Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/09d137-477b-4efe-a3d3-4b23956fbd86/1/67A2CgJxemu3UONyMlCVAtsKdlY.roa
File:                     67A2CgJxemu3UONyMlCVAtsKdlY.roa (raw, json)
Hash identifier:          xvBw7mNRlOl8XFOFSPthYphIDW4EGlwFC4zOhUwlCv8=
Subject key identifier:   EB:B0:36:0A:02:71:7A:6B:B7:50:E3:72:32:50:95:02:DB:0A:76:56
Certificate issuer:       /CN=db9d197fbbee2a1dccb4f55722a8210d3105b042
Certificate serial:       0196D34FE40D07ACEB963EF6412447682DE3
Authority key identifier: DB:9D:19:7F:BB:EE:2A:1D:CC:B4:F5:57:22:A8:21:0D:31:05:B0:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/250Zf7vuKh3MtPVXIqghDTEFsEI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/09d137-477b-4efe-a3d3-4b23956fbd86/1/67A2CgJxemu3UONyMlCVAtsKdlY.roa
Signing time:             Thu 15 May 2025 09:39:10 +0000
ROA not before:           Thu 15 May 2025 09:39:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35120
IP address blocks:        81.3.194.0/24 maxlen: 24
                          81.3.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/09d137-477b-4efe-a3d3-4b23956fbd86/1/250Zf7vuKh3MtPVXIqghDTEFsEI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/09d137-477b-4efe-a3d3-4b23956fbd86/1/250Zf7vuKh3MtPVXIqghDTEFsEI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/250Zf7vuKh3MtPVXIqghDTEFsEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 18:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d3:4f:e4:0d:07:ac:eb:96:3e:f6:41:24:47:68:2d:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db9d197fbbee2a1dccb4f55722a8210d3105b042
        Validity
            Not Before: May 15 09:39:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ebb0360a02717a6bb750e37232509502db0a7656
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:2c:4e:21:c0:a5:46:2b:93:5e:10:7f:a4:33:
                    21:08:50:fd:81:1d:4c:86:48:44:1e:e4:46:0f:41:
                    4d:e8:5e:21:0e:f7:62:2e:a5:8f:26:6d:21:51:3a:
                    64:fa:f7:b6:53:b9:d8:de:53:a4:17:b8:82:c9:46:
                    ae:e8:06:7f:6a:37:a5:99:18:2d:21:06:53:cf:53:
                    ea:bf:c0:3f:d4:4e:ad:05:9f:19:91:ba:85:78:b1:
                    19:b1:4a:39:44:43:42:ec:51:c9:cb:d2:93:3f:3a:
                    66:df:13:e0:47:92:07:bb:7e:0e:77:c8:74:30:2b:
                    ae:cf:86:50:85:32:19:3c:81:d0:10:62:54:6e:0b:
                    56:81:43:b1:2c:8c:73:c2:40:78:7e:6f:6e:ab:8f:
                    fa:f0:ac:e2:0b:74:cd:4b:1e:40:5e:ec:6d:00:ae:
                    ab:ea:f8:1c:bb:99:00:5e:e9:d8:e8:21:58:01:b8:
                    4f:78:17:6f:6d:71:d3:d8:db:3e:94:3f:13:48:b1:
                    87:70:59:f2:39:9d:cc:c9:0f:a3:59:5d:25:32:96:
                    a9:9a:b6:41:58:e7:bc:4e:94:ec:99:83:ec:fc:f2:
                    ed:8a:c3:4c:b1:53:66:1a:13:f6:d5:cd:2a:e1:69:
                    3c:7e:16:bf:01:1b:0c:ac:9c:73:45:4f:df:12:e7:
                    3e:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:B0:36:0A:02:71:7A:6B:B7:50:E3:72:32:50:95:02:DB:0A:76:56
            X509v3 Authority Key Identifier:
