Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/b3cb4c-6e36-4c48-8fde-94046aabff9d/1/tFY_1oU9xNxzF5JnlbdrLi4cQ9A.roa
File:                     tFY_1oU9xNxzF5JnlbdrLi4cQ9A.roa (raw, json)
Hash identifier:          Sxl+M0Cfp0KqUWFjQhEzTtXSwHwXwN4AdOusnlZXPTA=
Subject key identifier:   B4:56:3F:D6:85:3D:C4:DC:73:17:92:67:95:B7:6B:2E:2E:1C:43:D0
Certificate issuer:       /CN=0321bf24ff0257b3d05cf70290a1acf87cea6439
Certificate serial:       0196D30964E222AEB84B7D56AC85E5A9BFF4
Authority key identifier: 03:21:BF:24:FF:02:57:B3:D0:5C:F7:02:90:A1:AC:F8:7C:EA:64:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AyG_JP8CV7PQXPcCkKGs-HzqZDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/b3cb4c-6e36-4c48-8fde-94046aabff9d/1/tFY_1oU9xNxzF5JnlbdrLi4cQ9A.roa
Signing time:             Thu 15 May 2025 08:22:10 +0000
ROA not before:           Thu 15 May 2025 08:22:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216227
IP address blocks:        217.65.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/b3cb4c-6e36-4c48-8fde-94046aabff9d/1/AyG_JP8CV7PQXPcCkKGs-HzqZDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/b3cb4c-6e36-4c48-8fde-94046aabff9d/1/AyG_JP8CV7PQXPcCkKGs-HzqZDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AyG_JP8CV7PQXPcCkKGs-HzqZDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d3:09:64:e2:22:ae:b8:4b:7d:56:ac:85:e5:a9:bf:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0321bf24ff0257b3d05cf70290a1acf87cea6439
        Validity
            Not Before: May 15 08:22:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4563fd6853dc4dc7317926795b76b2e2e1c43d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:81:70:2c:33:7c:3a:40:d0:02:80:7b:ee:33:
                    b8:e4:2a:39:86:72:a5:dd:b2:7b:92:13:8c:88:ee:
                    7e:0b:49:7a:36:89:c3:7e:49:f8:58:9a:3c:6d:5e:
                    cc:de:d3:39:23:1b:6c:aa:fe:f3:fd:d1:64:ff:8b:
                    09:56:06:84:7e:6b:a6:73:2e:5a:91:68:3b:6a:75:
                    71:1c:4e:b5:19:41:85:92:10:5e:74:14:47:4f:8b:
                    d4:3f:d0:a2:cf:b5:25:1f:0c:c3:13:2c:8e:e7:c1:
                    a7:52:94:7a:8e:93:2b:28:ff:76:1d:a7:9d:d5:00:
                    09:e9:d3:bb:54:fd:eb:c7:8a:fc:13:89:ff:17:18:
                    01:e4:52:9b:b8:04:49:dd:f5:e2:fa:ff:f5:b9:d2:
                    22:6f:60:fa:69:f6:5a:ea:17:79:c6:0d:b5:20:56:
                    f8:18:3b:9e:4f:3a:2c:7d:77:12:95:64:86:b1:13:
                    08:3d:4c:0e:1a:20:05:6c:8a:99:92:85:0c:9b:f0:
                    f0:b6:68:45:60:0e:8d:94:85:4b:3b:09:dd:a7:08:
                    4e:92:82:e2:3d:85:c5:59:9b:e9:74:b0:01:51:84:
                    a7:84:53:63:2a:ad:d9:d6:70:e1:fd:1c:6c:d4:9d:
                    0e:27:c4:14:bb:e4:6d:1e:f5:7c:79:63:9b:4a:79:
                    db:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:56:3F:D6:85:3D:C4:DC:73:17:92:67:95:B7:6B:2E:2E:1C:43:D0
            X509v3 Authority Key Identifier:
