Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/86717f-ff1f-4b95-ae81-61a6d72ac49c/1/wlrH8iJKD-dvArKLHwGDyb-b3_A.roa
File:                     wlrH8iJKD-dvArKLHwGDyb-b3_A.roa (raw, json)
Hash identifier:          MNpmVDPz5k8I2IkuWOZyn4/S4dD0F06yQSeegbd6Lco=
Subject key identifier:   C2:5A:C7:F2:22:4A:0F:E7:6F:02:B2:8B:1F:01:83:C9:BF:9B:DF:F0
Certificate issuer:       /CN=35cecbf8651a5624f2281dc356a77cd34bd5ba96
Certificate serial:       0196426890F5E79553DE9DF30C64CE6F2746
Authority key identifier: 35:CE:CB:F8:65:1A:56:24:F2:28:1D:C3:56:A7:7C:D3:4B:D5:BA:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nc7L-GUaViTyKB3DVqd800vVupY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/86717f-ff1f-4b95-ae81-61a6d72ac49c/1/wlrH8iJKD-dvArKLHwGDyb-b3_A.roa
Signing time:             Thu 17 Apr 2025 06:21:10 +0000
ROA not before:           Thu 17 Apr 2025 06:21:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213893
IP address blocks:        195.62.48.0/23 maxlen: 23
                          195.62.48.0/24 maxlen: 24
                          195.62.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/86717f-ff1f-4b95-ae81-61a6d72ac49c/1/Nc7L-GUaViTyKB3DVqd800vVupY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/86717f-ff1f-4b95-ae81-61a6d72ac49c/1/Nc7L-GUaViTyKB3DVqd800vVupY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nc7L-GUaViTyKB3DVqd800vVupY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:42:68:90:f5:e7:95:53:de:9d:f3:0c:64:ce:6f:27:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35cecbf8651a5624f2281dc356a77cd34bd5ba96
        Validity
            Not Before: Apr 17 06:21:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c25ac7f2224a0fe76f02b28b1f0183c9bf9bdff0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:03:c9:dd:c2:2e:0d:ae:4c:ca:75:be:80:de:
                    7f:50:bb:fc:90:f2:ab:e4:18:f7:7f:e0:15:7f:8c:
                    fb:07:b0:7a:65:d5:fc:14:6e:3b:02:65:6a:1f:21:
                    99:8d:8a:51:fb:f2:b9:2e:6b:68:a2:6b:da:65:37:
                    4b:7d:cc:7a:6f:75:03:dc:fb:b3:8e:07:94:77:6d:
                    66:d9:34:4f:1d:a0:b9:38:a4:68:4f:fe:eb:d5:65:
                    73:4c:25:33:8d:6e:50:18:01:b3:e4:ae:ea:b2:ba:
                    72:3d:24:ec:cd:5c:cd:db:e0:0e:37:ea:1e:46:9b:
                    21:dc:94:21:04:9f:ff:e0:9a:a9:2b:5f:29:84:bd:
                    50:27:05:cd:5e:8f:e5:22:2b:12:96:6e:9c:11:05:
                    1f:af:25:97:b5:7d:37:01:91:c4:31:c4:47:f8:9b:
                    b2:a0:14:c2:dd:8d:61:46:fb:2c:ab:be:4d:36:a4:
                    ba:e2:ea:02:f5:a1:cf:29:48:f9:91:27:5d:6a:32:
                    d0:07:e7:00:e5:23:18:03:3b:e9:80:de:81:dd:27:
                    2c:e7:66:9d:92:7b:52:a5:26:f6:ea:a9:0b:18:ec:
                    af:e4:d3:c5:40:48:66:d5:a2:bd:4f:c9:c1:6e:1f:
                    a6:b8:09:0a:97:cd:dd:8c:2d:81:e6:c3:2e:10:73:
                    22:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:5A:C7:F2:22:4A:0F:E7:6F:02:B2:8B:1F:01:83:C9:BF:9B:DF:F0
            X509v3 Authority Key Identifier:
                keyid:35:CE:CB:F8:65:1A:56:24:F2:28:1D:C3:56:A7:7C:D3:4B:D5:BA:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nc7L-GUaViTyKB3DVqd800vVupY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/86717f-ff1f-4b95-ae81-61a6d72ac49c/1/wlrH8iJKD-dvArKLHwGDyb-b3_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/86717f-ff1f-4b95-ae81-61a6d72ac49c/1/Nc7L-GUaViTyKB3DVqd800vVupY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.62.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:a8:8e:45:56:b4:e3:95:57:83:46:6b:a1:82:2e:a8:07:fb:
         57:2d:ee:56:27:f9:28:cd:66:1a:56:4f:0d:e9:11:b7:be:c8:
         98:ec:b9:1f:2b:b7:87:f6:30:0b:8a:ae:1b:2a:51:f9:dc:ec:
         3e:5f:fd:d4:4e:be:8c:db:cd:79:f1:d7:2f:95:83:c5:de:5c:
         4e:0c:fc:a3:58:78:93:10:19:46:77:6d:b0:d3:08:16:b9:ce:
         30:62:c7:08:b7:db:99:74:a0:d0:1c:54:21:a4:d5:e2:bb:bf:
         34:1c:0c:17:79:67:e9:e3:15:b0:d9:3f:1a:c8:bd:c2:50:bc:
         f9:d6:c5:01:5f:87:ff:5c:50:00:61:54:fd:e3:1a:0f:74:04:
         6f:6d:00:d3:dd:0b:dc:21:d2:f3:3c:2e:5e:99:ba:66:12:22:
         65:41:fc:04:5b:4a:5f:a9:89:8a:e3:2c:e2:1d:4c:cc:c6:02:
         74:c0:3d:a6:dd:80:8b:4b:18:e2:42:d1:a5:10:27:dd:e6:56:
         54:4b:9d:62:97:63:ff:e8:f5:0c:c7:03:98:92:c3:c4:52:4b:
         6a:7e:d7:08:61:fd:a9:3a:a0:45:83:07:25:6d:36:d8:97:a6:
         59:23:3b:17:e3:84:f1:09:33:13:24:c4:c1:50:82:e2:38:bd:
         1b:32:94:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZCaJD155VT3p3zDGTObydGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1Y2VjYmY4NjUxYTU2MjRmMjI4MWRjMzU2YTc3Y2QzNGJk
NWJhOTYwHhcNMjUwNDE3MDYyMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjVhYzdmMjIyNGEwZmU3NmYwMmIyOGIxZjAxODNjOWJmOWJkZmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwPJ3cIuDa5MynW+gN5/ULv8kPKr
5Bj3f+AVf4z7B7B6ZdX8FG47AmVqHyGZjYpR+/K5LmtoomvaZTdLfcx6b3UD3Puz
jgeUd21m2TRPHaC5OKRoT/7r1WVzTCUzjW5QGAGz5K7qsrpyPSTszVzN2+AON+oe
Rpsh3JQhBJ//4JqpK18phL1QJwXNXo/lIisSlm6cEQUfryWXtX03AZHEMcRH+Juy
oBTC3Y1hRvssq75NNqS64uoC9aHPKUj5kSddajLQB+cA5SMYAzvpgN6B3Scs52ad
kntSpSb26qkLGOyv5NPFQEhm1aK9T8nBbh+muAkKl83djC2B5sMuEHMiRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMJax/IiSg/nbwKyix8Bg8m/m9/wMB8GA1UdIwQY
MBaAFDXOy/hlGlYk8igdw1anfNNL1bqWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmM3TC1HVWFWaVR5S0IzRFZxZDgwMHZWdXBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS84NjcxN2YtZmYxZi00Yjk1LWFlODEt
NjFhNmQ3MmFjNDljLzEvd2xySDhpSktELWR2QXJLTEh3R0R5Yi1iM19BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS84NjcxN2YtZmYxZi00Yjk1LWFlODEtNjFhNmQ3MmFjNDlj
LzEvTmM3TC1HVWFWaVR5S0IzRFZxZDgwMHZWdXBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwz4wMA0G
CSqGSIb3DQEBCwUAA4IBAQCTqI5FVrTjlVeDRmuhgi6oB/tXLe5WJ/kozWYaVk8N
6RG3vsiY7LkfK7eH9jALiq4bKlH53Ow+X/3UTr6M28158dcvlYPF3lxODPyjWHiT
EBlGd22w0wgWuc4wYscIt9uZdKDQHFQhpNXiu780HAwXeWfp4xWw2T8ayL3CULz5
1sUBX4f/XFAAYVT94xoPdARvbQDT3QvcIdLzPC5embpmEiJlQfwEW0pfqYmK4yzi
HUzMxgJ0wD2m3YCLSxjiQtGlECfd5lZUS51il2P/6PUMxwOYksPEUktqftcIYf2p
OqBFgwclbTbYl6ZZIzsX44TxCTMTJMTBUILiOL0bMpTv
-----END CERTIFICATE-----