Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/DU6qlyYCXKIhjgicxg2q3ORaNXo.roa
File:                     DU6qlyYCXKIhjgicxg2q3ORaNXo.roa (raw, json)
Hash identifier:          JoN8PbUkUgObLpFD5jMZoHJ6gBQw0n5z0dSqwXwxoNU=
Subject key identifier:   0D:4E:AA:97:26:02:5C:A2:21:8E:08:9C:C6:0D:AA:DC:E4:5A:35:7A
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01942824F5C2DD8D165A5B599B84C278B576
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/DU6qlyYCXKIhjgicxg2q3ORaNXo.roa
Signing time:             Thu 02 Jan 2025 17:51:38 +0000
ROA not before:           Thu 02 Jan 2025 17:51:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60647
IP address blocks:        212.192.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 09:53:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:f5:c2:dd:8d:16:5a:5b:59:9b:84:c2:78:b5:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 17:51:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d4eaa9726025ca2218e089cc60daadce45a357a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:d4:dc:fa:ea:7b:41:c6:d1:dd:53:e6:13:4c:
                    29:cd:4c:ca:c8:c7:de:ba:76:be:8d:c6:6d:d5:b6:
                    75:72:af:95:bc:bc:98:e9:e7:95:e6:51:9d:6c:54:
                    f9:fc:42:31:51:fa:d1:f2:07:17:9f:18:8c:b8:a8:
                    b7:b9:81:b1:1a:0b:12:3e:aa:cb:fc:5d:57:03:a8:
                    dd:ff:6c:9c:e1:4a:81:70:fa:a8:62:4b:c1:6a:9c:
                    0f:83:4a:63:44:d8:f7:b2:6c:1b:0e:21:8e:75:b2:
                    83:ca:85:1d:17:ed:0c:d5:bc:d0:af:5b:51:be:ab:
                    46:ec:a3:5c:eb:b8:e7:d3:87:57:86:9d:9a:e2:2d:
                    51:02:22:34:00:d2:1a:9e:f8:b3:4a:04:f4:a5:99:
                    8b:f3:38:5d:dc:b3:a9:35:53:99:69:1e:fb:3b:e5:
                    c1:8b:71:21:b6:c7:86:05:6e:0a:17:95:50:fa:9c:
                    6a:91:a9:1b:f6:23:9b:60:e0:1a:dc:88:8e:0f:46:
                    77:41:92:33:10:26:2e:a0:36:ee:91:25:33:c0:38:
                    ac:a2:03:77:80:de:6f:1a:01:dc:d5:10:bc:0f:ff:
                    f4:8c:85:75:fa:5c:02:78:0f:96:da:8c:42:09:3e:
                    41:98:29:c6:f3:71:aa:38:ea:9c:5b:b2:ae:cb:80:
                    50:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:4E:AA:97:26:02:5C:A2:21:8E:08:9C:C6:0D:AA:DC:E4:5A:35:7A
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/DU6qlyYCXKIhjgicxg2q3ORaNXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:1d:8e:2b:6a:5c:fd:bc:a7:af:83:72:54:e7:e8:26:5a:3c:
         ee:d5:d0:72:13:e8:bd:56:48:e3:81:e3:ad:16:1d:e1:6c:12:
         16:fd:6c:3f:d1:59:4f:a1:5e:64:50:d3:22:aa:57:2f:f1:b3:
         e6:e3:99:4c:17:7b:37:9f:76:69:b6:41:ac:1b:92:37:8b:b4:
         6a:00:97:ef:63:00:d0:22:be:36:e2:c4:34:7f:29:5b:54:d5:
         e3:15:90:c3:c7:4b:88:63:6f:5e:7d:07:ef:70:5b:09:1e:b9:
         88:06:09:37:42:6e:4a:c0:26:ac:61:14:2c:a4:2f:7d:bd:3c:
         9f:ed:76:98:27:01:48:52:7f:99:4c:af:2c:86:29:5e:5e:2d:
         f8:b7:04:bd:04:2f:71:90:98:96:ef:4e:ae:26:fd:ff:d6:78:
         51:0d:d9:d6:ce:58:d3:cb:6b:3f:56:c2:52:db:b2:fe:32:9d:
         b8:af:77:4f:52:d3:d3:0a:0f:c0:a0:b0:d8:7c:02:69:f3:7c:
         f0:36:82:d9:c0:b4:44:13:b2:e6:05:28:5b:61:c9:60:8f:9a:
         aa:d3:f5:69:18:ef:58:3d:fa:fe:ef:7c:42:c9:ad:62:b9:99:
         e3:c0:e9:13:60:ae:2f:c4:78:f0:16:0a:4c:54:83:99:27:98:
         21:62:4f:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJPXC3Y0WWltZm4TCeLV2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDRlYWE5NzI2MDI1Y2EyMjE4ZTA4OWNjNjBkYWFkY2U0NWEzNTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6tTc+up7QcbR3VPmE0wpzUzKyMfe
una+jcZt1bZ1cq+VvLyY6eeV5lGdbFT5/EIxUfrR8gcXnxiMuKi3uYGxGgsSPqrL
/F1XA6jd/2yc4UqBcPqoYkvBapwPg0pjRNj3smwbDiGOdbKDyoUdF+0M1bzQr1tR
vqtG7KNc67jn04dXhp2a4i1RAiI0ANIanvizSgT0pZmL8zhd3LOpNVOZaR77O+XB
i3EhtseGBW4KF5VQ+pxqkakb9iObYOAa3IiOD0Z3QZIzECYuoDbukSUzwDisogN3
gN5vGgHc1RC8D//0jIV1+lwCeA+W2oxCCT5BmCnG83GqOOqcW7Kuy4BQSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA1OqpcmAlyiIY4InMYNqtzkWjV6MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvRFU2cWx5WUNYS0loamdpY3hnMnEzT1JhTlhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MD8MA0G
CSqGSIb3DQEBCwUAA4IBAQBsHY4ralz9vKevg3JU5+gmWjzu1dByE+i9VkjjgeOt
Fh3hbBIW/Ww/0VlPoV5kUNMiqlcv8bPm45lMF3s3n3ZptkGsG5I3i7RqAJfvYwDQ
Ir424sQ0fylbVNXjFZDDx0uIY29efQfvcFsJHrmIBgk3Qm5KwCasYRQspC99vTyf
7XaYJwFIUn+ZTK8shileXi34twS9BC9xkJiW706uJv3/1nhRDdnWzljTy2s/VsJS
27L+Mp24r3dPUtPTCg/AoLDYfAJp83zwNoLZwLREE7LmBShbYclgj5qq0/VpGO9Y
Pfr+73xCya1iuZnjwOkTYK4vxHjwFgpMVIOZJ5ghYk+7
-----END CERTIFICATE-----