Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/iPyY19uHgkMYGAWAMDHBLbfMjZA.roa
File:                     iPyY19uHgkMYGAWAMDHBLbfMjZA.roa (raw, json)
Hash identifier:          wGwPKPeKSnk3qEUiBNJ9xLHjl7O1N6ugdMFUPFqcS6w=
Subject key identifier:   88:FC:98:D7:DB:87:82:43:18:18:05:80:30:31:C1:2D:B7:CC:8D:90
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       01985CC2D47562F6803C385BB57575EEA801
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/iPyY19uHgkMYGAWAMDHBLbfMjZA.roa
Signing time:             Wed 30 Jul 2025 19:15:28 +0000
ROA not before:           Wed 30 Jul 2025 19:15:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41397
IP address blocks:        213.220.24.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 07:02:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5c:c2:d4:75:62:f6:80:3c:38:5b:b5:75:75:ee:a8:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Jul 30 19:15:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88fc98d7db878243181805803031c12db7cc8d90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:74:a7:3b:b2:4a:4d:50:09:27:35:f7:eb:2e:
                    62:77:97:fe:6c:a9:87:5d:54:2f:7b:6f:c3:05:f7:
                    f4:1b:a3:c7:0f:df:c0:7d:2a:80:fa:6d:15:a2:2a:
                    26:91:d3:2e:2e:9a:8f:19:b1:d5:18:0b:64:d2:03:
                    ce:4d:64:a3:7e:e5:41:3e:c9:47:bb:85:eb:f5:0b:
                    31:af:27:59:71:94:e5:e3:ab:70:d3:cc:47:81:13:
                    27:d9:48:1b:dc:ab:ca:c0:76:f1:1c:4f:49:16:90:
                    05:58:f4:29:71:d6:85:4a:13:79:f3:85:c0:db:a9:
                    85:7a:56:c9:48:fa:80:93:8a:ce:a2:99:01:08:3e:
                    64:99:b8:6e:04:cf:87:dc:20:b1:b1:94:f2:f5:49:
                    d0:97:cd:62:b4:f5:a3:06:5c:55:76:d9:95:a9:00:
                    5a:4a:8f:b2:25:22:64:dd:e2:1e:5f:ad:a4:95:47:
                    b2:6f:ca:53:35:c2:47:89:c7:33:37:76:45:8b:56:
                    71:e3:0d:3b:24:68:61:c6:f1:16:a6:e4:26:2b:5d:
                    5b:21:95:b0:96:de:4f:ed:7a:d2:f8:53:21:0e:97:
                    dd:f5:65:dc:3f:2e:3e:9b:06:91:b4:ed:2b:4e:57:
                    35:1e:8e:a3:85:b0:a8:d7:86:1d:2b:f7:b2:e7:dd:
                    4c:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:FC:98:D7:DB:87:82:43:18:18:05:80:30:31:C1:2D:B7:CC:8D:90
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/iPyY19uHgkMYGAWAMDHBLbfMjZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.220.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         36:52:8c:f4:66:d7:15:1b:0f:79:90:1f:92:fc:79:5e:74:fc:
         35:b8:3f:ac:12:7c:05:ef:bb:e2:8b:d3:be:fd:c6:3e:5f:46:
         09:ae:6a:b1:2a:80:56:fd:7e:75:21:52:b1:54:4f:c3:47:dd:
         ab:79:6b:6e:cf:c9:e6:f5:be:2a:f2:56:8d:50:33:33:8a:32:
         ed:58:5c:f4:d6:e2:84:72:83:76:e7:3d:10:ec:84:8b:36:d5:
         55:ca:f2:0d:75:1c:de:26:38:ec:8c:69:92:8d:d5:f5:6a:f9:
         9f:1a:9f:11:3f:ab:f5:50:09:a3:e5:21:75:6a:e0:19:43:eb:
         02:a1:6b:e0:c4:2e:8c:cb:e0:7b:e7:1f:4a:61:7d:be:02:82:
         c9:28:f6:d8:cc:21:4b:5b:dc:f0:a7:0d:70:e7:e6:11:b8:0d:
         d9:2c:1a:e9:02:5b:65:23:db:37:d0:cd:26:ad:31:c6:0b:a4:
         d8:15:6a:51:5d:1f:82:81:7c:c1:c6:90:53:36:44:b0:8b:bd:
         a1:5c:1a:7a:03:0d:05:2b:62:11:56:8d:e7:92:24:14:dc:38:
         3a:b5:33:07:f2:de:ab:c3:98:4e:a1:86:8e:db:cf:1d:74:c3:
         12:9f:d8:a8:0f:f3:c1:d4:d1:51:18:6a:f3:ea:88:64:fd:be:
         c6:46:ce:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhcwtR1YvaAPDhbtXV17qgBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjUwNzMwMTkxNTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGZjOThkN2RiODc4MjQzMTgxODA1ODAzMDMxYzEyZGI3Y2M4ZDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXSnO7JKTVAJJzX36y5id5f+bKmH
XVQve2/DBff0G6PHD9/AfSqA+m0VoiomkdMuLpqPGbHVGAtk0gPOTWSjfuVBPslH
u4Xr9QsxrydZcZTl46tw08xHgRMn2Ugb3KvKwHbxHE9JFpAFWPQpcdaFShN584XA
26mFelbJSPqAk4rOopkBCD5kmbhuBM+H3CCxsZTy9UnQl81itPWjBlxVdtmVqQBa
So+yJSJk3eIeX62klUeyb8pTNcJHicczN3ZFi1Zx4w07JGhhxvEWpuQmK11bIZWw
lt5P7XrS+FMhDpfd9WXcPy4+mwaRtO0rTlc1Ho6jhbCo14YdK/ey591M6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIj8mNfbh4JDGBgFgDAxwS23zI2QMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvaVB5WTE5dUhna01ZR0FXQU1ESEJMYmZNalpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD1dwYMA0G
CSqGSIb3DQEBCwUAA4IBAQA2Uoz0ZtcVGw95kB+S/HledPw1uD+sEnwF77vii9O+
/cY+X0YJrmqxKoBW/X51IVKxVE/DR92reWtuz8nm9b4q8laNUDMzijLtWFz01uKE
coN25z0Q7ISLNtVVyvINdRzeJjjsjGmSjdX1avmfGp8RP6v1UAmj5SF1auAZQ+sC
oWvgxC6My+B75x9KYX2+AoLJKPbYzCFLW9zwpw1w5+YRuA3ZLBrpAltlI9s30M0m
rTHGC6TYFWpRXR+CgXzBxpBTNkSwi72hXBp6Aw0FK2IRVo3nkiQU3Dg6tTMH8t6r
w5hOoYaO288ddMMSn9ioD/PB1NFRGGrz6ohk/b7GRs7B
-----END CERTIFICATE-----