Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/56lpErzmKA6zdpC8K6uqShjX918.roa
File:                     56lpErzmKA6zdpC8K6uqShjX918.roa (raw, json)
Hash identifier:          JSNhnLmZxVAM2Ix+mj/nVmnsa17Mxaa20aoo3EM5/C8=
Subject key identifier:   E7:A9:69:12:BC:E6:28:0E:B3:76:90:BC:2B:AB:AA:4A:18:D7:F7:5F
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       019668EE9E3CE3FBA3CDC5D0A9B454C2D9FD
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/56lpErzmKA6zdpC8K6uqShjX918.roa
Signing time:             Thu 24 Apr 2025 17:53:10 +0000
ROA not before:           Thu 24 Apr 2025 17:53:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        195.216.184.0/24 maxlen: 24
                          213.182.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:68:ee:9e:3c:e3:fb:a3:cd:c5:d0:a9:b4:54:c2:d9:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Apr 24 17:53:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7a96912bce6280eb37690bc2babaa4a18d7f75f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:4b:5c:92:b0:f6:44:6f:2f:98:d7:74:d3:23:
                    6c:d5:42:ad:c8:b7:a4:29:39:fa:82:18:ea:96:c1:
                    7c:18:51:80:7e:25:34:59:66:e6:b8:1c:81:dc:19:
                    ff:33:05:f0:65:ee:63:57:04:e5:64:35:7e:25:a0:
                    2a:60:1c:5f:68:de:7a:db:f9:4a:99:65:6c:0f:d2:
                    c4:fb:7d:5f:c1:71:3c:c4:5e:c6:0f:2f:24:83:1e:
                    3c:f6:12:ea:04:ce:02:86:20:64:cb:78:b7:48:dc:
                    50:08:26:b7:f9:84:f8:68:b1:7d:2e:5b:a1:63:37:
                    fa:11:1c:54:0b:e2:ae:81:51:7e:41:33:41:7d:f1:
                    91:4c:a5:b7:ef:a0:29:13:15:74:fb:83:4e:90:53:
                    fb:5b:f8:d7:85:62:e2:30:b6:dd:35:b7:14:2f:8d:
                    7c:04:c2:d8:63:9b:21:e7:73:e9:70:ab:1b:33:4a:
                    f7:26:ad:9c:8e:a6:c2:89:a9:bf:ed:1e:78:b9:99:
                    f4:32:d0:eb:cc:0e:92:72:3f:84:1a:e3:a3:a2:40:
                    01:43:5d:e8:ea:87:f1:5b:70:1c:8a:96:0c:4a:b6:
                    da:e1:9d:4b:74:93:8c:85:46:b0:14:49:eb:48:84:
                    bc:4e:0f:24:00:d7:54:98:3e:76:b4:f4:4c:b0:48:
                    22:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:A9:69:12:BC:E6:28:0E:B3:76:90:BC:2B:AB:AA:4A:18:D7:F7:5F
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/56lpErzmKA6zdpC8K6uqShjX918.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.184.0/24
                  213.182.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:15:d8:d9:63:14:48:cf:bc:9d:ec:db:ff:d2:63:5c:20:fa:
         7e:fb:c1:8f:7b:86:b7:d9:0a:97:7a:d3:da:0c:bc:71:3e:46:
         17:83:e4:79:3a:61:f8:ad:78:3d:ed:ce:a4:9e:9d:18:64:a5:
         1c:13:cb:9d:df:e6:6d:11:d5:bd:0a:19:69:d9:b2:cb:18:be:
         90:b9:98:4c:88:e6:9c:2b:2b:2c:d8:be:aa:dd:c4:ce:24:22:
         93:06:9c:69:bd:38:39:92:88:1e:9b:56:29:e4:c5:3d:89:52:
         60:a8:a2:fa:37:40:3c:0f:e8:3a:00:f4:c9:ca:b0:b3:4f:2e:
         f3:96:10:69:e2:3b:f4:7e:e6:85:1f:32:0c:7d:a6:d6:06:28:
         62:2b:e5:d1:e7:7c:ce:57:58:8c:4c:fd:71:af:a5:72:44:a4:
         4c:99:e9:a9:94:a9:bc:95:af:de:9a:34:2b:b4:e9:6c:1c:0c:
         d6:9b:67:be:f4:d6:a0:02:e0:ce:36:e9:d0:1c:a1:bd:77:e5:
         d6:ee:7e:51:f2:76:22:73:2a:8f:37:6c:a0:d9:c0:bf:c0:90:
         72:3d:51:bc:6e:9d:13:32:d3:26:7d:d1:6a:bf:23:1c:cb:5b:
         2a:ad:1b:73:e5:c0:e0:e1:7e:0f:b0:da:18:98:76:fa:75:16:
         38:f9:c8:39
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZo7p484/ujzcXQqbRUwtn9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjUwNDI0MTc1MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2E5NjkxMmJjZTYyODBlYjM3NjkwYmMyYmFiYWE0YTE4ZDdmNzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoktckrD2RG8vmNd00yNs1UKtyLek
KTn6ghjqlsF8GFGAfiU0WWbmuByB3Bn/MwXwZe5jVwTlZDV+JaAqYBxfaN562/lK
mWVsD9LE+31fwXE8xF7GDy8kgx489hLqBM4ChiBky3i3SNxQCCa3+YT4aLF9Lluh
Yzf6ERxUC+KugVF+QTNBffGRTKW376ApExV0+4NOkFP7W/jXhWLiMLbdNbcUL418
BMLYY5sh53PpcKsbM0r3Jq2cjqbCiam/7R54uZn0MtDrzA6Scj+EGuOjokABQ13o
6ofxW3AcipYMSrba4Z1LdJOMhUawFEnrSIS8Tg8kANdUmD52tPRMsEgioQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOepaRK85igOs3aQvCurqkoY1/dfMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvNTZscEVyem1LQTZ6ZHBDOEs2dXFTaGpYOTE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw9i4AwQA
1bbXMA0GCSqGSIb3DQEBCwUAA4IBAQCJFdjZYxRIz7yd7Nv/0mNcIPp++8GPe4a3
2QqXetPaDLxxPkYXg+R5OmH4rXg97c6knp0YZKUcE8ud3+ZtEdW9Chlp2bLLGL6Q
uZhMiOacKyss2L6q3cTOJCKTBpxpvTg5kogem1Yp5MU9iVJgqKL6N0A8D+g6APTJ
yrCzTy7zlhBp4jv0fuaFHzIMfabWBihiK+XR53zOV1iMTP1xr6VyRKRMmemplKm8
la/emjQrtOlsHAzWm2e+9NagAuDONunQHKG9d+XW7n5R8nYicyqPN2yg2cC/wJBy
PVG8bp0TMtMmfdFqvyMcy1sqrRtz5cDg4X4PsNoYmHb6dRY4+cg5
-----END CERTIFICATE-----