Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/web6aH6SUJNjjbw0DckMZnNkuXo.roa
File:                     web6aH6SUJNjjbw0DckMZnNkuXo.roa (raw, json)
Hash identifier:          b9fkXDSKha9rgpWw3m2SkS76LI99F4P6GS+cf1FA54Y=
Subject key identifier:   C1:E6:FA:68:7E:92:50:93:63:8D:BC:34:0D:C9:0C:66:73:64:B9:7A
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0199DCB8BCB1ED37C12E5E6761B0355C8E52
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/web6aH6SUJNjjbw0DckMZnNkuXo.roa
Signing time:             Mon 13 Oct 2025 08:38:38 +0000
ROA not before:           Mon 13 Oct 2025 08:38:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48678
IP address blocks:        212.192.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:dc:b8:bc:b1:ed:37:c1:2e:5e:67:61:b0:35:5c:8e:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Oct 13 08:38:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1e6fa687e925093638dbc340dc90c667364b97a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a0:13:af:b7:e1:3f:8e:d8:1d:a4:9c:07:fd:
                    24:3d:55:9e:0e:83:46:be:52:fe:3b:00:29:41:5d:
                    a2:89:14:f4:d8:db:5c:c7:95:c9:ac:4a:b0:20:6a:
                    a6:df:a4:94:bd:3d:d1:ee:50:37:66:a4:97:a7:cd:
                    bd:d7:ee:70:0b:4c:fc:67:ad:c8:d4:9b:90:c5:0c:
                    f7:b0:ef:e2:88:47:6d:87:cf:7e:03:ea:c4:3e:3f:
                    94:e7:b2:d9:bd:0f:10:88:e6:93:30:27:b8:20:dd:
                    81:64:87:a4:22:35:70:4c:80:d9:9e:41:cc:86:9c:
                    84:f8:8c:57:a3:89:b1:66:f3:0b:20:41:6f:4a:f7:
                    4a:4a:36:cf:ea:8d:4f:1e:69:95:03:08:be:fd:f1:
                    12:fe:e3:81:4b:e8:78:3a:e1:86:e2:54:b0:58:7e:
                    a4:af:88:65:5b:85:15:b5:21:59:d4:a9:fb:49:36:
                    46:d7:5b:b3:14:d2:53:ed:b2:f9:90:5a:eb:3f:0d:
                    b8:77:3b:16:f7:a9:10:d9:83:dd:67:bf:93:08:d6:
                    dd:64:d0:b8:06:9e:8a:22:d4:ca:3d:46:0f:e5:a7:
                    a3:d5:a9:35:9c:6e:2b:fc:c3:8a:8a:28:c6:d6:a7:
                    e2:6a:ec:13:69:47:1a:ba:3a:de:23:2d:85:b4:bd:
                    f8:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:E6:FA:68:7E:92:50:93:63:8D:BC:34:0D:C9:0C:66:73:64:B9:7A
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/web6aH6SUJNjjbw0DckMZnNkuXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:2b:c8:25:9d:f6:7b:1b:ca:49:f8:6f:3d:31:ce:b9:47:b4:
         e3:e7:26:76:c9:9d:cf:f9:88:e6:c8:9f:ea:59:05:82:d3:37:
         7a:07:82:48:67:76:36:d3:ed:90:2d:14:ff:a9:c2:ea:48:7b:
         02:b7:85:7a:15:32:cd:10:8a:86:e9:b0:85:77:2c:03:1f:51:
         40:ab:5f:d2:30:fd:3b:af:d2:9e:af:6e:1c:12:8d:5a:13:7b:
         29:0c:7a:c1:49:a4:24:4b:91:a5:01:d2:8f:db:1c:48:97:93:
         24:8c:17:94:fe:5a:2e:8a:bf:2d:09:fe:38:3e:2d:02:a1:10:
         d8:48:c9:a0:76:dc:4e:9d:95:62:dd:74:5e:0e:53:06:42:69:
         5f:e3:71:db:dc:fe:4b:10:b6:81:99:ac:db:48:9c:b5:62:41:
         7f:b8:de:71:bc:d6:7c:0e:39:ab:ce:c9:d4:7b:d0:45:81:f6:
         9c:52:3b:3d:dc:63:ef:cc:75:50:2a:64:d8:cc:ba:c6:f4:0c:
         53:41:28:77:6a:b8:e3:a8:75:02:f1:d9:dd:23:c9:f9:c7:3e:
         5c:77:a5:25:e9:a9:59:29:15:7b:56:51:7d:84:e0:e4:6f:c6:
         6e:0a:c8:42:a8:b7:ee:2d:9b:b6:98:0a:c6:ae:23:da:e0:4c:
         f2:1d:c5:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZncuLyx7TfBLl5nYbA1XI5SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUxMDEzMDgzODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWU2ZmE2ODdlOTI1MDkzNjM4ZGJjMzQwZGM5MGM2NjczNjRiOTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1KATr7fhP47YHaScB/0kPVWeDoNG
vlL+OwApQV2iiRT02Ntcx5XJrEqwIGqm36SUvT3R7lA3ZqSXp8291+5wC0z8Z63I
1JuQxQz3sO/iiEdth89+A+rEPj+U57LZvQ8QiOaTMCe4IN2BZIekIjVwTIDZnkHM
hpyE+IxXo4mxZvMLIEFvSvdKSjbP6o1PHmmVAwi+/fES/uOBS+h4OuGG4lSwWH6k
r4hlW4UVtSFZ1Kn7STZG11uzFNJT7bL5kFrrPw24dzsW96kQ2YPdZ7+TCNbdZNC4
Bp6KItTKPUYP5aej1ak1nG4r/MOKiijG1qfiauwTaUcaujreIy2FtL34QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMHm+mh+klCTY428NA3JDGZzZLl6MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvd2ViNmFINlNVSk5qamJ3MERja01abk5rdVhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MD8MA0G
CSqGSIb3DQEBCwUAA4IBAQAdK8glnfZ7G8pJ+G89Mc65R7Tj5yZ2yZ3P+YjmyJ/q
WQWC0zd6B4JIZ3Y20+2QLRT/qcLqSHsCt4V6FTLNEIqG6bCFdywDH1FAq1/SMP07
r9Ker24cEo1aE3spDHrBSaQkS5GlAdKP2xxIl5MkjBeU/louir8tCf44Pi0CoRDY
SMmgdtxOnZVi3XReDlMGQmlf43Hb3P5LELaBmazbSJy1YkF/uN5xvNZ8DjmrzsnU
e9BFgfacUjs93GPvzHVQKmTYzLrG9AxTQSh3arjjqHUC8dndI8n5xz5cd6Ul6alZ
KRV7VlF9hODkb8ZuCshCqLfuLZu2mArGriPa4EzyHcX+
-----END CERTIFICATE-----