Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/e732f4-be84-429b-a18e-1518a733f970/1/9A8IsknvAF0U5RNOtl5SOV4q0sQ.roa
File:                     9A8IsknvAF0U5RNOtl5SOV4q0sQ.roa (raw, json)
Hash identifier:          GaIzVo3DhiQTCBhrDdW3sH49d4PH5eF7D7kJvi+xVyk=
Subject key identifier:   F4:0F:08:B2:49:EF:00:5D:14:E5:13:4E:B6:5E:52:39:5E:2A:D2:C4
Certificate issuer:       /CN=d8672105752b982174d1040c103817570b8d34d6
Certificate serial:       019749DBE8036140ACAFC4637AF8F2853C1D
Authority key identifier: D8:67:21:05:75:2B:98:21:74:D1:04:0C:10:38:17:57:0B:8D:34:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2GchBXUrmCF00QQMEDgXVwuNNNY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/e732f4-be84-429b-a18e-1518a733f970/1/9A8IsknvAF0U5RNOtl5SOV4q0sQ.roa
Signing time:             Sat 07 Jun 2025 10:07:17 +0000
ROA not before:           Sat 07 Jun 2025 10:07:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212175
IP address blocks:        185.35.68.0/24 maxlen: 24
                          185.35.69.0/24 maxlen: 24
                          185.35.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/e732f4-be84-429b-a18e-1518a733f970/1/2GchBXUrmCF00QQMEDgXVwuNNNY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/e732f4-be84-429b-a18e-1518a733f970/1/2GchBXUrmCF00QQMEDgXVwuNNNY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2GchBXUrmCF00QQMEDgXVwuNNNY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:49:db:e8:03:61:40:ac:af:c4:63:7a:f8:f2:85:3c:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8672105752b982174d1040c103817570b8d34d6
        Validity
            Not Before: Jun  7 10:07:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f40f08b249ef005d14e5134eb65e52395e2ad2c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:50:2a:2f:05:9e:be:e5:46:7e:b9:4d:b0:71:
                    23:15:62:01:8e:6e:8f:6b:e9:8a:3d:f4:c5:fc:2a:
                    b0:a1:4c:8a:55:d2:57:df:ca:49:ad:f8:97:25:2d:
                    82:c0:87:1c:2d:7a:71:50:5b:75:4a:c9:5a:55:46:
                    b3:c2:00:b1:f1:c3:25:75:1d:db:2b:30:4b:f7:25:
                    2f:0c:5f:ad:1b:2d:82:f7:9f:c9:9e:37:70:ea:7b:
                    05:35:fb:e7:af:27:74:5d:1f:b2:af:3c:92:a7:aa:
                    14:88:c4:48:b8:54:b7:89:45:06:52:43:70:f5:42:
                    8d:fd:fc:eb:4c:7c:23:03:54:ef:a3:15:f0:d3:ff:
                    64:fa:26:bb:ee:13:fd:d5:2e:c4:98:57:e1:28:bc:
                    03:29:ab:01:4e:2b:5b:22:38:ba:27:07:02:2a:73:
                    46:93:88:b4:24:a1:2c:b9:7b:bb:c9:7c:1a:6c:9d:
                    85:a7:69:72:22:a1:f8:b7:59:2e:66:6a:77:da:15:
                    90:c1:88:b1:3e:98:ef:47:c6:57:ae:db:1a:a4:3d:
                    0f:d6:72:b7:4e:fc:a4:62:62:15:77:9a:d5:8d:56:
                    fa:94:28:9a:d3:56:fa:2d:b3:a1:35:0f:06:67:d9:
                    58:21:66:91:60:8e:c5:76:6b:62:97:25:fa:44:6b:
                    f7:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:0F:08:B2:49:EF:00:5D:14:E5:13:4E:B6:5E:52:39:5E:2A:D2:C4
            X509v3 Authority Key Identifier:
