Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lh4kKmKCW5otw3zyL1ds1dCr30Y.roa
File:                     lh4kKmKCW5otw3zyL1ds1dCr30Y.roa (raw, json)
Hash identifier:          B57HLIRXyxPpsUj0VSpn58wNYCYU+Rm8MEKRYAS2QxY=
Subject key identifier:   96:1E:24:2A:62:82:5B:9A:2D:C3:7C:F2:2F:57:6C:D5:D0:AB:DF:46
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0197BFB02B3F714AE449CADA4154A7D84200
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lh4kKmKCW5otw3zyL1ds1dCr30Y.roa
Signing time:             Mon 30 Jun 2025 07:14:43 +0000
ROA not before:           Mon 30 Jun 2025 07:14:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212384
IP address blocks:        194.87.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:bf:b0:2b:3f:71:4a:e4:49:ca:da:41:54:a7:d8:42:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jun 30 07:14:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=961e242a62825b9a2dc37cf22f576cd5d0abdf46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:5f:ca:73:14:dd:4b:ba:33:7c:8c:06:46:e4:
                    31:99:50:28:e7:63:11:4e:e1:1e:a5:96:de:bd:1e:
                    18:00:2d:87:2d:22:9b:6c:de:b6:2c:b9:b1:b6:5b:
                    73:4d:67:81:56:25:32:12:e5:2b:bd:f6:c0:28:22:
                    46:ba:5e:a3:c2:b9:12:08:dd:bb:7c:23:d9:c5:be:
                    38:6b:56:75:6a:0f:14:4f:d8:d8:18:97:87:9d:86:
                    46:b5:71:65:3e:ba:e6:2e:e6:36:71:22:cb:11:d3:
                    58:b2:ca:d4:db:d8:89:a4:42:1e:88:89:52:2b:1d:
                    e8:f7:cf:1f:a3:bb:63:ec:19:34:0f:4c:7a:18:d5:
                    f4:dd:06:37:a2:e7:75:67:cf:ab:70:15:d1:d7:d4:
                    1b:86:a7:b6:98:5c:88:78:20:7b:da:da:3a:82:30:
                    55:b7:da:2c:4f:02:72:b3:2e:77:b0:a2:3d:4e:5a:
                    aa:12:23:4d:93:03:81:4b:74:c2:80:22:48:b8:09:
                    d4:a5:f4:a1:4c:70:10:f9:29:2c:2a:ea:5c:7e:d3:
                    1e:86:45:a0:ec:67:cb:2f:db:b0:ca:f3:63:63:2d:
                    a5:12:73:0c:60:85:87:d8:ba:84:df:c9:11:f2:98:
                    c4:a8:9a:ea:6f:e1:17:ef:39:39:2e:46:45:21:f3:
                    47:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:1E:24:2A:62:82:5B:9A:2D:C3:7C:F2:2F:57:6C:D5:D0:AB:DF:46
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lh4kKmKCW5otw3zyL1ds1dCr30Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:e6:b3:de:bd:16:78:15:50:9f:67:a0:6f:9a:3f:17:e2:84:
         ed:b4:38:c0:ce:af:a8:b8:e8:2f:64:5b:7d:89:b0:84:bf:2a:
         56:46:97:10:ce:21:f1:b8:65:cf:d4:8d:b6:c7:e8:a4:cd:bf:
         1a:5b:a7:d7:7c:5d:e7:64:e9:33:b7:88:4c:70:c6:46:48:58:
         76:a0:2b:a4:6a:ac:c9:64:c3:e0:fe:dc:83:01:d5:7c:53:01:
         23:b8:ee:b8:33:08:7d:1a:0e:dd:70:a0:ae:40:c9:d9:65:c4:
         45:de:7a:0d:1d:d2:7c:20:c3:5a:bb:7e:2f:e6:49:15:3d:d4:
         c0:6a:e0:59:24:30:c5:06:5d:1a:45:5a:d0:10:c3:bd:de:f2:
         1b:fb:67:dc:56:3e:d8:12:46:aa:d1:12:a9:bf:e4:86:86:bb:
         c0:a3:77:0a:bc:4b:81:4d:b6:53:e0:72:bd:33:f2:3f:94:fd:
         fc:04:57:1c:80:e5:38:a5:6b:8d:19:3a:e1:1f:10:4f:41:10:
         9d:92:1b:24:f0:b9:ec:21:0d:4f:ff:5b:0a:46:71:09:05:bb:
         42:87:bb:23:7a:e3:c7:fd:83:6c:15:ce:55:19:db:4e:67:f9:
         03:d5:cd:61:63:a0:bf:1e:e5:c4:a4:d9:d0:f3:40:b5:9a:fb:
         14:20:da:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZe/sCs/cUrkScraQVSn2EIAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNjMwMDcxNDQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjFlMjQyYTYyODI1YjlhMmRjMzdjZjIyZjU3NmNkNWQwYWJkZjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1/KcxTdS7ozfIwGRuQxmVAo52MR
TuEepZbevR4YAC2HLSKbbN62LLmxtltzTWeBViUyEuUrvfbAKCJGul6jwrkSCN27
fCPZxb44a1Z1ag8UT9jYGJeHnYZGtXFlPrrmLuY2cSLLEdNYssrU29iJpEIeiIlS
Kx3o988fo7tj7Bk0D0x6GNX03QY3oud1Z8+rcBXR19Qbhqe2mFyIeCB72to6gjBV
t9osTwJysy53sKI9TlqqEiNNkwOBS3TCgCJIuAnUpfShTHAQ+SksKupcftMehkWg
7GfLL9uwyvNjYy2lEnMMYIWH2LqE38kR8pjEqJrqb+EX7zk5LkZFIfNH6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJYeJCpigluaLcN88i9XbNXQq99GMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbGg0a0ttS0NXNW90dzN6eUwxZHMxZENyMzBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwleLMA0G
CSqGSIb3DQEBCwUAA4IBAQBE5rPevRZ4FVCfZ6Bvmj8X4oTttDjAzq+ouOgvZFt9
ibCEvypWRpcQziHxuGXP1I22x+ikzb8aW6fXfF3nZOkzt4hMcMZGSFh2oCukaqzJ
ZMPg/tyDAdV8UwEjuO64Mwh9Gg7dcKCuQMnZZcRF3noNHdJ8IMNau34v5kkVPdTA
auBZJDDFBl0aRVrQEMO93vIb+2fcVj7YEkaq0RKpv+SGhrvAo3cKvEuBTbZT4HK9
M/I/lP38BFccgOU4pWuNGTrhHxBPQRCdkhsk8LnsIQ1P/1sKRnEJBbtCh7sjeuPH
/YNsFc5VGdtOZ/kD1c1hY6C/HuXEpNnQ80C1mvsUINq3
-----END CERTIFICATE-----