Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/TlKfvtbAlETneBSH6xupldH_iLM.roa
File:                     TlKfvtbAlETneBSH6xupldH_iLM.roa (raw, json)
Hash identifier:          AVYA+G0a/2fJuFqwEvpBQrQ/ABFj+zIaPMYBYo1rTZI=
Subject key identifier:   4E:52:9F:BE:D6:C0:94:44:E7:78:14:87:EB:1B:A9:95:D1:FF:88:B3
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0195661C375DDAD292A971F897A3B766BB1C
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/TlKfvtbAlETneBSH6xupldH_iLM.roa
Signing time:             Wed 05 Mar 2025 11:41:19 +0000
ROA not before:           Wed 05 Mar 2025 11:41:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202656
IP address blocks:        194.87.52.0/24 maxlen: 24
                          195.133.37.0/24 maxlen: 24
                          212.193.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 18:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:66:1c:37:5d:da:d2:92:a9:71:f8:97:a3:b7:66:bb:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Mar  5 11:41:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e529fbed6c09444e7781487eb1ba995d1ff88b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:36:0b:3b:a6:60:65:4b:31:17:d7:00:4b:7b:
                    65:30:51:e9:38:1f:e9:44:ec:9f:fc:e2:85:d5:58:
                    d3:83:a5:68:ca:03:11:f3:b0:c2:88:b2:f3:fc:81:
                    f4:2b:81:b7:c5:37:3d:1e:17:6f:62:a0:ce:67:48:
                    57:e3:a1:ec:2a:e7:84:47:e7:df:57:e7:0f:50:86:
                    4e:bc:38:2d:0a:a2:df:26:44:e3:9e:3f:40:ec:64:
                    28:c8:55:16:1a:88:60:7b:8a:af:cb:d4:69:61:80:
                    ad:39:50:60:8a:b9:d1:3c:9b:cb:7b:8e:cd:3f:2a:
                    a3:fd:e7:8e:61:9f:5a:23:c0:da:20:89:7f:f0:de:
                    de:27:9f:59:df:98:4f:51:4e:f0:12:4c:6f:e8:29:
                    87:a7:20:ee:1a:8b:9d:cd:3b:11:a5:f0:d6:57:38:
                    d5:05:a3:a0:85:9b:47:82:5e:25:65:e4:74:7c:2f:
                    81:44:07:55:53:fe:5a:5a:70:89:1d:30:0e:9c:fb:
                    04:73:e8:a7:39:bc:aa:90:58:01:87:bf:69:e2:2b:
                    c3:0d:8f:2d:79:21:ba:bd:99:b2:43:6f:7d:9d:32:
                    fb:ab:b2:48:fb:30:fa:03:3e:93:11:13:91:b4:e3:
                    11:56:2f:33:09:50:a7:14:4c:b8:12:5b:c8:20:43:
                    38:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:52:9F:BE:D6:C0:94:44:E7:78:14:87:EB:1B:A9:95:D1:FF:88:B3
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/TlKfvtbAlETneBSH6xupldH_iLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.52.0/24
                  195.133.37.0/24
                  212.193.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:7e:06:04:01:05:d2:82:ed:0b:6c:cc:a2:44:a6:f2:66:08:
         4e:07:1c:47:f8:ae:b0:2c:14:5a:a4:ea:a5:64:43:9a:0e:e4:
         31:90:ee:bb:bd:0a:5e:4e:2e:71:85:8e:81:bf:7b:35:9b:34:
         ef:7e:36:5b:6e:b1:3b:da:1c:6c:0b:df:e7:c1:bb:2a:07:97:
         50:38:e8:e8:05:0d:5d:46:ce:e0:c3:a2:18:48:74:07:a1:f6:
         e7:86:bc:b5:dd:87:eb:68:a6:fb:db:ad:2c:ea:de:d2:15:3a:
         97:a0:ad:ff:66:0e:fa:ef:a5:6f:0d:7d:24:98:5b:7a:b8:b6:
         5a:ad:d0:1e:ef:1c:49:f9:2a:8e:5a:94:49:f5:5d:52:76:e4:
         90:ed:3e:71:99:37:95:8a:b2:0f:30:fa:92:b8:9e:2b:e9:a4:
         e8:a5:9c:83:77:48:d0:5d:c9:ed:7f:25:82:61:19:aa:f5:a7:
         fd:3b:eb:d8:67:65:b9:e1:e8:b6:26:2f:6d:20:09:66:bb:e0:
         17:40:e4:de:37:81:80:f5:42:8b:16:77:fc:5f:79:4c:51:a4:
         7b:c7:34:75:6c:2d:a4:d8:87:9c:e8:de:ee:32:27:e3:a2:fe:
         1e:4e:2a:51:21:a9:b9:6e:ce:6f:4b:f4:33:46:a5:29:1e:d9:
         93:69:1d:0c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZVmHDdd2tKSqXH4l6O3ZrscMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMzA1MTE0MTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTUyOWZiZWQ2YzA5NDQ0ZTc3ODE0ODdlYjFiYTk5NWQxZmY4OGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTYLO6ZgZUsxF9cAS3tlMFHpOB/p
ROyf/OKF1VjTg6VoygMR87DCiLLz/IH0K4G3xTc9HhdvYqDOZ0hX46HsKueER+ff
V+cPUIZOvDgtCqLfJkTjnj9A7GQoyFUWGohge4qvy9RpYYCtOVBgirnRPJvLe47N
Pyqj/eeOYZ9aI8DaIIl/8N7eJ59Z35hPUU7wEkxv6CmHpyDuGoudzTsRpfDWVzjV
BaOghZtHgl4lZeR0fC+BRAdVU/5aWnCJHTAOnPsEc+inObyqkFgBh79p4ivDDY8t
eSG6vZmyQ299nTL7q7JI+zD6Az6TERORtOMRVi8zCVCnFEy4ElvIIEM4gwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFE5Sn77WwJRE53gUh+sbqZXR/4izMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvVGxLZnZ0YkFsRVRuZUJTSDZ4dXBsZEhfaUxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwlc0AwQA
w4UlAwQA1MELMA0GCSqGSIb3DQEBCwUAA4IBAQBOfgYEAQXSgu0LbMyiRKbyZghO
BxxH+K6wLBRapOqlZEOaDuQxkO67vQpeTi5xhY6Bv3s1mzTvfjZbbrE72hxsC9/n
wbsqB5dQOOjoBQ1dRs7gw6IYSHQHofbnhry13YfraKb7260s6t7SFTqXoK3/Zg76
76VvDX0kmFt6uLZardAe7xxJ+SqOWpRJ9V1SduSQ7T5xmTeVirIPMPqSuJ4r6aTo
pZyDd0jQXcntfyWCYRmq9af9O+vYZ2W54ei2Ji9tIAlmu+AXQOTeN4GA9UKLFnf8
X3lMUaR7xzR1bC2k2Iec6N7uMifjov4eTipRIam5bs5vS/QzRqUpHtmTaR0M
-----END CERTIFICATE-----