Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/reOQvkCKTthRHYQBGidmg42zKD8.roa
File:                     reOQvkCKTthRHYQBGidmg42zKD8.roa (raw, json)
Hash identifier:          EVknv6hrF+g4BHS3Ghs5tKKPCCQu7Bf9Lg/hf58Bxoo=
Subject key identifier:   AD:E3:90:BE:40:8A:4E:D8:51:1D:84:01:1A:27:66:83:8D:B3:28:3F
Certificate issuer:       /CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
Certificate serial:       01973BAEC219B11AC0E26375A4BC2C5DCC9A
Authority key identifier: 57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/reOQvkCKTthRHYQBGidmg42zKD8.roa
Signing time:             Wed 04 Jun 2025 16:03:18 +0000
ROA not before:           Wed 04 Jun 2025 16:03:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137517
IP address blocks:        194.4.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 04:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3b:ae:c2:19:b1:1a:c0:e2:63:75:a4:bc:2c:5d:cc:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
        Validity
            Not Before: Jun  4 16:03:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ade390be408a4ed8511d84011a2766838db3283f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:5b:c9:c7:36:d9:e6:08:ce:be:5e:15:7a:86:
                    f7:33:d5:4f:2f:27:d7:dd:ff:70:c2:de:88:0c:f5:
                    65:52:4b:56:50:eb:23:08:5e:45:6a:e6:0c:c9:57:
                    ea:9b:cf:7c:8d:bd:57:5d:b1:fd:f7:be:f3:82:6f:
                    83:bb:be:76:01:ef:7a:99:7e:59:d7:d3:51:6d:f5:
                    52:90:50:d0:c8:10:90:a7:8d:27:18:cd:60:ed:33:
                    9b:68:e4:10:45:9b:50:11:e7:37:cb:0e:98:64:c0:
                    46:17:3b:5c:f3:d9:6b:9d:8e:72:d5:2f:9a:58:01:
                    61:c2:11:ee:a4:d6:58:a3:39:a3:54:35:9f:42:c3:
                    ee:7f:d3:c3:32:69:8f:de:d3:e1:b9:8b:7e:33:3b:
                    91:83:15:df:59:3d:3a:ff:8a:49:72:b2:76:b4:92:
                    a9:81:a0:d9:91:8c:b4:c2:0a:60:7a:97:0d:0c:52:
                    2b:95:4e:37:9a:10:5b:ab:f8:2f:c1:f3:bd:d1:8a:
                    9a:a6:cf:96:5b:72:e2:d0:eb:a4:3f:f8:ba:cc:5e:
                    f0:5e:ae:83:a1:a5:7a:e1:1c:fd:10:0d:2e:29:ad:
                    38:93:ed:de:a9:cc:48:a0:cb:a5:71:4b:aa:04:70:
                    1a:4e:ee:6b:87:da:75:ad:48:a3:b1:e2:87:de:8a:
                    1b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:E3:90:BE:40:8A:4E:D8:51:1D:84:01:1A:27:66:83:8D:B3:28:3F
            X509v3 Authority Key Identifier:
                keyid:57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/reOQvkCKTthRHYQBGidmg42zKD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.4.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:1c:25:00:61:ac:ef:52:bc:94:2c:92:51:88:b4:de:5e:21:
         6b:39:81:12:f9:fc:11:ac:57:f2:08:65:fd:25:a3:c2:47:53:
         a5:6d:4e:6e:9b:6c:5b:5c:5e:d4:2e:ca:a5:17:ce:b2:f9:f6:
         33:28:f7:d8:9c:eb:2b:1f:88:65:50:11:15:39:63:cd:48:d2:
         3d:5b:bc:22:b2:94:a8:10:d3:fe:2a:31:4a:30:68:15:27:ef:
         fd:38:50:b1:06:a9:7d:e8:83:54:b5:19:75:bc:e5:2d:9b:9f:
         10:08:6a:7d:8a:b7:03:ab:93:6e:23:16:70:f9:2d:88:30:d4:
         ba:84:c5:57:88:43:b2:38:bd:56:3e:60:45:b3:8c:cf:2f:47:
         cd:d6:b7:8a:ec:07:e2:fe:e9:a4:0a:a2:0c:2a:60:c0:e7:40:
         d4:76:d7:ce:89:4f:ba:ff:81:82:c9:96:d3:aa:16:b4:18:90:
         04:c1:70:63:a2:c3:08:ee:32:8a:e8:bc:a4:26:70:60:3c:bc:
         cc:48:17:e0:c7:6d:0a:12:54:4c:56:45:1c:3f:38:0c:0f:e1:
         09:27:e0:bc:5b:83:90:b6:57:1f:86:82:73:bb:18:51:15:de:
         40:3b:85:d1:14:a2:95:50:e3:20:ee:a8:5e:5c:7e:b1:d6:93:
         e9:88:02:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc7rsIZsRrA4mN1pLwsXcyaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MGZiMGYxZDhiOGMxOThiMGRjODYxNThhZmJjYmM1Mjlj
ZjE2YmUwHhcNMjUwNjA0MTYwMzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGUzOTBiZTQwOGE0ZWQ4NTExZDg0MDExYTI3NjY4MzhkYjMyODNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA11vJxzbZ5gjOvl4Veob3M9VPLyfX
3f9wwt6IDPVlUktWUOsjCF5FauYMyVfqm898jb1XXbH9977zgm+Du752Ae96mX5Z
19NRbfVSkFDQyBCQp40nGM1g7TObaOQQRZtQEec3yw6YZMBGFztc89lrnY5y1S+a
WAFhwhHupNZYozmjVDWfQsPuf9PDMmmP3tPhuYt+MzuRgxXfWT06/4pJcrJ2tJKp
gaDZkYy0wgpgepcNDFIrlU43mhBbq/gvwfO90Yqaps+WW3Li0OukP/i6zF7wXq6D
oaV64Rz9EA0uKa04k+3eqcxIoMulcUuqBHAaTu5rh9p1rUijseKH3oob0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK3jkL5Aik7YUR2EARonZoONsyg/MB8GA1UdIwQY
MBaAFFcPsPHYuMGYsNyGFYr7y8Upzxa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2Qt
OTcyNDNlMzE2MjcyLzEvcmVPUXZrQ0tUdGhSSFlRQkdpZG1nNDJ6S0Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2QtOTcyNDNlMzE2Mjcy
LzEvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgQ0MA0G
CSqGSIb3DQEBCwUAA4IBAQBXHCUAYazvUryULJJRiLTeXiFrOYES+fwRrFfyCGX9
JaPCR1OlbU5um2xbXF7ULsqlF86y+fYzKPfYnOsrH4hlUBEVOWPNSNI9W7wispSo
ENP+KjFKMGgVJ+/9OFCxBql96INUtRl1vOUtm58QCGp9ircDq5NuIxZw+S2IMNS6
hMVXiEOyOL1WPmBFs4zPL0fN1reK7Afi/umkCqIMKmDA50DUdtfOiU+6/4GCyZbT
qha0GJAEwXBjosMI7jKK6LykJnBgPLzMSBfgx20KElRMVkUcPzgMD+EJJ+C8W4OQ
tlcfhoJzuxhRFd5AO4XRFKKVUOMg7qheXH6x1pPpiALd
-----END CERTIFICATE-----