                keyid:D8:67:21:05:75:2B:98:21:74:D1:04:0C:10:38:17:57:0B:8D:34:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2GchBXUrmCF00QQMEDgXVwuNNNY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/e732f4-be84-429b-a18e-1518a733f970/1/9A8IsknvAF0U5RNOtl5SOV4q0sQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/e732f4-be84-429b-a18e-1518a733f970/1/2GchBXUrmCF00QQMEDgXVwuNNNY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.35.68.0-185.35.70.255

    Signature Algorithm: sha256WithRSAEncryption
         36:20:e5:c4:8c:e3:94:84:f5:84:e5:f0:f1:43:5c:52:4b:a2:
         ce:74:59:2d:b2:91:74:45:80:85:e0:9c:75:67:c6:5f:b2:7d:
         63:f6:9e:ab:01:b2:a6:97:bb:5a:35:27:26:1f:ee:50:5c:e6:
         83:fb:f7:69:8e:c6:e0:74:81:43:1c:f4:c3:85:7a:51:f4:de:
         57:bf:0d:ee:df:fd:75:5b:34:78:bf:c3:a4:66:03:30:fd:34:
         2c:d4:cb:d0:ff:05:14:fa:ef:3c:e2:94:45:fe:aa:54:a9:98:
         13:3d:33:76:b6:3e:40:e3:b4:b7:66:0d:8f:79:c1:27:8e:04:
         84:df:9f:9f:bc:79:e0:90:9b:c5:98:6e:76:c2:b1:7f:2f:96:
         ca:bc:8a:e2:56:3e:3c:48:4f:60:51:ee:a9:e0:85:4e:8d:5e:
         31:08:84:c0:bb:d2:49:8d:d4:b7:3f:58:3e:c0:64:e0:70:ef:
         6f:98:9c:56:ee:96:00:d2:fb:02:2a:8f:07:7a:c4:a6:35:6f:
         9b:f4:2f:74:12:02:0d:86:98:df:f7:71:9f:ac:c1:11:54:9a:
         f4:96:1b:f3:2c:49:44:97:32:d9:8e:72:93:e8:ce:f0:65:5b:
         16:e5:fb:bd:8e:dc:55:6a:7f:63:1c:ca:b4:65:46:bc:28:a1:
         25:8f:5f:53
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZdJ2+gDYUCsr8RjevjyhTwdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4NjcyMTA1NzUyYjk4MjE3NGQxMDQwYzEwMzgxNzU3MGI4
ZDM0ZDYwHhcNMjUwNjA3MTAwNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDBmMDhiMjQ5ZWYwMDVkMTRlNTEzNGViNjVlNTIzOTVlMmFkMmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlAqLwWevuVGfrlNsHEjFWIBjm6P
a+mKPfTF/CqwoUyKVdJX38pJrfiXJS2CwIccLXpxUFt1SslaVUazwgCx8cMldR3b
KzBL9yUvDF+tGy2C95/Jnjdw6nsFNfvnryd0XR+yrzySp6oUiMRIuFS3iUUGUkNw
9UKN/fzrTHwjA1TvoxXw0/9k+ia77hP91S7EmFfhKLwDKasBTitbIji6JwcCKnNG
k4i0JKEsuXu7yXwabJ2Fp2lyIqH4t1kuZmp32hWQwYixPpjvR8ZXrtsapD0P1nK3
TvykYmIVd5rVjVb6lCia01b6LbOhNQ8GZ9lYIWaRYI7FdmtilyX6RGv3pQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPQPCLJJ7wBdFOUTTrZeUjleKtLEMB8GA1UdIwQY
MBaAFNhnIQV1K5ghdNEEDBA4F1cLjTTWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkdjaEJYVXJtQ0YwMFFRTUVEZ1hWd3VOTk5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9lNzMyZjQtYmU4NC00MjliLWExOGUt
MTUxOGE3MzNmOTcwLzEvOUE4SXNrbnZBRjBVNVJOT3RsNVNPVjRxMHNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9lNzMyZjQtYmU4NC00MjliLWExOGUtMTUxOGE3MzNmOTcw
LzEvMkdjaEJYVXJtQ0YwMFFRTUVEZ1hWd3VOTk5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAK5I0QD
BAC5I0YwDQYJKoZIhvcNAQELBQADggEBADYg5cSM45SE9YTl8PFDXFJLos50WS2y
kXRFgIXgnHVnxl+yfWP2nqsBsqaXu1o1JyYf7lBc5oP792mOxuB0gUMc9MOFelH0
3le/De7f/XVbNHi/w6RmAzD9NCzUy9D/BRT67zzilEX+qlSpmBM9M3a2PkDjtLdm
DY95wSeOBITfn5+8eeCQm8WYbnbCsX8vlsq8iuJWPjxIT2BR7qnghU6NXjEIhMC7
0kmN1Lc/WD7AZOBw72+YnFbulgDS+wIqjwd6xKY1b5v0L3QSAg2GmN/3cZ+swRFU
mvSWG/MsSUSXMtmOcpPozvBlWxbl+72O3FVqf2McyrRlRrwooSWPX1M=
-----END CERTIFICATE-----