                keyid:03:21:BF:24:FF:02:57:B3:D0:5C:F7:02:90:A1:AC:F8:7C:EA:64:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AyG_JP8CV7PQXPcCkKGs-HzqZDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/b3cb4c-6e36-4c48-8fde-94046aabff9d/1/tFY_1oU9xNxzF5JnlbdrLi4cQ9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/b3cb4c-6e36-4c48-8fde-94046aabff9d/1/AyG_JP8CV7PQXPcCkKGs-HzqZDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.65.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:c5:59:12:f4:42:04:7f:c3:54:be:e6:76:3c:1f:3f:9f:c3:
         de:bf:f5:c1:53:4b:f1:56:29:29:e3:82:c6:77:34:8d:e6:e1:
         b6:7d:1a:ff:e4:ae:c4:7f:b8:b0:59:02:7e:af:44:c3:98:07:
         aa:84:d5:8e:5e:2b:ae:65:fa:55:f1:85:ad:77:8b:f9:ca:17:
         c5:26:c4:47:83:c3:b0:80:3c:01:a2:87:e0:7f:55:02:aa:f8:
         b9:a0:ba:57:9f:40:88:d9:b2:9d:f8:70:2e:4c:aa:28:6e:12:
         35:cd:cb:9b:45:de:e8:23:6c:dc:86:18:5a:18:12:56:9a:d1:
         d4:ef:49:33:80:33:3c:c4:2d:5f:af:59:f5:9f:73:3e:59:bc:
         e6:ae:34:fd:d1:da:0c:69:8a:d0:a2:bb:33:5b:55:17:59:03:
         f0:8c:31:e2:5e:9c:33:92:31:08:33:69:1f:0a:a0:52:49:3d:
         d3:7d:93:cc:dd:f0:4c:9f:2b:4a:8a:4b:c6:e5:02:36:4d:bd:
         36:3a:31:2d:88:05:e8:e0:14:3f:8f:f2:a5:3b:56:81:fa:84:
         8a:24:ef:67:a7:5e:83:4a:a7:d9:52:be:b0:f8:9c:4b:c9:54:
         db:06:b1:c1:47:be:0b:9c:e3:8b:c3:78:70:a6:4d:de:ca:f8:
         d9:a0:ce:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbTCWTiIq64S31WrIXlqb/0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzMjFiZjI0ZmYwMjU3YjNkMDVjZjcwMjkwYTFhY2Y4N2Nl
YTY0MzkwHhcNMjUwNTE1MDgyMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDU2M2ZkNjg1M2RjNGRjNzMxNzkyNjc5NWI3NmIyZTJlMWM0M2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4FwLDN8OkDQAoB77jO45Co5hnKl
3bJ7khOMiO5+C0l6NonDfkn4WJo8bV7M3tM5Ixtsqv7z/dFk/4sJVgaEfmumcy5a
kWg7anVxHE61GUGFkhBedBRHT4vUP9Ciz7UlHwzDEyyO58GnUpR6jpMrKP92Haed
1QAJ6dO7VP3rx4r8E4n/FxgB5FKbuARJ3fXi+v/1udIib2D6afZa6hd5xg21IFb4
GDueTzosfXcSlWSGsRMIPUwOGiAFbIqZkoUMm/DwtmhFYA6NlIVLOwndpwhOkoLi
PYXFWZvpdLABUYSnhFNjKq3Z1nDh/Rxs1J0OJ8QUu+RtHvV8eWObSnnbcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLRWP9aFPcTccxeSZ5W3ay4uHEPQMB8GA1UdIwQY
MBaAFAMhvyT/Alez0Fz3ApChrPh86mQ5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXlHX0pQOENWN1BRWFBjQ2tLR3MtSHpxWkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9iM2NiNGMtNmUzNi00YzQ4LThmZGUt
OTQwNDZhYWJmZjlkLzEvdEZZXzFvVTl4Tnh6RjVKbmxiZHJMaTRjUTlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9iM2NiNGMtNmUzNi00YzQ4LThmZGUtOTQwNDZhYWJmZjlk
LzEvQXlHX0pQOENWN1BRWFBjQ2tLR3MtSHpxWkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2UFEMA0G
CSqGSIb3DQEBCwUAA4IBAQBHxVkS9EIEf8NUvuZ2PB8/n8Pev/XBU0vxVikp44LG
dzSN5uG2fRr/5K7Ef7iwWQJ+r0TDmAeqhNWOXiuuZfpV8YWtd4v5yhfFJsRHg8Ow
gDwBoofgf1UCqvi5oLpXn0CI2bKd+HAuTKoobhI1zcubRd7oI2zchhhaGBJWmtHU
70kzgDM8xC1fr1n1n3M+WbzmrjT90doMaYrQorszW1UXWQPwjDHiXpwzkjEIM2kf
CqBSST3TfZPM3fBMnytKikvG5QI2Tb02OjEtiAXo4BQ/j/KlO1aB+oSKJO9np16D
SqfZUr6w+JxLyVTbBrHBR74LnOOLw3hwpk3eyvjZoM56
-----END CERTIFICATE-----