Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/doIm_1tbKApab33mGSoFaDnmqlI.roa
File:                     doIm_1tbKApab33mGSoFaDnmqlI.roa (raw, json)
Hash identifier:          yG1rjHGms3Y4ob3k6LkksisO+gPpDRkWL2+eqc5PO8o=
Subject key identifier:   76:82:26:FF:5B:5B:28:0A:5A:6F:7D:E6:19:2A:05:68:39:E6:AA:52
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01965BBFFBB3167F3653EBB3179F0ABA5A74
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/doIm_1tbKApab33mGSoFaDnmqlI.roa
Signing time:             Tue 22 Apr 2025 04:27:10 +0000
ROA not before:           Tue 22 Apr 2025 04:27:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202656
IP address blocks:        195.133.37.0/24 maxlen: 24
                          212.193.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5b:bf:fb:b3:16:7f:36:53:eb:b3:17:9f:0a:ba:5a:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Apr 22 04:27:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=768226ff5b5b280a5a6f7de6192a056839e6aa52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d5:ef:cc:ae:36:68:1b:d3:09:80:5f:c9:f1:
                    a6:05:ac:ee:20:df:ed:34:6b:0d:ce:d4:2d:f8:f5:
                    b8:67:5a:f2:33:d1:23:b8:79:85:ff:d0:d5:ef:78:
                    1c:30:31:3e:b8:5a:af:d9:00:b9:da:64:2f:46:70:
                    6e:fc:ad:0f:89:2f:13:88:c7:a9:98:3d:c8:dc:bd:
                    c1:cd:03:4a:eb:15:d9:0f:82:f1:88:20:dd:9e:2b:
                    de:13:00:0e:21:40:84:40:c8:f4:d8:19:67:86:e2:
                    e2:dc:7a:1c:cd:de:7d:2e:b9:f3:ed:84:94:c8:64:
                    e1:f6:14:f8:9e:8f:27:29:f6:0f:de:71:8a:6d:02:
                    52:c0:42:2b:7b:62:74:28:86:34:2b:77:b3:0c:4b:
                    8e:56:04:1d:01:e1:93:00:d1:18:c3:42:8b:76:3c:
                    ea:69:e5:8e:30:a2:59:1d:2b:af:7e:05:ba:1f:e4:
                    7e:67:1b:4e:41:c0:93:b9:17:bb:bb:1a:f9:1a:e1:
                    69:b1:db:c7:5b:40:15:9a:d5:0b:82:a6:8b:34:0e:
                    74:36:e6:b9:4e:59:ff:a5:f6:79:6c:37:35:7a:a6:
                    2f:cb:d3:e4:ff:76:60:d1:1b:65:a2:b9:8b:9a:f4:
                    64:60:37:06:90:7a:49:c9:33:7c:78:8a:16:4a:d7:
                    37:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:82:26:FF:5B:5B:28:0A:5A:6F:7D:E6:19:2A:05:68:39:E6:AA:52
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/doIm_1tbKApab33mGSoFaDnmqlI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.37.0/24
                  212.193.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:34:37:61:6c:e6:11:29:9d:1c:38:0a:2e:99:5a:24:49:f0:
         ee:14:c2:a0:d6:f7:b7:b1:c7:6a:b9:1b:d4:84:48:b3:0e:e3:
         3b:87:63:ea:1d:52:76:60:32:d1:42:e9:ac:1f:ba:48:d3:60:
         28:80:5d:ba:fb:78:eb:ed:ec:4a:ab:3f:ba:8e:12:84:89:7d:
         64:f8:13:26:3f:49:2b:d4:cf:f1:39:c6:74:35:8f:e2:1e:89:
         bf:5f:f2:48:30:f6:75:e8:4b:03:6b:68:a7:22:e1:6a:30:3b:
         05:f0:fc:ef:ea:26:69:de:12:56:ef:16:a7:c7:f6:de:a0:cb:
         d5:4a:e3:74:5e:4c:a7:7c:ef:7f:6c:9e:5b:b5:7f:82:be:ce:
         b4:8a:fb:70:15:83:eb:43:fe:35:ef:da:ac:34:03:d4:fb:c4:
         71:af:4a:c8:2f:8c:8d:8b:ba:2a:83:44:ee:bd:b0:4a:0e:85:
         8e:12:41:ef:3f:84:39:8e:28:22:63:1a:cc:c9:10:dd:05:fb:
         54:4e:5b:0e:90:51:9f:61:8b:d0:0e:a5:cb:df:6c:3e:5e:ec:
         97:de:1b:56:bd:5b:63:ed:49:51:90:62:ca:e1:00:f6:54:0e:
         76:a6:ab:58:ed:f7:1d:1a:6d:4f:82:9c:50:e2:f2:5c:97:b5:
         b7:f6:e3:12
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZbv/uzFn82U+uzF58Kulp0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNDIyMDQyNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjgyMjZmZjViNWIyODBhNWE2ZjdkZTYxOTJhMDU2ODM5ZTZhYTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdXvzK42aBvTCYBfyfGmBazuIN/t
NGsNztQt+PW4Z1ryM9EjuHmF/9DV73gcMDE+uFqv2QC52mQvRnBu/K0PiS8TiMep
mD3I3L3BzQNK6xXZD4LxiCDdniveEwAOIUCEQMj02BlnhuLi3Hoczd59Lrnz7YSU
yGTh9hT4no8nKfYP3nGKbQJSwEIre2J0KIY0K3ezDEuOVgQdAeGTANEYw0KLdjzq
aeWOMKJZHSuvfgW6H+R+ZxtOQcCTuRe7uxr5GuFpsdvHW0AVmtULgqaLNA50Nua5
Tln/pfZ5bDc1eqYvy9Pk/3Zg0RtlormLmvRkYDcGkHpJyTN8eIoWStc36QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHaCJv9bWygKWm995hkqBWg55qpSMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZG9JbV8xdGJLQXBhYjMzbUdTb0ZhRG5tcWxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw4UlAwQA
1MELMA0GCSqGSIb3DQEBCwUAA4IBAQAqNDdhbOYRKZ0cOAoumVokSfDuFMKg1ve3
scdquRvUhEizDuM7h2PqHVJ2YDLRQumsH7pI02AogF26+3jr7exKqz+6jhKEiX1k
+BMmP0kr1M/xOcZ0NY/iHom/X/JIMPZ16EsDa2inIuFqMDsF8Pzv6iZp3hJW7xan
x/beoMvVSuN0XkynfO9/bJ5btX+Cvs60ivtwFYPrQ/4179qsNAPU+8Rxr0rIL4yN
i7oqg0TuvbBKDoWOEkHvP4Q5jigiYxrMyRDdBftUTlsOkFGfYYvQDqXL32w+XuyX
3htWvVtj7UlRkGLK4QD2VA52pqtY7fcdGm1PgpxQ4vJcl7W39uMS
-----END CERTIFICATE-----