Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/aNOsxC1UULsSxB9s_J61K2nDj5w.roa
File:                     aNOsxC1UULsSxB9s_J61K2nDj5w.roa (raw, json)
Hash identifier:          fEm37xE8bqGecX3djyrnqx7XoL0XPRx3dE3QOIMEByY=
Subject key identifier:   68:D3:AC:C4:2D:54:50:BB:12:C4:1F:6C:FC:9E:B5:2B:69:C3:8F:9C
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01973F70F970405C18AF4E846DD212DD3A9A
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/aNOsxC1UULsSxB9s_J61K2nDj5w.roa
Signing time:             Thu 05 Jun 2025 09:34:17 +0000
ROA not before:           Thu 05 Jun 2025 09:34:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213755
IP address blocks:        212.192.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 15:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3f:70:f9:70:40:5c:18:af:4e:84:6d:d2:12:dd:3a:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jun  5 09:34:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68d3acc42d5450bb12c41f6cfc9eb52b69c38f9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:16:1a:b0:56:ae:34:fe:19:85:db:67:90:8b:
                    d7:7b:08:76:05:2d:7c:74:61:39:9b:37:18:93:82:
                    4f:4d:18:cd:38:35:3c:3d:03:ce:21:2f:8f:11:fc:
                    af:96:6a:00:bf:5a:3c:01:49:eb:68:d3:32:3e:83:
                    ab:65:e1:e5:6f:63:a9:c7:39:5d:d6:aa:94:a9:c9:
                    25:86:9f:ff:88:44:38:1f:ef:0c:49:4a:00:a9:7b:
                    00:37:7a:81:95:5b:5f:e4:e7:aa:d3:e8:f9:91:50:
                    ce:39:56:4e:1c:69:a4:f4:cd:f3:15:15:dc:44:8f:
                    cc:d0:de:8e:c8:e5:81:f5:46:ae:c2:4c:cf:d3:54:
                    60:f0:70:4d:b0:65:53:91:a4:b6:97:cc:df:b9:69:
                    2a:d8:35:01:18:5a:fe:ff:97:2e:20:d1:2d:24:92:
                    b5:42:b5:92:da:65:12:a8:1d:2f:f0:ce:20:6f:f0:
                    41:9d:f9:7f:c2:a8:7a:0e:d5:8d:a5:e7:02:f3:35:
                    e5:b4:8b:5f:a1:80:5d:a6:8a:34:48:93:c2:1f:ce:
                    ea:d0:54:a1:ee:c7:a1:83:4d:48:4d:cd:2b:54:a0:
                    38:b5:a1:c7:75:2d:e0:8b:7f:a2:81:4f:87:d9:6b:
                    25:ab:ac:ec:cd:df:09:0b:95:94:10:3e:0a:1c:bc:
                    89:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:D3:AC:C4:2D:54:50:BB:12:C4:1F:6C:FC:9E:B5:2B:69:C3:8F:9C
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/aNOsxC1UULsSxB9s_J61K2nDj5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:ac:27:25:0e:5a:45:29:98:25:7d:00:a2:64:0a:ea:c1:02:
         9c:2a:de:fe:93:80:c7:8b:51:f8:98:7d:ae:b5:58:3e:99:32:
         a7:ce:b0:44:17:42:8b:7e:0e:64:87:58:c7:23:db:56:36:b6:
         b4:c0:a3:07:26:5c:e7:44:92:ce:cf:fd:27:0e:94:0c:6b:a3:
         e6:3d:28:3c:bd:4d:a6:d0:5b:93:39:36:90:8d:68:cb:0d:6c:
         f3:56:b2:8b:b4:25:7a:a8:e7:47:b8:92:b0:51:1c:66:2c:8e:
         b2:fe:71:61:8a:01:a6:b1:bf:2f:e4:84:50:1c:75:02:bd:e7:
         d8:5f:2b:31:f6:b8:12:85:24:50:3c:45:ef:a7:a6:71:4c:c2:
         d1:64:6b:d7:5a:6c:3f:c9:d2:bb:78:79:05:b9:52:9b:d3:93:
         bb:12:a9:88:c0:79:10:73:23:d6:31:a9:12:7d:83:48:e5:df:
         b6:57:da:7c:cf:dd:5a:32:74:87:f1:ed:a4:a6:27:5f:8a:1d:
         c9:4b:fd:67:7d:b2:10:6a:ff:94:7f:cd:fb:19:ec:c2:a8:b8:
         6d:1e:1a:24:3e:a0:b0:53:c9:22:ef:b9:e9:54:60:a2:70:f5:
         bb:1b:c4:93:d8:b2:01:09:2b:5b:0f:c9:37:cd:b6:95:60:33:
         39:ca:40:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc/cPlwQFwYr06EbdIS3TqaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNjA1MDkzNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGQzYWNjNDJkNTQ1MGJiMTJjNDFmNmNmYzllYjUyYjY5YzM4ZjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2RYasFauNP4ZhdtnkIvXewh2BS18
dGE5mzcYk4JPTRjNODU8PQPOIS+PEfyvlmoAv1o8AUnraNMyPoOrZeHlb2Opxzld
1qqUqcklhp//iEQ4H+8MSUoAqXsAN3qBlVtf5Oeq0+j5kVDOOVZOHGmk9M3zFRXc
RI/M0N6OyOWB9UauwkzP01Rg8HBNsGVTkaS2l8zfuWkq2DUBGFr+/5cuINEtJJK1
QrWS2mUSqB0v8M4gb/BBnfl/wqh6DtWNpecC8zXltItfoYBdpoo0SJPCH87q0FSh
7sehg01ITc0rVKA4taHHdS3gi3+igU+H2Wslq6zszd8JC5WUED4KHLyJQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjTrMQtVFC7EsQfbPyetStpw4+cMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvYU5Pc3hDMVVVTHNTeEI5c19KNjFLMm5EajV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MD4MA0G
CSqGSIb3DQEBCwUAA4IBAQAGrCclDlpFKZglfQCiZArqwQKcKt7+k4DHi1H4mH2u
tVg+mTKnzrBEF0KLfg5kh1jHI9tWNra0wKMHJlznRJLOz/0nDpQMa6PmPSg8vU2m
0FuTOTaQjWjLDWzzVrKLtCV6qOdHuJKwURxmLI6y/nFhigGmsb8v5IRQHHUCvefY
Xysx9rgShSRQPEXvp6ZxTMLRZGvXWmw/ydK7eHkFuVKb05O7EqmIwHkQcyPWMakS
fYNI5d+2V9p8z91aMnSH8e2kpidfih3JS/1nfbIQav+Uf837GezCqLhtHhokPqCw
U8ki77npVGCicPW7G8ST2LIBCStbD8k3zbaVYDM5ykBx
-----END CERTIFICATE-----