Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/uQipXOesi4DA3OSrTWVhjfHT8hY.roa
File:                     uQipXOesi4DA3OSrTWVhjfHT8hY.roa (raw, json)
Hash identifier:          OF5/gUlfeGFBgRssPfGuT25xwTnrdtUdoioaa5Jlwyk=
Subject key identifier:   B9:08:A9:5C:E7:AC:8B:80:C0:DC:E4:AB:4D:65:61:8D:F1:D3:F2:16
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0197DF7EDCDAB7770ACB861CE21CBD9D5B67
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/uQipXOesi4DA3OSrTWVhjfHT8hY.roa
Signing time:             Sun 06 Jul 2025 11:28:42 +0000
ROA not before:           Sun 06 Jul 2025 11:28:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212165
IP address blocks:        212.193.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:df:7e:dc:da:b7:77:0a:cb:86:1c:e2:1c:bd:9d:5b:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jul  6 11:28:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b908a95ce7ac8b80c0dce4ab4d65618df1d3f216
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:96:f0:86:be:00:c0:d4:f1:6a:fe:b3:31:65:
                    f8:fd:73:03:5f:32:0a:ab:6c:86:70:b4:c9:a3:ed:
                    32:00:23:f4:32:c5:af:05:14:b8:3c:7d:b5:b3:09:
                    b1:d7:b7:e3:41:9b:ac:b7:9f:1e:b4:c1:ba:a1:62:
                    0e:2f:cd:3c:45:c8:68:98:3e:c7:27:6b:04:4b:02:
                    a2:d2:93:4e:3c:ca:01:19:6f:4d:0d:9c:89:df:cf:
                    e8:51:e2:2b:aa:0c:36:3e:eb:6a:8a:a0:55:85:f3:
                    3a:0a:1e:5e:92:db:85:43:91:8e:ac:f1:b8:63:3c:
                    e4:3d:11:6f:7e:bf:53:b0:08:3e:03:48:33:2c:67:
                    9b:91:f8:02:c5:a3:2e:6f:1e:94:30:21:1f:06:15:
                    2e:9b:9a:08:19:13:29:c7:54:43:4b:81:77:67:84:
                    b2:80:b4:56:b8:e0:a7:c5:c8:63:7d:8a:a5:79:0c:
                    28:60:66:aa:8e:05:4b:07:47:37:9d:3b:f6:66:e6:
                    23:9b:6d:57:7b:ea:86:c7:61:c0:e3:2b:75:c8:12:
                    04:6f:28:66:45:ee:0b:13:6e:75:52:08:61:20:33:
                    34:0e:3d:d3:85:71:e4:f6:60:fd:e9:fe:60:9a:82:
                    c0:ba:6d:cc:2e:ef:01:26:9e:3e:21:29:4e:da:32:
                    88:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:08:A9:5C:E7:AC:8B:80:C0:DC:E4:AB:4D:65:61:8D:F1:D3:F2:16
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/uQipXOesi4DA3OSrTWVhjfHT8hY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.193.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:39:df:c4:2b:fc:d0:62:e9:00:fe:73:8e:8e:ab:fd:d0:15:
         a1:59:dc:ef:63:9b:90:aa:0a:00:89:bf:93:4c:e3:5c:60:48:
         95:e3:8f:d8:39:98:7d:fb:9c:32:18:0d:d8:44:d0:ae:6b:97:
         1a:18:a2:98:00:7f:b6:f0:7f:95:0a:fe:1a:93:f6:7e:79:a4:
         14:9c:8f:e1:72:0e:88:6a:1a:6d:21:77:20:c0:1a:e0:bd:7e:
         58:dd:df:c5:89:27:53:45:e9:3a:55:5d:2e:ae:a5:60:8a:a9:
         5a:60:ea:3b:e9:6a:41:ef:73:7f:32:37:8f:78:2f:dd:12:30:
         24:e3:7d:dd:08:f2:e0:89:b9:f1:8d:13:c9:c9:46:83:89:b4:
         bc:58:cd:79:5d:68:0f:d9:83:0f:d7:e3:32:3d:56:4f:73:3d:
         48:1c:78:b8:ad:16:b4:c0:77:fe:6b:9b:9e:ea:34:66:c4:26:
         50:ee:c6:4d:44:e7:42:5c:06:36:04:31:63:40:2f:87:d0:e9:
         70:c0:58:3a:0f:c3:94:05:62:7d:c6:7a:6d:1d:e0:65:41:5a:
         8b:74:18:37:ea:a3:3e:27:90:76:b8:50:e8:3d:4e:f5:92:c3:
         9d:53:5b:8c:18:5a:1b:02:d4:d2:79:33:fb:01:da:4c:73:c2:
         79:d4:15:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZffftzat3cKy4Yc4hy9nVtnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNzA2MTEyODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTA4YTk1Y2U3YWM4YjgwYzBkY2U0YWI0ZDY1NjE4ZGYxZDNmMjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA35bwhr4AwNTxav6zMWX4/XMDXzIK
q2yGcLTJo+0yACP0MsWvBRS4PH21swmx17fjQZust58etMG6oWIOL808RchomD7H
J2sESwKi0pNOPMoBGW9NDZyJ38/oUeIrqgw2PutqiqBVhfM6Ch5ektuFQ5GOrPG4
YzzkPRFvfr9TsAg+A0gzLGebkfgCxaMubx6UMCEfBhUum5oIGRMpx1RDS4F3Z4Sy
gLRWuOCnxchjfYqleQwoYGaqjgVLB0c3nTv2ZuYjm21Xe+qGx2HA4yt1yBIEbyhm
Re4LE251UghhIDM0Dj3ThXHk9mD96f5gmoLAum3MLu8BJp4+ISlO2jKIewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLkIqVznrIuAwNzkq01lYY3x0/IWMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdVFpcFhPZXNpNERBM09TclRXVmhqZkhUOGhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MEfMA0G
CSqGSIb3DQEBCwUAA4IBAQCWOd/EK/zQYukA/nOOjqv90BWhWdzvY5uQqgoAib+T
TONcYEiV44/YOZh9+5wyGA3YRNCua5caGKKYAH+28H+VCv4ak/Z+eaQUnI/hcg6I
ahptIXcgwBrgvX5Y3d/FiSdTRek6VV0urqVgiqlaYOo76WpB73N/MjePeC/dEjAk
433dCPLgibnxjRPJyUaDibS8WM15XWgP2YMP1+MyPVZPcz1IHHi4rRa0wHf+a5ue
6jRmxCZQ7sZNROdCXAY2BDFjQC+H0OlwwFg6D8OUBWJ9xnptHeBlQVqLdBg36qM+
J5B2uFDoPU71ksOdU1uMGFobAtTSeTP7AdpMc8J51BUx
-----END CERTIFICATE-----