Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/9069ce-dfe1-4b8a-af03-226f3b8031b7/1/NdfWSMRABwv2F_yFFl7X4UZH0vA.roa
File:                     NdfWSMRABwv2F_yFFl7X4UZH0vA.roa (raw, json)
Hash identifier:          cuV8z/cxgYl0ffX7fgAA/EzOTZZ9e9S+JYGHmQ2nzxc=
Subject key identifier:   35:D7:D6:48:C4:40:07:0B:F6:17:FC:85:16:5E:D7:E1:46:47:D2:F0
Certificate issuer:       /CN=2845f1f4d59f811d6323db4d86d4f41854ede744
Certificate serial:       01942444D6D9419FAAF23647EAD45973C8B1
Authority key identifier: 28:45:F1:F4:D5:9F:81:1D:63:23:DB:4D:86:D4:F4:18:54:ED:E7:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KEXx9NWfgR1jI9tNhtT0GFTt50Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/9069ce-dfe1-4b8a-af03-226f3b8031b7/1/NdfWSMRABwv2F_yFFl7X4UZH0vA.roa
Signing time:             Wed 01 Jan 2025 23:47:58 +0000
ROA not before:           Wed 01 Jan 2025 23:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47336
IP address blocks:        195.182.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/9069ce-dfe1-4b8a-af03-226f3b8031b7/1/KEXx9NWfgR1jI9tNhtT0GFTt50Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/9069ce-dfe1-4b8a-af03-226f3b8031b7/1/KEXx9NWfgR1jI9tNhtT0GFTt50Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KEXx9NWfgR1jI9tNhtT0GFTt50Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:d6:d9:41:9f:aa:f2:36:47:ea:d4:59:73:c8:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2845f1f4d59f811d6323db4d86d4f41854ede744
        Validity
            Not Before: Jan  1 23:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35d7d648c440070bf617fc85165ed7e14647d2f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:41:6d:10:b7:59:28:6f:d5:ef:4d:2d:cb:0f:
                    d8:0b:10:8e:b4:4f:0e:7b:60:6f:d1:41:b2:73:43:
                    15:3c:f4:24:f9:29:82:7d:b5:b1:86:77:03:e7:5c:
                    65:aa:09:b1:cd:94:c9:89:7a:99:6a:d7:be:eb:c1:
                    e5:fb:08:6a:2b:c6:b5:77:a0:dd:5a:4f:9b:d6:34:
                    ce:b3:f7:c4:61:df:af:7e:2c:56:4e:f3:1d:11:e6:
                    f5:f0:9c:c2:2d:d0:ff:1b:bc:46:82:64:33:c5:ca:
                    c2:77:b8:f2:88:94:09:85:fc:48:ec:4d:5c:31:87:
                    d7:6b:de:f5:bc:01:41:ec:28:5c:ad:c6:9a:42:91:
                    89:84:9b:ff:f7:c7:6b:d8:76:a2:35:0b:bc:4c:32:
                    7e:0c:9c:f9:4d:6b:d7:0a:25:df:62:f1:82:b9:58:
                    dc:80:ee:c4:51:f7:4e:47:7b:57:77:4d:76:a2:e7:
                    ae:92:40:80:84:e5:91:70:8a:d5:c3:b1:32:d2:c4:
                    a7:1e:68:46:53:b5:bc:e5:be:91:a8:59:18:8e:7b:
                    0b:07:98:16:b5:69:ed:c8:37:6b:ee:51:6f:a6:27:
                    51:df:bc:80:0c:90:62:19:3c:5e:8f:85:de:1f:5f:
                    12:1d:93:4d:a1:59:5b:2a:84:d2:c2:96:fe:09:46:
                    7a:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:D7:D6:48:C4:40:07:0B:F6:17:FC:85:16:5E:D7:E1:46:47:D2:F0
            X509v3 Authority Key Identifier:
