Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/df2HgELkTdKgiNkQYVpDO5LDzaA.roa
File:                     df2HgELkTdKgiNkQYVpDO5LDzaA.roa (raw, json)
Hash identifier:          7OYAeMCytqM/tczulifuQKKnJkQh8LsfiIPByfh9fUE=
Subject key identifier:   75:FD:87:80:42:E4:4D:D2:A0:88:D9:10:61:5A:43:3B:92:C3:CD:A0
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019600F702A258B14DA320EC8CD949EB331B
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/df2HgELkTdKgiNkQYVpDO5LDzaA.roa
Signing time:             Fri 04 Apr 2025 13:21:49 +0000
ROA not before:           Fri 04 Apr 2025 13:21:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211845
IP address blocks:        195.133.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:00:f7:02:a2:58:b1:4d:a3:20:ec:8c:d9:49:eb:33:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Apr  4 13:21:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=75fd878042e44dd2a088d910615a433b92c3cda0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:92:3b:dd:c3:90:fa:2c:75:8e:b0:3c:ef:29:
                    c6:32:3b:14:d0:a3:e7:1c:1d:17:06:37:a1:3c:10:
                    3f:64:1d:7a:8b:0d:7c:f0:ad:09:ff:91:16:98:1c:
                    0c:a7:ce:90:5d:b6:d0:5c:2b:4d:2f:f5:14:76:2b:
                    36:5b:54:a1:f0:dc:d8:a6:ad:47:3d:d5:ff:92:8f:
                    67:05:ed:f3:4f:ac:8f:3d:63:96:05:d8:04:95:e0:
                    d4:11:dc:13:4b:56:95:a5:a1:5b:c5:65:10:f3:80:
                    03:d9:68:12:a5:ed:65:40:d4:e8:cc:f6:c2:07:47:
                    b3:6e:42:d2:f0:c2:b8:1c:16:59:b4:cc:4a:48:d4:
                    87:cd:1a:fb:e2:43:d0:28:15:1c:3b:37:c0:fc:f7:
                    2c:85:29:55:36:82:07:56:7c:7f:d9:05:a0:7b:ba:
                    22:40:ca:ea:40:6a:e1:06:55:9f:91:c6:bd:4e:11:
                    2e:5f:99:25:f5:f3:f3:ab:c4:df:1c:f4:27:78:52:
                    ba:f6:6c:a0:ea:88:63:51:fd:6f:7b:c6:df:52:e1:
                    51:10:9c:db:4a:2e:3f:a3:45:32:35:72:55:ad:98:
                    27:02:c8:f3:40:95:0d:15:34:4b:11:76:55:3a:ab:
                    1d:d8:b7:93:10:c6:38:9f:b8:df:c0:0b:8a:40:11:
                    44:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:FD:87:80:42:E4:4D:D2:A0:88:D9:10:61:5A:43:3B:92:C3:CD:A0
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/df2HgELkTdKgiNkQYVpDO5LDzaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:e3:48:98:6e:ac:46:84:15:18:7d:cb:0b:0e:c5:b4:8b:4d:
         ad:4c:42:e4:f3:37:2a:b7:81:90:c0:7b:d9:f3:eb:c4:36:fd:
         ed:f7:89:70:4a:27:0a:0c:e0:aa:87:22:9c:ce:0e:84:55:91:
         20:6a:e3:91:4f:a1:85:cd:85:a8:db:69:cc:09:e0:ff:e0:65:
         83:ea:81:9c:93:cd:da:8b:23:4d:dc:16:b9:14:d7:94:44:f2:
         a5:98:4a:b8:68:4a:16:52:9d:c6:2e:e6:4e:19:4d:e6:61:8d:
         e8:15:ef:42:23:92:51:78:df:82:54:e1:c5:3a:b1:9f:ad:50:
         a5:c9:70:6e:ba:74:0a:eb:b8:ad:e5:b3:e8:6f:eb:2e:2e:25:
         f8:c7:2c:c5:5a:e3:fb:fa:90:cc:19:06:7f:e5:f4:a3:4b:0a:
         ea:55:35:0d:19:a7:fc:9a:93:28:79:f1:69:8d:89:1e:d5:b0:
         fd:b2:65:e3:e0:6b:74:d6:09:94:03:11:29:50:e7:3d:46:7b:
         ed:72:ab:08:53:c2:1f:7d:a4:27:23:7a:88:74:87:47:c7:42:
         0d:eb:78:24:c3:a5:72:f4:07:db:0c:76:56:85:de:f7:9d:9c:
         89:d2:aa:ab:fc:24:a6:ae:d8:61:19:94:40:db:44:91:3b:8f:
         5a:ce:4f:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYA9wKiWLFNoyDsjNlJ6zMbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNDA0MTMyMTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWZkODc4MDQyZTQ0ZGQyYTA4OGQ5MTA2MTVhNDMzYjkyYzNjZGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2pI73cOQ+ix1jrA87ynGMjsU0KPn
HB0XBjehPBA/ZB16iw188K0J/5EWmBwMp86QXbbQXCtNL/UUdis2W1Sh8NzYpq1H
PdX/ko9nBe3zT6yPPWOWBdgEleDUEdwTS1aVpaFbxWUQ84AD2WgSpe1lQNTozPbC
B0ezbkLS8MK4HBZZtMxKSNSHzRr74kPQKBUcOzfA/PcshSlVNoIHVnx/2QWge7oi
QMrqQGrhBlWfkca9ThEuX5kl9fPzq8TfHPQneFK69myg6ohjUf1ve8bfUuFREJzb
Si4/o0UyNXJVrZgnAsjzQJUNFTRLEXZVOqsd2LeTEMY4n7jfwAuKQBFENQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHX9h4BC5E3SoIjZEGFaQzuSw82gMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZGYySGdFTGtUZEtnaU5rUVlWcERPNUxEemFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4UDMA0G
CSqGSIb3DQEBCwUAA4IBAQBF40iYbqxGhBUYfcsLDsW0i02tTELk8zcqt4GQwHvZ
8+vENv3t94lwSicKDOCqhyKczg6EVZEgauORT6GFzYWo22nMCeD/4GWD6oGck83a
iyNN3Ba5FNeURPKlmEq4aEoWUp3GLuZOGU3mYY3oFe9CI5JReN+CVOHFOrGfrVCl
yXBuunQK67it5bPob+suLiX4xyzFWuP7+pDMGQZ/5fSjSwrqVTUNGaf8mpMoefFp
jYke1bD9smXj4Gt01gmUAxEpUOc9RnvtcqsIU8IffaQnI3qIdIdHx0IN63gkw6Vy
9AfbDHZWhd73nZyJ0qqr/CSmrthhGZRA20SRO49azk9m
-----END CERTIFICATE-----