Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nblGstlbC2rlH7-kYy2bXz1xzIY.roa
File:                     nblGstlbC2rlH7-kYy2bXz1xzIY.roa (raw, json)
Hash identifier:          GZzn5oNyR2+9CZkzNRsIhWGr/7h+BywfvvjYlrQwnzY=
Subject key identifier:   9D:B9:46:B2:D9:5B:0B:6A:E5:1F:BF:A4:63:2D:9B:5F:3D:71:CC:86
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01967B79A026B30A64D25B8C2BE8740A96AB
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nblGstlbC2rlH7-kYy2bXz1xzIY.roa
Signing time:             Mon 28 Apr 2025 08:18:10 +0000
ROA not before:           Mon 28 Apr 2025 08:18:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212609
IP address blocks:        193.124.206.0/24 maxlen: 24
                          195.58.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 20:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7b:79:a0:26:b3:0a:64:d2:5b:8c:2b:e8:74:0a:96:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Apr 28 08:18:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9db946b2d95b0b6ae51fbfa4632d9b5f3d71cc86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d5:9b:94:f4:42:3e:87:16:c1:67:41:66:8e:
                    65:a4:b9:ed:b7:b1:47:c0:1d:4d:5a:5b:23:10:72:
                    0d:2f:5c:e2:8f:bb:46:b6:06:46:d8:d2:4f:f8:b9:
                    43:38:4b:79:72:dd:16:5a:fb:44:e5:eb:ed:e4:45:
                    c7:85:3b:ac:1b:90:89:34:44:97:f0:2d:71:16:26:
                    c8:c0:2f:e8:1e:6c:92:c8:c0:ec:19:6c:a3:d9:ac:
                    ea:a7:5d:ce:d1:85:6a:92:58:f2:86:99:eb:04:54:
                    90:fb:32:17:2a:2b:b7:ca:c3:50:f3:7a:82:0b:31:
                    d1:47:e9:be:11:56:5e:9a:e3:1f:ca:fb:d6:fd:70:
                    54:e7:e9:4d:68:25:4d:f9:a2:61:ea:d1:68:08:66:
                    c7:24:fc:04:34:34:eb:4e:08:66:d1:dc:aa:fe:0e:
                    23:89:be:24:05:c8:3e:f3:cd:03:82:3d:4a:dd:6e:
                    01:8b:e5:4d:e3:bd:ea:41:4c:ce:ac:f5:b6:b5:ca:
                    d5:02:53:d0:7c:c4:cd:87:4d:ab:75:b4:74:9c:59:
                    24:29:12:66:e8:bf:84:ed:e2:ac:c0:5d:49:4f:d9:
                    d6:30:6f:90:b9:64:91:4d:46:0c:e6:6e:16:d8:a1:
                    5b:e6:eb:3b:c6:5c:6b:58:76:ff:56:19:27:d9:d9:
                    cf:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:B9:46:B2:D9:5B:0B:6A:E5:1F:BF:A4:63:2D:9B:5F:3D:71:CC:86
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nblGstlbC2rlH7-kYy2bXz1xzIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.206.0/24
                  195.58.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:21:98:c7:39:8a:99:fb:52:6e:53:49:22:83:fc:6f:e9:32:
         29:b5:47:f9:22:a5:e0:95:d0:11:e0:f4:f2:87:29:29:d9:5f:
         45:f0:a2:09:25:94:0f:b6:59:e6:dc:e2:ca:db:c2:e7:83:72:
         3c:c6:5f:9a:93:03:47:12:e0:7a:40:39:7c:3f:32:54:eb:55:
         91:9e:84:57:64:ad:f0:e5:32:1c:29:b5:d6:62:48:11:8c:98:
         02:88:62:2c:ab:a6:44:38:a6:02:e4:73:2d:03:ad:1f:8d:3f:
         83:42:69:44:b4:c8:67:bf:37:6d:21:b7:f9:db:3d:9d:31:ae:
         9f:f3:3a:34:8e:35:25:72:8a:38:11:4b:42:c8:1d:30:8c:9e:
         e9:54:57:b3:83:e2:34:79:55:68:08:f6:6f:99:e1:23:95:b3:
         96:8b:15:71:b6:cf:15:d7:50:0a:8c:1d:b0:5a:8e:81:62:74:
         4f:ad:29:3d:4f:76:d5:2e:79:42:b6:68:f0:2b:e3:39:f0:50:
         fc:d0:94:5b:7f:c0:80:1a:a5:fe:f4:47:cf:d8:53:61:0d:63:
         fc:8b:ba:96:06:da:05:21:75:af:e4:72:9d:ec:f4:98:b8:a9:
         c3:c2:b0:f3:ee:54:41:d5:20:08:0b:bb:fe:ed:cb:2f:db:86:
         5f:6c:b8:f0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZ7eaAmswpk0luMK+h0CparMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNDI4MDgxODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGI5NDZiMmQ5NWIwYjZhZTUxZmJmYTQ2MzJkOWI1ZjNkNzFjYzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstWblPRCPocWwWdBZo5lpLntt7FH
wB1NWlsjEHINL1zij7tGtgZG2NJP+LlDOEt5ct0WWvtE5evt5EXHhTusG5CJNESX
8C1xFibIwC/oHmySyMDsGWyj2azqp13O0YVqkljyhpnrBFSQ+zIXKiu3ysNQ83qC
CzHRR+m+EVZemuMfyvvW/XBU5+lNaCVN+aJh6tFoCGbHJPwENDTrTghm0dyq/g4j
ib4kBcg+880Dgj1K3W4Bi+VN473qQUzOrPW2tcrVAlPQfMTNh02rdbR0nFkkKRJm
6L+E7eKswF1JT9nWMG+QuWSRTUYM5m4W2KFb5us7xlxrWHb/Vhkn2dnPbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ25RrLZWwtq5R+/pGMtm189ccyGMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbmJsR3N0bGJDMnJsSDcta1l5MmJYejF4eklZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwXzOAwQA
wzohMA0GCSqGSIb3DQEBCwUAA4IBAQB0IZjHOYqZ+1JuU0kig/xv6TIptUf5IqXg
ldAR4PTyhykp2V9F8KIJJZQPtlnm3OLK28Lng3I8xl+akwNHEuB6QDl8PzJU61WR
noRXZK3w5TIcKbXWYkgRjJgCiGIsq6ZEOKYC5HMtA60fjT+DQmlEtMhnvzdtIbf5
2z2dMa6f8zo0jjUlcoo4EUtCyB0wjJ7pVFezg+I0eVVoCPZvmeEjlbOWixVxts8V
11AKjB2wWo6BYnRPrSk9T3bVLnlCtmjwK+M58FD80JRbf8CAGqX+9EfP2FNhDWP8
i7qWBtoFIXWv5HKd7PSYuKnDwrDz7lRB1SAIC7v+7csv24ZfbLjw
-----END CERTIFICATE-----