Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/7ICukJCno7wPTI4Opav3OulQGYc.roa
File:                     7ICukJCno7wPTI4Opav3OulQGYc.roa (raw, json)
Hash identifier:          PA3kdCy1zhkZxeXYzpSwNS8Lc6gO1aAMaHcDwAB/zlk=
Subject key identifier:   EC:80:AE:90:90:A7:A3:BC:0F:4C:8E:0E:A5:AB:F7:3A:E9:50:19:87
Certificate issuer:       /CN=a65046d85ecf201fbef51e8bea1c4ed33f95b268
Certificate serial:       01977D3C5E5CBC93DDB04A571C9592B8FE4E
Authority key identifier: A6:50:46:D8:5E:CF:20:1F:BE:F5:1E:8B:EA:1C:4E:D3:3F:95:B2:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/plBG2F7PIB--9R6L6hxO0z-Vsmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/7ICukJCno7wPTI4Opav3OulQGYc.roa
Signing time:             Tue 17 Jun 2025 09:33:17 +0000
ROA not before:           Tue 17 Jun 2025 09:33:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137268
IP address blocks:        194.35.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/plBG2F7PIB--9R6L6hxO0z-Vsmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/plBG2F7PIB--9R6L6hxO0z-Vsmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/plBG2F7PIB--9R6L6hxO0z-Vsmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 14:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7d:3c:5e:5c:bc:93:dd:b0:4a:57:1c:95:92:b8:fe:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a65046d85ecf201fbef51e8bea1c4ed33f95b268
        Validity
            Not Before: Jun 17 09:33:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec80ae9090a7a3bc0f4c8e0ea5abf73ae9501987
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:05:83:5b:77:e2:96:c7:bc:05:55:4b:7b:b0:
                    2a:9f:37:d1:54:30:bd:dd:2e:c5:d1:56:ae:97:f3:
                    ed:9e:a6:21:2e:10:8b:b0:79:fe:b0:d1:8a:00:1d:
                    3f:1a:6d:f1:e9:d3:d7:86:e7:64:cb:7c:d8:39:e6:
                    c7:b7:68:79:ff:29:2a:73:66:39:d6:ab:05:c5:17:
                    e1:d7:34:34:50:08:20:8d:ef:e4:bc:87:d7:b4:89:
                    d0:a2:29:e6:7a:db:7e:08:fc:0c:5e:9b:06:02:0e:
                    9f:3f:da:ac:c8:53:4e:ed:56:95:fe:06:f1:27:2b:
                    9e:dc:07:fd:76:5e:6b:9c:41:30:3c:8a:9d:7f:71:
                    c1:ec:19:a6:1d:e4:a1:73:6f:4a:26:92:1d:02:36:
                    b0:15:14:b8:8a:df:72:19:85:32:2c:0d:9c:0c:4f:
                    fa:e1:1f:71:96:32:a5:61:fe:45:c7:e7:35:23:57:
                    a0:66:ea:6f:cc:91:a7:49:7a:e9:f3:fa:6d:3e:48:
                    ee:56:4b:76:20:e1:d8:2c:24:e2:07:1a:a5:65:62:
                    45:d1:40:4a:c1:c8:47:3f:2f:ba:7a:ca:11:15:dc:
                    db:19:7d:d6:83:db:2c:1d:ab:0b:e9:51:84:32:5d:
                    72:9c:7a:af:f2:ae:6f:be:a1:7b:a9:13:13:ff:c1:
                    6c:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:80:AE:90:90:A7:A3:BC:0F:4C:8E:0E:A5:AB:F7:3A:E9:50:19:87
            X509v3 Authority Key Identifier:
