Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/APZBnJeFQ98r6Gx9_V1ebJeH_W0.roa
File:                     APZBnJeFQ98r6Gx9_V1ebJeH_W0.roa (raw, json)
Hash identifier:          riJ/2JlFLevP8PwChGZLjBXVcIYsytKLwONy8h+Wwv8=
Subject key identifier:   00:F6:41:9C:97:85:43:DF:2B:E8:6C:7D:FD:5D:5E:6C:97:87:FD:6D
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019717456C4F3CABFDD2ADCCB4EB8352FBFF
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/APZBnJeFQ98r6Gx9_V1ebJeH_W0.roa
Signing time:             Wed 28 May 2025 14:21:55 +0000
ROA not before:           Wed 28 May 2025 14:21:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212609
IP address blocks:        193.124.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 18:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:17:45:6c:4f:3c:ab:fd:d2:ad:cc:b4:eb:83:52:fb:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May 28 14:21:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00f6419c978543df2be86c7dfd5d5e6c9787fd6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:15:3a:c2:8b:7d:f9:f1:13:54:20:8a:35:9d:
                    f1:76:25:62:74:82:30:9c:3f:e9:77:82:a2:ae:d1:
                    6e:85:65:dd:1c:eb:fe:09:32:e1:36:e0:7f:88:91:
                    8f:a1:3b:e1:c2:b1:62:bc:7b:98:e7:61:a0:1a:b3:
                    62:d5:39:fa:8d:8c:fe:bc:c7:f3:dd:b6:ff:6c:7e:
                    9f:fd:9f:18:20:28:2a:6f:1b:e5:a7:1b:5f:8b:c4:
                    ab:72:24:88:c2:97:7b:0f:f9:57:08:84:6c:de:a9:
                    90:f5:19:50:61:d3:ae:df:a7:d0:9b:c9:7a:b7:c8:
                    46:b1:72:f7:4a:1a:e5:3d:5a:ef:d0:ab:c5:47:4a:
                    a1:c2:6c:b2:80:e8:e7:72:5e:59:72:a6:b4:6b:43:
                    c8:b5:83:c4:55:b3:f9:8f:af:b0:b0:cc:46:67:62:
                    21:1e:32:e8:27:a5:ad:86:f2:31:99:e4:05:c1:c0:
                    18:31:2d:4d:2a:c4:75:b8:4e:00:02:6f:3f:04:3a:
                    c0:e0:20:11:fc:be:7b:70:74:aa:e2:e9:59:c3:e9:
                    2a:c0:fb:43:c4:6b:5d:f8:86:d0:a3:49:9e:57:24:
                    75:69:27:c4:4a:05:12:ac:55:2f:22:27:59:e8:6f:
                    b5:0c:1c:b7:ba:a7:4c:72:02:57:bb:58:55:d0:35:
                    41:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:F6:41:9C:97:85:43:DF:2B:E8:6C:7D:FD:5D:5E:6C:97:87:FD:6D
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/APZBnJeFQ98r6Gx9_V1ebJeH_W0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:b7:cd:7d:d2:76:e2:2d:64:8c:c2:62:5d:5e:2a:1f:6f:5e:
         47:73:8e:63:95:27:5c:c1:a6:39:0d:8c:db:20:67:48:68:ba:
         75:e2:2e:bc:6d:8e:da:d6:51:50:48:3f:19:f5:a2:ef:98:e7:
         e1:1a:81:b8:1f:eb:30:36:b1:0f:eb:97:1b:66:b7:68:cc:b4:
         c9:4f:25:e5:05:89:64:ab:4f:30:c0:18:a1:d8:e8:1a:13:24:
         2c:8c:bd:43:12:82:db:eb:05:d0:ae:88:10:68:6e:9f:ee:8d:
         55:87:fd:05:24:bb:fa:33:46:e0:95:65:b3:58:ab:28:37:15:
         1b:1b:a3:43:47:3e:61:bd:ff:d1:e2:6a:10:3a:96:f6:ea:af:
         81:0c:07:bd:c2:9c:1e:7b:53:cf:52:78:ce:20:b8:98:ef:4e:
         6b:66:84:d3:d0:b4:60:13:5e:c6:9d:ab:92:ec:1b:89:db:d7:
         92:cd:ad:0f:ad:cd:d7:1f:b1:bb:9e:0e:13:b0:0b:09:05:56:
         2c:80:54:ea:f0:5f:33:5e:b6:bd:f1:2f:34:65:a7:28:00:69:
         e7:1a:b4:39:f0:dc:a7:08:66:49:c4:41:f3:63:2a:a7:52:b4:
         08:b7:f4:08:a3:4c:45:66:03:f2:d7:da:eb:29:8b:6e:80:38:
         7a:cf:75:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcXRWxPPKv90q3MtOuDUvv/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNTI4MTQyMTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGY2NDE5Yzk3ODU0M2RmMmJlODZjN2RmZDVkNWU2Yzk3ODdmZDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxU6wot9+fETVCCKNZ3xdiVidIIw
nD/pd4KirtFuhWXdHOv+CTLhNuB/iJGPoTvhwrFivHuY52GgGrNi1Tn6jYz+vMfz
3bb/bH6f/Z8YICgqbxvlpxtfi8SrciSIwpd7D/lXCIRs3qmQ9RlQYdOu36fQm8l6
t8hGsXL3ShrlPVrv0KvFR0qhwmyygOjncl5Zcqa0a0PItYPEVbP5j6+wsMxGZ2Ih
HjLoJ6WthvIxmeQFwcAYMS1NKsR1uE4AAm8/BDrA4CAR/L57cHSq4ulZw+kqwPtD
xGtd+IbQo0meVyR1aSfESgUSrFUvIidZ6G+1DBy3uqdMcgJXu1hV0DVBZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAD2QZyXhUPfK+hsff1dXmyXh/1tMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvQVBaQm5KZUZROThyNkd4OV9WMWViSmVIX1cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXzOMA0G
CSqGSIb3DQEBCwUAA4IBAQA/t8190nbiLWSMwmJdXiofb15Hc45jlSdcwaY5DYzb
IGdIaLp14i68bY7a1lFQSD8Z9aLvmOfhGoG4H+swNrEP65cbZrdozLTJTyXlBYlk
q08wwBih2OgaEyQsjL1DEoLb6wXQrogQaG6f7o1Vh/0FJLv6M0bglWWzWKsoNxUb
G6NDRz5hvf/R4moQOpb26q+BDAe9wpwee1PPUnjOILiY705rZoTT0LRgE17GnauS
7BuJ29eSza0Prc3XH7G7ng4TsAsJBVYsgFTq8F8zXra98S80ZacoAGnnGrQ58Nyn
CGZJxEHzYyqnUrQIt/QIo0xFZgPy19rrKYtugDh6z3WL
-----END CERTIFICATE-----