Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/IzY3hBc9dplU60ltzFYrtaLdQVM.roa
File:                     IzY3hBc9dplU60ltzFYrtaLdQVM.roa (raw, json)
Hash identifier:          oWyFSqLRdDQLHe1B9vzDpFM/h/LlBXpLreUihDrqVEg=
Subject key identifier:   23:36:37:84:17:3D:76:99:54:EB:49:6D:CC:56:2B:B5:A2:DD:41:53
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       019763FF7EE531ECC615B2EB0632050367D9
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/IzY3hBc9dplU60ltzFYrtaLdQVM.roa
Signing time:             Thu 12 Jun 2025 11:56:17 +0000
ROA not before:           Thu 12 Jun 2025 11:56:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395793
IP address blocks:        195.114.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 17:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:63:ff:7e:e5:31:ec:c6:15:b2:eb:06:32:05:03:67:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Jun 12 11:56:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23363784173d769954eb496dcc562bb5a2dd4153
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:48:62:f0:16:96:9d:41:da:3e:71:1e:02:5a:
                    b1:d2:98:f3:bd:a8:98:bd:ca:cb:be:1b:18:28:3a:
                    b2:2c:47:9f:1a:c0:a5:73:08:3e:06:c0:04:25:db:
                    98:df:da:6b:44:cb:15:0c:7c:87:0d:78:04:6a:49:
                    5b:46:80:3d:8f:6e:63:ed:ad:43:bf:24:eb:e5:49:
                    5b:79:c7:4c:f8:ac:4d:bc:c3:14:b6:a9:3c:b6:56:
                    21:18:30:ae:c6:82:c2:5c:6a:33:90:c6:f1:49:74:
                    cb:2b:0f:b1:5c:68:c4:01:fa:d6:f2:c6:99:66:76:
                    23:8b:91:81:df:d5:e0:1c:c4:eb:63:bc:55:31:e2:
                    fa:5b:e4:03:e2:0f:3e:57:e5:2d:62:85:1c:de:27:
                    95:24:0d:13:ba:94:a2:b7:ef:eb:f8:e0:92:74:a9:
                    43:8d:68:7c:5e:e6:e6:63:c6:b7:6d:70:4f:6d:05:
                    c2:97:90:34:3c:77:bf:32:8d:87:7a:5e:24:72:a9:
                    41:d7:60:cc:b4:61:27:9a:23:0e:f2:9b:81:2c:e0:
                    e3:9b:14:2b:28:3b:eb:ad:57:99:da:d4:fe:4e:d2:
                    0d:85:c8:97:3b:8f:99:2b:f7:29:fc:b8:56:1c:cd:
                    2b:ad:e5:bd:15:0e:5b:f2:6e:65:55:5e:9d:74:a6:
                    86:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:36:37:84:17:3D:76:99:54:EB:49:6D:CC:56:2B:B5:A2:DD:41:53
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/IzY3hBc9dplU60ltzFYrtaLdQVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:9a:66:33:a7:f1:ff:45:fb:d1:94:91:dc:05:51:6f:4d:0a:
         c1:00:9a:01:02:31:59:9a:14:83:1f:ac:53:a5:f5:5f:f0:72:
         3d:17:88:7c:14:68:06:08:b7:3f:ac:a0:33:f7:2f:9d:a3:ca:
         b3:b5:c1:11:38:54:e2:60:88:5a:f5:b3:34:16:19:b3:d6:29:
         20:d6:4b:00:1a:e8:17:7a:23:c5:20:29:a1:45:f8:d8:f5:ec:
         53:ba:e9:83:4e:60:e4:9c:71:57:58:6a:f7:b4:2f:25:2e:aa:
         58:6d:53:27:0d:65:94:a1:05:27:9d:44:93:a6:d5:5d:5f:f6:
         c7:d2:a4:93:e1:ae:9e:a2:c7:64:86:ed:6c:9e:dc:de:3c:e4:
         ea:e5:21:2e:ae:81:2c:ef:b7:15:f9:cf:c3:62:df:74:13:c4:
         18:1c:9d:ef:c1:9a:ca:7a:ca:29:f9:07:a3:15:8c:c0:41:16:
         14:46:8b:67:8e:66:e9:ff:aa:f8:76:2d:44:fa:67:85:83:15:
         63:08:79:11:d6:8e:84:d4:1e:65:5f:b9:18:33:8c:25:e9:c9:
         e2:b5:64:18:7e:fb:65:6a:88:28:4e:79:c5:56:e4:fa:d7:62:
         c6:07:16:46:a6:93:b8:8f:5d:b6:32:d5:eb:d5:6c:8b:4d:ed:
         54:37:17:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdj/37lMezGFbLrBjIFA2fZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjUwNjEyMTE1NjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzM2Mzc4NDE3M2Q3Njk5NTRlYjQ5NmRjYzU2MmJiNWEyZGQ0MTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4khi8BaWnUHaPnEeAlqx0pjzvaiY
vcrLvhsYKDqyLEefGsClcwg+BsAEJduY39prRMsVDHyHDXgEaklbRoA9j25j7a1D
vyTr5UlbecdM+KxNvMMUtqk8tlYhGDCuxoLCXGozkMbxSXTLKw+xXGjEAfrW8saZ
ZnYji5GB39XgHMTrY7xVMeL6W+QD4g8+V+UtYoUc3ieVJA0TupSit+/r+OCSdKlD
jWh8XubmY8a3bXBPbQXCl5A0PHe/Mo2Hel4kcqlB12DMtGEnmiMO8puBLODjmxQr
KDvrrVeZ2tT+TtINhciXO4+ZK/cp/LhWHM0rreW9FQ5b8m5lVV6ddKaGlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCM2N4QXPXaZVOtJbcxWK7Wi3UFTMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvSXpZM2hCYzlkcGxVNjBsdHpGWXJ0YUxkUVZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3LHMA0G
CSqGSIb3DQEBCwUAA4IBAQCqmmYzp/H/RfvRlJHcBVFvTQrBAJoBAjFZmhSDH6xT
pfVf8HI9F4h8FGgGCLc/rKAz9y+do8qztcEROFTiYIha9bM0Fhmz1ikg1ksAGugX
eiPFICmhRfjY9exTuumDTmDknHFXWGr3tC8lLqpYbVMnDWWUoQUnnUSTptVdX/bH
0qST4a6eosdkhu1sntzePOTq5SEuroEs77cV+c/DYt90E8QYHJ3vwZrKesop+Qej
FYzAQRYURotnjmbp/6r4di1E+meFgxVjCHkR1o6E1B5lX7kYM4wl6cnitWQYfvtl
aogoTnnFVuT612LGBxZGppO4j122MtXr1WyLTe1UNxfq
-----END CERTIFICATE-----