Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/NI2TKci7WqCqy8kg5iraylXHZzQ.roa
File:                     NI2TKci7WqCqy8kg5iraylXHZzQ.roa (raw, json)
Hash identifier:          FBDYKoklGjXkJ0zMlLJAVAFso/2nr98wz98/NBCBllg=
Subject key identifier:   34:8D:93:29:C8:BB:5A:A0:AA:CB:C9:20:E6:2A:DA:CA:55:C7:67:34
Certificate issuer:       /CN=3f3bf511774b6e1d706bb2727b3d3125775a912f
Certificate serial:       0196810DD901E37457386523A4D5590A1D1D
Authority key identifier: 3F:3B:F5:11:77:4B:6E:1D:70:6B:B2:72:7B:3D:31:25:77:5A:91:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pzv1EXdLbh1wa7Jyez0xJXdakS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/NI2TKci7WqCqy8kg5iraylXHZzQ.roa
Signing time:             Tue 29 Apr 2025 10:18:10 +0000
ROA not before:           Tue 29 Apr 2025 10:18:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28939
IP address blocks:        217.140.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/Pzv1EXdLbh1wa7Jyez0xJXdakS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/Pzv1EXdLbh1wa7Jyez0xJXdakS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pzv1EXdLbh1wa7Jyez0xJXdakS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 14:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:81:0d:d9:01:e3:74:57:38:65:23:a4:d5:59:0a:1d:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f3bf511774b6e1d706bb2727b3d3125775a912f
        Validity
            Not Before: Apr 29 10:18:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=348d9329c8bb5aa0aacbc920e62adaca55c76734
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b1:8e:f0:03:04:a9:6d:2f:f4:8e:48:4b:2d:
                    a8:5b:55:ba:6b:d0:1a:0a:6b:7a:0d:47:98:79:04:
                    4b:f0:93:97:fb:24:39:3f:28:41:8c:08:9d:34:10:
                    1e:89:5e:7f:8d:21:5e:c4:bb:02:71:da:e9:39:c5:
                    6f:15:31:66:34:6a:01:63:b3:ee:66:c1:b5:9a:8f:
                    5a:25:2a:1a:f9:8c:5d:50:92:44:87:cd:cf:74:84:
                    43:90:32:90:c8:fe:31:8c:4f:47:60:0d:fd:58:ad:
                    f6:32:bc:16:dd:40:e6:4b:27:c5:e3:c8:0a:fe:b7:
                    5f:31:f7:90:64:8d:fb:5f:f0:86:6c:ee:b3:f8:45:
                    4f:00:65:ca:9d:f3:54:a4:76:46:a3:be:22:a4:9f:
                    be:57:5e:af:3e:b2:bc:40:b5:38:f0:41:09:a6:a0:
                    cd:68:9c:44:ad:c9:f1:69:de:0a:30:eb:fc:16:2f:
                    0a:ee:68:ea:ce:67:25:d5:6d:b1:b6:d9:0a:0c:6c:
                    35:12:bc:79:0f:73:2d:84:7e:ef:06:df:35:15:25:
                    21:69:e2:c3:f5:8a:01:8f:b5:d8:f3:5b:19:fd:d2:
                    52:19:9a:e8:2c:7e:f9:81:10:f1:cf:0b:79:84:62:
                    56:5e:90:b5:b9:06:16:86:52:5d:d1:78:85:ab:7f:
                    42:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:8D:93:29:C8:BB:5A:A0:AA:CB:C9:20:E6:2A:DA:CA:55:C7:67:34
            X509v3 Authority Key Identifier:
