Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/l7BO3_rpi0MjU42Q2fWvRleks1I.roa
File:                     l7BO3_rpi0MjU42Q2fWvRleks1I.roa (raw, json)
Hash identifier:          bwnySq5prVJM3lv0kn7NrPkDqPBXP5UnYrs7eCf6iho=
Subject key identifier:   97:B0:4E:DF:FA:E9:8B:43:23:53:8D:90:D9:F5:AF:46:57:A4:B3:52
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01969653677939DA7907D9E0339EB5DAF83E
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/l7BO3_rpi0MjU42Q2fWvRleks1I.roa
Signing time:             Sat 03 May 2025 13:26:10 +0000
ROA not before:           Sat 03 May 2025 13:26:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213887
IP address blocks:        194.87.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:96:53:67:79:39:da:79:07:d9:e0:33:9e:b5:da:f8:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May  3 13:26:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97b04edffae98b4323538d90d9f5af4657a4b352
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ae:84:59:61:90:e0:69:28:20:62:5f:1a:91:
                    8d:aa:a9:a8:5d:7a:3b:37:47:9d:2e:94:21:61:fd:
                    71:b8:97:4b:9d:7c:32:3b:23:e8:75:a0:31:f7:10:
                    28:c7:b2:8f:01:e2:08:be:e7:76:4b:04:ba:0d:4a:
                    e6:db:a5:bf:57:74:28:e3:4e:11:a8:92:13:9d:03:
                    64:a6:83:a4:50:cc:1a:3d:a2:b2:3b:44:95:3b:f5:
                    a3:05:c8:0e:9a:69:9f:07:27:ff:59:7f:52:fa:8b:
                    fe:c8:f7:cd:65:b6:f8:98:11:60:56:f3:49:fc:c1:
                    0c:ea:fc:4f:ca:c3:af:47:1d:17:b0:1d:5b:6c:1d:
                    f9:da:f5:32:89:9f:6d:72:a3:1e:51:9a:7a:86:d0:
                    cb:d4:05:9e:f2:f3:8c:4d:8b:5c:fd:38:97:42:d0:
                    44:8a:dc:ab:36:27:d6:4c:8f:c5:c1:a5:ef:2a:9f:
                    d2:c5:21:c2:3a:8e:c1:f9:dd:8c:ec:e8:be:07:e2:
                    62:40:6c:5d:22:5c:f1:42:55:47:5b:c0:b9:8b:db:
                    04:36:1b:af:8b:dd:18:ea:96:a2:9d:e2:b0:38:cc:
                    6c:5a:ec:8a:d0:33:04:9c:4a:0e:9a:fc:c9:dc:84:
                    9b:ce:62:34:fc:5d:fa:50:a4:6b:02:04:4f:c8:d5:
                    12:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:B0:4E:DF:FA:E9:8B:43:23:53:8D:90:D9:F5:AF:46:57:A4:B3:52
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/l7BO3_rpi0MjU42Q2fWvRleks1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:c5:39:2d:cb:5b:de:88:2a:69:2b:3b:dc:d2:c8:af:ce:3e:
         0a:ee:53:ab:7d:e4:1d:44:37:17:ed:02:2d:8b:c3:06:97:88:
         4f:c0:8c:81:8a:81:4a:d2:1c:58:4a:b2:43:ee:93:41:66:5e:
         47:87:d4:fc:1b:1f:f4:8a:c0:57:58:32:3d:78:0d:2a:be:28:
         13:f5:45:82:91:cc:3e:7b:17:9e:ba:c4:07:2f:6b:b7:aa:55:
         0d:b6:f1:91:90:a4:37:ce:1e:96:08:1c:1b:4d:00:27:e1:bc:
         83:66:0c:61:a8:aa:44:99:be:93:e9:f7:5e:a4:ff:a7:08:12:
         7d:b0:13:0f:d2:2f:e4:0b:8e:cc:d6:8a:08:9a:e6:c1:e6:a8:
         c2:c0:7e:1d:6e:f0:22:8e:1b:68:e7:83:aa:9f:71:1e:50:74:
         13:58:29:92:f7:f0:56:c6:a8:fe:83:01:c4:2f:8d:72:e7:9e:
         5c:b8:a4:9a:13:b6:a3:5d:a0:dc:eb:8f:e9:b8:d7:52:bf:21:
         e2:63:3b:ed:5e:ce:90:00:0d:95:a2:24:fe:22:8c:d4:b3:39:
         6b:4a:df:9f:46:46:4b:31:7e:32:e9:eb:52:ef:c4:6b:e6:9f:
         07:4b:a3:15:5c:39:e1:d7:0e:5f:db:7a:a9:4d:74:83:ee:07:
         af:fd:d4:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaWU2d5Odp5B9ngM5612vg+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNTAzMTMyNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2IwNGVkZmZhZTk4YjQzMjM1MzhkOTBkOWY1YWY0NjU3YTRiMzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAma6EWWGQ4GkoIGJfGpGNqqmoXXo7
N0edLpQhYf1xuJdLnXwyOyPodaAx9xAox7KPAeIIvud2SwS6DUrm26W/V3Qo404R
qJITnQNkpoOkUMwaPaKyO0SVO/WjBcgOmmmfByf/WX9S+ov+yPfNZbb4mBFgVvNJ
/MEM6vxPysOvRx0XsB1bbB352vUyiZ9tcqMeUZp6htDL1AWe8vOMTYtc/TiXQtBE
ityrNifWTI/FwaXvKp/SxSHCOo7B+d2M7Oi+B+JiQGxdIlzxQlVHW8C5i9sENhuv
i90Y6paineKwOMxsWuyK0DMEnEoOmvzJ3ISbzmI0/F36UKRrAgRPyNUSLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJewTt/66YtDI1ONkNn1r0ZXpLNSMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbDdCTzNfcnBpME1qVTQyUTJmV3ZSbGVrczFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlcdMA0G
CSqGSIb3DQEBCwUAA4IBAQB7xTkty1veiCppKzvc0sivzj4K7lOrfeQdRDcX7QIt
i8MGl4hPwIyBioFK0hxYSrJD7pNBZl5Hh9T8Gx/0isBXWDI9eA0qvigT9UWCkcw+
exeeusQHL2u3qlUNtvGRkKQ3zh6WCBwbTQAn4byDZgxhqKpEmb6T6fdepP+nCBJ9
sBMP0i/kC47M1ooImubB5qjCwH4dbvAijhto54Oqn3EeUHQTWCmS9/BWxqj+gwHE
L41y555cuKSaE7ajXaDc64/puNdSvyHiYzvtXs6QAA2VoiT+IozUszlrSt+fRkZL
MX4y6etS78Rr5p8HS6MVXDnh1w5f23qpTXSD7gev/dTt
-----END CERTIFICATE-----