Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/71dee2-e1c1-40ce-b311-3f33866192d0/1/sIjp_z-NGcQsfUMaBotwo1DcMzY.roa
File:                     sIjp_z-NGcQsfUMaBotwo1DcMzY.roa (raw, json)
Hash identifier:          XovvH9+twc/1mK7dU6UpweauMQzR8p/88UZrQZux/rs=
Subject key identifier:   B0:88:E9:FF:3F:8D:19:C4:2C:7D:43:1A:06:8B:70:A3:50:DC:33:36
Certificate issuer:       /CN=12ee6257d0c3a2b930561af2522d9e5af7f9cbc7
Certificate serial:       0195D8F5EB01F2E2E312C9219720FB84EDCF
Authority key identifier: 12:EE:62:57:D0:C3:A2:B9:30:56:1A:F2:52:2D:9E:5A:F7:F9:CB:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eu5iV9DDorkwVhryUi2eWvf5y8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/71dee2-e1c1-40ce-b311-3f33866192d0/1/sIjp_z-NGcQsfUMaBotwo1DcMzY.roa
Signing time:             Thu 27 Mar 2025 18:55:49 +0000
ROA not before:           Thu 27 Mar 2025 18:55:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210226
IP address blocks:        185.235.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/71dee2-e1c1-40ce-b311-3f33866192d0/1/Eu5iV9DDorkwVhryUi2eWvf5y8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/71dee2-e1c1-40ce-b311-3f33866192d0/1/Eu5iV9DDorkwVhryUi2eWvf5y8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eu5iV9DDorkwVhryUi2eWvf5y8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d8:f5:eb:01:f2:e2:e3:12:c9:21:97:20:fb:84:ed:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12ee6257d0c3a2b930561af2522d9e5af7f9cbc7
        Validity
            Not Before: Mar 27 18:55:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b088e9ff3f8d19c42c7d431a068b70a350dc3336
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:4f:d1:64:be:b9:3c:2f:fc:e7:75:57:e6:40:
                    76:ca:d4:c6:17:c5:ed:fb:ac:fb:0c:1a:c3:ad:01:
                    f5:3a:f9:94:5e:19:01:9c:b8:ce:29:5c:36:c1:45:
                    6c:ab:79:15:58:5b:fa:a3:9b:6a:c3:65:25:fd:90:
                    f6:80:4b:46:3b:ca:e1:28:07:4a:b7:27:8e:26:f4:
                    71:f3:09:5b:76:c6:ae:1a:6d:fc:74:69:3e:b7:ec:
                    0f:c2:b0:cf:47:f9:48:9a:1d:9d:65:b7:10:14:eb:
                    14:1e:aa:68:3f:86:27:e4:27:b5:36:11:35:88:11:
                    c7:21:42:eb:7c:2e:57:8d:85:eb:f8:76:3b:e0:d9:
                    9a:59:91:83:25:ce:c1:4e:7b:93:12:55:d3:f2:36:
                    54:ed:9b:cc:4b:bb:00:be:1b:a8:4d:cc:8f:02:91:
                    e8:56:cb:b0:98:59:ef:6e:b5:cc:da:1e:43:b3:c3:
                    00:68:fa:92:4e:3c:0a:f4:d9:6f:2f:58:fe:a3:b6:
                    94:53:b9:b4:dd:d6:4b:ff:5e:8e:ba:11:74:d2:fa:
                    c9:02:2d:ff:24:1b:bf:50:3b:3a:82:e3:fa:57:20:
                    a7:85:68:04:19:27:18:3a:09:69:16:de:ad:a9:40:
                    28:c9:f5:ab:2c:7d:02:47:36:60:be:c1:36:ab:27:
                    cd:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:88:E9:FF:3F:8D:19:C4:2C:7D:43:1A:06:8B:70:A3:50:DC:33:36
            X509v3 Authority Key Identifier:
