Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/4ff275-6892-4690-8f68-30d4c5729146/1/aRt1vYt8aGjm4T2P_cchcqkhKi4.roa
File:                     aRt1vYt8aGjm4T2P_cchcqkhKi4.roa (raw, json)
Hash identifier:          akOfuFfDuYlZDl5i1xYQCB4WC7oFit9P5KLda+bnyYw=
Subject key identifier:   69:1B:75:BD:8B:7C:68:68:E6:E1:3D:8F:FD:C7:21:72:A9:21:2A:2E
Certificate issuer:       /CN=52d0046320bd2b3137428b99ccc34b184a06acaa
Certificate serial:       0197A6951FFE3DFCDB6E442B0FC3618744C1
Authority key identifier: 52:D0:04:63:20:BD:2B:31:37:42:8B:99:CC:C3:4B:18:4A:06:AC:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UtAEYyC9KzE3QouZzMNLGEoGrKo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/4ff275-6892-4690-8f68-30d4c5729146/1/aRt1vYt8aGjm4T2P_cchcqkhKi4.roa
Signing time:             Wed 25 Jun 2025 10:14:40 +0000
ROA not before:           Wed 25 Jun 2025 10:14:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216060
IP address blocks:        195.22.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/4ff275-6892-4690-8f68-30d4c5729146/1/UtAEYyC9KzE3QouZzMNLGEoGrKo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/4ff275-6892-4690-8f68-30d4c5729146/1/UtAEYyC9KzE3QouZzMNLGEoGrKo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UtAEYyC9KzE3QouZzMNLGEoGrKo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a6:95:1f:fe:3d:fc:db:6e:44:2b:0f:c3:61:87:44:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52d0046320bd2b3137428b99ccc34b184a06acaa
        Validity
            Not Before: Jun 25 10:14:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=691b75bd8b7c6868e6e13d8ffdc72172a9212a2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:81:b9:ad:ea:72:b5:14:9e:65:bc:f6:4b:be:
                    90:36:57:43:86:53:7e:a3:5e:18:58:df:59:15:e8:
                    7f:18:5a:d7:08:8d:71:97:af:15:88:ab:2d:3d:28:
                    66:4a:9d:40:ad:7b:6d:2c:7f:89:17:08:3c:4b:0b:
                    0e:bc:d2:8e:b9:18:d3:d0:2e:94:f6:7e:80:26:2b:
                    9c:22:7d:23:f0:1f:40:6c:b1:22:cb:07:1e:96:67:
                    8b:d5:4e:77:83:a0:9a:b8:8b:8c:3e:03:08:ea:4a:
                    2f:6d:ef:81:f1:9d:d8:d8:dd:71:41:31:88:59:5c:
                    b3:e5:2b:d9:7a:5b:8b:0d:17:61:88:20:ce:ae:21:
                    83:c1:46:a3:a0:09:18:e1:9c:fe:83:ba:04:57:00:
                    af:8d:ba:62:39:db:98:c8:27:ea:46:29:13:04:a2:
                    2a:3c:fd:50:61:f3:e8:30:e9:97:dd:bb:f9:c8:53:
                    33:73:fe:dd:4d:93:0b:04:b1:45:cc:3f:d4:fb:8e:
                    86:e0:0f:fa:14:df:e0:7b:3e:8c:5a:c7:6e:20:ff:
                    f7:c7:e6:b8:48:31:f2:de:ab:f4:5e:f0:2d:cc:b3:
                    11:3c:8d:42:11:1f:96:85:40:9f:cc:73:0c:8b:6a:
                    40:1a:6e:9b:5b:85:eb:9c:15:51:0a:de:e8:d8:5e:
                    af:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:1B:75:BD:8B:7C:68:68:E6:E1:3D:8F:FD:C7:21:72:A9:21:2A:2E
            X509v3 Authority Key Identifier:
