f2:c4:8d:a3:
         01:a7:34:ef:ee:d0:8a:71:39:b7:e2:cd:08:e2:33:9a:3d:96:
         27:77:a4:cb:3c:91:b4:18:92:bd:bf:af:b9:1c:93:f1:1d:2f:
         40:83:53:11:97:10:1e:c8:ec:8c:b5:45:6c:75:3a:ec:0e:20:
         75:2b:01:28:63:55:50:d4:4f:2e:27:80:d3:06:8c:7d:b8:ca:
         8b:d0:56:f8:83:ba:49:76:60:9b:71:db:60:f6:d8:f1:28:ef:
         f7:89:33:30:8e:a0:0b:1c:64:f4:94:d9:6e:c2:5e:9c:b2:6f:
         77:7d:0a:55:be:ec:ac:39:29:fb:11:05:0c:70:59:2b:d0:ba:
         ba:22:a0:da:4c:32:d7:f8:89:dd:e8:9c:1e:e3:47:ee:ee:77:
         f2:58:15:24:46:67:49:ca:89:23:ce:57:29:4d:66:2b:43:f7:
         61:0b:b4:26:64:7b:e3:93:f6:6b:c3:98:2d:db:af:d0:ec:9c:
         f5:5a:52:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgzwkRNf4xFtCcjJIMXdFL7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ZWE5M2Q4OGEyMDJkNTFkMzRkMmE5MDM1OTdlNzZiOGYx
N2YwZWEwHhcNMjUwNzIyMjAxMDI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjhkZmNlMmU5MTBlY2YzMzM0N2JjYWM3NTc0MmE4ODhkYjc1NzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0s1w+VJYPYR+qgiBoKrguS6cBv0U
j2R02UWkEhZ5Yi+FSrAOszf5ibZmQBMnMhbHphkCsACM9UvhCEhISPbVJOq9FiTo
VwfZB4L4izO1ewvgHwf+FBa7SCJlXZgTGvCKXepWq8KmWYGC81sCtQDH79VMM+lg
fC3dcNg1f2YOPcchGltwIVhY2TI95owS8ehdAVzXny4FAP5JE4n6smpJ80O1fCUY
cp8330pqzL5AA7yvMT5w4Vj86srzoGzbxODUCn47BXU8mawC4Ub1tpj1rCf6f8Tk
Sep9Um2or7c54gGehRn/qakqUmvDCmjedn0zI24dyBU1FxFDUihALY1WgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDaN/OLpEOzzM0e8rHV0KoiNt1dFMB8GA1UdIwQY
MBaAFGXqk9iKIC1R000qkDWX52uPF/DqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmVxVDJJb2dMVkhUVFNxUU5aZm5hNDhYOE9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC81NGVhYzAtNzFmZC00NmU5LTllMWIt
Y2UxYmJhNjkxYjM3LzEvTm8zODR1a1E3UE16Ujd5c2RYUXFpSTIzVjBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC81NGVhYzAtNzFmZC00NmU5LTllMWItY2UxYmJhNjkxYjM3
LzEvWmVxVDJJb2dMVkhUVFNxUU5aZm5hNDhYOE9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1aU/MA0G
CSqGSIb3DQEBCwUAA4IBAQAGwsQHLRNYFFP9iGPip8qpEIAceQA8TNwK2fzqLb0Y
B6kIFhSP9fau6g2OMMyL1WVvrZuEiZIYEpFsGac2mjsE3gl4fPLEjaMBpzTv7tCK
cTm34s0I4jOaPZYnd6TLPJG0GJK9v6+5HJPxHS9Ag1MRlxAeyOyMtUVsdTrsDiB1
KwEoY1VQ1E8uJ4DTBox9uMqL0Fb4g7pJdmCbcdtg9tjxKO/3iTMwjqALHGT0lNlu
wl6csm93fQpVvuysOSn7EQUMcFkr0Lq6IqDaTDLX+Ind6Jwe40fu7nfyWBUkRmdJ
yokjzlcpTWYrQ/dhC7QmZHvjk/Zrw5gt26/Q7Jz1WlJY
-----END CERTIFICATE-----