Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/yFiLrhokP9h2_epAPsvUA_gobK4.roa
File:                     yFiLrhokP9h2_epAPsvUA_gobK4.roa (raw, json)
Hash identifier:          gbRoAOzMw0kVl+szacSA0XCuE6/HUSUXeKueaTQoyEg=
Subject key identifier:   C8:58:8B:AE:1A:24:3F:D8:76:FD:EA:40:3E:CB:D4:03:F8:28:6C:AE
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0199385BAC058BF5FD8EE1172B7EB851B431
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/yFiLrhokP9h2_epAPsvUA_gobK4.roa
Signing time:             Thu 11 Sep 2025 10:39:15 +0000
ROA not before:           Thu 11 Sep 2025 10:39:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209847
IP address blocks:        195.133.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:38:5b:ac:05:8b:f5:fd:8e:e1:17:2b:7e:b8:51:b4:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Sep 11 10:39:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8588bae1a243fd876fdea403ecbd403f8286cae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:5c:36:b4:53:bd:b5:4d:41:1d:c3:a2:09:fe:
                    2b:cd:3c:07:f8:22:55:d6:77:2f:0e:91:fe:ea:cd:
                    ed:f3:8f:78:e0:96:d3:35:a0:fa:15:1a:62:b2:71:
                    10:19:3b:79:9e:e2:7c:2c:35:73:db:0b:7e:1f:98:
                    9e:08:1d:8c:55:92:04:16:84:56:84:1c:d9:71:ca:
                    7c:94:de:f2:4d:d5:5b:30:d6:11:cf:22:c4:6b:72:
                    8e:d9:78:6a:b8:91:07:1d:fd:dc:e3:cb:9c:26:39:
                    43:72:d6:ab:5e:fb:2f:68:be:d7:67:b7:6f:c2:e4:
                    15:e9:b7:9e:24:20:7e:43:5e:2c:83:21:80:87:0c:
                    cd:cc:ba:4b:8b:6b:1f:1c:b3:0c:c6:d0:67:79:79:
                    81:46:bd:0e:8b:de:3c:46:ea:16:d9:8a:fe:40:c5:
                    07:81:4a:ae:a6:73:32:1f:31:ff:47:20:f9:43:09:
                    b7:df:38:ca:55:65:4e:8a:15:f0:45:de:c7:83:2b:
                    a1:2f:ac:fd:02:6d:b2:bb:be:4e:8e:96:c1:d5:ce:
                    93:11:1f:43:4e:7c:ee:78:2d:7d:1d:53:7d:8a:03:
                    d4:fc:8e:3a:69:a2:34:fb:f0:53:25:4c:06:20:3c:
                    7f:39:80:94:e9:8c:53:eb:01:22:89:1a:1d:16:b7:
                    28:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:58:8B:AE:1A:24:3F:D8:76:FD:EA:40:3E:CB:D4:03:F8:28:6C:AE
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/yFiLrhokP9h2_epAPsvUA_gobK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:ea:53:7e:a4:bc:c9:27:28:9e:bc:c8:a7:9e:cf:42:39:1e:
         ca:9f:56:52:9d:f3:23:80:eb:8e:57:aa:26:73:39:1d:4b:f7:
         66:db:b7:bb:fc:0d:48:49:d2:9d:20:45:6e:34:5a:b1:79:2e:
         bf:32:45:87:da:bf:ea:d2:39:1b:74:e4:12:f4:5e:cb:42:30:
         02:f2:34:db:9e:ae:f8:00:b5:e6:e8:2f:89:79:72:79:71:d6:
         b5:af:fe:d0:37:27:df:a4:11:59:c4:b9:f4:9d:b7:ff:a0:21:
         f0:10:ac:1c:fa:bf:9e:4c:1d:a4:7a:9a:8b:78:75:38:8a:51:
         cf:80:1e:d2:d4:d9:d5:4d:27:8c:cb:93:17:e5:97:ff:7f:44:
         b6:21:f0:2a:f9:2d:5f:7e:e0:a9:ec:76:0a:a9:57:e8:a0:3d:
         3f:36:a8:3a:97:6e:47:13:aa:43:b5:34:e8:e2:56:03:66:22:
         33:61:34:8f:1d:59:85:ca:1b:1f:98:64:07:d3:c6:d1:33:16:
         66:3d:bf:91:6f:00:6b:49:6a:9a:4f:b0:72:a5:64:f1:cd:96:
         7d:54:16:53:5a:6d:76:63:ab:6b:5e:e1:6e:73:a5:d1:71:dd:
         3e:af:7a:ac:49:07:70:cc:c7:70:cd:c0:e0:4f:17:49:e0:63:
         f4:7c:da:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk4W6wFi/X9juEXK364UbQxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwOTExMTAzOTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODU4OGJhZTFhMjQzZmQ4NzZmZGVhNDAzZWNiZDQwM2Y4Mjg2Y2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVw2tFO9tU1BHcOiCf4rzTwH+CJV
1ncvDpH+6s3t84944JbTNaD6FRpisnEQGTt5nuJ8LDVz2wt+H5ieCB2MVZIEFoRW
hBzZccp8lN7yTdVbMNYRzyLEa3KO2XhquJEHHf3c48ucJjlDctarXvsvaL7XZ7dv
wuQV6beeJCB+Q14sgyGAhwzNzLpLi2sfHLMMxtBneXmBRr0Oi948RuoW2Yr+QMUH
gUqupnMyHzH/RyD5Qwm33zjKVWVOihXwRd7HgyuhL6z9Am2yu75OjpbB1c6TER9D
TnzueC19HVN9igPU/I46aaI0+/BTJUwGIDx/OYCU6YxT6wEiiRodFrcoDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMhYi64aJD/Ydv3qQD7L1AP4KGyuMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEveUZpTHJob2tQOWgyX2VwQVBzdlVBX2dvYks0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4UAMA0G
CSqGSIb3DQEBCwUAA4IBAQBW6lN+pLzJJyievMinns9COR7Kn1ZSnfMjgOuOV6om
czkdS/dm27e7/A1ISdKdIEVuNFqxeS6/MkWH2r/q0jkbdOQS9F7LQjAC8jTbnq74
ALXm6C+JeXJ5cda1r/7QNyffpBFZxLn0nbf/oCHwEKwc+r+eTB2kepqLeHU4ilHP
gB7S1NnVTSeMy5MX5Zf/f0S2IfAq+S1ffuCp7HYKqVfooD0/Nqg6l25HE6pDtTTo
4lYDZiIzYTSPHVmFyhsfmGQH08bRMxZmPb+RbwBrSWqaT7BypWTxzZZ9VBZTWm12
Y6trXuFuc6XRcd0+r3qsSQdwzMdwzcDgTxdJ4GP0fNoO
-----END CERTIFICATE-----