Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/x4LhbXiFTN7daChnJgCtow-XhtE.roa
File:                     x4LhbXiFTN7daChnJgCtow-XhtE.roa (raw, json)
Hash identifier:          MXQ+kH3f8ts9MIdlObwM7YOZGXMXlE78i2/SuVkck6s=
Subject key identifier:   C7:82:E1:6D:78:85:4C:DE:DD:68:28:67:26:00:AD:A3:0F:97:86:D1
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0199338BA5725B60864F182DCE0209266087
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/x4LhbXiFTN7daChnJgCtow-XhtE.roa
Signing time:             Wed 10 Sep 2025 12:13:33 +0000
ROA not before:           Wed 10 Sep 2025 12:13:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213999
IP address blocks:        193.124.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:33:8b:a5:72:5b:60:86:4f:18:2d:ce:02:09:26:60:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Sep 10 12:13:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c782e16d78854cdedd6828672600ada30f9786d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a6:b2:bc:c4:f3:8a:2b:60:42:34:62:6b:0e:
                    a4:64:13:ac:9e:48:fc:88:f9:56:f3:13:ba:04:66:
                    72:9d:15:6f:62:86:4e:6d:be:60:8d:f0:31:c5:1a:
                    66:ee:66:41:64:fc:37:72:2d:71:8c:29:30:9d:e2:
                    81:86:9e:3b:ef:e1:5c:b2:27:51:04:19:5c:f2:15:
                    14:bb:cc:76:56:91:1a:ef:8d:6c:aa:c3:95:64:c1:
                    89:99:c2:1d:64:41:30:fc:38:c3:71:05:68:d5:2f:
                    93:89:25:b7:85:83:11:ad:9a:50:de:0c:0b:32:66:
                    85:da:a8:7d:19:6e:66:dd:32:98:e9:43:6a:d4:eb:
                    cd:2c:b1:51:3c:06:b2:5b:b0:53:b4:98:10:ee:7c:
                    3d:bb:e1:2e:f0:c8:cb:c4:0e:92:e9:a6:d0:50:c4:
                    84:c8:f7:48:d7:06:6d:2e:b4:ff:5c:d4:b0:2b:70:
                    74:80:06:88:dc:56:f7:15:3e:fb:56:cb:21:51:14:
                    2e:3e:fd:d1:c0:ed:c1:93:f8:f1:01:ae:12:a9:09:
                    d1:4a:08:e1:d1:f0:76:6c:4d:2b:2e:a3:72:cc:43:
                    41:ec:53:e3:a1:2f:0c:dd:17:b4:4b:04:a3:2e:37:
                    c5:9d:2c:ea:b5:c2:ba:ca:fd:f2:62:be:04:f6:20:
                    84:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:82:E1:6D:78:85:4C:DE:DD:68:28:67:26:00:AD:A3:0F:97:86:D1
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/x4LhbXiFTN7daChnJgCtow-XhtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:c5:f2:97:09:75:12:03:20:49:9d:e4:91:1b:1f:29:a2:63:
         f7:09:74:05:0b:b8:88:7f:39:8c:0f:be:d4:47:bf:19:2f:f8:
         42:e6:2e:f3:17:f8:01:74:92:00:db:b6:da:69:4d:8a:14:96:
         6f:b9:d2:7b:12:7b:67:2a:fd:81:bd:b4:18:c5:a8:13:cd:12:
         c0:91:14:35:9b:e6:f7:64:ad:23:57:70:7b:b3:5d:6e:bd:78:
         8a:f2:b7:c5:bc:76:93:e4:2d:1a:ba:19:c9:64:26:8e:3a:5a:
         a4:80:43:6b:90:1d:50:fd:31:5a:19:a4:23:7a:a8:9b:cb:77:
         ef:31:13:2b:c5:be:3f:ca:dc:f6:0f:6e:16:3f:df:c7:e5:87:
         0a:7f:71:8a:50:37:c7:30:00:67:5c:5e:6f:2d:92:f8:1d:cd:
         4a:34:e9:08:68:1a:8e:f6:a9:65:97:56:e7:b7:47:8b:01:d3:
         85:a5:b8:b4:b2:48:18:9c:01:70:86:2d:42:e7:3c:c3:35:a3:
         0e:7e:91:d8:71:81:29:fe:ea:56:7e:3c:d7:bd:62:d3:c8:cb:
         79:ce:3e:41:1c:bb:a4:f4:19:c3:d4:53:04:57:72:40:ed:93:
         02:ff:0c:b1:aa:6a:fe:56:70:04:d7:10:57:bf:1a:28:54:01:
         18:b4:4a:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkzi6VyW2CGTxgtzgIJJmCHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwOTEwMTIxMzMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzgyZTE2ZDc4ODU0Y2RlZGQ2ODI4NjcyNjAwYWRhMzBmOTc4NmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKayvMTziitgQjRiaw6kZBOsnkj8
iPlW8xO6BGZynRVvYoZObb5gjfAxxRpm7mZBZPw3ci1xjCkwneKBhp477+FcsidR
BBlc8hUUu8x2VpEa741sqsOVZMGJmcIdZEEw/DjDcQVo1S+TiSW3hYMRrZpQ3gwL
MmaF2qh9GW5m3TKY6UNq1OvNLLFRPAayW7BTtJgQ7nw9u+Eu8MjLxA6S6abQUMSE
yPdI1wZtLrT/XNSwK3B0gAaI3Fb3FT77VsshURQuPv3RwO3Bk/jxAa4SqQnRSgjh
0fB2bE0rLqNyzENB7FPjoS8M3Re0SwSjLjfFnSzqtcK6yv3yYr4E9iCEewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMeC4W14hUze3WgoZyYAraMPl4bRMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEveDRMaGJYaUZUTjdkYUNobkpnQ3Rvdy1YaHRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXyFMA0G
CSqGSIb3DQEBCwUAA4IBAQAOxfKXCXUSAyBJneSRGx8pomP3CXQFC7iIfzmMD77U
R78ZL/hC5i7zF/gBdJIA27baaU2KFJZvudJ7EntnKv2BvbQYxagTzRLAkRQ1m+b3
ZK0jV3B7s11uvXiK8rfFvHaT5C0auhnJZCaOOlqkgENrkB1Q/TFaGaQjeqiby3fv
MRMrxb4/ytz2D24WP9/H5YcKf3GKUDfHMABnXF5vLZL4Hc1KNOkIaBqO9qlll1bn
t0eLAdOFpbi0skgYnAFwhi1C5zzDNaMOfpHYcYEp/upWfjzXvWLTyMt5zj5BHLuk
9BnD1FMEV3JA7ZMC/wyxqmr+VnAE1xBXvxooVAEYtEoV
-----END CERTIFICATE-----