Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nK63OUw5HovdmnJOU8TA3IOqFXc.roa
File:                     nK63OUw5HovdmnJOU8TA3IOqFXc.roa (raw, json)
Hash identifier:          At6fl1NEh3tU3v5PbKWMv3k4BjWoFVeGE3Mdg5kqGAA=
Subject key identifier:   9C:AE:B7:39:4C:39:1E:8B:DD:9A:72:4E:53:C4:C0:DC:83:AA:15:77
Certificate issuer:       /CN=9d989b3998e19fc00f8670cf6c9d7401715cf34f
Certificate serial:       01967C6E13C4B605F89A99A0251826F14178
Authority key identifier: 9D:98:9B:39:98:E1:9F:C0:0F:86:70:CF:6C:9D:74:01:71:5C:F3:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nZibOZjhn8APhnDPbJ10AXFc808.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nK63OUw5HovdmnJOU8TA3IOqFXc.roa
Signing time:             Mon 28 Apr 2025 12:45:10 +0000
ROA not before:           Mon 28 Apr 2025 12:45:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212438
IP address blocks:        185.179.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nZibOZjhn8APhnDPbJ10AXFc808.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nZibOZjhn8APhnDPbJ10AXFc808.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nZibOZjhn8APhnDPbJ10AXFc808.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7c:6e:13:c4:b6:05:f8:9a:99:a0:25:18:26:f1:41:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d989b3998e19fc00f8670cf6c9d7401715cf34f
        Validity
            Not Before: Apr 28 12:45:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9caeb7394c391e8bdd9a724e53c4c0dc83aa1577
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:1d:58:2e:88:3d:97:54:7c:4b:71:df:cd:fa:
                    8b:99:d9:49:18:c9:53:46:29:98:3a:2f:8e:93:a8:
                    09:b1:81:62:6c:73:4a:4a:61:94:c6:34:7d:2b:56:
                    73:95:84:a2:48:fe:89:a1:b1:67:24:b7:55:12:e9:
                    59:01:f0:37:91:1a:e4:76:92:61:06:b4:c0:e8:21:
                    fe:92:46:73:bf:2e:0a:cb:33:94:b0:66:4e:bb:83:
                    76:2c:b8:40:78:55:1d:9d:f3:90:b6:69:21:6e:2b:
                    9e:aa:4e:8b:04:e3:38:eb:99:e9:ab:d8:2c:a4:39:
                    5b:fd:ce:25:a6:18:47:e6:5b:58:01:10:f0:f4:46:
                    2c:4f:93:06:d6:4b:0a:7d:e4:aa:1f:2f:55:53:16:
                    80:bb:be:30:d5:f0:cd:2e:40:a8:6e:c6:90:ac:b8:
                    db:a6:9a:11:91:5e:cc:f2:5d:2e:70:50:f6:d7:1f:
                    2d:bb:32:00:46:12:d3:81:70:f5:c2:f4:10:fa:09:
                    a2:72:a3:e6:d4:9b:ed:c2:be:6e:80:15:88:c9:74:
                    fe:a0:ee:e8:3d:5e:ec:ff:cf:65:26:e4:c2:57:4b:
                    de:d4:74:4c:13:3a:9f:a2:06:91:8c:86:e1:d2:b8:
                    1d:59:a7:5f:b8:3f:07:ce:d8:db:5b:2e:03:e6:04:
                    62:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:AE:B7:39:4C:39:1E:8B:DD:9A:72:4E:53:C4:C0:DC:83:AA:15:77
            X509v3 Authority Key Identifier:
                keyid:9D:98:9B:39:98:E1:9F:C0:0F:86:70:CF:6C:9D:74:01:71:5C:F3:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nZibOZjhn8APhnDPbJ10AXFc808.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nK63OUw5HovdmnJOU8TA3IOqFXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nZibOZjhn8APhnDPbJ10AXFc808.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:79:26:0d:d8:af:4c:4c:b4:b6:d2:55:4f:02:99:24:75:be:
         ed:48:c8:a6:61:ec:62:0b:20:f8:a7:af:5a:4e:6e:cd:59:c1:
         32:98:d6:f6:b5:49:0c:41:a6:e9:fe:e4:00:f9:61:bb:ff:5a:
         a9:9c:fa:ae:40:e2:5e:3c:d7:30:85:99:48:15:36:e6:68:12:
         4a:ec:b6:12:28:18:f4:5f:7f:41:24:06:e5:90:3f:c0:63:0f:
         19:b6:52:1c:7d:8d:c9:7b:39:8e:06:e0:e6:0c:90:ab:70:a2:
         b6:a3:9b:e2:83:65:14:98:74:aa:cf:09:17:3b:32:52:a7:26:
         02:1a:fa:cb:8a:f2:2d:cc:39:ba:96:21:f6:16:df:34:91:0e:
         99:cb:4a:8f:31:c4:e7:59:02:7c:5c:89:96:7b:cd:70:35:e9:
         e1:77:9d:71:fa:b8:46:36:31:25:fa:4d:9c:6d:54:4c:e7:23:
         16:5a:94:26:15:c3:3c:ec:11:c9:82:e0:d9:76:75:e7:cf:92:
         4d:54:b9:ad:7f:61:87:4f:f9:21:91:9e:d3:18:f1:65:ae:5f:
         6e:eb:3c:05:28:86:93:cc:4e:b3:c9:8d:1d:ea:cd:e9:24:00:
         05:2c:ca:44:4b:55:51:20:87:66:42:e5:40:f6:00:63:97:ec:
         4e:5c:89:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ8bhPEtgX4mpmgJRgm8UF4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkOTg5YjM5OThlMTlmYzAwZjg2NzBjZjZjOWQ3NDAxNzE1
Y2YzNGYwHhcNMjUwNDI4MTI0NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2FlYjczOTRjMzkxZThiZGQ5YTcyNGU1M2M0YzBkYzgzYWExNTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArh1YLog9l1R8S3HfzfqLmdlJGMlT
RimYOi+Ok6gJsYFibHNKSmGUxjR9K1ZzlYSiSP6JobFnJLdVEulZAfA3kRrkdpJh
BrTA6CH+kkZzvy4KyzOUsGZOu4N2LLhAeFUdnfOQtmkhbiueqk6LBOM465npq9gs
pDlb/c4lphhH5ltYARDw9EYsT5MG1ksKfeSqHy9VUxaAu74w1fDNLkCobsaQrLjb
ppoRkV7M8l0ucFD21x8tuzIARhLTgXD1wvQQ+gmicqPm1Jvtwr5ugBWIyXT+oO7o
PV7s/89lJuTCV0ve1HRMEzqfogaRjIbh0rgdWadfuD8HztjbWy4D5gRidQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJyutzlMOR6L3ZpyTlPEwNyDqhV3MB8GA1UdIwQY
MBaAFJ2YmzmY4Z/AD4Zwz2yddAFxXPNPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblppYk9aamhuOEFQaG5EUGJKMTBBWEZjODA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC84YzVmNWEtODA0Yi00ZGY2LTgyN2It
YzdjY2Q3OTQzMTA2LzEvbks2M09VdzVIb3ZkbW5KT1U4VEEzSU9xRlhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC84YzVmNWEtODA0Yi00ZGY2LTgyN2ItYzdjY2Q3OTQzMTA2
LzEvblppYk9aamhuOEFQaG5EUGJKMTBBWEZjODA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubPVMA0G
CSqGSIb3DQEBCwUAA4IBAQAaeSYN2K9MTLS20lVPApkkdb7tSMimYexiCyD4p69a
Tm7NWcEymNb2tUkMQabp/uQA+WG7/1qpnPquQOJePNcwhZlIFTbmaBJK7LYSKBj0
X39BJAblkD/AYw8ZtlIcfY3JezmOBuDmDJCrcKK2o5vig2UUmHSqzwkXOzJSpyYC
GvrLivItzDm6liH2Ft80kQ6Zy0qPMcTnWQJ8XImWe81wNenhd51x+rhGNjEl+k2c
bVRM5yMWWpQmFcM87BHJguDZdnXnz5JNVLmtf2GHT/khkZ7TGPFlrl9u6zwFKIaT
zE6zyY0d6s3pJAAFLMpES1VRIIdmQuVA9gBjl+xOXImp
-----END CERTIFICATE-----