Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7a1a62-e481-4a14-ad6e-35bff96da4c5/1/_dBsBWq_R_HniB_oYd_SwrrifoY.roa
File:                     _dBsBWq_R_HniB_oYd_SwrrifoY.roa (raw, json)
Hash identifier:          lvPRkYEC7iItDLaOxgMbuIXZsy0MYwbc8HCCgTE8KuE=
Subject key identifier:   FD:D0:6C:05:6A:BF:47:F1:E7:88:1F:E8:61:DF:D2:C2:BA:E2:7E:86
Certificate issuer:       /CN=d1ca67610286ab738f86ce935fdf5ed620f02d96
Certificate serial:       0197565BAC901A058C9F93154AB87F957385
Authority key identifier: D1:CA:67:61:02:86:AB:73:8F:86:CE:93:5F:DF:5E:D6:20:F0:2D:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0cpnYQKGq3OPhs6TX99e1iDwLZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7a1a62-e481-4a14-ad6e-35bff96da4c5/1/_dBsBWq_R_HniB_oYd_SwrrifoY.roa
Signing time:             Mon 09 Jun 2025 20:22:17 +0000
ROA not before:           Mon 09 Jun 2025 20:22:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212027
IP address blocks:        193.104.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/7a1a62-e481-4a14-ad6e-35bff96da4c5/1/0cpnYQKGq3OPhs6TX99e1iDwLZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/7a1a62-e481-4a14-ad6e-35bff96da4c5/1/0cpnYQKGq3OPhs6TX99e1iDwLZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0cpnYQKGq3OPhs6TX99e1iDwLZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:56:5b:ac:90:1a:05:8c:9f:93:15:4a:b8:7f:95:73:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1ca67610286ab738f86ce935fdf5ed620f02d96
        Validity
            Not Before: Jun  9 20:22:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fdd06c056abf47f1e7881fe861dfd2c2bae27e86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:86:39:9a:d2:9c:1e:f0:96:87:ae:6c:a7:15:
                    4f:91:29:3b:c5:f1:9c:2c:a7:8f:51:af:11:1f:55:
                    8b:7b:7d:14:0b:72:66:20:69:2e:08:b9:ba:28:f9:
                    47:a3:a9:54:a6:ad:42:91:c1:40:3e:3f:b0:19:88:
                    f1:c8:f1:e5:1d:a0:bf:d3:0b:51:14:d7:6b:7e:65:
                    22:28:2a:f9:ef:c5:ac:c4:ee:cd:a2:bb:dd:eb:e0:
                    41:3b:f4:7d:0d:a3:48:57:30:e0:af:12:1f:7e:5b:
                    da:f2:cd:b9:42:14:9c:56:b7:fd:ca:82:83:b9:a5:
                    f1:7f:3b:63:6f:c4:bc:14:14:71:e0:bf:08:9e:f7:
                    d5:4c:67:3b:93:f9:c3:40:79:19:3b:fb:bb:d3:92:
                    d1:06:96:01:f0:5f:fd:2d:cd:b6:16:f6:05:94:97:
                    a9:b1:0f:53:d2:52:07:cf:72:d0:3a:5c:73:c0:e6:
                    14:c0:cd:5c:ec:33:6c:18:b5:79:21:58:6d:b2:06:
                    b1:f0:30:15:72:4c:bf:43:47:24:a1:1e:7d:ac:38:
                    07:4a:10:e9:38:81:18:63:61:e6:36:e4:b9:1d:be:
                    09:1b:69:9e:57:58:2f:44:28:74:44:4c:2f:02:1a:
                    7d:3b:04:29:98:95:bd:a5:39:4f:ee:b4:d3:81:0a:
                    30:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:D0:6C:05:6A:BF:47:F1:E7:88:1F:E8:61:DF:D2:C2:BA:E2:7E:86
            X509v3 Authority Key Identifier:
