Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/yt53J5JfoJyIjPm7Bp9zjnNQnF4.roa
File:                     yt53J5JfoJyIjPm7Bp9zjnNQnF4.roa (raw, json)
Hash identifier:          C3T1+1PzWy3bPi38m/nkTTksjPViJ2T5Iv9UyZwwOZ8=
Subject key identifier:   CA:DE:77:27:92:5F:A0:9C:88:8C:F9:BB:06:9F:73:8E:73:50:9C:5E
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019615BA499EA9232F69D9674C0E1CA85BCC
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/yt53J5JfoJyIjPm7Bp9zjnNQnF4.roa
Signing time:             Tue 08 Apr 2025 14:07:32 +0000
ROA not before:           Tue 08 Apr 2025 14:07:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215730
IP address blocks:        192.124.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:15:ba:49:9e:a9:23:2f:69:d9:67:4c:0e:1c:a8:5b:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Apr  8 14:07:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cade7727925fa09c888cf9bb069f738e73509c5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b5:e8:43:21:c4:0e:43:98:b1:0d:af:02:ea:
                    6e:a9:b4:cb:39:dd:59:24:7e:c5:ee:ef:a9:71:1e:
                    06:be:ec:86:93:56:6c:b4:65:22:b9:f8:4b:81:cd:
                    9d:94:cb:dc:bf:17:fa:6b:69:a7:1e:b3:3a:28:a8:
                    2b:3b:25:8f:24:9a:1f:51:ae:60:2b:e6:d6:43:7f:
                    58:d8:94:a6:a3:9e:ae:7b:d5:53:f4:7e:66:d5:51:
                    b8:25:cb:19:5e:6b:69:ba:4f:3c:33:1e:8f:f8:6d:
                    59:0d:b8:8f:0f:65:e0:a6:9c:09:b5:19:87:59:cc:
                    88:25:ea:da:9f:49:d5:05:35:e2:3d:79:5d:ac:17:
                    9f:00:d5:f4:05:cf:49:d4:17:93:5e:72:26:2e:86:
                    d3:c6:5a:17:39:14:92:4e:a7:08:ba:dc:41:f4:36:
                    8b:ba:14:3b:bb:3a:bf:e8:32:06:82:1a:bd:05:2c:
                    60:27:db:46:95:0d:1a:fb:5b:9a:50:de:a5:d4:ff:
                    33:d5:93:f1:d8:fb:47:bf:92:a5:4d:76:8f:bf:3c:
                    0c:59:de:f7:0d:35:37:e5:89:93:e9:b7:a9:99:b1:
                    8e:f4:52:ed:fa:e6:84:17:f7:15:14:b8:1c:2b:11:
                    08:79:e3:c5:85:f6:a8:e0:64:4f:79:69:b2:d3:21:
                    22:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:DE:77:27:92:5F:A0:9C:88:8C:F9:BB:06:9F:73:8E:73:50:9C:5E
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/yt53J5JfoJyIjPm7Bp9zjnNQnF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:87:e3:5b:92:f0:b3:1b:b4:7e:61:9b:2f:cb:fe:d5:e3:b6:
         1d:b2:9e:0b:6b:b4:8c:4e:e4:93:9e:c1:bd:b2:e4:69:29:69:
         c8:1a:02:e4:90:c7:19:71:cc:a1:93:39:45:a5:07:11:e7:a5:
         ef:e4:03:8e:33:28:b3:8e:41:5e:dc:0d:27:a5:ce:09:89:5f:
         c6:66:ba:62:eb:6d:90:36:c3:32:7c:fb:2b:e1:f3:8d:d7:de:
         c0:35:4a:6d:a4:a1:bd:7b:bb:85:39:88:a4:b0:4f:1c:62:8a:
         fb:39:37:53:ff:0f:0a:a3:b2:7e:ae:2b:8e:4b:70:04:70:1f:
         50:f6:bf:6b:56:54:88:91:34:9e:3b:6d:e2:9a:d5:16:d6:52:
         95:65:c4:41:ac:c6:c5:5c:40:8b:7e:89:1e:e2:1c:d4:7e:ba:
         68:fd:72:b0:78:60:ba:ac:45:22:49:81:0c:b9:44:12:48:55:
         04:04:e6:da:90:0c:bc:21:eb:5c:54:dc:25:13:33:0a:ef:d3:
         f0:7b:c7:1a:1c:46:e2:3d:ad:9f:34:ab:83:c9:26:03:88:56:
         a6:38:b3:46:3e:9e:82:c3:fe:e8:a4:47:58:4b:0a:c6:2f:d0:
         5b:ee:a3:31:a0:e7:b8:96:9e:82:91:1e:e4:bc:a0:99:5e:98:
         80:65:ad:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYVukmeqSMvadlnTA4cqFvMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwNDA4MTQwNzMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWRlNzcyNzkyNWZhMDljODg4Y2Y5YmIwNjlmNzM4ZTczNTA5YzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7XoQyHEDkOYsQ2vAupuqbTLOd1Z
JH7F7u+pcR4GvuyGk1ZstGUiufhLgc2dlMvcvxf6a2mnHrM6KKgrOyWPJJofUa5g
K+bWQ39Y2JSmo56ue9VT9H5m1VG4JcsZXmtpuk88Mx6P+G1ZDbiPD2XgppwJtRmH
WcyIJeran0nVBTXiPXldrBefANX0Bc9J1BeTXnImLobTxloXORSSTqcIutxB9DaL
uhQ7uzq/6DIGghq9BSxgJ9tGlQ0a+1uaUN6l1P8z1ZPx2PtHv5KlTXaPvzwMWd73
DTU35YmT6bepmbGO9FLt+uaEF/cVFLgcKxEIeePFhfao4GRPeWmy0yEirwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMredyeSX6CciIz5uwafc45zUJxeMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEveXQ1M0o1SmZvSnlJalBtN0JwOXpqbk5RbkY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwHyyMA0G
CSqGSIb3DQEBCwUAA4IBAQB2h+NbkvCzG7R+YZsvy/7V47Ydsp4La7SMTuSTnsG9
suRpKWnIGgLkkMcZccyhkzlFpQcR56Xv5AOOMyizjkFe3A0npc4JiV/GZrpi622Q
NsMyfPsr4fON197ANUptpKG9e7uFOYiksE8cYor7OTdT/w8Ko7J+riuOS3AEcB9Q
9r9rVlSIkTSeO23imtUW1lKVZcRBrMbFXECLfoke4hzUfrpo/XKweGC6rEUiSYEM
uUQSSFUEBObakAy8IetcVNwlEzMK79Pwe8caHEbiPa2fNKuDySYDiFamOLNGPp6C
w/7opEdYSwrGL9Bb7qMxoOe4lp6CkR7kvKCZXpiAZa27
-----END CERTIFICATE-----