Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/Nv12FFJAhm76vmtQvLtk0-qb9uU.roa
File:                     Nv12FFJAhm76vmtQvLtk0-qb9uU.roa (raw, json)
Hash identifier:          GWYX+UV7jTRToJvscvGnDmcfi+hdjE9fs/PSDIO/qXI=
Subject key identifier:   36:FD:76:14:52:40:86:6E:FA:BE:6B:50:BC:BB:64:D3:EA:9B:F6:E5
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       0196A500BB8437E952A7BADE0455932F7FD0
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/Nv12FFJAhm76vmtQvLtk0-qb9uU.roa
Signing time:             Tue 06 May 2025 09:50:10 +0000
ROA not before:           Tue 06 May 2025 09:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        207.244.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 20:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a5:00:bb:84:37:e9:52:a7:ba:de:04:55:93:2f:7f:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: May  6 09:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36fd76145240866efabe6b50bcbb64d3ea9bf6e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:20:59:3d:f4:b7:68:97:7b:ac:c3:64:dd:05:
                    e8:fb:8f:8d:e8:1a:0d:79:79:71:ed:ef:04:4a:4e:
                    12:ef:40:2b:6d:dc:be:30:73:ab:cf:97:a4:5c:1f:
                    9f:d6:06:58:c5:7e:24:26:d1:1f:47:a1:2b:4b:f3:
                    d6:9d:0c:d0:42:89:c1:48:03:76:d3:44:2e:e0:d5:
                    61:e2:f4:79:a0:aa:9c:29:ea:46:9d:b4:20:03:28:
                    09:9c:2c:11:f9:80:59:89:e5:50:df:d9:bd:4f:e5:
                    b7:06:07:7a:40:65:73:e8:76:e4:26:ea:fa:76:87:
                    85:30:fa:e9:b9:97:60:99:97:4c:71:c1:14:94:d1:
                    f7:91:fa:39:f3:4e:2b:43:48:9a:69:5c:71:8a:13:
                    79:01:64:42:b5:30:3b:c0:e9:08:2a:5a:2b:ba:7d:
                    2b:75:60:a9:a6:7f:be:d5:9f:3e:e2:40:eb:d8:65:
                    f6:8f:2f:4f:26:d9:1a:15:5d:3d:d1:3a:19:9e:e3:
                    44:2c:79:7c:06:99:67:d6:e0:af:5b:bc:cf:b8:81:
                    dc:37:5a:99:c2:78:dc:8f:8f:d6:cd:83:36:70:27:
                    e3:49:69:d9:0d:c3:73:ec:82:3b:e6:55:55:31:5b:
                    33:26:44:79:d2:8f:11:16:46:3d:fd:1b:76:e3:54:
                    ec:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:FD:76:14:52:40:86:6E:FA:BE:6B:50:BC:BB:64:D3:EA:9B:F6:E5
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/Nv12FFJAhm76vmtQvLtk0-qb9uU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.244.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:90:3c:8a:80:62:3a:a5:b5:b7:1a:70:e3:43:37:dc:fb:cb:
         8c:7c:36:b9:33:4a:a4:b4:17:46:dd:ad:89:5e:cb:f9:3c:56:
         6f:93:8b:09:4e:d1:be:41:d7:69:7d:a7:41:81:c1:eb:e7:3a:
         86:d5:05:cd:79:39:b3:29:be:ec:bc:61:e0:3e:85:8a:f7:78:
         0d:c5:ce:3b:44:91:0e:90:60:3b:d3:a8:4b:a8:71:db:b0:7f:
         c4:65:03:e2:52:f7:60:64:1c:f3:63:c3:4c:89:d2:80:6a:23:
         eb:0d:f0:c3:e8:2f:4d:9e:31:ce:8f:28:8f:26:cd:f8:4c:1b:
         95:71:b2:1c:6c:2d:78:e3:5d:6f:db:0b:2e:4b:dc:2f:bf:a0:
         be:a6:83:35:6f:c1:75:16:7a:5e:e0:f5:de:37:b7:d3:4b:fc:
         ef:24:4c:bd:49:9c:28:ec:92:e0:dd:2f:73:c9:11:8c:78:17:
         86:67:b0:f2:ab:6d:9d:b0:58:88:d3:d0:a4:16:ef:00:7a:a9:
         f2:0b:30:c0:d5:c3:74:d9:9d:e0:a8:66:a3:8f:c3:20:a6:a4:
         59:41:f3:86:43:cc:4a:0d:8f:72:6e:9e:39:bb:e4:30:67:82:
         de:72:a6:0a:a9:ec:3d:0d:7e:e5:53:f8:56:2f:e1:5a:67:36:
         1b:f9:44:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZalALuEN+lSp7reBFWTL3/QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwNTA2MDk1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmZkNzYxNDUyNDA4NjZlZmFiZTZiNTBiY2JiNjRkM2VhOWJmNmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsiBZPfS3aJd7rMNk3QXo+4+N6BoN
eXlx7e8ESk4S70Arbdy+MHOrz5ekXB+f1gZYxX4kJtEfR6ErS/PWnQzQQonBSAN2
00Qu4NVh4vR5oKqcKepGnbQgAygJnCwR+YBZieVQ39m9T+W3Bgd6QGVz6HbkJur6
doeFMPrpuZdgmZdMccEUlNH3kfo5804rQ0iaaVxxihN5AWRCtTA7wOkIKlorun0r
dWCppn++1Z8+4kDr2GX2jy9PJtkaFV090ToZnuNELHl8Bpln1uCvW7zPuIHcN1qZ
wnjcj4/WzYM2cCfjSWnZDcNz7II75lVVMVszJkR50o8RFkY9/Rt241Ts6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDb9dhRSQIZu+r5rULy7ZNPqm/blMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvTnYxMkZGSkFobTc2dm10UXZMdGswLXFiOXVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAz/TFMA0G
CSqGSIb3DQEBCwUAA4IBAQAikDyKgGI6pbW3GnDjQzfc+8uMfDa5M0qktBdG3a2J
Xsv5PFZvk4sJTtG+QddpfadBgcHr5zqG1QXNeTmzKb7svGHgPoWK93gNxc47RJEO
kGA706hLqHHbsH/EZQPiUvdgZBzzY8NMidKAaiPrDfDD6C9NnjHOjyiPJs34TBuV
cbIcbC14411v2wsuS9wvv6C+poM1b8F1Fnpe4PXeN7fTS/zvJEy9SZwo7JLg3S9z
yRGMeBeGZ7Dyq22dsFiI09CkFu8AeqnyCzDA1cN02Z3gqGajj8MgpqRZQfOGQ8xK
DY9ybp45u+QwZ4LecqYKqew9DX7lU/hWL+FaZzYb+UTo
-----END CERTIFICATE-----