Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/4r-gjM4u_fVg2c5UsfHrM7Xb9eg.roa
File:                     4r-gjM4u_fVg2c5UsfHrM7Xb9eg.roa (raw, json)
Hash identifier:          sw0t2D2mls8onP/yG+iplJ7WArfVm//ShI5NkmXy8jc=
Subject key identifier:   E2:BF:A0:8C:CE:2E:FD:F5:60:D9:CE:54:B1:F1:EB:33:B5:DB:F5:E8
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0196F36302293E28B546CA614E7C2DD50C82
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/4r-gjM4u_fVg2c5UsfHrM7Xb9eg.roa
Signing time:             Wed 21 May 2025 15:07:54 +0000
ROA not before:           Wed 21 May 2025 15:07:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211845
IP address blocks:        195.133.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f3:63:02:29:3e:28:b5:46:ca:61:4e:7c:2d:d5:0c:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May 21 15:07:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e2bfa08cce2efdf560d9ce54b1f1eb33b5dbf5e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:63:26:b1:74:cd:0e:d9:57:d2:eb:42:96:38:
                    52:6c:c1:59:12:07:fb:e9:43:80:4c:10:1b:28:70:
                    98:43:86:d1:c2:23:8c:39:4d:b0:12:13:88:54:62:
                    f2:d3:ef:89:1d:27:8f:1c:d8:57:cf:e0:b6:22:ec:
                    69:4a:c6:2c:d8:4c:85:e1:68:bb:28:be:3b:7d:c5:
                    ce:a5:c8:66:d7:8a:92:2c:72:9d:c6:bf:8c:86:3d:
                    51:2f:14:22:45:27:d3:09:d4:0d:f2:74:82:0f:53:
                    0e:bf:b1:cb:ca:77:c8:ad:f8:d0:e3:95:25:ce:49:
                    2b:b8:1f:07:21:b3:56:37:82:c5:3e:ee:da:fe:56:
                    83:10:bf:e8:0c:48:2e:d8:b6:e3:b6:8a:07:7f:97:
                    f8:01:98:ab:ce:c0:3b:83:da:8c:72:41:d4:27:9b:
                    66:56:88:47:dc:b4:72:ed:1b:82:24:4d:26:2e:e9:
                    90:a6:52:6e:06:70:cf:5e:a1:1b:21:88:de:62:4f:
                    fd:30:11:61:4b:6b:06:29:10:03:57:7f:9f:04:fd:
                    1a:0d:8c:65:53:d2:f3:52:9c:bb:36:91:51:36:ed:
                    68:24:68:42:58:62:a8:40:80:65:62:e1:83:61:ff:
                    d3:03:93:cd:ed:6a:29:64:4b:c1:72:e5:0b:37:8c:
                    e5:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:BF:A0:8C:CE:2E:FD:F5:60:D9:CE:54:B1:F1:EB:33:B5:DB:F5:E8
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/4r-gjM4u_fVg2c5UsfHrM7Xb9eg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:94:3d:95:59:3c:fc:d0:02:d6:1f:63:52:64:3c:3f:8d:f2:
         88:6f:99:93:4c:03:78:82:ff:93:98:27:d8:97:0e:42:02:5d:
         3f:8a:ee:af:02:7a:d3:f2:e9:cb:9d:2f:e3:99:87:52:89:e5:
         ef:72:5e:b1:d7:02:df:7d:1a:7c:c6:e0:11:38:7b:6b:36:4f:
         37:13:5a:d0:32:25:56:c3:a2:48:c2:bf:96:e3:9c:af:77:95:
         07:f2:1b:1e:1f:b8:26:0d:5b:56:c4:7d:27:be:e2:24:3e:6f:
         9f:c9:00:0d:20:52:1a:09:9d:9f:0c:22:a8:e7:0b:d3:37:fa:
         e8:18:9c:cd:b1:2b:55:12:84:e8:15:2f:2a:e1:19:a4:d2:68:
         7e:3f:43:35:3f:15:53:df:cf:4f:51:b6:13:5a:b6:cf:85:94:
         91:11:57:79:ed:86:d8:07:10:c6:99:4e:4e:a4:2d:f1:c1:1a:
         f2:10:c1:85:b3:0c:e4:55:20:c1:be:7c:61:95:d5:87:b7:40:
         e5:c6:81:f3:70:e3:8c:e7:a3:3d:2e:9e:2a:ec:1b:e0:01:cc:
         52:81:08:3d:44:3b:9f:2a:7e:40:aa:90:a8:21:e1:b5:98:a3:
         b1:ab:95:40:ab:1c:1f:b3:48:da:e9:83:87:57:e6:b4:a7:8e:
         77:09:f4:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbzYwIpPii1RsphTnwt1QyCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNTIxMTUwNzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmJmYTA4Y2NlMmVmZGY1NjBkOWNlNTRiMWYxZWIzM2I1ZGJmNWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4WMmsXTNDtlX0utCljhSbMFZEgf7
6UOATBAbKHCYQ4bRwiOMOU2wEhOIVGLy0++JHSePHNhXz+C2IuxpSsYs2EyF4Wi7
KL47fcXOpchm14qSLHKdxr+Mhj1RLxQiRSfTCdQN8nSCD1MOv7HLynfIrfjQ45Ul
zkkruB8HIbNWN4LFPu7a/laDEL/oDEgu2LbjtooHf5f4AZirzsA7g9qMckHUJ5tm
VohH3LRy7RuCJE0mLumQplJuBnDPXqEbIYjeYk/9MBFhS2sGKRADV3+fBP0aDYxl
U9LzUpy7NpFRNu1oJGhCWGKoQIBlYuGDYf/TA5PN7WopZEvBcuULN4zlawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOK/oIzOLv31YNnOVLHx6zO12/XoMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvNHItZ2pNNHVfZlZnMmM1VXNmSHJNN1hiOWVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4UDMA0G
CSqGSIb3DQEBCwUAA4IBAQBDlD2VWTz80ALWH2NSZDw/jfKIb5mTTAN4gv+TmCfY
lw5CAl0/iu6vAnrT8unLnS/jmYdSieXvcl6x1wLffRp8xuAROHtrNk83E1rQMiVW
w6JIwr+W45yvd5UH8hseH7gmDVtWxH0nvuIkPm+fyQANIFIaCZ2fDCKo5wvTN/ro
GJzNsStVEoToFS8q4Rmk0mh+P0M1PxVT389PUbYTWrbPhZSREVd57YbYBxDGmU5O
pC3xwRryEMGFswzkVSDBvnxhldWHt0DlxoHzcOOM56M9Lp4q7BvgAcxSgQg9RDuf
Kn5AqpCoIeG1mKOxq5VAqxwfs0ja6YOHV+a0p453CfRm
-----END CERTIFICATE-----