Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/0BP0KGJkFndJVhg4iJyuEpAUh2Q.roa
File:                     0BP0KGJkFndJVhg4iJyuEpAUh2Q.roa (raw, json)
Hash identifier:          +xARcNUOy44/0IUgRyFkDdCWb9Bmo8nmFLSiePQUm68=
Subject key identifier:   D0:13:F4:28:62:64:16:77:49:56:18:38:88:9C:AE:12:90:14:87:64
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       01977DC69DB3D5AF8083A3489CA01DACA80F
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/0BP0KGJkFndJVhg4iJyuEpAUh2Q.roa
Signing time:             Tue 17 Jun 2025 12:04:17 +0000
ROA not before:           Tue 17 Jun 2025 12:04:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213083
IP address blocks:        213.238.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Jun 2025 12:04:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7d:c6:9d:b3:d5:af:80:83:a3:48:9c:a0:1d:ac:a8:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jun 17 12:04:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d013f4286264167749561838889cae1290148764
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:b2:6e:27:a7:41:23:23:6c:58:e7:a2:2a:a0:
                    e7:13:36:a7:71:aa:e3:b2:d1:8d:3d:a8:21:4c:95:
                    9e:d2:fe:ae:6b:12:f6:17:65:f9:8c:ed:cb:e3:11:
                    f7:f4:52:44:ae:66:91:b5:a8:bc:fd:d9:9e:ff:19:
                    5e:b4:c7:5f:4c:28:0c:8b:fe:bb:2f:5c:99:d3:02:
                    94:3c:fc:2d:14:0b:b9:a3:4d:9d:d3:ad:1c:ed:05:
                    9d:b4:4e:8d:fe:02:7c:a3:ad:7c:e8:c1:95:b1:03:
                    45:35:b1:c0:8d:f1:51:b6:67:62:c5:e7:33:9c:25:
                    7c:72:b8:41:5f:64:ea:0a:69:35:aa:ed:27:aa:7f:
                    d2:98:c1:22:ff:1d:82:a3:0e:15:fa:75:b9:2a:2c:
                    4c:23:f6:77:e2:82:7c:c3:39:d4:1c:95:69:8e:87:
                    90:84:08:bf:fa:d4:85:14:70:a6:0e:5e:a5:00:07:
                    86:68:39:64:c0:fe:4d:5d:09:ab:24:39:23:b7:18:
                    13:93:54:63:6e:35:dd:8c:74:7e:79:a5:ab:32:07:
                    8b:da:9e:52:34:0c:da:30:17:a0:e8:ce:2a:3c:96:
                    c7:2d:1e:22:3d:f8:45:d8:68:4d:72:3f:d9:4c:9f:
                    c8:0d:83:0f:ba:29:41:f3:96:b7:07:7d:23:46:df:
                    21:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:13:F4:28:62:64:16:77:49:56:18:38:88:9C:AE:12:90:14:87:64
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/0BP0KGJkFndJVhg4iJyuEpAUh2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:46:4d:b0:87:b1:16:ba:c9:8e:45:70:56:6c:26:31:9b:6f:
         7a:71:50:2a:83:b3:c8:65:20:7c:0f:1c:ec:ae:d7:ae:79:62:
         b0:a6:f1:27:4e:25:59:5c:7f:b1:c2:3c:01:7a:ac:a6:65:b0:
         05:92:9f:e2:c7:55:29:32:f4:92:7c:93:b9:a3:5d:34:91:bb:
         af:59:48:7f:ec:06:91:2b:76:ac:99:27:7d:d4:cc:06:dc:d0:
         19:c0:aa:ca:e2:7a:7e:fc:2b:7f:95:49:01:b1:0f:d7:74:5d:
         9e:7d:1e:8f:4b:29:bb:34:31:de:76:46:65:b6:70:bb:1c:d1:
         75:44:28:61:ff:17:75:66:0d:b0:a1:ee:b6:73:e4:c4:98:65:
         68:86:2a:78:30:58:49:e5:3c:5f:37:54:c0:9f:4e:f0:63:49:
         4d:a4:4f:45:08:39:12:8c:bc:57:11:56:f6:e3:fb:4c:2d:72:
         fe:49:b9:1f:2a:05:31:4d:01:17:84:a4:fc:88:58:e0:e9:46:
         b0:d4:19:1e:9a:5e:54:8b:1f:b3:5b:f7:48:7a:0c:f7:e4:6f:
         e2:28:b0:14:f8:e0:cb:51:52:c2:b0:02:a3:b7:e6:b1:24:ac:
         fb:0b:62:86:2f:4f:e7:1b:06:e5:f4:28:db:37:ea:88:53:d1:
         63:e2:dc:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd9xp2z1a+Ag6NInKAdrKgPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjUwNjE3MTIwNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDEzZjQyODYyNjQxNjc3NDk1NjE4Mzg4ODljYWUxMjkwMTQ4NzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7JuJ6dBIyNsWOeiKqDnEzancarj
stGNPaghTJWe0v6uaxL2F2X5jO3L4xH39FJErmaRtai8/dme/xletMdfTCgMi/67
L1yZ0wKUPPwtFAu5o02d060c7QWdtE6N/gJ8o6186MGVsQNFNbHAjfFRtmdixecz
nCV8crhBX2TqCmk1qu0nqn/SmMEi/x2Cow4V+nW5KixMI/Z34oJ8wznUHJVpjoeQ
hAi/+tSFFHCmDl6lAAeGaDlkwP5NXQmrJDkjtxgTk1RjbjXdjHR+eaWrMgeL2p5S
NAzaMBeg6M4qPJbHLR4iPfhF2GhNcj/ZTJ/IDYMPuilB85a3B30jRt8h7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNAT9ChiZBZ3SVYYOIicrhKQFIdkMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvMEJQMEtHSmtGbmRKVmhnNGlKeXVFcEFVaDJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e65MA0G
CSqGSIb3DQEBCwUAA4IBAQAoRk2wh7EWusmORXBWbCYxm296cVAqg7PIZSB8Dxzs
rteueWKwpvEnTiVZXH+xwjwBeqymZbAFkp/ix1UpMvSSfJO5o100kbuvWUh/7AaR
K3asmSd91MwG3NAZwKrK4np+/Ct/lUkBsQ/XdF2efR6PSym7NDHedkZltnC7HNF1
RChh/xd1Zg2woe62c+TEmGVohip4MFhJ5TxfN1TAn07wY0lNpE9FCDkSjLxXEVb2
4/tMLXL+SbkfKgUxTQEXhKT8iFjg6Uaw1Bkeml5Uix+zW/dIegz35G/iKLAU+ODL
UVLCsAKjt+axJKz7C2KGL0/nGwbl9CjbN+qIU9Fj4tzB
-----END CERTIFICATE-----