Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/QrobxUua2pKkBEt3MBYGxWj6Meo.roa
File:                     QrobxUua2pKkBEt3MBYGxWj6Meo.roa (raw, json)
Hash identifier:          sd2jKy0atiVBCfFM2wlyC0G6SJ3gDwTp+cgEsy/1FaU=
Subject key identifier:   42:BA:1B:C5:4B:9A:DA:92:A4:04:4B:77:30:16:06:C5:68:FA:31:EA
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01957063BCC53201E7B21A6F841EDDA1D944
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/QrobxUua2pKkBEt3MBYGxWj6Meo.roa
Signing time:             Fri 07 Mar 2025 11:35:39 +0000
ROA not before:           Fri 07 Mar 2025 11:35:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50053
IP address blocks:        194.87.37.0/24 maxlen: 24
                          195.133.17.0/24 maxlen: 24
                          195.133.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:70:63:bc:c5:32:01:e7:b2:1a:6f:84:1e:dd:a1:d9:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Mar  7 11:35:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42ba1bc54b9ada92a4044b77301606c568fa31ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:8b:69:72:02:3b:dd:bc:7a:ef:23:b3:6c:c7:
                    bf:e3:84:24:4d:9c:46:df:69:7d:c8:d0:67:fb:91:
                    c0:86:eb:e1:9b:54:23:03:42:c6:eb:ee:76:5b:0a:
                    a9:6a:4b:99:9d:27:b0:6b:2e:90:b0:a9:98:59:db:
                    5e:1e:a3:ed:07:80:3b:44:f5:28:3c:7a:34:07:a2:
                    2c:35:18:1c:16:a7:d1:93:62:b2:d2:7e:0b:a6:b6:
                    8f:0e:66:87:c2:3e:fe:4b:44:4d:9c:f3:6f:4d:b6:
                    45:e4:6d:62:9e:8e:a7:6d:5c:08:6b:ba:43:b7:49:
                    5f:48:95:b6:8f:f4:b8:18:7b:b3:d9:65:b0:60:28:
                    7c:ec:c5:77:73:a4:f7:c2:2c:f7:fc:c6:6d:8e:a7:
                    6b:d7:2a:16:46:c0:5b:02:5c:b1:6e:f3:4f:d2:e0:
                    48:f8:93:aa:36:5e:48:2c:00:b2:82:f0:07:04:ab:
                    7c:1c:dc:ab:81:65:fe:29:16:1a:50:58:df:38:c0:
                    f3:b7:79:02:7f:78:6f:34:c2:b6:3b:32:3a:28:eb:
                    38:fa:cb:72:b1:cf:c8:ae:ce:0e:0f:d3:81:04:58:
                    da:94:21:2e:d0:a4:19:b4:81:ab:b3:e1:4f:3b:d7:
                    53:1c:19:ff:4e:ba:a4:41:35:ec:8d:9b:dd:57:70:
                    0d:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:BA:1B:C5:4B:9A:DA:92:A4:04:4B:77:30:16:06:C5:68:FA:31:EA
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/QrobxUua2pKkBEt3MBYGxWj6Meo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.37.0/24
                  195.133.17.0/24
                  195.133.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:2c:21:54:fa:6e:96:62:46:c8:50:fd:e0:1f:d9:bf:04:08:
         88:53:82:70:16:f9:e9:e1:46:ee:4c:05:63:e8:fb:d4:ac:ce:
         12:c1:b9:6a:4b:86:60:dc:c9:91:fb:2e:2b:47:df:03:ee:91:
         8a:f4:21:27:5e:3b:ed:a5:6b:55:a1:26:f6:fe:1b:35:6a:fc:
         93:b9:d8:46:20:e8:20:82:1a:66:9d:18:69:dd:5f:12:00:a8:
         0f:e4:6b:2d:c9:89:d5:54:65:73:c9:49:8e:97:b9:cf:a1:fb:
         28:d7:9b:47:a9:95:70:09:27:c5:f1:49:cc:65:9f:92:0b:3a:
         37:d5:0d:7f:d8:63:64:88:e8:8d:2c:3f:d0:fa:71:76:e6:a5:
         bb:a0:51:54:be:17:c7:60:47:e6:f0:b6:54:5b:7e:3a:cf:25:
         3c:24:16:f7:9c:42:42:b4:7e:1a:3d:35:29:ce:cb:15:06:27:
         e0:78:91:b5:b8:cb:ac:ad:57:ce:84:fc:ff:39:0a:e4:d5:bd:
         72:c4:5b:ff:29:50:6b:0b:78:5e:49:25:b6:08:48:73:d4:30:
         a3:c8:97:09:6a:aa:14:93:b4:e2:c3:93:59:69:93:30:44:46:
         83:b6:22:58:cf:25:cf:55:c5:b8:9b:f0:7a:8a:36:b5:85:67:
         ca:f0:52:51
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZVwY7zFMgHnshpvhB7dodlEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMzA3MTEzNTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmJhMWJjNTRiOWFkYTkyYTQwNDRiNzczMDE2MDZjNTY4ZmEzMWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxotpcgI73bx67yOzbMe/44QkTZxG
32l9yNBn+5HAhuvhm1QjA0LG6+52WwqpakuZnSeway6QsKmYWdteHqPtB4A7RPUo
PHo0B6IsNRgcFqfRk2Ky0n4LpraPDmaHwj7+S0RNnPNvTbZF5G1ino6nbVwIa7pD
t0lfSJW2j/S4GHuz2WWwYCh87MV3c6T3wiz3/MZtjqdr1yoWRsBbAlyxbvNP0uBI
+JOqNl5ILACygvAHBKt8HNyrgWX+KRYaUFjfOMDzt3kCf3hvNMK2OzI6KOs4+sty
sc/Irs4OD9OBBFjalCEu0KQZtIGrs+FPO9dTHBn/TrqkQTXsjZvdV3AN9wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEK6G8VLmtqSpARLdzAWBsVo+jHqMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvUXJvYnhVdWEycEtrQkV0M01CWUd4V2o2TWVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwlclAwQA
w4URAwQAw4UnMA0GCSqGSIb3DQEBCwUAA4IBAQAMLCFU+m6WYkbIUP3gH9m/BAiI
U4JwFvnp4UbuTAVj6PvUrM4SwblqS4Zg3MmR+y4rR98D7pGK9CEnXjvtpWtVoSb2
/hs1avyTudhGIOggghpmnRhp3V8SAKgP5GstyYnVVGVzyUmOl7nPofso15tHqZVw
CSfF8UnMZZ+SCzo31Q1/2GNkiOiNLD/Q+nF25qW7oFFUvhfHYEfm8LZUW346zyU8
JBb3nEJCtH4aPTUpzssVBifgeJG1uMusrVfOhPz/OQrk1b1yxFv/KVBrC3heSSW2
CEhz1DCjyJcJaqoUk7Tiw5NZaZMwREaDtiJYzyXPVcW4m/B6ija1hWfK8FJR
-----END CERTIFICATE-----