                keyid:12:EE:62:57:D0:C3:A2:B9:30:56:1A:F2:52:2D:9E:5A:F7:F9:CB:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eu5iV9DDorkwVhryUi2eWvf5y8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/71dee2-e1c1-40ce-b311-3f33866192d0/1/sIjp_z-NGcQsfUMaBotwo1DcMzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/71dee2-e1c1-40ce-b311-3f33866192d0/1/Eu5iV9DDorkwVhryUi2eWvf5y8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:7e:4b:4e:0b:93:a9:15:b8:ad:1a:55:76:5e:2d:2d:6b:50:
         66:57:93:04:88:ff:81:5a:d4:e3:c3:56:68:7e:cb:6b:2a:8b:
         70:9c:4a:07:26:9c:ab:00:fb:49:04:f2:f9:ea:13:7c:d6:de:
         c9:83:e3:b0:a0:51:6a:4a:c3:43:a0:03:4b:8e:f6:82:bc:71:
         c2:0b:fa:d1:72:34:e0:45:b9:7f:9f:6c:73:6e:e1:f5:e7:ea:
         71:59:9d:fc:3b:80:43:95:0f:f2:a5:00:f8:18:52:04:b8:83:
         2e:ca:23:8e:5c:4d:8b:57:e9:0a:2e:61:c9:c3:f6:b2:49:9b:
         59:1a:7d:ab:ad:d7:09:94:ed:70:58:24:22:3f:14:14:2c:4c:
         97:f4:05:97:b5:39:e1:0f:32:2f:97:c2:dc:a7:31:8a:2d:2c:
         74:3b:fb:f4:95:69:f4:09:6f:67:89:dc:e0:60:ff:be:7f:1d:
         b6:50:71:0e:3c:3c:47:23:fd:ca:69:9b:04:f5:ea:df:e4:01:
         ed:b3:81:e3:fd:5a:23:e7:4b:b7:12:d7:90:b6:b7:a4:5e:7c:
         46:d7:77:e0:7a:83:ee:01:81:24:69:2b:c7:dd:d9:df:f3:cc:
         d1:d9:ec:2e:53:8d:2a:00:d8:b7:30:11:0e:89:a6:de:f5:3d:
         39:4c:62:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXY9esB8uLjEskhlyD7hO3PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZWU2MjU3ZDBjM2EyYjkzMDU2MWFmMjUyMmQ5ZTVhZjdm
OWNiYzcwHhcNMjUwMzI3MTg1NTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDg4ZTlmZjNmOGQxOWM0MmM3ZDQzMWEwNjhiNzBhMzUwZGMzMzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmE/RZL65PC/853VX5kB2ytTGF8Xt
+6z7DBrDrQH1OvmUXhkBnLjOKVw2wUVsq3kVWFv6o5tqw2Ul/ZD2gEtGO8rhKAdK
tyeOJvRx8wlbdsauGm38dGk+t+wPwrDPR/lImh2dZbcQFOsUHqpoP4Yn5Ce1NhE1
iBHHIULrfC5XjYXr+HY74NmaWZGDJc7BTnuTElXT8jZU7ZvMS7sAvhuoTcyPApHo
VsuwmFnvbrXM2h5Ds8MAaPqSTjwK9NlvL1j+o7aUU7m03dZL/16OuhF00vrJAi3/
JBu/UDs6guP6VyCnhWgEGScYOglpFt6tqUAoyfWrLH0CRzZgvsE2qyfNTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLCI6f8/jRnELH1DGgaLcKNQ3DM2MB8GA1UdIwQY
MBaAFBLuYlfQw6K5MFYa8lItnlr3+cvHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXU1aVY5RERvcmt3VmhyeVVpMmVXdmY1eThjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS83MWRlZTItZTFjMS00MGNlLWIzMTEt
M2YzMzg2NjE5MmQwLzEvc0lqcF96LU5HY1FzZlVNYUJvdHdvMURjTXpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS83MWRlZTItZTFjMS00MGNlLWIzMTEtM2YzMzg2NjE5MmQw
LzEvRXU1aVY5RERvcmt3VmhyeVVpMmVXdmY1eThjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuesnMA0G
CSqGSIb3DQEBCwUAA4IBAQBZfktOC5OpFbitGlV2Xi0ta1BmV5MEiP+BWtTjw1Zo
fstrKotwnEoHJpyrAPtJBPL56hN81t7Jg+OwoFFqSsNDoANLjvaCvHHCC/rRcjTg
Rbl/n2xzbuH15+pxWZ38O4BDlQ/ypQD4GFIEuIMuyiOOXE2LV+kKLmHJw/aySZtZ
Gn2rrdcJlO1wWCQiPxQULEyX9AWXtTnhDzIvl8LcpzGKLSx0O/v0lWn0CW9nidzg
YP++fx22UHEOPDxHI/3KaZsE9erf5AHts4Hj/Voj50u3EteQtrekXnxG13fgeoPu
AYEkaSvH3dnf88zR2ewuU40qANi3MBEOiabe9T05TGLe
-----END CERTIFICATE-----