Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/G9he2vHd4pB3kczbVGnk37Z_Bjg.roa
File:                     G9he2vHd4pB3kczbVGnk37Z_Bjg.roa (raw, json)
Hash identifier:          nr8M1NPpTM3ncssC9OcHG/nQKa704xiTiVWLChhjXIY=
Subject key identifier:   1B:D8:5E:DA:F1:DD:E2:90:77:91:CC:DB:54:69:E4:DF:B6:7F:06:38
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       01972AB55139DA1D7CFAB476403DD7225AE9
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/G9he2vHd4pB3kczbVGnk37Z_Bjg.roa
Signing time:             Sun 01 Jun 2025 08:56:54 +0000
ROA not before:           Sun 01 Jun 2025 08:56:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216341
IP address blocks:        80.64.18.0/24 maxlen: 24
                          80.64.19.0/24 maxlen: 24
                          185.39.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Jun 2025 01:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:2a:b5:51:39:da:1d:7c:fa:b4:76:40:3d:d7:22:5a:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jun  1 08:56:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1bd85edaf1dde2907791ccdb5469e4dfb67f0638
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:5b:56:e1:54:d2:43:30:d6:1d:92:aa:41:4e:
                    9f:2f:57:e6:df:ec:7e:52:72:7e:7c:37:7d:b4:ba:
                    57:35:02:4b:56:6d:73:8f:32:06:b1:1f:b7:06:cb:
                    40:52:c6:30:9e:dc:21:29:e9:6c:ae:48:e0:d9:02:
                    7c:1f:c3:b3:2b:b9:40:c6:92:47:18:23:3c:04:7d:
                    09:d7:38:99:96:d7:41:8f:34:d9:2b:94:aa:d0:f0:
                    79:db:9d:f9:73:ea:a6:03:c1:2b:de:c9:08:2a:b5:
                    39:7c:cd:88:ad:87:2e:ba:1c:82:ee:f6:1d:ab:1c:
                    d1:63:4c:d9:70:60:09:94:05:d2:c3:4e:65:36:55:
                    f9:4b:fb:c5:77:ae:72:0c:0c:0b:1d:ca:08:ae:14:
                    79:b9:44:cf:b2:48:27:4e:a7:3d:30:d5:ed:4a:94:
                    7b:32:1c:e1:5e:cf:dd:e3:4d:d6:c9:ee:80:62:86:
                    1f:dc:b7:42:01:47:dc:03:bb:c9:65:8f:2c:b6:f7:
                    94:58:17:e4:8c:43:e9:dc:54:de:40:1e:c3:95:2b:
                    15:3d:f6:43:c7:67:cb:1b:58:6b:de:56:63:e3:7b:
                    d9:e1:78:d0:76:bf:9b:56:50:64:48:24:35:66:81:
                    05:60:c0:42:81:b4:0b:21:6b:9e:97:17:33:61:86:
                    b3:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:D8:5E:DA:F1:DD:E2:90:77:91:CC:DB:54:69:E4:DF:B6:7F:06:38
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/G9he2vHd4pB3kczbVGnk37Z_Bjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.64.18.0/23
                  185.39.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:1e:fc:0d:52:c4:b8:23:ab:54:8f:7a:ef:2f:51:f6:67:7a:
         99:03:f6:36:5e:69:a6:39:8b:55:ee:04:21:ff:c2:b7:33:f3:
         15:87:d2:fa:d7:c7:17:27:08:0b:78:28:48:b8:32:45:d3:6a:
         04:90:7f:1f:e1:58:3c:22:c8:60:14:f4:12:9e:91:52:56:94:
         ff:93:a2:dc:95:db:af:69:72:37:c5:dc:91:d6:45:23:46:aa:
         d4:89:1a:e6:e2:2e:26:b7:5d:7d:68:01:8d:aa:26:af:89:44:
         74:94:75:94:d3:cb:81:4e:b3:68:7d:24:70:a2:c0:49:04:7b:
         c4:38:bf:0e:5d:00:80:83:0f:a0:ae:ed:17:ba:f8:c4:5e:3c:
         3d:23:7a:72:c2:b0:b1:42:02:16:cd:6a:3b:4b:63:53:16:cd:
         88:9d:d8:1a:32:fa:4d:2c:25:71:00:69:45:a1:50:43:a3:ae:
         90:58:40:42:1e:27:5e:26:c2:09:65:76:85:47:d9:33:a8:c8:
         f5:ea:0e:50:44:49:e5:e5:78:5c:f9:7b:83:f0:00:8b:c4:49:
         67:6b:62:5d:8b:01:04:e5:25:67:80:6b:da:4f:97:aa:f7:56:
         6f:eb:ad:c0:dd:75:c7:84:4f:44:73:f4:97:86:66:73:50:41:
         db:86:26:55
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcqtVE52h18+rR2QD3XIlrpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwNjAxMDg1NjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmQ4NWVkYWYxZGRlMjkwNzc5MWNjZGI1NDY5ZTRkZmI2N2YwNjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArltW4VTSQzDWHZKqQU6fL1fm3+x+
UnJ+fDd9tLpXNQJLVm1zjzIGsR+3BstAUsYwntwhKelsrkjg2QJ8H8OzK7lAxpJH
GCM8BH0J1ziZltdBjzTZK5Sq0PB52535c+qmA8Er3skIKrU5fM2IrYcuuhyC7vYd
qxzRY0zZcGAJlAXSw05lNlX5S/vFd65yDAwLHcoIrhR5uUTPskgnTqc9MNXtSpR7
MhzhXs/d403Wye6AYoYf3LdCAUfcA7vJZY8stveUWBfkjEPp3FTeQB7DlSsVPfZD
x2fLG1hr3lZj43vZ4XjQdr+bVlBkSCQ1ZoEFYMBCgbQLIWuelxczYYazKwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBvYXtrx3eKQd5HM21Rp5N+2fwY4MB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvRzloZTJ2SGQ0cEIza2N6YlZHbmszN1pfQmpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUEASAwQA
uScTMA0GCSqGSIb3DQEBCwUAA4IBAQApHvwNUsS4I6tUj3rvL1H2Z3qZA/Y2Xmmm
OYtV7gQh/8K3M/MVh9L618cXJwgLeChIuDJF02oEkH8f4Vg8IshgFPQSnpFSVpT/
k6LclduvaXI3xdyR1kUjRqrUiRrm4i4mt119aAGNqiaviUR0lHWU08uBTrNofSRw
osBJBHvEOL8OXQCAgw+gru0XuvjEXjw9I3pywrCxQgIWzWo7S2NTFs2IndgaMvpN
LCVxAGlFoVBDo66QWEBCHideJsIJZXaFR9kzqMj16g5QREnl5Xhc+XuD8ACLxEln
a2JdiwEE5SVngGvaT5eq91Zv663A3XXHhE9Ec/SXhmZzUEHbhiZV
-----END CERTIFICATE-----