                keyid:52:D0:04:63:20:BD:2B:31:37:42:8B:99:CC:C3:4B:18:4A:06:AC:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UtAEYyC9KzE3QouZzMNLGEoGrKo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/4ff275-6892-4690-8f68-30d4c5729146/1/aRt1vYt8aGjm4T2P_cchcqkhKi4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/4ff275-6892-4690-8f68-30d4c5729146/1/UtAEYyC9KzE3QouZzMNLGEoGrKo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.22.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:db:b4:ea:88:96:3c:3b:94:63:14:31:97:10:d4:7b:65:79:
         4f:fa:44:c0:d8:1b:bc:81:b2:b2:b9:45:4f:88:75:57:23:41:
         56:e6:50:b6:67:f0:38:20:ad:ca:4a:74:07:7a:3d:8b:8b:5c:
         53:7e:81:a0:cf:03:00:37:68:80:b4:78:c8:ea:ab:73:dc:55:
         4c:f0:6e:ab:0d:e9:68:9f:51:68:fa:66:b1:b3:66:87:91:71:
         45:6f:ad:69:cc:63:1c:14:63:18:46:c7:10:40:40:8b:20:22:
         22:96:eb:7c:79:07:46:95:10:d1:b1:1f:f6:65:d4:be:c9:2e:
         41:22:f6:8d:8e:a3:35:a7:ef:c8:e8:91:c1:70:d9:c8:6e:f3:
         15:3b:7f:af:fb:69:84:6d:c9:58:fc:a6:e6:17:9d:64:eb:94:
         ac:8e:49:c0:1e:47:a2:d6:b0:51:96:3f:34:d2:08:5a:f4:33:
         03:1d:3b:81:9f:2b:ff:80:a7:f6:82:7e:2f:cf:44:1f:88:3a:
         6a:36:ee:53:93:72:f4:1d:36:0c:f2:97:29:74:dc:6a:79:66:
         07:31:e9:37:e6:6e:4a:94:87:af:71:5d:ca:71:b2:14:f9:61:
         9d:ea:ef:ca:9e:06:d5:0e:70:13:73:6c:c2:51:d3:e0:e5:1a:
         c9:a9:9e:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZemlR/+PfzbbkQrD8Nhh0TBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZDAwNDYzMjBiZDJiMzEzNzQyOGI5OWNjYzM0YjE4NGEw
NmFjYWEwHhcNMjUwNjI1MTAxNDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTFiNzViZDhiN2M2ODY4ZTZlMTNkOGZmZGM3MjE3MmE5MjEyYTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiIG5repytRSeZbz2S76QNldDhlN+
o14YWN9ZFeh/GFrXCI1xl68ViKstPShmSp1ArXttLH+JFwg8SwsOvNKOuRjT0C6U
9n6AJiucIn0j8B9AbLEiywcelmeL1U53g6CauIuMPgMI6kovbe+B8Z3Y2N1xQTGI
WVyz5SvZeluLDRdhiCDOriGDwUajoAkY4Zz+g7oEVwCvjbpiOduYyCfqRikTBKIq
PP1QYfPoMOmX3bv5yFMzc/7dTZMLBLFFzD/U+46G4A/6FN/gez6MWsduIP/3x+a4
SDHy3qv0XvAtzLMRPI1CER+WhUCfzHMMi2pAGm6bW4XrnBVRCt7o2F6v/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGkbdb2LfGho5uE9j/3HIXKpISouMB8GA1UdIwQY
MBaAFFLQBGMgvSsxN0KLmczDSxhKBqyqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXRBRVl5QzlLekUzUW91WnpNTkxHRW9HcktvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi80ZmYyNzUtNjg5Mi00NjkwLThmNjgt
MzBkNGM1NzI5MTQ2LzEvYVJ0MXZZdDhhR2ptNFQyUF9jY2hjcWtoS2k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi80ZmYyNzUtNjg5Mi00NjkwLThmNjgtMzBkNGM1NzI5MTQ2
LzEvVXRBRVl5QzlLekUzUW91WnpNTkxHRW9HcktvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxaTMA0G
CSqGSIb3DQEBCwUAA4IBAQCF27TqiJY8O5RjFDGXENR7ZXlP+kTA2Bu8gbKyuUVP
iHVXI0FW5lC2Z/A4IK3KSnQHej2Li1xTfoGgzwMAN2iAtHjI6qtz3FVM8G6rDelo
n1Fo+maxs2aHkXFFb61pzGMcFGMYRscQQECLICIilut8eQdGlRDRsR/2ZdS+yS5B
IvaNjqM1p+/I6JHBcNnIbvMVO3+v+2mEbclY/KbmF51k65SsjknAHkei1rBRlj80
0gha9DMDHTuBnyv/gKf2gn4vz0QfiDpqNu5Tk3L0HTYM8pcpdNxqeWYHMek35m5K
lIevcV3KcbIU+WGd6u/KngbVDnATc2zCUdPg5RrJqZ6j
-----END CERTIFICATE-----