Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/VSqvmtQ6pZpTJn5GnGB2cPBAxjc.roa
File:                     VSqvmtQ6pZpTJn5GnGB2cPBAxjc.roa (raw, json)
Hash identifier:          V3EmoBO/ANsgeOVN92ooE6BZuj09dFR2IHy1+5rZUpM=
Subject key identifier:   55:2A:AF:9A:D4:3A:A5:9A:53:26:7E:46:9C:60:76:70:F0:40:C6:37
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0196862A243E65F9D31860CA426D89040E51
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/VSqvmtQ6pZpTJn5GnGB2cPBAxjc.roa
Signing time:             Wed 30 Apr 2025 10:07:10 +0000
ROA not before:           Wed 30 Apr 2025 10:07:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210974
IP address blocks:        212.193.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 20:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:86:2a:24:3e:65:f9:d3:18:60:ca:42:6d:89:04:0e:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Apr 30 10:07:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=552aaf9ad43aa59a53267e469c607670f040c637
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:72:cb:7c:8f:a5:6f:a3:5e:0d:90:a8:6a:04:
                    27:da:b2:41:b2:07:7f:51:de:ec:36:d7:96:fd:93:
                    e7:f2:b3:54:e6:fc:90:d1:18:f6:b4:92:6c:97:72:
                    61:ea:f5:09:7a:8a:bf:4a:a4:c7:be:10:95:b7:41:
                    50:51:c1:35:2f:9e:ff:69:2e:26:41:65:49:4b:a3:
                    9e:e3:04:34:b1:c8:4f:18:1c:92:c1:dc:c9:d2:b3:
                    6b:2d:3e:9d:c8:7b:fb:bf:85:67:d9:2c:f5:e1:aa:
                    aa:df:11:cb:79:e0:9c:7c:a1:bb:00:33:f8:5c:43:
                    d2:84:ec:0f:4e:75:d4:1b:f6:9c:be:38:7c:74:93:
                    fb:63:af:fe:7a:4d:fb:34:43:47:30:e8:f6:cb:25:
                    65:e3:e7:d1:bf:c1:41:b4:36:62:dc:5c:34:33:f6:
                    1a:74:8c:e4:d7:4f:95:8c:43:52:23:53:77:6c:f3:
                    7d:bb:17:2a:1a:9d:5e:e5:04:ac:f8:98:18:55:5f:
                    d5:ce:a0:fb:b4:9f:d3:8e:be:55:9a:54:e9:89:7f:
                    a0:d5:6f:03:d2:b3:6b:e2:b2:d6:fd:10:6d:1b:05:
                    b3:72:00:0d:b9:53:96:53:14:1c:f0:8a:6b:da:7a:
                    f0:da:f6:ac:e2:bd:57:c7:91:50:93:58:ac:c5:a4:
                    8d:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:2A:AF:9A:D4:3A:A5:9A:53:26:7E:46:9C:60:76:70:F0:40:C6:37
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/VSqvmtQ6pZpTJn5GnGB2cPBAxjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.193.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:1c:be:4f:2a:c5:69:f2:38:fa:c2:cf:02:7f:1b:6d:64:c6:
         34:3c:09:e1:a5:f9:99:bb:31:d8:e5:4f:e9:d4:1b:41:a4:ba:
         c7:26:ea:d6:65:63:6b:d1:a9:0d:91:f8:66:ca:0a:b9:41:0e:
         b9:05:f2:77:c7:51:5e:ab:77:68:94:5d:59:4c:be:00:16:d5:
         3e:d2:6b:18:8b:ef:41:ea:07:c2:81:01:ac:5f:9e:7f:85:b0:
         6e:d5:a7:b7:f0:e7:d0:90:a4:2f:b4:33:9f:7f:45:08:fb:7a:
         87:af:ab:7a:54:1e:4f:e5:76:22:10:c1:56:7a:00:a9:6c:59:
         69:55:ea:ef:e9:92:c7:d9:53:85:18:26:ee:07:d8:44:04:03:
         2d:11:81:52:ad:6a:47:94:66:db:37:5a:fb:d7:d1:b7:24:2f:
         93:00:73:91:b4:31:16:07:04:b7:8e:fd:bc:58:be:47:7c:d2:
         66:b1:e9:a0:d8:07:fb:4f:1e:60:55:8c:58:e4:b9:db:5e:26:
         61:ec:27:8f:0c:d0:74:0e:96:0f:55:28:87:47:99:76:a4:1e:
         7a:a9:02:9a:04:aa:ae:a9:4b:bd:6f:93:74:3d:9b:2c:0b:c4:
         1f:f2:5f:65:ca:1b:2d:19:f4:8d:bb:00:d9:a5:bd:ab:8f:db:
         ad:10:84:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaGKiQ+ZfnTGGDKQm2JBA5RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNDMwMTAwNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTJhYWY5YWQ0M2FhNTlhNTMyNjdlNDY5YzYwNzY3MGYwNDBjNjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHLLfI+lb6NeDZCoagQn2rJBsgd/
Ud7sNteW/ZPn8rNU5vyQ0Rj2tJJsl3Jh6vUJeoq/SqTHvhCVt0FQUcE1L57/aS4m
QWVJS6Oe4wQ0schPGBySwdzJ0rNrLT6dyHv7v4Vn2Sz14aqq3xHLeeCcfKG7ADP4
XEPShOwPTnXUG/acvjh8dJP7Y6/+ek37NENHMOj2yyVl4+fRv8FBtDZi3Fw0M/Ya
dIzk10+VjENSI1N3bPN9uxcqGp1e5QSs+JgYVV/VzqD7tJ/Tjr5VmlTpiX+g1W8D
0rNr4rLW/RBtGwWzcgANuVOWUxQc8Ipr2nrw2vas4r1Xx5FQk1isxaSNOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFUqr5rUOqWaUyZ+RpxgdnDwQMY3MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvVlNxdm10UTZwWnBUSm41R25HQjJjUEJBeGpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MEIMA0G
CSqGSIb3DQEBCwUAA4IBAQBNHL5PKsVp8jj6ws8CfxttZMY0PAnhpfmZuzHY5U/p
1BtBpLrHJurWZWNr0akNkfhmygq5QQ65BfJ3x1Feq3dolF1ZTL4AFtU+0msYi+9B
6gfCgQGsX55/hbBu1ae38OfQkKQvtDOff0UI+3qHr6t6VB5P5XYiEMFWegCpbFlp
Verv6ZLH2VOFGCbuB9hEBAMtEYFSrWpHlGbbN1r719G3JC+TAHORtDEWBwS3jv28
WL5HfNJmsemg2Af7Tx5gVYxY5LnbXiZh7CePDNB0DpYPVSiHR5l2pB56qQKaBKqu
qUu9b5N0PZssC8Qf8l9lyhstGfSNuwDZpb2rj9utEIQ9
-----END CERTIFICATE-----