Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/q6gB-z1SfkonZIwsf2-ovnKKnNM.roa
File:                     q6gB-z1SfkonZIwsf2-ovnKKnNM.roa (raw, json)
Hash identifier:          bx68saU+1tsfSMM0MiGNDIuFvsAy92Rjoxkf5oy6WjY=
Subject key identifier:   AB:A8:01:FB:3D:52:7E:4A:27:64:8C:2C:7F:6F:A8:BE:72:8A:9C:D3
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01963A269BE3A234E81E00B473B221F7EE5F
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/q6gB-z1SfkonZIwsf2-ovnKKnNM.roa
Signing time:             Tue 15 Apr 2025 15:52:10 +0000
ROA not before:           Tue 15 Apr 2025 15:52:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205007
IP address blocks:        194.87.85.0/24 maxlen: 24
                          195.133.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 15:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3a:26:9b:e3:a2:34:e8:1e:00:b4:73:b2:21:f7:ee:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Apr 15 15:52:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aba801fb3d527e4a27648c2c7f6fa8be728a9cd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ba:01:b8:3e:c1:11:39:ab:41:75:55:e0:71:
                    ba:95:6a:aa:e4:02:18:7c:c9:ef:a4:64:79:9e:b1:
                    be:3f:cc:c9:2a:f2:56:65:a2:68:0a:18:fa:54:c3:
                    49:40:de:63:f4:54:07:f2:5f:f7:85:53:70:34:b1:
                    71:e8:b2:4f:41:c9:98:7a:64:04:b2:80:77:b8:d5:
                    8b:ce:ee:2c:7c:98:87:49:47:90:99:81:12:46:b1:
                    65:55:68:be:3d:8f:8a:7f:d8:46:31:9b:18:90:f3:
                    ea:2e:3a:da:0d:28:c3:a4:b5:3f:b7:55:ca:5f:37:
                    16:85:84:53:0a:56:44:86:19:eb:45:70:15:28:12:
                    bb:64:e0:e9:b1:ae:17:72:a0:49:4e:1b:eb:fe:0a:
                    50:d3:50:10:c9:15:8d:c6:4d:3e:d8:51:8e:e2:5c:
                    65:6b:45:2a:c8:7d:6e:65:a9:e9:74:4e:0e:c8:9b:
                    bf:18:d8:6e:c9:b9:1e:12:27:fb:28:8b:e4:2e:b9:
                    c4:57:b6:cf:3f:ec:5d:25:d8:47:8a:ac:d5:a2:aa:
                    fc:c2:9f:3d:cd:c9:92:78:b6:4f:fc:6a:97:bd:89:
                    02:76:3c:c1:e3:bd:91:a2:b1:08:02:24:9b:65:e1:
                    f7:d7:a7:bb:fd:71:52:ce:c2:1d:68:8d:e7:fc:c2:
                    b8:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:A8:01:FB:3D:52:7E:4A:27:64:8C:2C:7F:6F:A8:BE:72:8A:9C:D3
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/q6gB-z1SfkonZIwsf2-ovnKKnNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.85.0/24
                  195.133.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:66:31:a2:d9:88:41:4d:d2:40:be:e1:df:c7:ac:e7:f5:30:
         74:ca:7e:69:91:77:15:79:f5:27:d8:02:9e:91:3b:1d:57:c1:
         bc:95:1e:2d:00:44:af:90:eb:2e:56:67:42:68:a2:ba:ce:4d:
         af:91:e0:46:40:1a:a3:93:0b:c2:ab:d3:59:93:0b:cf:e1:92:
         3a:00:5a:85:71:a6:ca:df:ca:3d:bf:7d:a4:f9:1f:cd:e6:e1:
         28:9e:a8:b2:89:64:cd:51:ff:9a:fb:49:9a:44:b4:e7:62:67:
         f8:2c:44:75:cf:bb:4d:61:28:6a:5e:04:1c:a7:23:ce:23:98:
         32:d6:7c:00:e1:fe:f3:5b:3c:b4:8e:49:51:c2:48:e3:c4:bc:
         d6:59:d7:f9:b4:1e:30:72:a4:ff:3a:e9:1c:20:dd:8f:94:b4:
         67:ce:9f:8b:eb:26:c4:0b:a6:4f:21:1a:f7:c4:b8:d9:db:6a:
         38:33:4f:9f:9c:74:43:a0:3a:f6:78:7e:12:f9:f8:be:27:2d:
         72:da:77:d5:56:08:8b:b4:c3:4f:88:b0:96:07:f6:4f:31:b8:
         d7:8f:b3:84:2a:d8:03:c0:05:64:73:67:1d:8b:45:5a:62:7a:
         4d:3c:ce:5b:33:77:de:92:e7:6b:77:c0:23:9f:58:44:df:c3:
         bb:35:98:b9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZY6JpvjojToHgC0c7Ih9+5fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNDE1MTU1MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmE4MDFmYjNkNTI3ZTRhMjc2NDhjMmM3ZjZmYThiZTcyOGE5Y2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLoBuD7BETmrQXVV4HG6lWqq5AIY
fMnvpGR5nrG+P8zJKvJWZaJoChj6VMNJQN5j9FQH8l/3hVNwNLFx6LJPQcmYemQE
soB3uNWLzu4sfJiHSUeQmYESRrFlVWi+PY+Kf9hGMZsYkPPqLjraDSjDpLU/t1XK
XzcWhYRTClZEhhnrRXAVKBK7ZODpsa4XcqBJThvr/gpQ01AQyRWNxk0+2FGO4lxl
a0UqyH1uZanpdE4OyJu/GNhuybkeEif7KIvkLrnEV7bPP+xdJdhHiqzVoqr8wp89
zcmSeLZP/GqXvYkCdjzB472RorEIAiSbZeH316e7/XFSzsIdaI3n/MK4DwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKuoAfs9Un5KJ2SMLH9vqL5yipzTMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvcTZnQi16MVNma29uWkl3c2YyLW92bktLbk5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwldVAwQA
w4USMA0GCSqGSIb3DQEBCwUAA4IBAQAVZjGi2YhBTdJAvuHfx6zn9TB0yn5pkXcV
efUn2AKekTsdV8G8lR4tAESvkOsuVmdCaKK6zk2vkeBGQBqjkwvCq9NZkwvP4ZI6
AFqFcabK38o9v32k+R/N5uEonqiyiWTNUf+a+0maRLTnYmf4LER1z7tNYShqXgQc
pyPOI5gy1nwA4f7zWzy0jklRwkjjxLzWWdf5tB4wcqT/OukcIN2PlLRnzp+L6ybE
C6ZPIRr3xLjZ22o4M0+fnHRDoDr2eH4S+fi+Jy1y2nfVVgiLtMNPiLCWB/ZPMbjX
j7OEKtgDwAVkc2cdi0VaYnpNPM5bM3fekudrd8Ajn1hE38O7NZi5
-----END CERTIFICATE-----