Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/bDWkfG-gcuFN9AfFR8ozNYjfGXY.roa
File:                     bDWkfG-gcuFN9AfFR8ozNYjfGXY.roa (raw, json)
Hash identifier:          lJE3KRSta7MNBw+M+O73K4rG5HH2xu2QR3Kgrl6dUS4=
Subject key identifier:   6C:35:A4:7C:6F:A0:72:E1:4D:F4:07:C5:47:CA:33:35:88:DF:19:76
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0194282515B694C2E1743F869AC5E20A8B03
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/bDWkfG-gcuFN9AfFR8ozNYjfGXY.roa
Signing time:             Thu 02 Jan 2025 17:51:46 +0000
ROA not before:           Thu 02 Jan 2025 17:51:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215594
IP address blocks:        212.193.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:15:b6:94:c2:e1:74:3f:86:9a:c5:e2:0a:8b:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 17:51:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c35a47c6fa072e14df407c547ca333588df1976
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:8c:14:e7:5e:db:24:e6:33:52:36:d5:9d:49:
                    17:de:d2:23:7d:94:56:27:30:ea:71:14:75:29:5b:
                    7a:8e:1b:9d:43:27:01:d8:0a:38:d3:ae:28:ce:ff:
                    d5:cb:8a:6a:66:b5:97:b2:f3:ec:e4:ef:7d:6e:4d:
                    64:45:60:dd:35:87:5a:2c:1d:4b:04:1e:a8:fe:57:
                    8f:1b:49:cb:0f:f7:30:55:5e:0f:c2:1e:df:6e:6b:
                    af:34:dd:9f:e4:92:a7:d4:bf:ea:4b:24:30:1f:64:
                    8a:72:4a:b0:c0:8a:e5:26:d8:41:54:97:25:79:2c:
                    e4:b2:44:19:95:f4:b2:68:54:87:83:e3:0b:01:5e:
                    70:d6:20:e2:1e:bc:23:93:49:16:6b:91:0f:d2:dc:
                    14:32:1e:4e:71:71:dd:8a:49:18:db:e7:f1:76:ee:
                    37:75:d1:f4:f3:e5:76:a6:ac:57:46:0e:aa:9a:6c:
                    cf:c2:f4:41:35:19:d0:50:2b:3d:72:72:e0:73:78:
                    4b:e8:a3:55:24:82:ae:50:5d:d0:4b:8a:b3:ec:7e:
                    f4:a9:7b:65:ac:6d:d1:08:84:19:c7:cc:73:69:7c:
                    dd:db:43:58:93:3a:60:7a:16:4a:d1:98:10:e2:0b:
                    59:2d:ef:27:34:12:32:ba:cb:e7:ba:7c:ff:87:7e:
                    ef:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:35:A4:7C:6F:A0:72:E1:4D:F4:07:C5:47:CA:33:35:88:DF:19:76
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/bDWkfG-gcuFN9AfFR8ozNYjfGXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.193.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:35:00:f7:ca:48:45:4f:39:5c:5a:f7:6a:17:70:14:92:e8:
         ff:e4:22:ed:57:0b:a7:a4:7a:5d:fb:6c:3e:e3:a5:49:08:4b:
         36:2c:60:2e:51:7d:05:dd:cb:9b:14:52:64:bc:15:49:34:1b:
         1a:48:89:97:59:38:d6:13:03:b2:2d:bf:66:3c:5e:f6:b7:25:
         4a:fa:bb:6f:c5:73:ee:46:a0:a4:c6:04:a8:e7:4d:c3:0c:1b:
         93:c6:81:17:72:19:c4:c7:84:74:17:f1:37:7e:5f:dd:7d:ad:
         78:83:4e:64:5c:1b:75:fa:5d:2f:aa:5b:77:1f:17:39:8a:76:
         66:ee:ce:7a:94:1b:97:08:5b:6e:e0:6c:89:12:58:44:ba:c7:
         cf:01:23:9b:40:4c:f1:6d:ae:74:64:66:be:d8:fc:ed:3c:b9:
         a7:3e:62:95:a3:1c:a6:b4:48:ee:79:19:48:52:aa:58:ee:22:
         26:d8:34:6c:97:8f:29:e0:61:4b:5b:9b:66:bb:31:c5:d6:75:
         45:a8:61:d6:53:17:2c:e9:86:c0:ab:d7:04:77:56:f5:99:aa:
         a7:e2:a0:4c:2d:b1:51:cc:c2:73:27:c1:85:ed:0c:63:07:80:
         d7:14:2e:8f:06:2b:20:5f:9a:6f:a0:e7:01:05:d9:da:d2:32:
         d1:08:ef:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJRW2lMLhdD+GmsXiCosDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzM1YTQ3YzZmYTA3MmUxNGRmNDA3YzU0N2NhMzMzNTg4ZGYxOTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoIwU517bJOYzUjbVnUkX3tIjfZRW
JzDqcRR1KVt6jhudQycB2Ao4064ozv/Vy4pqZrWXsvPs5O99bk1kRWDdNYdaLB1L
BB6o/lePG0nLD/cwVV4Pwh7fbmuvNN2f5JKn1L/qSyQwH2SKckqwwIrlJthBVJcl
eSzkskQZlfSyaFSHg+MLAV5w1iDiHrwjk0kWa5EP0twUMh5OcXHdikkY2+fxdu43
ddH08+V2pqxXRg6qmmzPwvRBNRnQUCs9cnLgc3hL6KNVJIKuUF3QS4qz7H70qXtl
rG3RCIQZx8xzaXzd20NYkzpgehZK0ZgQ4gtZLe8nNBIyusvnunz/h37vRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGw1pHxvoHLhTfQHxUfKMzWI3xl2MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvYkRXa2ZHLWdjdUZOOUFmRlI4b3pOWWpmR1hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MEcMA0G
CSqGSIb3DQEBCwUAA4IBAQCJNQD3ykhFTzlcWvdqF3AUkuj/5CLtVwunpHpd+2w+
46VJCEs2LGAuUX0F3cubFFJkvBVJNBsaSImXWTjWEwOyLb9mPF72tyVK+rtvxXPu
RqCkxgSo503DDBuTxoEXchnEx4R0F/E3fl/dfa14g05kXBt1+l0vqlt3Hxc5inZm
7s56lBuXCFtu4GyJElhEusfPASObQEzxba50ZGa+2PztPLmnPmKVoxymtEjueRlI
UqpY7iIm2DRsl48p4GFLW5tmuzHF1nVFqGHWUxcs6YbAq9cEd1b1maqn4qBMLbFR
zMJzJ8GF7QxjB4DXFC6PBisgX5pvoOcBBdna0jLRCO9E
-----END CERTIFICATE-----