Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/tRPDFQwkqeY70X00aJumJ-RrQBw.roa
File:                     tRPDFQwkqeY70X00aJumJ-RrQBw.roa (raw, json)
Hash identifier:          xE1IIp9t6Le0FK50+hsN7HGx6bGGBI6DRxHK2qYkXVY=
Subject key identifier:   B5:13:C3:15:0C:24:A9:E6:3B:D1:7D:34:68:9B:A6:27:E4:6B:40:1C
Certificate issuer:       /CN=a65046d85ecf201fbef51e8bea1c4ed33f95b268
Certificate serial:       0197A6D0A29CE0C6F73E405AD609A3E5AC5F
Authority key identifier: A6:50:46:D8:5E:CF:20:1F:BE:F5:1E:8B:EA:1C:4E:D3:3F:95:B2:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/plBG2F7PIB--9R6L6hxO0z-Vsmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/tRPDFQwkqeY70X00aJumJ-RrQBw.roa
Signing time:             Wed 25 Jun 2025 11:19:40 +0000
ROA not before:           Wed 25 Jun 2025 11:19:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     139352
IP address blocks:        194.35.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/plBG2F7PIB--9R6L6hxO0z-Vsmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/plBG2F7PIB--9R6L6hxO0z-Vsmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/plBG2F7PIB--9R6L6hxO0z-Vsmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 20:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a6:d0:a2:9c:e0:c6:f7:3e:40:5a:d6:09:a3:e5:ac:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a65046d85ecf201fbef51e8bea1c4ed33f95b268
        Validity
            Not Before: Jun 25 11:19:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b513c3150c24a9e63bd17d34689ba627e46b401c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b3:29:85:de:d6:a0:87:aa:c1:6e:8e:07:2f:
                    94:87:5d:67:85:90:04:62:40:2b:eb:ff:0d:de:33:
                    cd:bc:66:e6:44:ff:77:91:58:b7:ba:5f:00:70:cd:
                    b7:0c:d6:ae:df:93:21:e8:97:a9:94:5a:3e:df:be:
                    21:f9:70:7d:92:5f:55:c8:8f:b1:d0:3b:71:59:14:
                    af:ef:a6:60:02:7b:3a:5f:ad:3b:2f:ff:43:1c:9e:
                    04:9b:a1:2f:3f:b9:a6:a3:9c:2f:79:21:d9:4c:e1:
                    93:e4:fe:3b:04:5b:97:b0:48:98:d7:44:96:e6:f7:
                    47:93:af:20:34:22:95:76:2c:01:99:be:c2:99:35:
                    37:dd:be:66:ec:da:96:46:9a:67:08:b7:03:c2:62:
                    28:c5:48:60:e3:a6:18:c3:87:80:99:7a:7e:a1:9b:
                    d5:af:96:74:ab:ae:f2:60:ef:73:34:d7:e6:82:fc:
                    76:65:9e:fd:c2:a3:66:44:99:11:ee:db:a4:8b:44:
                    94:aa:56:77:76:d0:7c:ec:ce:73:30:f8:ff:b2:33:
                    b0:cf:16:3e:9e:2b:e5:79:64:eb:55:d0:8a:4c:03:
                    a0:80:60:96:36:7c:33:11:1a:22:d1:e2:58:3a:7e:
                    5e:48:33:d5:fe:dc:da:51:b1:18:e1:50:4a:28:45:
                    5c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:13:C3:15:0C:24:A9:E6:3B:D1:7D:34:68:9B:A6:27:E4:6B:40:1C
            X509v3 Authority Key Identifier:
                keyid:A6:50:46:D8:5E:CF:20:1F:BE:F5:1E:8B:EA:1C:4E:D3:3F:95:B2:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/plBG2F7PIB--9R6L6hxO0z-Vsmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/tRPDFQwkqeY70X00aJumJ-RrQBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/plBG2F7PIB--9R6L6hxO0z-Vsmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.35.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:b2:15:1d:f7:b8:15:b6:1b:e8:90:8b:d2:74:bb:96:b1:02:
         cf:31:4c:4b:a6:c1:5f:b0:1b:3f:ec:d3:bf:02:01:4b:54:55:
         42:b0:1f:15:cf:36:57:39:a8:4e:61:06:27:35:be:1e:a9:2b:
         64:1d:00:30:01:f3:56:d0:2c:8a:0d:51:1d:1e:ea:82:e7:d1:
         05:38:01:a3:65:65:d8:15:e0:43:54:b2:ee:65:cf:1b:07:51:
         38:8d:74:43:3c:22:70:eb:e2:42:56:0a:b8:88:83:d9:d5:fd:
         c5:58:f6:70:35:1a:c8:a2:1e:d5:9c:9b:28:38:03:a1:bb:0b:
         6d:86:33:6b:21:7b:9f:ba:7e:4d:d8:88:f4:6d:ec:6b:5f:8b:
         04:49:ed:1c:02:19:a7:e4:d6:df:dc:47:26:0e:8b:07:22:c0:
         d0:d1:b6:ce:52:94:d5:a9:e7:d3:e3:f3:dd:ac:25:b3:97:01:
         17:e2:d9:73:64:53:05:51:ff:3a:3f:9b:85:d6:a7:3d:8f:0e:
         1d:6b:7f:0e:19:b0:77:1d:db:65:40:af:48:06:63:c6:ba:bb:
         d2:78:37:95:83:fd:b0:28:03:97:32:7f:b5:c3:55:52:e8:67:
         73:6d:03:02:86:39:8a:4b:f3:2e:c6:bd:3f:2b:95:b5:5a:ab:
         4a:e1:a8:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZem0KKc4Mb3PkBa1gmj5axfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NTA0NmQ4NWVjZjIwMWZiZWY1MWU4YmVhMWM0ZWQzM2Y5
NWIyNjgwHhcNMjUwNjI1MTExOTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTEzYzMxNTBjMjRhOWU2M2JkMTdkMzQ2ODliYTYyN2U0NmI0MDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrMphd7WoIeqwW6OBy+Uh11nhZAE
YkAr6/8N3jPNvGbmRP93kVi3ul8AcM23DNau35Mh6JeplFo+374h+XB9kl9VyI+x
0DtxWRSv76ZgAns6X607L/9DHJ4Em6EvP7mmo5wveSHZTOGT5P47BFuXsEiY10SW
5vdHk68gNCKVdiwBmb7CmTU33b5m7NqWRppnCLcDwmIoxUhg46YYw4eAmXp+oZvV
r5Z0q67yYO9zNNfmgvx2ZZ79wqNmRJkR7tuki0SUqlZ3dtB87M5zMPj/sjOwzxY+
nivleWTrVdCKTAOggGCWNnwzERoi0eJYOn5eSDPV/tzaUbEY4VBKKEVcFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLUTwxUMJKnmO9F9NGibpifka0AcMB8GA1UdIwQY
MBaAFKZQRthezyAfvvUei+ocTtM/lbJoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGxCRzJGN1BJQi0tOVI2TDZoeE8wei1Wc21nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8zYmQ3YzEtODFmYS00NTUzLTg1MDUt
YmNjZDMyYWY5N2ZlLzEvdFJQREZRd2txZVk3MFgwMGFKdW1KLVJyUUJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8zYmQ3YzEtODFmYS00NTUzLTg1MDUtYmNjZDMyYWY5N2Zl
LzEvcGxCRzJGN1BJQi0tOVI2TDZoeE8wei1Wc21nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiMCMA0G
CSqGSIb3DQEBCwUAA4IBAQChshUd97gVthvokIvSdLuWsQLPMUxLpsFfsBs/7NO/
AgFLVFVCsB8VzzZXOahOYQYnNb4eqStkHQAwAfNW0CyKDVEdHuqC59EFOAGjZWXY
FeBDVLLuZc8bB1E4jXRDPCJw6+JCVgq4iIPZ1f3FWPZwNRrIoh7VnJsoOAOhuwtt
hjNrIXufun5N2Ij0bexrX4sESe0cAhmn5Nbf3EcmDosHIsDQ0bbOUpTVqefT4/Pd
rCWzlwEX4tlzZFMFUf86P5uF1qc9jw4da38OGbB3HdtlQK9IBmPGurvSeDeVg/2w
KAOXMn+1w1VS6GdzbQMChjmKS/Muxr0/K5W1WqtK4ag8
-----END CERTIFICATE-----