                keyid:28:45:F1:F4:D5:9F:81:1D:63:23:DB:4D:86:D4:F4:18:54:ED:E7:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KEXx9NWfgR1jI9tNhtT0GFTt50Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/9069ce-dfe1-4b8a-af03-226f3b8031b7/1/NdfWSMRABwv2F_yFFl7X4UZH0vA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/9069ce-dfe1-4b8a-af03-226f3b8031b7/1/KEXx9NWfgR1jI9tNhtT0GFTt50Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:8f:c8:8b:e0:be:e1:d8:bc:e9:91:62:fc:7f:44:a1:b7:1c:
         85:2a:83:bc:1d:c8:45:d6:c0:54:bc:dc:12:f4:f2:1e:98:ea:
         7f:a6:98:0c:ef:74:e5:c7:e6:71:47:d7:9e:cf:ba:f5:f1:74:
         0a:0d:28:1b:0f:d1:ed:54:a8:f8:c1:6e:7a:96:32:3f:62:05:
         6c:f5:c2:2c:b7:52:18:a3:b3:8b:78:73:58:07:3c:d6:63:f3:
         c4:17:13:db:70:a8:96:19:ba:a2:78:62:e8:ac:02:bf:1e:7b:
         24:7a:25:50:eb:c1:bd:8e:ee:ca:54:d6:20:38:b2:58:c1:6d:
         0f:c6:03:a4:3c:66:51:2a:84:ba:d0:a4:69:20:2f:69:d5:7e:
         e9:ab:9f:1c:6e:48:75:83:7a:ac:b4:65:ef:71:d2:57:f1:24:
         94:a4:54:28:c2:41:9a:27:ca:ec:94:a2:15:8b:25:cd:52:f9:
         d8:14:f6:25:84:29:84:d7:bb:c5:d0:1d:e3:cf:6e:f6:ef:1d:
         bc:10:c7:e5:16:1e:0d:65:f5:5a:e5:8a:b4:16:22:6c:f1:f1:
         ab:83:01:f8:55:7a:4e:4b:2f:c1:ac:19:da:68:d0:f4:6c:6c:
         24:41:d5:67:bb:67:91:c7:a0:59:4b:fe:17:e1:c6:f7:02:99:
         58:fd:1a:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRNbZQZ+q8jZH6tRZc8ixMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NDVmMWY0ZDU5ZjgxMWQ2MzIzZGI0ZDg2ZDRmNDE4NTRl
ZGU3NDQwHhcNMjUwMTAxMjM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWQ3ZDY0OGM0NDAwNzBiZjYxN2ZjODUxNjVlZDdlMTQ2NDdkMmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0FtELdZKG/V700tyw/YCxCOtE8O
e2Bv0UGyc0MVPPQk+SmCfbWxhncD51xlqgmxzZTJiXqZate+68Hl+whqK8a1d6Dd
Wk+b1jTOs/fEYd+vfixWTvMdEeb18JzCLdD/G7xGgmQzxcrCd7jyiJQJhfxI7E1c
MYfXa971vAFB7ChcrcaaQpGJhJv/98dr2HaiNQu8TDJ+DJz5TWvXCiXfYvGCuVjc
gO7EUfdOR3tXd012oueukkCAhOWRcIrVw7Ey0sSnHmhGU7W85b6RqFkYjnsLB5gW
tWntyDdr7lFvpidR37yADJBiGTxej4XeH18SHZNNoVlbKoTSwpb+CUZ6yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDXX1kjEQAcL9hf8hRZe1+FGR9LwMB8GA1UdIwQY
MBaAFChF8fTVn4EdYyPbTYbU9BhU7edEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0VYeDlOV2ZnUjFqSTl0Tmh0VDBHRlR0NTBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS85MDY5Y2UtZGZlMS00YjhhLWFmMDMt
MjI2ZjNiODAzMWI3LzEvTmRmV1NNUkFCd3YyRl95RkZsN1g0VVpIMHZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS85MDY5Y2UtZGZlMS00YjhhLWFmMDMtMjI2ZjNiODAzMWI3
LzEvS0VYeDlOV2ZnUjFqSTl0Tmh0VDBHRlR0NTBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7Y9MA0G
CSqGSIb3DQEBCwUAA4IBAQCWj8iL4L7h2LzpkWL8f0ShtxyFKoO8HchF1sBUvNwS
9PIemOp/ppgM73Tlx+ZxR9eez7r18XQKDSgbD9HtVKj4wW56ljI/YgVs9cIst1IY
o7OLeHNYBzzWY/PEFxPbcKiWGbqieGLorAK/HnskeiVQ68G9ju7KVNYgOLJYwW0P
xgOkPGZRKoS60KRpIC9p1X7pq58cbkh1g3qstGXvcdJX8SSUpFQowkGaJ8rslKIV
iyXNUvnYFPYlhCmE17vF0B3jz2727x28EMflFh4NZfVa5Yq0FiJs8fGrgwH4VXpO
Sy/BrBnaaND0bGwkQdVnu2eRx6BZS/4X4cb3AplY/Rrs
-----END CERTIFICATE-----