Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/_-8ya1uGdNGiht7Yn5oHbq29tkc.roa
File:                     _-8ya1uGdNGiht7Yn5oHbq29tkc.roa (raw, json)
Hash identifier:          HJnr22vqmqJofZlvbL2aClJAV7UWIehW5NjhEYtzTto=
Subject key identifier:   FF:EF:32:6B:5B:86:74:D1:A2:86:DE:D8:9F:9A:07:6E:AD:BD:B6:47
Certificate issuer:       /CN=e58024b729d99f05133ec6d14390c73eb36db99e
Certificate serial:       019769792A4B9D2AA3A9B31E67C60D99984F
Authority key identifier: E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/_-8ya1uGdNGiht7Yn5oHbq29tkc.roa
Signing time:             Fri 13 Jun 2025 13:27:17 +0000
ROA not before:           Fri 13 Jun 2025 13:27:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208905
IP address blocks:        213.146.169.0/24 maxlen: 24
                          213.146.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 00:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:69:79:2a:4b:9d:2a:a3:a9:b3:1e:67:c6:0d:99:98:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e58024b729d99f05133ec6d14390c73eb36db99e
        Validity
            Not Before: Jun 13 13:27:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ffef326b5b8674d1a286ded89f9a076eadbdb647
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:41:a6:e7:77:ce:02:c2:ad:04:ee:e6:2a:7c:
                    8f:4a:9d:26:26:a7:71:fb:cc:ef:38:ae:74:5d:da:
                    d5:ef:f6:8c:24:9c:94:bc:ed:52:6c:b8:13:ac:c0:
                    b3:13:87:b0:8a:39:1b:43:20:96:ab:9a:44:18:4d:
                    ed:ea:f5:0d:bc:15:da:16:b6:64:59:59:7e:bb:b9:
                    36:06:f5:de:ec:ea:d1:a9:e6:55:e0:4a:6c:25:cb:
                    19:5d:5d:2e:6d:09:50:59:95:cf:de:d5:32:b0:c9:
                    0d:f8:f5:9e:09:1d:1e:48:fb:98:a0:27:0b:27:a1:
                    55:8c:be:30:98:60:1c:02:f4:57:ac:17:c5:db:8c:
                    ca:c2:b5:9b:b3:57:94:ae:58:8d:bb:69:e1:f0:a1:
                    07:ed:b7:6e:66:46:6a:3d:d5:0e:96:18:c6:25:1c:
                    ae:9f:55:62:99:8b:68:91:21:48:0f:63:f3:02:10:
                    3a:14:91:97:2f:16:a5:0c:de:9d:42:ae:ce:a7:4b:
                    05:f0:7a:6e:73:3b:b7:5a:b8:a4:b0:e9:bb:5a:4f:
                    9e:f9:3c:04:55:c4:2a:15:74:fc:2a:ca:d0:6b:87:
                    f8:83:3a:eb:44:1d:d4:25:3f:3b:24:e1:da:93:bd:
                    c0:1c:04:62:e8:83:de:9d:c0:2b:d3:9d:22:e4:7a:
                    ad:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:EF:32:6B:5B:86:74:D1:A2:86:DE:D8:9F:9A:07:6E:AD:BD:B6:47
            X509v3 Authority Key Identifier:
                keyid:E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/_-8ya1uGdNGiht7Yn5oHbq29tkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.146.169.0-213.146.170.255

    Signature Algorithm: sha256WithRSAEncryption
         97:b4:eb:f8:c8:82:3e:88:86:75:d0:c8:ed:04:c7:d8:75:8c:
         84:6f:56:35:12:09:d3:6e:87:7c:a2:cc:93:93:b6:11:d7:b4:
         72:f7:f1:fd:72:f5:3a:9e:da:b2:93:09:bb:93:fb:e4:cd:a0:
         87:f5:a5:5a:e6:e3:f6:32:5f:73:c0:a0:82:7e:7c:b6:eb:83:
         36:cc:57:71:63:44:03:b6:44:1e:89:30:fd:22:f8:7f:a1:ae:
         2a:21:18:a3:20:2d:88:c6:78:e0:97:14:6f:27:67:02:c5:f5:
         98:d3:4c:3e:d8:7e:f6:2c:e3:2a:72:7f:0e:99:28:c4:35:3b:
         21:c1:ac:4a:22:8f:38:14:4a:ce:ee:0e:70:a1:36:27:22:91:
         59:40:3d:05:7a:5b:08:dc:15:b1:ee:38:84:e0:11:08:14:1b:
         20:93:4f:0f:a7:77:82:72:e3:d9:89:6f:17:ad:48:4a:e4:b1:
         a5:97:e6:99:21:cb:c3:e9:bf:55:23:6e:58:18:38:13:3f:8a:
         87:3c:1c:17:f6:99:87:81:b3:b0:86:e4:ba:c8:df:c6:5e:db:
         9c:6b:b9:91:42:4a:61:6c:a8:49:93:64:fc:1c:9b:77:c0:0e:
         ea:c7:36:3e:7f:15:f1:45:f3:7b:20:3b:f0:3a:d7:95:ee:5d:
         0b:c8:c6:13
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZdpeSpLnSqjqbMeZ8YNmZhPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODAyNGI3MjlkOTlmMDUxMzNlYzZkMTQzOTBjNzNlYjM2
ZGI5OWUwHhcNMjUwNjEzMTMyNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmVmMzI2YjViODY3NGQxYTI4NmRlZDg5ZjlhMDc2ZWFkYmRiNjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUGm53fOAsKtBO7mKnyPSp0mJqdx
+8zvOK50XdrV7/aMJJyUvO1SbLgTrMCzE4ewijkbQyCWq5pEGE3t6vUNvBXaFrZk
WVl+u7k2BvXe7OrRqeZV4EpsJcsZXV0ubQlQWZXP3tUysMkN+PWeCR0eSPuYoCcL
J6FVjL4wmGAcAvRXrBfF24zKwrWbs1eUrliNu2nh8KEH7bduZkZqPdUOlhjGJRyu
n1VimYtokSFID2PzAhA6FJGXLxalDN6dQq7Op0sF8Hpuczu3WriksOm7Wk+e+TwE
VcQqFXT8KsrQa4f4gzrrRB3UJT87JOHak73AHARi6IPencAr050i5Hqt9wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFP/vMmtbhnTRoobe2J+aB26tvbZHMB8GA1UdIwQY
MBaAFOWAJLcp2Z8FEz7G0UOQxz6zbbmeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQt
OTU2ZjZiNWM2MTcwLzEvXy04eWExdUdkTkdpaHQ3WW41b0hicTI5dGtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQtOTU2ZjZiNWM2MTcw
LzEvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADVkqkD
BADVkqowDQYJKoZIhvcNAQELBQADggEBAJe06/jIgj6IhnXQyO0Ex9h1jIRvVjUS
CdNuh3yizJOTthHXtHL38f1y9Tqe2rKTCbuT++TNoIf1pVrm4/YyX3PAoIJ+fLbr
gzbMV3FjRAO2RB6JMP0i+H+hriohGKMgLYjGeOCXFG8nZwLF9ZjTTD7YfvYs4ypy
fw6ZKMQ1OyHBrEoijzgUSs7uDnChNicikVlAPQV6WwjcFbHuOITgEQgUGyCTTw+n
d4Jy49mJbxetSErksaWX5pkhy8Ppv1UjblgYOBM/ioc8HBf2mYeBs7CG5LrI38Ze
25xruZFCSmFsqEmTZPwcm3fADurHNj5/FfFF83sgO/A615XuXQvIxhM=
-----END CERTIFICATE-----