Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/NfNd6pjqYOF2P-1csZDDcYiiQ28.roa
File:                     NfNd6pjqYOF2P-1csZDDcYiiQ28.roa (raw, json)
Hash identifier:          iQWQfc6lD74rDEabgsCAVeBcixywrixRVP1KpMFN48o=
Subject key identifier:   35:F3:5D:EA:98:EA:60:E1:76:3F:ED:5C:B1:90:C3:71:88:A2:43:6F
Certificate issuer:       /CN=202f4c1a37e9313cdd2eea7750ae028d18cd5aae
Certificate serial:       019426D9B2DCB7098BC508B82BE8FF9525A5
Authority key identifier: 20:2F:4C:1A:37:E9:31:3C:DD:2E:EA:77:50:AE:02:8D:18:CD:5A:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IC9MGjfpMTzdLup3UK4CjRjNWq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/NfNd6pjqYOF2P-1csZDDcYiiQ28.roa
Signing time:             Thu 02 Jan 2025 11:49:48 +0000
ROA not before:           Thu 02 Jan 2025 11:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210262
IP address blocks:        213.231.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/IC9MGjfpMTzdLup3UK4CjRjNWq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/IC9MGjfpMTzdLup3UK4CjRjNWq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IC9MGjfpMTzdLup3UK4CjRjNWq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 08:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:b2:dc:b7:09:8b:c5:08:b8:2b:e8:ff:95:25:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=202f4c1a37e9313cdd2eea7750ae028d18cd5aae
        Validity
            Not Before: Jan  2 11:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35f35dea98ea60e1763fed5cb190c37188a2436f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:bb:89:93:6a:f4:cc:3e:f5:c0:7a:43:e2:59:
                    b9:21:5b:c0:da:7a:3d:2b:6d:df:3c:ae:ec:04:fe:
                    b0:ca:09:be:64:c7:cc:24:05:59:8a:b7:f7:cd:ed:
                    f0:ad:8b:4d:ed:82:c7:ba:86:c4:12:5d:16:84:25:
                    d5:1e:a3:a5:ce:66:bd:f8:5a:3b:de:d5:a6:d0:1d:
                    c3:3d:b4:29:98:00:c9:a7:24:af:de:6e:a3:ec:91:
                    bc:34:05:0a:18:6f:6c:88:b1:79:f8:d1:87:92:2e:
                    1b:12:d6:e3:1e:61:33:59:17:09:6e:99:de:8e:87:
                    52:2d:8e:5a:e2:af:a0:c6:84:2a:25:dd:51:d1:76:
                    49:d2:f8:7a:4a:49:d4:f3:32:1d:d1:8d:12:f8:ee:
                    4e:2f:0e:46:6c:a1:30:9d:2f:a8:bf:57:c7:7c:25:
                    fe:fc:29:94:f4:b3:7c:e4:2e:d3:d6:8f:47:da:03:
                    0f:5e:12:43:6a:99:37:0b:60:17:87:48:06:17:2a:
                    d8:ab:24:b1:95:0b:fd:5f:59:c9:d5:c4:40:71:47:
                    5f:b5:77:c2:fd:70:06:3a:ad:f9:ce:d2:b2:fe:dc:
                    70:6d:c6:13:02:79:f4:82:0f:27:50:83:e7:42:6c:
                    86:ef:69:e8:7f:1e:cb:57:23:d7:44:a7:5b:c1:79:
                    31:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:F3:5D:EA:98:EA:60:E1:76:3F:ED:5C:B1:90:C3:71:88:A2:43:6F
            X509v3 Authority Key Identifier:
                keyid:20:2F:4C:1A:37:E9:31:3C:DD:2E:EA:77:50:AE:02:8D:18:CD:5A:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IC9MGjfpMTzdLup3UK4CjRjNWq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/NfNd6pjqYOF2P-1csZDDcYiiQ28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/IC9MGjfpMTzdLup3UK4CjRjNWq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.231.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:e3:24:d7:87:21:9f:77:36:70:e2:f5:30:6b:59:d1:34:fc:
         9b:68:5b:49:d0:34:46:3f:67:a8:b8:44:ee:ea:52:ea:0d:61:
         28:05:5c:67:24:13:8f:a8:3f:43:c6:d4:36:f0:99:3c:03:b6:
         3d:80:42:69:ef:9c:e9:e3:da:4e:fe:33:e5:39:d1:78:2c:cc:
         41:81:da:4c:53:7d:59:fd:78:29:21:ef:8d:0e:3c:96:5f:c1:
         be:04:b5:71:83:a5:32:3a:32:e6:91:e4:16:f5:3f:e6:82:17:
         19:82:26:fa:ea:b0:ad:22:23:53:36:87:7c:27:48:8d:cf:d2:
         09:22:7f:78:e3:ff:bd:d0:90:55:df:22:c2:9b:2c:6a:11:68:
         06:db:1a:43:23:74:94:1d:49:40:8d:d3:c2:ab:b2:51:a3:7f:
         b3:7c:42:56:a3:2d:0e:5c:a6:23:a3:24:ed:ab:47:bc:5f:94:
         ba:a4:02:c6:a3:8f:b6:6e:c3:62:53:95:29:7e:c9:69:b7:96:
         bf:54:88:42:ff:73:90:19:ec:2d:59:f6:c0:27:ef:f7:95:df:
         bb:63:c2:19:bc:88:2a:fa:df:9b:4a:eb:73:bf:93:17:6f:d7:
         f0:3e:60:36:a2:48:fa:42:20:c8:98:e8:00:33:f3:3f:01:2d:
         9c:88:ad:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2bLctwmLxQi4K+j/lSWlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMmY0YzFhMzdlOTMxM2NkZDJlZWE3NzUwYWUwMjhkMThj
ZDVhYWUwHhcNMjUwMTAyMTE0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWYzNWRlYTk4ZWE2MGUxNzYzZmVkNWNiMTkwYzM3MTg4YTI0MzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbuJk2r0zD71wHpD4lm5IVvA2no9
K23fPK7sBP6wygm+ZMfMJAVZirf3ze3wrYtN7YLHuobEEl0WhCXVHqOlzma9+Fo7
3tWm0B3DPbQpmADJpySv3m6j7JG8NAUKGG9siLF5+NGHki4bEtbjHmEzWRcJbpne
jodSLY5a4q+gxoQqJd1R0XZJ0vh6SknU8zId0Y0S+O5OLw5GbKEwnS+ov1fHfCX+
/CmU9LN85C7T1o9H2gMPXhJDapk3C2AXh0gGFyrYqySxlQv9X1nJ1cRAcUdftXfC
/XAGOq35ztKy/txwbcYTAnn0gg8nUIPnQmyG72nofx7LVyPXRKdbwXkxGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDXzXeqY6mDhdj/tXLGQw3GIokNvMB8GA1UdIwQY
MBaAFCAvTBo36TE83S7qd1CuAo0YzVquMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUM5TUdqZnBNVHpkTHVwM1VLNENqUmpOV3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9lZGI4Y2QtMDAzZC00ODNhLTkwNmEt
ZjZiNzhlMmIxN2ExLzEvTmZOZDZwanFZT0YyUC0xY3NaRERjWWlpUTI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9lZGI4Y2QtMDAzZC00ODNhLTkwNmEtZjZiNzhlMmIxN2Ex
LzEvSUM5TUdqZnBNVHpkTHVwM1VLNENqUmpOV3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1efFMA0G
CSqGSIb3DQEBCwUAA4IBAQA34yTXhyGfdzZw4vUwa1nRNPybaFtJ0DRGP2eouETu
6lLqDWEoBVxnJBOPqD9DxtQ28Jk8A7Y9gEJp75zp49pO/jPlOdF4LMxBgdpMU31Z
/XgpIe+NDjyWX8G+BLVxg6UyOjLmkeQW9T/mghcZgib66rCtIiNTNod8J0iNz9IJ
In944/+90JBV3yLCmyxqEWgG2xpDI3SUHUlAjdPCq7JRo3+zfEJWoy0OXKYjoyTt
q0e8X5S6pALGo4+2bsNiU5Upfslpt5a/VIhC/3OQGewtWfbAJ+/3ld+7Y8IZvIgq
+t+bSutzv5MXb9fwPmA2okj6QiDImOgAM/M/AS2ciK2k
-----END CERTIFICATE-----