Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/a2BcuR50E1R7sLGi3kL-Pj4Cpu0.roa
File:                     a2BcuR50E1R7sLGi3kL-Pj4Cpu0.roa (raw, json)
Hash identifier:          YuYDCUQMyN18FZG02C+SXyDtB3HoaYZI7TqhUqUQ8vY=
Subject key identifier:   6B:60:5C:B9:1E:74:13:54:7B:B0:B1:A2:DE:42:FE:3E:3E:02:A6:ED
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0197D509DC9438D07C5DFD4F16E978FB2F60
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/a2BcuR50E1R7sLGi3kL-Pj4Cpu0.roa
Signing time:             Fri 04 Jul 2025 10:44:42 +0000
ROA not before:           Fri 04 Jul 2025 10:44:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209165
IP address blocks:        195.133.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 16:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d5:09:dc:94:38:d0:7c:5d:fd:4f:16:e9:78:fb:2f:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jul  4 10:44:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b605cb91e7413547bb0b1a2de42fe3e3e02a6ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:cb:6b:45:74:68:df:f9:91:4b:29:20:55:bd:
                    45:48:2d:29:99:e1:ab:a6:db:b2:38:f6:3c:18:a3:
                    f4:32:ce:77:00:2c:08:e2:49:4f:87:fe:29:56:8e:
                    46:cc:98:98:7c:6f:05:df:09:7f:c7:7b:c6:c0:81:
                    43:7d:26:9d:c1:0f:7f:d0:87:e3:e9:2e:bf:f1:a6:
                    dd:85:43:87:2a:4f:df:1b:ec:21:21:c1:d8:b0:4e:
                    9f:53:85:26:da:50:0c:90:99:7a:35:24:6e:a0:af:
                    30:6d:c8:24:02:df:31:40:0f:f1:69:c1:ab:5d:4d:
                    74:c3:59:f3:75:7b:a9:05:f0:9e:65:16:c3:b2:02:
                    24:a0:de:18:a7:84:16:fa:8f:82:03:69:38:e2:a0:
                    29:04:8f:2a:06:d0:ce:c9:9d:c4:21:d0:d4:35:41:
                    5b:52:b1:aa:17:51:ea:84:dd:6b:0c:b9:9b:41:6e:
                    e9:c3:0e:0c:13:11:a8:60:68:24:b4:3b:79:51:aa:
                    b5:49:a2:74:85:4a:ae:e5:5c:f8:25:3d:58:49:43:
                    0a:c4:ef:21:d4:87:86:d1:2a:4e:6f:eb:9d:67:34:
                    a6:1d:1d:03:c9:ce:49:31:62:a0:ac:11:71:8b:33:
                    a5:c6:74:85:05:40:dd:c4:a5:39:0e:dd:fe:3f:24:
                    79:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:60:5C:B9:1E:74:13:54:7B:B0:B1:A2:DE:42:FE:3E:3E:02:A6:ED
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/a2BcuR50E1R7sLGi3kL-Pj4Cpu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:9a:62:13:ce:0c:54:72:e5:1f:0d:06:f2:b0:8c:a9:90:33:
         43:47:97:e5:32:a8:f4:7b:9b:1a:3c:75:e7:90:58:b9:1e:dd:
         01:36:13:41:4f:4d:a6:a6:b5:5f:f9:b8:9f:4f:5c:89:22:0b:
         15:52:a7:58:a5:85:f3:92:2d:e4:77:ba:61:d1:f8:96:f2:17:
         9a:09:0e:c9:de:b5:87:20:09:6c:2b:17:2e:a8:1a:d5:45:7a:
         cf:ce:e9:e2:99:e0:30:7e:27:30:9d:95:2e:74:c0:c6:53:d6:
         0b:20:ac:33:71:c2:d7:3d:3e:6c:0f:6f:ea:7d:50:27:f2:2e:
         7c:4b:13:e7:66:83:7a:97:ca:eb:9f:8d:db:8d:c9:e3:54:d5:
         11:da:74:89:c8:89:bb:6f:e6:01:84:ea:ed:ff:e3:5a:8d:15:
         b9:5a:18:9e:f2:7e:99:46:1d:8e:43:67:6d:eb:9d:6c:c5:39:
         fd:3a:4b:3b:c5:55:55:54:4b:28:aa:fc:8c:d0:a1:22:12:df:
         0a:40:45:49:8a:52:11:30:23:f6:86:dc:39:20:a4:77:be:09:
         eb:9a:fa:a7:48:16:be:78:4c:7f:a5:6e:b3:d5:f4:e8:1b:4d:
         9d:7f:be:cb:24:ef:ed:f1:fb:06:49:cc:6b:c9:90:3f:38:42:
         2e:7e:e8:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfVCdyUONB8Xf1PFul4+y9gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNzA0MTA0NDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjYwNWNiOTFlNzQxMzU0N2JiMGIxYTJkZTQyZmUzZTNlMDJhNmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAustrRXRo3/mRSykgVb1FSC0pmeGr
ptuyOPY8GKP0Ms53ACwI4klPh/4pVo5GzJiYfG8F3wl/x3vGwIFDfSadwQ9/0Ifj
6S6/8abdhUOHKk/fG+whIcHYsE6fU4Um2lAMkJl6NSRuoK8wbcgkAt8xQA/xacGr
XU10w1nzdXupBfCeZRbDsgIkoN4Yp4QW+o+CA2k44qApBI8qBtDOyZ3EIdDUNUFb
UrGqF1HqhN1rDLmbQW7pww4MExGoYGgktDt5Uaq1SaJ0hUqu5Vz4JT1YSUMKxO8h
1IeG0SpOb+udZzSmHR0Dyc5JMWKgrBFxizOlxnSFBUDdxKU5Dt3+PyR5+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGtgXLkedBNUe7Cxot5C/j4+AqbtMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvYTJCY3VSNTBFMVI3c0xHaTNrTC1QajRDcHUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4UaMA0G
CSqGSIb3DQEBCwUAA4IBAQAvmmITzgxUcuUfDQbysIypkDNDR5flMqj0e5saPHXn
kFi5Ht0BNhNBT02mprVf+bifT1yJIgsVUqdYpYXzki3kd7ph0fiW8heaCQ7J3rWH
IAlsKxcuqBrVRXrPzunimeAwficwnZUudMDGU9YLIKwzccLXPT5sD2/qfVAn8i58
SxPnZoN6l8rrn43bjcnjVNUR2nSJyIm7b+YBhOrt/+NajRW5Whie8n6ZRh2OQ2dt
651sxTn9Oks7xVVVVEsoqvyM0KEiEt8KQEVJilIRMCP2htw5IKR3vgnrmvqnSBa+
eEx/pW6z1fToG02df77LJO/t8fsGScxryZA/OEIufuhi
-----END CERTIFICATE-----