                keyid:A6:50:46:D8:5E:CF:20:1F:BE:F5:1E:8B:EA:1C:4E:D3:3F:95:B2:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/plBG2F7PIB--9R6L6hxO0z-Vsmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/7ICukJCno7wPTI4Opav3OulQGYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/plBG2F7PIB--9R6L6hxO0z-Vsmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.35.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:3a:9f:2a:03:c2:89:be:7a:24:8e:20:c2:6f:70:6f:b5:a7:
         cf:9c:0a:44:42:6b:ec:cb:da:ac:88:11:13:e5:3b:92:ef:13:
         5a:1c:a5:5b:88:1b:ce:7d:de:a2:f9:0b:35:f2:f7:ca:98:ef:
         56:57:98:46:5e:63:a0:54:1c:56:b5:27:bd:3c:ce:97:7c:c8:
         7c:bf:65:c8:ba:89:b3:ff:cf:8b:d5:43:e6:50:ef:8a:8f:a0:
         67:ae:d4:40:91:05:75:13:8d:8f:3d:82:f8:6a:02:38:0d:3b:
         f3:1a:7b:74:78:49:1c:6c:4d:c1:00:f4:c6:c1:b4:a0:ec:c7:
         40:38:32:92:ec:dd:e3:ef:48:81:e4:02:6b:f4:10:44:e3:97:
         eb:d5:81:34:b5:f3:c8:bc:e3:da:6d:e4:86:59:fb:6d:e3:0f:
         0d:3c:27:10:30:c9:46:33:f3:3d:7a:7b:f5:1a:77:c1:a4:8e:
         9b:d5:b3:8f:97:70:9a:aa:17:34:29:8d:d2:90:dd:8b:ff:db:
         7b:6d:60:5f:6e:c7:0d:be:ec:23:f0:4c:b8:e0:72:15:02:a0:
         30:40:d7:3e:74:78:71:f6:f5:18:72:e2:cd:01:46:85:b9:81:
         dd:69:93:bc:55:b9:fa:02:d2:39:27:66:79:76:a6:e5:5a:14:
         9a:61:ce:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd9PF5cvJPdsEpXHJWSuP5OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NTA0NmQ4NWVjZjIwMWZiZWY1MWU4YmVhMWM0ZWQzM2Y5
NWIyNjgwHhcNMjUwNjE3MDkzMzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzgwYWU5MDkwYTdhM2JjMGY0YzhlMGVhNWFiZjczYWU5NTAxOTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgWDW3filse8BVVLe7AqnzfRVDC9
3S7F0Vaul/PtnqYhLhCLsHn+sNGKAB0/Gm3x6dPXhudky3zYOebHt2h5/ykqc2Y5
1qsFxRfh1zQ0UAggje/kvIfXtInQoinmett+CPwMXpsGAg6fP9qsyFNO7VaV/gbx
Jyue3Af9dl5rnEEwPIqdf3HB7BmmHeShc29KJpIdAjawFRS4it9yGYUyLA2cDE/6
4R9xljKlYf5Fx+c1I1egZupvzJGnSXrp8/ptPkjuVkt2IOHYLCTiBxqlZWJF0UBK
wchHPy+6esoRFdzbGX3Wg9ssHasL6VGEMl1ynHqv8q5vvqF7qRMT/8FsawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOyArpCQp6O8D0yODqWr9zrpUBmHMB8GA1UdIwQY
MBaAFKZQRthezyAfvvUei+ocTtM/lbJoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGxCRzJGN1BJQi0tOVI2TDZoeE8wei1Wc21nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8zYmQ3YzEtODFmYS00NTUzLTg1MDUt
YmNjZDMyYWY5N2ZlLzEvN0lDdWtKQ25vN3dQVEk0T3BhdjNPdWxRR1ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8zYmQ3YzEtODFmYS00NTUzLTg1MDUtYmNjZDMyYWY5N2Zl
LzEvcGxCRzJGN1BJQi0tOVI2TDZoeE8wei1Wc21nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiMGMA0G
CSqGSIb3DQEBCwUAA4IBAQB7Op8qA8KJvnokjiDCb3BvtafPnApEQmvsy9qsiBET
5TuS7xNaHKVbiBvOfd6i+Qs18vfKmO9WV5hGXmOgVBxWtSe9PM6XfMh8v2XIuomz
/8+L1UPmUO+Kj6BnrtRAkQV1E42PPYL4agI4DTvzGnt0eEkcbE3BAPTGwbSg7MdA
ODKS7N3j70iB5AJr9BBE45fr1YE0tfPIvOPabeSGWftt4w8NPCcQMMlGM/M9env1
GnfBpI6b1bOPl3Caqhc0KY3SkN2L/9t7bWBfbscNvuwj8Ey44HIVAqAwQNc+dHhx
9vUYcuLNAUaFuYHdaZO8Vbn6AtI5J2Z5dqblWhSaYc5T
-----END CERTIFICATE-----