Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/69iMldKFklgbVQ_6Vhqlwb85As0.roa
File:                     69iMldKFklgbVQ_6Vhqlwb85As0.roa (raw, json)
Hash identifier:          yTAOBqOCnvtjN+99H/F4tMXBf2UDlakPY38eqp3YOgM=
Subject key identifier:   EB:D8:8C:95:D2:85:92:58:1B:55:0F:FA:56:1A:A5:C1:BF:39:02:CD
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       01968AE38D9ACE46A618DC113E355EBF89E5
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/69iMldKFklgbVQ_6Vhqlwb85As0.roa
Signing time:             Thu 01 May 2025 08:08:10 +0000
ROA not before:           Thu 01 May 2025 08:08:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57523
IP address blocks:        185.42.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 05 May 2025 13:58:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:8a:e3:8d:9a:ce:46:a6:18:dc:11:3e:35:5e:bf:89:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: May  1 08:08:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ebd88c95d28592581b550ffa561aa5c1bf3902cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:fd:a2:7b:3a:0d:4b:9e:97:39:13:c6:94:23:
                    47:17:fd:20:51:35:57:8f:33:65:f5:90:8b:a9:4e:
                    1d:5a:c1:16:ff:18:6c:f2:e9:1a:77:f8:9b:b0:cf:
                    9d:61:e9:15:4a:98:bf:79:ab:96:67:04:c3:82:ed:
                    90:6b:27:de:49:f9:0e:ef:d0:b7:d5:8e:35:f4:56:
                    5b:6b:71:fd:cf:18:ee:09:3d:6a:37:d4:54:31:58:
                    8d:c7:3d:71:f5:9e:63:21:29:9c:ae:74:78:c9:5d:
                    d1:54:5b:0c:d3:42:68:ca:37:c9:af:ce:80:8b:6a:
                    fd:4e:4a:7c:a8:93:8d:1c:41:cd:e0:c8:cb:73:05:
                    e9:38:58:5f:a0:7c:ea:5c:74:05:4e:04:7a:d0:e8:
                    27:7c:cc:5d:be:95:7e:93:76:1e:2b:81:1e:c9:01:
                    a0:f6:a8:da:91:3d:98:14:73:c5:1b:ac:da:f3:7b:
                    44:ec:18:73:8b:e1:17:f3:b2:82:97:e0:47:ae:33:
                    7f:67:ad:7d:15:17:01:ca:6d:02:d3:0f:7a:b8:5a:
                    5b:b9:8d:89:75:a7:bb:e8:d1:1d:c4:d9:f9:d5:59:
                    8a:52:ce:17:e9:51:2c:97:d8:02:a5:f1:92:d3:b3:
                    f2:b8:ee:96:12:a8:8a:61:dd:d3:4b:86:d9:fb:ce:
                    b5:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:D8:8C:95:D2:85:92:58:1B:55:0F:FA:56:1A:A5:C1:BF:39:02:CD
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/69iMldKFklgbVQ_6Vhqlwb85As0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.42.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:d6:76:63:79:22:cc:bf:9a:71:14:c3:e2:20:ef:d6:26:9f:
         ae:de:04:65:11:99:67:1b:1a:9c:96:e1:bf:51:46:4f:40:69:
         65:15:97:1b:1c:2d:35:08:07:de:db:41:df:3e:77:8b:35:d4:
         67:48:05:95:11:f6:62:2a:78:49:d3:6b:10:20:e9:14:2d:44:
         27:19:07:b8:cb:19:7f:b3:f3:dc:d0:fe:a2:ce:e0:fd:47:7d:
         70:26:b8:c4:b3:24:ea:58:03:91:6b:a9:30:25:50:a0:cb:0c:
         28:24:f3:5e:32:85:2a:a2:d0:8a:00:6d:02:aa:65:5f:c4:45:
         26:6b:5d:e3:a4:87:be:94:6a:11:c4:f5:64:ff:63:6a:7b:61:
         19:f5:14:09:e8:38:7d:7e:56:6e:8b:97:04:dc:b7:9b:04:d1:
         6f:d4:1c:da:41:d2:ee:e1:59:d7:9f:37:a9:31:40:51:2e:da:
         bf:ab:49:47:8f:a2:13:57:0e:cf:09:6c:cb:8c:90:cc:b8:79:
         2e:07:8c:eb:f2:e5:26:e1:aa:0b:65:5b:d8:6e:ba:b6:7b:d8:
         d6:d5:aa:37:52:ab:64:6c:cd:91:84:5c:2b:7c:ee:9b:57:7e:
         f0:9d:77:3b:46:6d:75:79:40:fa:06:33:2c:4c:a7:9b:c8:a0:
         9c:57:50:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaK442azkamGNwRPjVev4nlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwNTAxMDgwODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmQ4OGM5NWQyODU5MjU4MWI1NTBmZmE1NjFhYTVjMWJmMzkwMmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP2iezoNS56XORPGlCNHF/0gUTVX
jzNl9ZCLqU4dWsEW/xhs8ukad/ibsM+dYekVSpi/eauWZwTDgu2QayfeSfkO79C3
1Y419FZba3H9zxjuCT1qN9RUMViNxz1x9Z5jISmcrnR4yV3RVFsM00JoyjfJr86A
i2r9Tkp8qJONHEHN4MjLcwXpOFhfoHzqXHQFTgR60OgnfMxdvpV+k3YeK4EeyQGg
9qjakT2YFHPFG6za83tE7Bhzi+EX87KCl+BHrjN/Z619FRcBym0C0w96uFpbuY2J
dae76NEdxNn51VmKUs4X6VEsl9gCpfGS07PyuO6WEqiKYd3TS4bZ+861EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOvYjJXShZJYG1UP+lYapcG/OQLNMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvNjlpTWxkS0ZrbGdiVlFfNlZocWx3Yjg1QXMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSoMMA0G
CSqGSIb3DQEBCwUAA4IBAQA11nZjeSLMv5pxFMPiIO/WJp+u3gRlEZlnGxqcluG/
UUZPQGllFZcbHC01CAfe20HfPneLNdRnSAWVEfZiKnhJ02sQIOkULUQnGQe4yxl/
s/Pc0P6izuD9R31wJrjEsyTqWAORa6kwJVCgywwoJPNeMoUqotCKAG0CqmVfxEUm
a13jpIe+lGoRxPVk/2Nqe2EZ9RQJ6Dh9flZui5cE3LebBNFv1BzaQdLu4VnXnzep
MUBRLtq/q0lHj6ITVw7PCWzLjJDMuHkuB4zr8uUm4aoLZVvYbrq2e9jW1ao3Uqtk
bM2RhFwrfO6bV37wnXc7Rm11eUD6BjMsTKebyKCcV1Bj
-----END CERTIFICATE-----