Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/MYVeRrnpcvLBOHRLP-2sUj3ZGT4.roa
File:                     MYVeRrnpcvLBOHRLP-2sUj3ZGT4.roa (raw, json)
Hash identifier:          FKPwUuvL+l7J/UBhAe0nR0RBijCOvl/QOGfCbEh1og4=
Subject key identifier:   31:85:5E:46:B9:E9:72:F2:C1:38:74:4B:3F:ED:AC:52:3D:D9:19:3E
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0197E4A3646380CFAD6B5719F0178ECBC0D4
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/MYVeRrnpcvLBOHRLP-2sUj3ZGT4.roa
Signing time:             Mon 07 Jul 2025 11:26:42 +0000
ROA not before:           Mon 07 Jul 2025 11:26:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50284
IP address blocks:        193.124.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e4:a3:64:63:80:cf:ad:6b:57:19:f0:17:8e:cb:c0:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jul  7 11:26:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31855e46b9e972f2c138744b3fedac523dd9193e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:28:9e:ec:19:07:f5:03:0d:6d:eb:ea:26:c6:
                    30:48:d2:61:ca:1a:04:98:2c:f4:8a:09:8d:dc:7e:
                    b5:71:fb:3d:14:53:03:3d:a9:2e:15:4f:18:73:60:
                    a9:f8:f0:95:b1:d7:5f:5a:2e:c9:5e:0b:44:24:de:
                    a2:6c:6c:3e:41:91:d3:1f:ce:1f:8d:dd:ec:b2:24:
                    bb:02:c0:60:93:0a:50:87:9d:f0:bb:f8:97:58:47:
                    31:4c:d5:26:91:61:82:09:96:c2:65:50:3a:df:9a:
                    0f:2b:af:e4:9b:ec:39:70:42:31:af:a9:20:d4:28:
                    99:72:bf:6e:c8:41:aa:64:53:4b:c2:86:f3:11:2a:
                    d9:e7:1d:be:b1:7b:da:83:1a:d2:50:cf:19:18:ff:
                    f4:a0:e6:49:f7:a2:6f:ef:e0:21:76:63:c2:39:bb:
                    e5:96:0c:a0:63:d6:4c:ae:23:53:f0:4c:2e:c6:a5:
                    69:06:b0:1e:0a:93:41:bf:e3:ba:7d:1a:bd:f5:25:
                    41:84:97:45:f4:1e:c4:55:88:d0:92:a2:6d:9a:a2:
                    30:8a:13:b3:43:af:b0:e4:f4:00:be:73:ce:85:d7:
                    de:09:42:39:6e:1b:43:e1:59:9d:a1:11:c8:f8:e9:
                    ad:af:2b:75:3e:e4:bd:9b:7d:d1:f6:35:db:a7:62:
                    09:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:85:5E:46:B9:E9:72:F2:C1:38:74:4B:3F:ED:AC:52:3D:D9:19:3E
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/MYVeRrnpcvLBOHRLP-2sUj3ZGT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:ff:c6:79:e3:e9:83:0a:92:a5:b4:fb:37:31:6f:a9:00:3c:
         4b:f0:5b:f3:2e:0b:0d:9e:56:3d:34:fa:32:a9:59:0c:30:4d:
         54:10:ac:c3:aa:f0:67:2f:38:c2:43:ce:a6:21:7a:1d:85:71:
         2c:77:2b:53:05:fb:2a:e5:ad:6f:53:f8:ce:0b:c2:61:0d:dd:
         82:cf:b3:a7:1a:80:8c:33:af:8f:6d:1b:56:1a:d5:ec:07:cd:
         ef:7c:99:9b:bf:92:4d:9c:2d:ce:54:1e:dd:28:e6:00:99:af:
         a6:92:08:d0:c1:05:18:37:2d:aa:64:0b:3b:e5:ec:be:4e:85:
         0e:e5:dd:5c:0f:92:82:aa:6f:0f:a2:8a:6c:4b:19:e6:5d:da:
         eb:6c:f8:60:21:d1:70:fc:f2:b2:6b:59:51:a9:ea:53:76:d0:
         ad:8c:41:66:ae:55:d9:cc:35:d1:aa:61:37:34:1a:bf:2e:19:
         f2:5a:95:e5:db:3c:ef:96:bb:9a:3a:b6:f6:ba:a3:a0:67:8a:
         88:dc:96:c8:69:d3:f7:4c:0e:aa:79:ba:81:6e:3a:5b:ea:63:
         c2:d6:02:a2:df:cb:e3:c4:e1:f1:70:48:6b:c4:a5:61:90:63:
         21:2a:c4:ab:d1:67:ae:32:01:b4:7a:e8:c9:d3:d9:ca:cd:7d:
         4a:5b:9e:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfko2RjgM+ta1cZ8BeOy8DUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNzA3MTEyNjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTg1NWU0NmI5ZTk3MmYyYzEzODc0NGIzZmVkYWM1MjNkZDkxOTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwiie7BkH9QMNbevqJsYwSNJhyhoE
mCz0igmN3H61cfs9FFMDPakuFU8Yc2Cp+PCVsddfWi7JXgtEJN6ibGw+QZHTH84f
jd3ssiS7AsBgkwpQh53wu/iXWEcxTNUmkWGCCZbCZVA635oPK6/km+w5cEIxr6kg
1CiZcr9uyEGqZFNLwobzESrZ5x2+sXvagxrSUM8ZGP/0oOZJ96Jv7+AhdmPCObvl
lgygY9ZMriNT8EwuxqVpBrAeCpNBv+O6fRq99SVBhJdF9B7EVYjQkqJtmqIwihOz
Q6+w5PQAvnPOhdfeCUI5bhtD4VmdoRHI+Omtryt1PuS9m33R9jXbp2IJvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDGFXka56XLywTh0Sz/trFI92Rk+MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvTVlWZVJybnBjdkxCT0hSTFAtMnNVajNaR1Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXwsMA0G
CSqGSIb3DQEBCwUAA4IBAQBc/8Z54+mDCpKltPs3MW+pADxL8FvzLgsNnlY9NPoy
qVkMME1UEKzDqvBnLzjCQ86mIXodhXEsdytTBfsq5a1vU/jOC8JhDd2Cz7OnGoCM
M6+PbRtWGtXsB83vfJmbv5JNnC3OVB7dKOYAma+mkgjQwQUYNy2qZAs75ey+ToUO
5d1cD5KCqm8PoopsSxnmXdrrbPhgIdFw/PKya1lRqepTdtCtjEFmrlXZzDXRqmE3
NBq/LhnyWpXl2zzvlruaOrb2uqOgZ4qI3JbIadP3TA6qebqBbjpb6mPC1gKi38vj
xOHxcEhrxKVhkGMhKsSr0WeuMgG0eujJ09nKzX1KW54F
-----END CERTIFICATE-----