Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/3UEZqlcWcRWvIjqrQxhoJfrJQGc.roa
File:                     3UEZqlcWcRWvIjqrQxhoJfrJQGc.roa (raw, json)
Hash identifier:          mbhAFauEYEPjsMhMRBOh19ZsHD7ti1iVAhokwMgzBfk=
Subject key identifier:   DD:41:19:AA:57:16:71:15:AF:22:3A:AB:43:18:68:25:FA:C9:40:67
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019654EEFCD5C8EEEAFCF1DCEB99DA11EBFB
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/3UEZqlcWcRWvIjqrQxhoJfrJQGc.roa
Signing time:             Sun 20 Apr 2025 20:41:10 +0000
ROA not before:           Sun 20 Apr 2025 20:41:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201949
IP address blocks:        87.229.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 18:18:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:54:ee:fc:d5:c8:ee:ea:fc:f1:dc:eb:99:da:11:eb:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Apr 20 20:41:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd4119aa57167115af223aab43186825fac94067
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a6:50:57:82:94:89:10:3c:6c:97:9f:95:b1:
                    a1:4e:11:3a:f0:75:de:42:6a:cb:c6:8c:48:9c:9b:
                    7b:04:d9:bb:7a:e7:db:87:28:a0:92:8d:25:2e:70:
                    9f:e2:da:ee:e1:a3:bd:e4:e5:79:b5:38:69:ef:18:
                    66:b0:20:a6:a4:e6:c4:a2:2b:c7:66:53:8f:2c:1d:
                    a7:14:6d:35:ac:56:bc:51:17:86:9e:6b:e6:17:b1:
                    00:53:e0:db:48:06:44:e4:87:98:6c:d5:9b:4e:e3:
                    0f:77:38:33:82:45:47:79:d6:b1:01:0c:c8:db:6a:
                    35:a5:56:a9:03:7b:8b:e9:27:89:ab:c8:bc:9a:d3:
                    04:33:7d:7e:be:31:9c:16:8c:ba:af:42:bc:80:40:
                    ab:c9:84:19:2d:d7:6e:e4:9a:8b:57:6f:76:2d:ff:
                    93:7f:cb:1e:e5:80:4c:a5:bf:85:bd:b0:23:15:77:
                    64:50:77:e4:6f:1f:5b:4e:2c:ed:19:df:aa:11:df:
                    d8:6c:7c:55:b1:16:18:aa:a3:46:0b:73:e4:c9:ff:
                    38:e8:cb:6a:57:96:59:c4:b8:21:8a:c5:0e:94:5a:
                    05:93:1f:15:15:b2:7c:cf:9f:0b:54:37:99:ed:fb:
                    3a:42:8a:f1:c6:06:8e:3d:54:8b:5b:5d:65:af:80:
                    43:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:41:19:AA:57:16:71:15:AF:22:3A:AB:43:18:68:25:FA:C9:40:67
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/3UEZqlcWcRWvIjqrQxhoJfrJQGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.229.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:19:3d:d4:8e:e0:00:35:d5:66:6a:be:f7:4f:a3:0a:89:64:
         64:46:0d:21:12:46:9d:0b:80:33:1b:7a:0c:a7:e9:9b:22:ca:
         1c:00:03:ba:43:59:e1:20:dc:29:ac:66:f7:a3:4b:15:20:e5:
         84:57:59:9e:a6:86:43:ee:86:b6:1c:fa:a0:89:98:09:e2:8c:
         19:e5:5e:8b:64:47:92:15:da:94:98:b2:c5:1a:a0:ca:48:67:
         a6:3b:b0:f5:7e:93:47:05:28:45:f1:73:2b:ba:0c:3f:b0:92:
         c2:11:66:9f:af:09:e9:84:c4:7d:a1:7f:bd:82:38:d2:64:ef:
         6f:6d:62:47:e9:30:69:f5:8d:c0:b4:77:58:32:22:2b:5e:4e:
         be:d4:c6:1d:2d:ae:84:71:2c:29:4c:85:5a:25:a4:00:7b:9f:
         80:73:e0:fd:30:bc:23:af:f0:54:72:d7:30:09:75:88:d2:5b:
         de:23:bb:5e:22:bb:44:94:d0:19:ce:29:bf:83:14:92:bb:e6:
         62:c3:48:40:71:cb:fd:0d:58:49:7d:d3:d2:2b:ad:0d:34:f4:
         f0:73:c1:27:35:5c:3a:ed:85:90:76:08:9e:e5:4e:6d:57:b1:
         8f:8e:dd:1b:6b:b7:f2:96:54:b5:c2:19:08:60:f1:1f:4d:4c:
         00:94:0d:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZU7vzVyO7q/PHc65naEev7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwNDIwMjA0MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDQxMTlhYTU3MTY3MTE1YWYyMjNhYWI0MzE4NjgyNWZhYzk0MDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqZQV4KUiRA8bJeflbGhThE68HXe
QmrLxoxInJt7BNm7eufbhyigko0lLnCf4tru4aO95OV5tThp7xhmsCCmpObEoivH
ZlOPLB2nFG01rFa8UReGnmvmF7EAU+DbSAZE5IeYbNWbTuMPdzgzgkVHedaxAQzI
22o1pVapA3uL6SeJq8i8mtMEM31+vjGcFoy6r0K8gECryYQZLddu5JqLV292Lf+T
f8se5YBMpb+FvbAjFXdkUHfkbx9bTiztGd+qEd/YbHxVsRYYqqNGC3Pkyf846Mtq
V5ZZxLghisUOlFoFkx8VFbJ8z58LVDeZ7fs6QorxxgaOPVSLW11lr4BDywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1BGapXFnEVryI6q0MYaCX6yUBnMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvM1VFWnFsY1djUld2SWpxclF4aG9KZnJKUUdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+VkMA0G
CSqGSIb3DQEBCwUAA4IBAQBnGT3UjuAANdVmar73T6MKiWRkRg0hEkadC4AzG3oM
p+mbIsocAAO6Q1nhINwprGb3o0sVIOWEV1mepoZD7oa2HPqgiZgJ4owZ5V6LZEeS
FdqUmLLFGqDKSGemO7D1fpNHBShF8XMrugw/sJLCEWafrwnphMR9oX+9gjjSZO9v
bWJH6TBp9Y3AtHdYMiIrXk6+1MYdLa6EcSwpTIVaJaQAe5+Ac+D9MLwjr/BUctcw
CXWI0lveI7teIrtElNAZzim/gxSSu+Ziw0hAccv9DVhJfdPSK60NNPTwc8EnNVw6
7YWQdgie5U5tV7GPjt0ba7fyllS1whkIYPEfTUwAlA0a
-----END CERTIFICATE-----