Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/imVCjq7Au2cw-nPSXNuI0Z75lw4.roa
File:                     imVCjq7Au2cw-nPSXNuI0Z75lw4.roa (raw, json)
Hash identifier:          VBfwtXrJaQslO09n9LjVmBV6XkFLa5nJQs9vNy97xoU=
Subject key identifier:   8A:65:42:8E:AE:C0:BB:67:30:FA:73:D2:5C:DB:88:D1:9E:F9:97:0E
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019E9B6D9413CA9E88D593C96B5F91944D12
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/imVCjq7Au2cw-nPSXNuI0Z75lw4.roa
Signing time:             Sat 06 Jun 2026 05:35:10 +0000
ROA not before:           Sat 06 Jun 2026 05:35:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44477
IP address blocks:        193.124.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:9b:6d:94:13:ca:9e:88:d5:93:c9:6b:5f:91:94:4d:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jun  6 05:35:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8a65428eaec0bb6730fa73d25cdb88d19ef9970e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:2e:ca:2e:9d:ee:1f:19:ec:20:d9:3b:61:b7:
                    1a:be:8a:b2:b3:0a:58:28:b2:ec:f8:da:ab:b9:22:
                    32:dc:b6:62:8d:46:3c:83:91:cd:67:4e:b6:10:be:
                    09:03:f5:74:1c:f7:99:dd:33:ae:b3:1b:b6:1f:05:
                    66:72:47:db:ae:b6:5c:62:20:b9:b2:ac:44:d2:4d:
                    8d:30:57:7c:75:97:41:0f:6d:a8:18:5c:25:7c:b4:
                    f2:a1:92:0a:ce:00:58:5a:30:92:d1:60:ef:3a:60:
                    3e:b9:79:e4:3f:9f:21:7a:2d:75:07:df:67:c0:7b:
                    88:79:4d:d3:8c:53:ef:31:78:71:ed:e2:98:55:86:
                    68:49:8a:8e:93:e1:5e:36:1c:db:cd:ce:90:77:17:
                    82:32:c3:bd:67:60:2e:8c:1d:db:59:b4:08:32:ba:
                    a1:a2:1c:28:36:8c:13:be:67:9b:fa:e1:f8:74:dd:
                    23:f2:13:80:01:a8:38:67:4a:24:b1:b2:f4:23:a3:
                    fa:c0:1c:e4:a2:9c:0d:ac:d7:ab:24:d4:27:fe:c5:
                    fb:09:99:0b:2c:e5:21:64:8f:c5:6f:c6:01:5a:ef:
                    00:05:94:7c:3c:21:51:26:a4:dc:7e:f8:27:82:34:
                    cb:ed:b1:c0:49:c0:8f:7b:1b:6b:b9:43:36:f2:5a:
                    1d:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:65:42:8E:AE:C0:BB:67:30:FA:73:D2:5C:DB:88:D1:9E:F9:97:0E
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/imVCjq7Au2cw-nPSXNuI0Z75lw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:87:2b:b7:12:5a:20:d2:b7:77:40:3f:ea:4e:b2:f6:40:9c:
         dd:78:e1:3d:06:16:a2:16:6e:a0:5b:02:d5:90:6f:39:6f:8d:
         d7:43:db:2d:7c:fb:a7:b7:e5:c8:12:9a:4f:0b:04:b9:67:09:
         2c:bf:ec:3e:b6:43:6b:f3:98:75:5a:fd:2e:15:81:f3:b0:14:
         69:f9:a3:e3:a9:78:20:2f:99:c0:35:30:86:fa:e6:8f:d5:f9:
         83:ed:78:9b:45:91:3c:16:6f:61:53:58:38:73:07:cc:ef:d1:
         b6:27:f6:53:ce:fb:18:a6:a9:a3:2c:2f:88:24:5b:71:fe:38:
         e7:3d:2a:53:cb:b8:a3:4d:7a:0e:61:4d:42:56:f5:0b:f4:4b:
         fb:2a:7a:e6:99:57:24:03:8e:f8:e7:10:25:10:ef:18:15:46:
         86:3d:b4:95:16:c6:b4:5c:e1:1d:91:2b:b0:e6:46:8a:44:aa:
         68:ba:99:77:9a:a0:3b:ff:fb:5c:e1:6c:bc:88:a7:87:ed:48:
         42:17:60:e6:85:22:08:8e:4f:13:42:70:8e:13:50:58:f2:60:
         28:57:3f:fc:01:93:67:bd:c3:a0:a9:b4:7d:31:b0:45:93:d1:
         4d:ec:e8:2e:eb:0e:4d:75:58:61:d3:43:e3:95:49:d7:38:82:
         1f:24:80:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6bbZQTyp6I1ZPJa1+RlE0SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwNjA2MDUzNTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTY1NDI4ZWFlYzBiYjY3MzBmYTczZDI1Y2RiODhkMTllZjk5NzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9i7KLp3uHxnsINk7YbcavoqyswpY
KLLs+NqruSIy3LZijUY8g5HNZ062EL4JA/V0HPeZ3TOusxu2HwVmckfbrrZcYiC5
sqxE0k2NMFd8dZdBD22oGFwlfLTyoZIKzgBYWjCS0WDvOmA+uXnkP58hei11B99n
wHuIeU3TjFPvMXhx7eKYVYZoSYqOk+FeNhzbzc6QdxeCMsO9Z2AujB3bWbQIMrqh
ohwoNowTvmeb+uH4dN0j8hOAAag4Z0oksbL0I6P6wBzkopwNrNerJNQn/sX7CZkL
LOUhZI/Fb8YBWu8ABZR8PCFRJqTcfvgngjTL7bHAScCPextruUM28lod0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIplQo6uwLtnMPpz0lzbiNGe+ZcOMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvaW1WQ2pxN0F1MmN3LW5QU1hOdUkwWjc1bHc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXyFMA0G
CSqGSIb3DQEBCwUAA4IBAQBhhyu3Elog0rd3QD/qTrL2QJzdeOE9BhaiFm6gWwLV
kG85b43XQ9stfPunt+XIEppPCwS5Zwksv+w+tkNr85h1Wv0uFYHzsBRp+aPjqXgg
L5nANTCG+uaP1fmD7XibRZE8Fm9hU1g4cwfM79G2J/ZTzvsYpqmjLC+IJFtx/jjn
PSpTy7ijTXoOYU1CVvUL9Ev7KnrmmVckA4745xAlEO8YFUaGPbSVFsa0XOEdkSuw
5kaKRKpoupl3mqA7//tc4Wy8iKeH7UhCF2DmhSIIjk8TQnCOE1BY8mAoVz/8AZNn
vcOgqbR9MbBFk9FN7Ogu6w5NdVhh00PjlUnXOIIfJICE
-----END CERTIFICATE-----