                keyid:DB:9D:19:7F:BB:EE:2A:1D:CC:B4:F5:57:22:A8:21:0D:31:05:B0:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/250Zf7vuKh3MtPVXIqghDTEFsEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/09d137-477b-4efe-a3d3-4b23956fbd86/1/67A2CgJxemu3UONyMlCVAtsKdlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/09d137-477b-4efe-a3d3-4b23956fbd86/1/250Zf7vuKh3MtPVXIqghDTEFsEI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.3.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         58:4b:ae:dd:53:7d:e7:bd:69:52:5c:a0:de:b5:f3:25:9e:e2:
         ad:ec:da:bb:58:c8:5b:57:6a:a2:4a:1e:2a:21:76:44:1d:c2:
         51:24:7c:43:6a:ca:01:a0:9b:a1:c8:72:a4:12:b5:1e:2f:1e:
         53:b9:c6:11:34:71:37:dc:40:2a:b3:9a:bb:70:5d:7a:b4:ce:
         c4:23:f4:39:8b:48:ad:47:4c:51:77:b0:4c:20:f0:2a:2d:d6:
         27:14:af:e0:00:89:2f:a0:83:1a:c6:57:48:3f:52:ef:2e:37:
         38:f7:13:53:d6:1a:9a:e1:3c:14:c5:07:0a:ed:ed:3c:fe:a9:
         89:92:67:5a:bb:52:d6:9b:13:cb:a8:1d:e6:26:52:d8:fe:5e:
         39:27:df:19:fd:7d:51:d9:a2:b0:48:f0:90:dc:6c:89:53:b0:
         82:3f:a1:50:a9:07:ca:a0:eb:50:24:91:20:ab:4e:06:d0:4c:
         13:86:91:74:02:03:01:c5:c1:38:d7:4f:0f:b7:6d:61:6b:0d:
         67:fa:6f:63:e0:bc:4d:62:2c:86:4e:3c:d2:ce:c1:90:fd:69:
         82:35:bb:11:05:a4:32:6c:bd:fc:bd:02:c5:69:d7:f3:8d:7a:
         83:d4:55:f9:07:76:f1:f5:a6:8f:bf:cd:12:6e:e1:ee:db:91:
         b8:72:a8:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbTT+QNB6zrlj72QSRHaC3jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiOWQxOTdmYmJlZTJhMWRjY2I0ZjU1NzIyYTgyMTBkMzEw
NWIwNDIwHhcNMjUwNTE1MDkzOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmIwMzYwYTAyNzE3YTZiYjc1MGUzNzIzMjUwOTUwMmRiMGE3NjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtixOIcClRiuTXhB/pDMhCFD9gR1M
hkhEHuRGD0FN6F4hDvdiLqWPJm0hUTpk+ve2U7nY3lOkF7iCyUau6AZ/ajelmRgt
IQZTz1Pqv8A/1E6tBZ8ZkbqFeLEZsUo5RENC7FHJy9KTPzpm3xPgR5IHu34Od8h0
MCuuz4ZQhTIZPIHQEGJUbgtWgUOxLIxzwkB4fm9uq4/68KziC3TNSx5AXuxtAK6r
6vgcu5kAXunY6CFYAbhPeBdvbXHT2Ns+lD8TSLGHcFnyOZ3MyQ+jWV0lMpapmrZB
WOe8TpTsmYPs/PLtisNMsVNmGhP21c0q4Wk8fha/ARsMrJxzRU/fEuc+9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOuwNgoCcXprt1DjcjJQlQLbCnZWMB8GA1UdIwQY
MBaAFNudGX+77iodzLT1VyKoIQ0xBbBCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjUwWmY3dnVLaDNNdFBWWElxZ2hEVEVGc0VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8wOWQxMzctNDc3Yi00ZWZlLWEzZDMt
NGIyMzk1NmZiZDg2LzEvNjdBMkNnSnhlbXUzVU9OeU1sQ1ZBdHNLZGxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8wOWQxMzctNDc3Yi00ZWZlLWEzZDMtNGIyMzk1NmZiZDg2
LzEvMjUwWmY3dnVLaDNNdFBWWElxZ2hEVEVGc0VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUQPCMA0G
CSqGSIb3DQEBCwUAA4IBAQBYS67dU33nvWlSXKDetfMlnuKt7Nq7WMhbV2qiSh4q
IXZEHcJRJHxDasoBoJuhyHKkErUeLx5TucYRNHE33EAqs5q7cF16tM7EI/Q5i0it
R0xRd7BMIPAqLdYnFK/gAIkvoIMaxldIP1LvLjc49xNT1hqa4TwUxQcK7e08/qmJ
kmdau1LWmxPLqB3mJlLY/l45J98Z/X1R2aKwSPCQ3GyJU7CCP6FQqQfKoOtQJJEg
q04G0EwThpF0AgMBxcE4108Pt21haw1n+m9j4LxNYiyGTjzSzsGQ/WmCNbsRBaQy
bL38vQLFadfzjXqD1FX5B3bx9aaPv80SbuHu25G4cqj+
-----END CERTIFICATE-----