Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/2kqVVML4J6p32S1IZ9ese8rrNA8.roa
File:                     2kqVVML4J6p32S1IZ9ese8rrNA8.roa (raw, json)
Hash identifier:          Z5t0NXFzD5/SVB5g4VKI0FOYHuxiI1pejsxk/eO8RUY=
Subject key identifier:   DA:4A:95:54:C2:F8:27:AA:77:D9:2D:48:67:D7:AC:7B:CA:EB:34:0F
Certificate issuer:       /CN=a65046d85ecf201fbef51e8bea1c4ed33f95b268
Certificate serial:       01973155376E6D2A653640FCABE4F6DDEBEA
Authority key identifier: A6:50:46:D8:5E:CF:20:1F:BE:F5:1E:8B:EA:1C:4E:D3:3F:95:B2:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/plBG2F7PIB--9R6L6hxO0z-Vsmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/2kqVVML4J6p32S1IZ9ese8rrNA8.roa
Signing time:             Mon 02 Jun 2025 15:49:17 +0000
ROA not before:           Mon 02 Jun 2025 15:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     17140
IP address blocks:        194.35.3.0/24 maxlen: 24
                          194.35.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/plBG2F7PIB--9R6L6hxO0z-Vsmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/plBG2F7PIB--9R6L6hxO0z-Vsmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/plBG2F7PIB--9R6L6hxO0z-Vsmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:31:55:37:6e:6d:2a:65:36:40:fc:ab:e4:f6:dd:eb:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a65046d85ecf201fbef51e8bea1c4ed33f95b268
        Validity
            Not Before: Jun  2 15:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da4a9554c2f827aa77d92d4867d7ac7bcaeb340f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:e9:8c:f9:55:ad:d0:fa:a2:17:54:d2:c2:b8:
                    e0:a0:cd:47:01:02:36:c4:8c:52:c5:6a:d0:3d:6e:
                    91:26:d6:b9:3c:96:a6:12:1a:d9:1e:fd:e9:24:31:
                    93:3c:fe:69:ac:c4:ee:85:86:28:d6:81:6b:17:6f:
                    67:aa:0b:eb:cf:85:f7:38:41:e0:e0:a2:be:f3:8a:
                    d0:71:14:45:18:ff:ec:35:de:5c:ad:ef:fd:65:71:
                    92:7b:24:e2:5f:d8:96:f4:c9:da:77:c6:a5:51:a3:
                    ca:cc:b2:74:5a:53:54:f0:57:6d:29:da:81:1f:1e:
                    46:c2:fb:54:54:fd:a5:45:47:14:2f:69:88:c1:84:
                    f5:0a:8a:77:8f:9b:4b:fd:4f:1a:17:dc:2e:56:90:
                    45:d6:8c:9d:6d:f6:d2:20:8a:bd:5d:f2:70:f3:e4:
                    4b:f8:c7:6e:67:be:a0:75:a9:fa:9b:aa:0a:c2:4c:
                    f9:c4:15:9b:e3:2a:27:6b:8a:65:f6:4e:ef:cb:b7:
                    f4:62:85:82:01:65:c8:f5:3b:c8:4b:58:58:23:47:
                    cb:f3:22:a6:8d:4c:3a:d3:3b:84:0e:ea:a0:1b:f8:
                    1e:64:a2:75:b4:7f:09:88:f2:08:be:d4:17:9e:9e:
                    87:92:8f:bc:14:b4:4e:7d:d1:bf:dd:f1:b9:f3:e1:
                    ab:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:4A:95:54:C2:F8:27:AA:77:D9:2D:48:67:D7:AC:7B:CA:EB:34:0F
            X509v3 Authority Key Identifier:
                keyid:A6:50:46:D8:5E:CF:20:1F:BE:F5:1E:8B:EA:1C:4E:D3:3F:95:B2:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/plBG2F7PIB--9R6L6hxO0z-Vsmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/2kqVVML4J6p32S1IZ9ese8rrNA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/plBG2F7PIB--9R6L6hxO0z-Vsmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.35.3.0/24
                  194.35.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:b5:25:4c:2b:dc:a7:ee:0a:5a:94:60:e4:4d:24:79:57:df:
         a2:68:23:bd:f8:f9:44:e7:7b:81:fa:07:c0:f4:ed:67:65:7b:
         7c:4e:33:67:42:44:34:48:ac:69:08:4a:9b:a4:a0:8c:f4:3c:
         20:e2:6a:9e:4b:41:f5:fb:a6:b8:ca:1c:e1:75:54:32:f5:41:
         97:31:8c:fa:da:28:8c:08:7f:47:b8:73:b2:03:35:a0:dc:a3:
         05:f8:f6:bd:b8:75:8a:20:c7:19:18:d6:2a:24:af:39:6e:0e:
         8d:24:af:7e:83:27:7b:5a:7d:57:5c:82:bd:e8:b2:1f:75:53:
         fe:7b:86:06:17:8d:04:bc:5e:0c:6d:5b:ec:6c:7c:15:f4:17:
         a1:7b:39:d1:4a:ad:f4:fb:fe:b6:d4:b3:5c:63:cc:46:1f:bb:
         67:71:52:be:d5:50:98:55:2e:87:41:77:89:93:17:d7:70:f6:
         49:5b:ab:c4:53:89:7e:1f:6b:14:33:13:7d:3d:48:12:c1:33:
         ee:bc:88:54:2e:93:00:df:20:5f:c4:f0:f6:21:cf:37:74:db:
         f2:d5:ed:4c:42:b2:29:70:20:aa:03:09:c0:1a:d9:60:7c:81:
         53:3c:d7:4f:e4:32:26:b2:bc:5b:af:cc:6d:47:25:93:2b:2b:
         64:f7:ba:11
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcxVTdubSplNkD8q+T23evqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NTA0NmQ4NWVjZjIwMWZiZWY1MWU4YmVhMWM0ZWQzM2Y5
NWIyNjgwHhcNMjUwNjAyMTU0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTRhOTU1NGMyZjgyN2FhNzdkOTJkNDg2N2Q3YWM3YmNhZWIzNDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3OmM+VWt0PqiF1TSwrjgoM1HAQI2
xIxSxWrQPW6RJta5PJamEhrZHv3pJDGTPP5prMTuhYYo1oFrF29nqgvrz4X3OEHg
4KK+84rQcRRFGP/sNd5cre/9ZXGSeyTiX9iW9Mnad8alUaPKzLJ0WlNU8FdtKdqB
Hx5GwvtUVP2lRUcUL2mIwYT1Cop3j5tL/U8aF9wuVpBF1oydbfbSIIq9XfJw8+RL
+MduZ76gdan6m6oKwkz5xBWb4yona4pl9k7vy7f0YoWCAWXI9TvIS1hYI0fL8yKm
jUw60zuEDuqgG/geZKJ1tH8JiPIIvtQXnp6Hko+8FLROfdG/3fG58+GrgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNpKlVTC+Ceqd9ktSGfXrHvK6zQPMB8GA1UdIwQY
MBaAFKZQRthezyAfvvUei+ocTtM/lbJoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGxCRzJGN1BJQi0tOVI2TDZoeE8wei1Wc21nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8zYmQ3YzEtODFmYS00NTUzLTg1MDUt
YmNjZDMyYWY5N2ZlLzEvMmtxVlZNTDRKNnAzMlMxSVo5ZXNlOHJyTkE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8zYmQ3YzEtODFmYS00NTUzLTg1MDUtYmNjZDMyYWY5N2Zl
LzEvcGxCRzJGN1BJQi0tOVI2TDZoeE8wei1Wc21nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwiMDAwQA
wiMHMA0GCSqGSIb3DQEBCwUAA4IBAQAetSVMK9yn7gpalGDkTSR5V9+iaCO9+PlE
53uB+gfA9O1nZXt8TjNnQkQ0SKxpCEqbpKCM9Dwg4mqeS0H1+6a4yhzhdVQy9UGX
MYz62iiMCH9HuHOyAzWg3KMF+Pa9uHWKIMcZGNYqJK85bg6NJK9+gyd7Wn1XXIK9
6LIfdVP+e4YGF40EvF4MbVvsbHwV9BeheznRSq30+/621LNcY8xGH7tncVK+1VCY
VS6HQXeJkxfXcPZJW6vEU4l+H2sUMxN9PUgSwTPuvIhULpMA3yBfxPD2Ic83dNvy
1e1MQrIpcCCqAwnAGtlgfIFTPNdP5DImsrxbr8xtRyWTKytk97oR
-----END CERTIFICATE-----