Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NCkz_srmgdm3uLQFk_Hpm9hAddM.roa
File:                     NCkz_srmgdm3uLQFk_Hpm9hAddM.roa (raw, json)
Hash identifier:          BEpd+ixF3WAeqN80Aqa8cJBRCCy7LTZrbRdrRrPwwJg=
Subject key identifier:   34:29:33:FE:CA:E6:81:D9:B7:B8:B4:05:93:F1:E9:9B:D8:40:75:D3
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0196C37471B415E9C26E91CCAC1FC8A7D183
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NCkz_srmgdm3uLQFk_Hpm9hAddM.roa
Signing time:             Mon 12 May 2025 07:45:10 +0000
ROA not before:           Mon 12 May 2025 07:45:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214822
IP address blocks:        193.124.121.0/24 maxlen: 24
                          194.87.168.0/24 maxlen: 24
                          195.133.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 18:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c3:74:71:b4:15:e9:c2:6e:91:cc:ac:1f:c8:a7:d1:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May 12 07:45:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=342933fecae681d9b7b8b40593f1e99bd84075d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:42:bb:21:31:3c:9b:32:fe:81:18:24:3f:5f:
                    a0:b4:df:ee:7d:26:d5:39:eb:a2:31:ba:c8:0f:31:
                    b4:62:7b:dd:f3:45:fd:d7:1c:37:8e:12:4d:2c:64:
                    13:38:a2:b0:14:14:18:ff:dc:54:95:16:e7:1d:92:
                    d3:b6:cc:c7:4a:ef:3d:af:7e:5c:e7:12:51:b3:93:
                    92:d0:43:f1:e6:5b:99:9a:c0:21:1f:5b:d3:57:e5:
                    0c:06:3c:ad:60:64:30:93:5a:17:e0:0d:e6:27:8f:
                    da:70:ec:cc:bb:9a:d3:2d:15:85:29:8d:45:af:c0:
                    21:8d:68:4c:91:86:26:76:68:61:3c:68:72:9f:06:
                    31:10:f0:31:96:43:a0:d9:0b:9f:7b:3b:04:9a:cb:
                    66:3a:03:a5:02:20:00:96:a9:63:fc:76:f6:60:61:
                    d3:cb:6e:4d:72:a7:2a:98:6c:70:e9:a8:d9:2c:85:
                    60:43:b5:a9:b0:8b:c7:de:f4:04:f4:c6:d9:88:8b:
                    df:94:65:8c:a0:30:e8:75:01:95:91:07:9f:da:00:
                    59:33:06:ca:db:dd:50:2e:9b:ca:ac:be:dc:53:75:
                    02:4c:65:8c:58:5f:a2:83:32:7a:f8:9b:e8:44:fe:
                    ba:93:11:97:2e:e2:09:ad:30:83:08:e3:b1:5d:66:
                    9a:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:29:33:FE:CA:E6:81:D9:B7:B8:B4:05:93:F1:E9:9B:D8:40:75:D3
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NCkz_srmgdm3uLQFk_Hpm9hAddM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.121.0/24
                  194.87.168.0/24
                  195.133.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:1c:fc:89:f7:7f:6c:d1:f5:c9:9d:cb:f1:15:d2:e5:a8:1b:
         14:24:03:52:42:00:46:be:a4:08:f6:9e:56:19:78:2a:6d:6b:
         a9:54:e0:7f:c7:8d:3c:f1:78:50:44:c0:38:82:12:f3:8f:3b:
         1c:a9:37:92:ef:b2:cc:d7:2d:6f:d6:70:0a:b5:ec:6f:11:03:
         b0:b3:bf:07:2f:28:81:c5:68:2f:be:4d:cb:e2:b0:34:32:af:
         6f:64:93:59:95:00:63:11:a5:ff:e0:06:f3:8c:64:4b:27:c8:
         23:92:62:28:6d:52:60:d4:a1:6b:fc:4f:84:7b:2f:11:52:83:
         d4:a6:66:af:2d:52:fe:17:59:40:29:b5:4a:a6:ec:7c:0a:07:
         a2:df:15:22:b9:17:f1:9e:31:b3:ff:e1:2d:8d:fd:e5:30:68:
         c3:83:5f:97:4f:8d:ae:70:56:cd:9e:78:2c:86:ab:da:c7:13:
         1f:4b:fb:e3:19:14:5c:b8:bd:04:22:88:11:44:62:33:ac:a6:
         5c:c7:82:4f:dc:f8:5d:8e:44:93:ae:67:7e:87:c6:d9:01:5a:
         f0:ff:3e:a8:89:ef:93:3d:7a:6b:6c:28:40:7e:b1:0f:fb:b4:
         af:be:09:87:fe:11:79:b3:61:59:e7:46:3a:0d:b7:b4:1d:84:
         25:75:cf:5c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZbDdHG0FenCbpHMrB/Ip9GDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNTEyMDc0NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDI5MzNmZWNhZTY4MWQ5YjdiOGI0MDU5M2YxZTk5YmQ4NDA3NWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEK7ITE8mzL+gRgkP1+gtN/ufSbV
OeuiMbrIDzG0Ynvd80X91xw3jhJNLGQTOKKwFBQY/9xUlRbnHZLTtszHSu89r35c
5xJRs5OS0EPx5luZmsAhH1vTV+UMBjytYGQwk1oX4A3mJ4/acOzMu5rTLRWFKY1F
r8AhjWhMkYYmdmhhPGhynwYxEPAxlkOg2QufezsEmstmOgOlAiAAlqlj/Hb2YGHT
y25NcqcqmGxw6ajZLIVgQ7WpsIvH3vQE9MbZiIvflGWMoDDodQGVkQef2gBZMwbK
291QLpvKrL7cU3UCTGWMWF+igzJ6+JvoRP66kxGXLuIJrTCDCOOxXWaaPwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDQpM/7K5oHZt7i0BZPx6ZvYQHXTMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvTkNrel9zcm1nZG0zdUxRRmtfSHBtOWhBZGRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwXx5AwQA
wleoAwQAw4UfMA0GCSqGSIb3DQEBCwUAA4IBAQAEHPyJ939s0fXJncvxFdLlqBsU
JANSQgBGvqQI9p5WGXgqbWupVOB/x4088XhQRMA4ghLzjzscqTeS77LM1y1v1nAK
texvEQOws78HLyiBxWgvvk3L4rA0Mq9vZJNZlQBjEaX/4AbzjGRLJ8gjkmIobVJg
1KFr/E+Eey8RUoPUpmavLVL+F1lAKbVKpux8Cgei3xUiuRfxnjGz/+Etjf3lMGjD
g1+XT42ucFbNnngshqvaxxMfS/vjGRRcuL0EIogRRGIzrKZcx4JP3PhdjkSTrmd+
h8bZAVrw/z6oie+TPXprbChAfrEP+7SvvgmH/hF5s2FZ50Y6Dbe0HYQldc9c
-----END CERTIFICATE-----