                keyid:D1:CA:67:61:02:86:AB:73:8F:86:CE:93:5F:DF:5E:D6:20:F0:2D:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0cpnYQKGq3OPhs6TX99e1iDwLZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7a1a62-e481-4a14-ad6e-35bff96da4c5/1/_dBsBWq_R_HniB_oYd_SwrrifoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7a1a62-e481-4a14-ad6e-35bff96da4c5/1/0cpnYQKGq3OPhs6TX99e1iDwLZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:a4:52:23:a8:73:c6:f5:d9:65:36:cf:11:5a:57:3d:1a:97:
         59:ca:6f:19:1c:93:d9:0c:65:76:2a:92:7a:21:c1:8e:a5:28:
         e9:77:f6:5d:12:17:72:94:ab:16:35:de:48:f4:7d:42:7a:f4:
         14:9e:8a:de:f5:b9:6e:cd:1c:21:56:c8:06:26:5c:48:d3:a4:
         48:d4:ff:fa:52:8f:10:5d:52:28:23:c8:51:ee:2a:02:94:2c:
         d7:84:92:56:14:02:0e:ee:ff:36:4f:00:e2:e5:5e:c1:a1:fa:
         c3:5e:9a:16:d7:a5:ab:9c:d5:73:c2:8d:1f:d2:1c:28:2f:e1:
         81:64:d4:aa:3f:80:a4:86:ec:c2:e4:bd:bb:8c:7c:c4:25:16:
         5c:c5:78:47:09:8e:f0:41:1a:2f:27:1d:05:75:f6:48:68:87:
         bd:1b:9a:49:0c:41:d3:ef:f9:19:1c:50:19:7a:85:6f:2a:11:
         e4:7f:8f:78:21:43:05:75:d0:51:3b:6d:76:71:a4:ff:f5:0d:
         fa:82:97:63:8a:d1:de:04:fe:c2:a7:d6:36:ba:e1:3a:a0:36:
         e8:1e:52:01:95:5d:48:12:b1:3e:48:71:25:99:4f:d3:c5:28:
         15:d9:c4:94:3d:c9:75:87:41:6b:9e:e0:77:ad:0d:50:65:ef:
         d1:73:f3:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdWW6yQGgWMn5MVSrh/lXOFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxY2E2NzYxMDI4NmFiNzM4Zjg2Y2U5MzVmZGY1ZWQ2MjBm
MDJkOTYwHhcNMjUwNjA5MjAyMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGQwNmMwNTZhYmY0N2YxZTc4ODFmZTg2MWRmZDJjMmJhZTI3ZTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4Y5mtKcHvCWh65spxVPkSk7xfGc
LKePUa8RH1WLe30UC3JmIGkuCLm6KPlHo6lUpq1CkcFAPj+wGYjxyPHlHaC/0wtR
FNdrfmUiKCr578WsxO7Norvd6+BBO/R9DaNIVzDgrxIfflva8s25QhScVrf9yoKD
uaXxfztjb8S8FBRx4L8InvfVTGc7k/nDQHkZO/u705LRBpYB8F/9Lc22FvYFlJep
sQ9T0lIHz3LQOlxzwOYUwM1c7DNsGLV5IVhtsgax8DAVcky/Q0ckoR59rDgHShDp
OIEYY2HmNuS5Hb4JG2meV1gvRCh0REwvAhp9OwQpmJW9pTlP7rTTgQowKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP3QbAVqv0fx54gf6GHf0sK64n6GMB8GA1UdIwQY
MBaAFNHKZ2EChqtzj4bOk1/fXtYg8C2WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGNwbllRS0dxM09QaHM2VFg5OWUxaUR3TFpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YTFhNjItZTQ4MS00YTE0LWFkNmUt
MzViZmY5NmRhNGM1LzEvX2RCc0JXcV9SX0huaUJfb1lkX1N3cnJpZm9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YTFhNjItZTQ4MS00YTE0LWFkNmUtMzViZmY5NmRhNGM1
LzEvMGNwbllRS0dxM09QaHM2VFg5OWUxaUR3TFpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWghMA0G
CSqGSIb3DQEBCwUAA4IBAQAmpFIjqHPG9dllNs8RWlc9GpdZym8ZHJPZDGV2KpJ6
IcGOpSjpd/ZdEhdylKsWNd5I9H1CevQUnore9bluzRwhVsgGJlxI06RI1P/6Uo8Q
XVIoI8hR7ioClCzXhJJWFAIO7v82TwDi5V7BofrDXpoW16WrnNVzwo0f0hwoL+GB
ZNSqP4CkhuzC5L27jHzEJRZcxXhHCY7wQRovJx0FdfZIaIe9G5pJDEHT7/kZHFAZ
eoVvKhHkf494IUMFddBRO212caT/9Q36gpdjitHeBP7Cp9Y2uuE6oDboHlIBlV1I
ErE+SHElmU/TxSgV2cSUPcl1h0FrnuB3rQ1QZe/Rc/Mz
-----END CERTIFICATE-----