Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/caksix8MC9mFznFTciJnMOLKLfM.roa
File:                     caksix8MC9mFznFTciJnMOLKLfM.roa (raw, json)
Hash identifier:          zkX4/Eb8SqtirUjZWb14N5I4sFPq80aFi/F3ixhvLqk=
Subject key identifier:   71:A9:2C:8B:1F:0C:0B:D9:85:CE:71:53:72:22:67:30:E2:CA:2D:F3
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       01963361DAE3304903174CFDA843D3BE5BA6
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/caksix8MC9mFznFTciJnMOLKLfM.roa
Signing time:             Mon 14 Apr 2025 08:19:33 +0000
ROA not before:           Mon 14 Apr 2025 08:19:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209982
IP address blocks:        194.35.52.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:33:61:da:e3:30:49:03:17:4c:fd:a8:43:d3:be:5b:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Apr 14 08:19:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=71a92c8b1f0c0bd985ce715372226730e2ca2df3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:9a:d8:e4:92:20:ac:de:2c:10:fa:e0:bb:09:
                    a5:38:9c:54:e3:11:ba:ce:74:c4:4b:a1:c9:4d:db:
                    7f:9d:c0:03:70:86:51:d0:ba:ce:f0:6d:2e:41:7e:
                    b2:6f:66:6a:bb:b4:28:3e:99:ef:42:94:07:1b:16:
                    cb:5d:58:13:c7:e7:d7:20:2f:e4:60:f2:6d:57:1b:
                    bf:1b:0d:88:7d:51:ae:29:44:35:ad:93:67:6a:b4:
                    c9:e7:f5:6c:f3:0c:54:3c:b0:11:21:f9:69:06:f3:
                    a0:de:93:d2:6e:76:b9:10:a3:15:9a:a9:8d:8f:7b:
                    90:3f:75:64:0b:a6:81:b6:8f:aa:ea:ea:8e:81:33:
                    f2:d9:9d:80:c6:f7:1f:be:85:16:f0:5c:59:68:72:
                    a6:9d:9b:a8:b9:54:70:ba:c2:a9:3f:10:8a:f9:f8:
                    69:a4:59:10:84:fc:fb:6e:58:47:6e:bd:ae:df:8f:
                    2c:80:92:f5:36:35:9a:de:37:65:0d:c1:c0:fc:9f:
                    c8:cb:0b:4e:e1:80:37:30:74:be:ff:ee:af:4a:76:
                    d0:f0:10:d3:dd:0b:59:5a:44:04:0c:2b:e5:9e:5d:
                    ea:c6:59:a5:35:32:a8:8f:fe:85:fa:5c:8e:64:ec:
                    ea:2d:0c:b2:20:62:e6:38:0b:1b:b7:15:75:a4:88:
                    91:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:A9:2C:8B:1F:0C:0B:D9:85:CE:71:53:72:22:67:30:E2:CA:2D:F3
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/caksix8MC9mFznFTciJnMOLKLfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.35.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         18:a8:de:66:54:f3:fb:e0:8c:31:23:9f:03:ea:98:78:2c:60:
         1d:f8:f0:8b:75:91:ac:66:cc:05:37:ac:43:14:08:99:47:f3:
         45:31:09:7f:85:96:76:6f:3b:f9:67:08:65:a7:57:92:ba:02:
         c0:60:24:7a:53:97:50:c9:07:bc:a7:f9:06:56:d7:15:83:0b:
         5b:d0:24:94:d5:48:0f:d7:8d:84:da:ef:57:e3:73:74:85:28:
         1c:46:02:ae:33:a8:50:08:3c:20:ae:d8:bb:bc:bd:ea:53:5f:
         f6:0a:c7:7c:45:ec:d1:33:74:85:f3:16:45:d7:21:13:ce:03:
         15:2d:a0:02:c5:f1:e7:f0:53:77:6c:91:82:78:6e:91:30:be:
         30:df:23:bb:8d:38:e6:62:db:21:31:ec:51:bd:f0:fa:a0:ed:
         12:a1:2a:17:e6:cc:c9:d3:1a:7f:d9:94:12:68:a2:91:e2:67:
         1c:cd:d8:15:1a:51:f7:cf:37:b1:de:df:99:50:4f:fc:ad:43:
         65:c1:ff:6d:52:28:62:3b:aa:0a:77:5a:23:5a:32:49:35:ef:
         7d:ef:3d:ea:62:dd:f3:50:c8:dd:dd:c5:de:1e:f3:ea:77:b7:
         37:c1:70:30:24:20:25:43:31:5a:25:e3:22:e0:9d:a4:45:ba:
         e8:6c:65:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYzYdrjMEkDF0z9qEPTvlumMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjUwNDE0MDgxOTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWE5MmM4YjFmMGMwYmQ5ODVjZTcxNTM3MjIyNjczMGUyY2EyZGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJrY5JIgrN4sEPrguwmlOJxU4xG6
znTES6HJTdt/ncADcIZR0LrO8G0uQX6yb2Zqu7QoPpnvQpQHGxbLXVgTx+fXIC/k
YPJtVxu/Gw2IfVGuKUQ1rZNnarTJ5/Vs8wxUPLARIflpBvOg3pPSbna5EKMVmqmN
j3uQP3VkC6aBto+q6uqOgTPy2Z2AxvcfvoUW8FxZaHKmnZuouVRwusKpPxCK+fhp
pFkQhPz7blhHbr2u348sgJL1NjWa3jdlDcHA/J/IywtO4YA3MHS+/+6vSnbQ8BDT
3QtZWkQEDCvlnl3qxlmlNTKoj/6F+lyOZOzqLQyyIGLmOAsbtxV1pIiRSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHGpLIsfDAvZhc5xU3IiZzDiyi3zMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvY2Frc2l4OE1DOW1Gem5GVGNpSm5NT0xLTGZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiM0MA0G
CSqGSIb3DQEBCwUAA4IBAQAYqN5mVPP74IwxI58D6ph4LGAd+PCLdZGsZswFN6xD
FAiZR/NFMQl/hZZ2bzv5Zwhlp1eSugLAYCR6U5dQyQe8p/kGVtcVgwtb0CSU1UgP
142E2u9X43N0hSgcRgKuM6hQCDwgrti7vL3qU1/2Csd8RezRM3SF8xZF1yETzgMV
LaACxfHn8FN3bJGCeG6RML4w3yO7jTjmYtshMexRvfD6oO0SoSoX5szJ0xp/2ZQS
aKKR4mcczdgVGlH3zzex3t+ZUE/8rUNlwf9tUihiO6oKd1ojWjJJNe997z3qYt3z
UMjd3cXeHvPqd7c3wXAwJCAlQzFaJeMi4J2kRbrobGWW
-----END CERTIFICATE-----