Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/zwse5TQa1KwU7PqLUxa1Kne0wLw.roa
File:                     zwse5TQa1KwU7PqLUxa1Kne0wLw.roa (raw, json)
Hash identifier:          vR4GdsgcZFcL1UVu/nRbrE6/e6gF9I3sc1PWMJywHGU=
Subject key identifier:   CF:0B:1E:E5:34:1A:D4:AC:14:EC:FA:8B:53:16:B5:2A:77:B4:C0:BC
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       0197B0E849A8F9C286382725B208A1864BA8
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/zwse5TQa1KwU7PqLUxa1Kne0wLw.roa
Signing time:             Fri 27 Jun 2025 10:21:42 +0000
ROA not before:           Fri 27 Jun 2025 10:21:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     393942
IP address blocks:        188.209.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b0:e8:49:a8:f9:c2:86:38:27:25:b2:08:a1:86:4b:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Jun 27 10:21:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf0b1ee5341ad4ac14ecfa8b5316b52a77b4c0bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:8b:f6:7d:91:1d:82:a3:37:6d:07:c4:bd:c3:
                    b6:40:1c:ac:6d:18:67:ca:fb:fc:21:b4:60:df:6d:
                    3c:9e:f5:ce:87:17:c7:b3:a9:97:b5:ff:85:f3:f8:
                    e6:18:67:b1:f0:0e:44:c0:05:97:4e:d8:2c:50:b1:
                    eb:d5:e4:7d:6b:7c:39:91:5a:dd:44:95:b8:09:db:
                    f3:06:4b:21:f9:8d:01:53:05:39:49:b4:3b:0b:f6:
                    61:34:e2:2e:78:c9:71:ee:9e:fc:af:dc:53:b7:b4:
                    d2:b3:ee:00:bc:53:0e:51:6c:fe:15:e4:d2:64:e8:
                    dd:70:77:9b:3c:bd:d6:73:f7:ce:25:f2:21:23:11:
                    6f:35:12:d9:d4:01:bb:42:18:66:11:c0:55:ad:14:
                    aa:5e:59:28:c2:c5:e1:08:d8:bf:49:b3:c5:81:20:
                    d6:4c:3d:03:8f:c7:f7:e1:0a:c5:34:85:8c:f8:8d:
                    9e:00:18:a7:3c:9f:48:1f:19:31:8f:10:96:56:af:
                    f4:c2:99:29:fe:3f:ed:16:90:11:04:2f:80:6a:a3:
                    0c:80:d7:b7:b2:50:e8:69:e2:ad:bb:0e:01:fa:d9:
                    89:1d:35:69:71:35:f4:e5:26:6d:bd:4a:7a:37:d0:
                    42:5e:eb:e8:c5:28:cd:96:13:bc:57:51:6e:71:32:
                    6c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:0B:1E:E5:34:1A:D4:AC:14:EC:FA:8B:53:16:B5:2A:77:B4:C0:BC
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/zwse5TQa1KwU7PqLUxa1Kne0wLw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:e3:05:f6:50:ee:e4:22:31:c7:0b:2a:e9:ac:95:40:d7:2c:
         a8:ee:13:16:57:91:7e:df:65:57:ea:f0:79:e2:81:7a:72:8b:
         d4:f6:36:43:76:7b:91:50:68:ca:f3:7f:68:52:a7:2a:ac:c0:
         a3:88:2e:68:1e:70:15:0d:39:a9:ff:91:22:82:83:db:d7:55:
         41:89:51:a7:a9:a0:15:4d:e8:7f:e7:0b:ae:68:ce:50:bf:0e:
         7e:62:d0:13:3f:64:11:33:53:62:cb:d7:3f:f9:c3:0e:5f:dd:
         a2:9d:6a:bb:13:b5:a8:63:4c:5e:14:87:c9:18:11:bb:6d:5e:
         be:48:f8:5f:cf:a8:48:22:82:e3:87:75:39:25:27:d6:1f:3a:
         06:58:a9:e0:4d:16:de:0d:e4:a3:5b:cb:92:9a:83:0d:69:a5:
         a1:1b:7b:d4:e4:bb:db:56:49:ea:28:2e:3e:8a:4d:a5:76:68:
         5e:b8:43:ac:88:21:41:fa:4b:cb:36:e7:cd:18:e2:1c:d3:be:
         8f:86:07:83:cd:f7:07:57:bb:98:01:86:55:8d:53:0d:00:93:
         5c:00:6e:58:15:f1:00:76:8f:db:2a:e7:a2:ac:05:87:39:e2:
         92:92:0f:57:00:d7:da:c3:7c:1c:70:80:66:6b:c2:6f:6b:0d:
         8d:18:ed:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZew6Emo+cKGOCclsgihhkuoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUwNjI3MTAyMTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjBiMWVlNTM0MWFkNGFjMTRlY2ZhOGI1MzE2YjUyYTc3YjRjMGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/Iv2fZEdgqM3bQfEvcO2QBysbRhn
yvv8IbRg3208nvXOhxfHs6mXtf+F8/jmGGex8A5EwAWXTtgsULHr1eR9a3w5kVrd
RJW4CdvzBksh+Y0BUwU5SbQ7C/ZhNOIueMlx7p78r9xTt7TSs+4AvFMOUWz+FeTS
ZOjdcHebPL3Wc/fOJfIhIxFvNRLZ1AG7QhhmEcBVrRSqXlkowsXhCNi/SbPFgSDW
TD0Dj8f34QrFNIWM+I2eABinPJ9IHxkxjxCWVq/0wpkp/j/tFpARBC+AaqMMgNe3
slDoaeKtuw4B+tmJHTVpcTX05SZtvUp6N9BCXuvoxSjNlhO8V1FucTJsNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM8LHuU0GtSsFOz6i1MWtSp3tMC8MB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvendzZTVUUWExS3dVN1BxTFV4YTFLbmUwd0x3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNGFMA0G
CSqGSIb3DQEBCwUAA4IBAQCg4wX2UO7kIjHHCyrprJVA1yyo7hMWV5F+32VX6vB5
4oF6covU9jZDdnuRUGjK839oUqcqrMCjiC5oHnAVDTmp/5EigoPb11VBiVGnqaAV
Teh/5wuuaM5Qvw5+YtATP2QRM1Niy9c/+cMOX92inWq7E7WoY0xeFIfJGBG7bV6+
SPhfz6hIIoLjh3U5JSfWHzoGWKngTRbeDeSjW8uSmoMNaaWhG3vU5LvbVknqKC4+
ik2ldmheuEOsiCFB+kvLNufNGOIc076PhgeDzfcHV7uYAYZVjVMNAJNcAG5YFfEA
do/bKueirAWHOeKSkg9XANfaw3wccIBma8Jvaw2NGO1e
-----END CERTIFICATE-----