                keyid:3F:3B:F5:11:77:4B:6E:1D:70:6B:B2:72:7B:3D:31:25:77:5A:91:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pzv1EXdLbh1wa7Jyez0xJXdakS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/NI2TKci7WqCqy8kg5iraylXHZzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/f55757-5965-4270-beab-a0d6dbfac6eb/1/Pzv1EXdLbh1wa7Jyez0xJXdakS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.140.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:cb:1c:bf:d7:e0:e2:12:60:cc:ba:ad:6a:2e:80:49:73:3f:
         a0:27:de:fb:0b:43:1c:9e:52:26:15:75:e2:59:05:7f:16:db:
         fb:87:d4:50:80:73:38:0b:6b:27:04:0b:cc:11:77:84:bc:32:
         fb:10:1a:73:e9:62:a8:f9:7c:61:74:19:ab:ba:b2:aa:92:c5:
         e6:39:c4:78:91:48:62:3b:95:17:a9:b6:e2:b2:9f:cc:d3:ea:
         23:66:b4:9a:d5:90:37:be:30:c3:cd:29:7f:df:eb:6b:86:a6:
         ef:aa:55:30:0b:44:34:66:af:b5:b8:4b:ce:93:24:78:69:ce:
         55:69:ea:57:b3:13:5f:85:02:87:2f:00:f2:3f:38:4c:80:c4:
         5f:12:62:6b:d2:6e:e0:f1:df:ba:c1:c0:9e:cd:06:89:21:df:
         9b:77:fe:f7:db:43:ed:ab:cb:60:da:41:ae:58:3b:cb:82:85:
         3b:bb:50:55:2e:65:54:e5:db:81:71:0f:1f:40:b7:3a:15:59:
         b7:1b:10:74:1d:ae:70:1e:81:65:54:ba:4d:66:83:f9:db:db:
         ae:67:e8:a8:ec:ac:21:89:52:e4:71:96:ff:62:dc:14:5a:2a:
         ce:4d:be:34:fc:5d:ad:8b:fa:3e:eb:35:de:c9:fe:6d:83:ab:
         f6:41:ec:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaBDdkB43RXOGUjpNVZCh0dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmM2JmNTExNzc0YjZlMWQ3MDZiYjI3MjdiM2QzMTI1Nzc1
YTkxMmYwHhcNMjUwNDI5MTAxODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDhkOTMyOWM4YmI1YWEwYWFjYmM5MjBlNjJhZGFjYTU1Yzc2NzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurGO8AMEqW0v9I5ISy2oW1W6a9Aa
Cmt6DUeYeQRL8JOX+yQ5PyhBjAidNBAeiV5/jSFexLsCcdrpOcVvFTFmNGoBY7Pu
ZsG1mo9aJSoa+YxdUJJEh83PdIRDkDKQyP4xjE9HYA39WK32MrwW3UDmSyfF48gK
/rdfMfeQZI37X/CGbO6z+EVPAGXKnfNUpHZGo74ipJ++V16vPrK8QLU48EEJpqDN
aJxErcnxad4KMOv8Fi8K7mjqzmcl1W2xttkKDGw1Erx5D3MthH7vBt81FSUhaeLD
9YoBj7XY81sZ/dJSGZroLH75gRDxzwt5hGJWXpC1uQYWhlJd0XiFq39CrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSNkynIu1qgqsvJIOYq2spVx2c0MB8GA1UdIwQY
MBaAFD879RF3S24dcGuycns9MSV3WpEvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHp2MUVYZExiaDF3YTdKeWV6MHhKWGRha1M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9mNTU3NTctNTk2NS00MjcwLWJlYWIt
YTBkNmRiZmFjNmViLzEvTkkyVEtjaTdXcUNxeThrZzVpcmF5bFhIWnpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9mNTU3NTctNTk2NS00MjcwLWJlYWItYTBkNmRiZmFjNmVi
LzEvUHp2MUVYZExiaDF3YTdKeWV6MHhKWGRha1M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2YxsMA0G
CSqGSIb3DQEBCwUAA4IBAQAmyxy/1+DiEmDMuq1qLoBJcz+gJ977C0McnlImFXXi
WQV/Ftv7h9RQgHM4C2snBAvMEXeEvDL7EBpz6WKo+XxhdBmrurKqksXmOcR4kUhi
O5UXqbbisp/M0+ojZrSa1ZA3vjDDzSl/3+trhqbvqlUwC0Q0Zq+1uEvOkyR4ac5V
aepXsxNfhQKHLwDyPzhMgMRfEmJr0m7g8d+6wcCezQaJId+bd/7320Ptq8tg2kGu
WDvLgoU7u1BVLmVU5duBcQ8fQLc6FVm3GxB0Ha5wHoFlVLpNZoP529uuZ+io7Kwh
iVLkcZb/YtwUWirOTb40/F2ti/o+6zXeyf5tg6v2Qeyi
-----END CERTIFICATE-----