Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/AfLHT74NdL4YRI-gpiiLO8PPShM.roa
File:                     AfLHT74NdL4YRI-gpiiLO8PPShM.roa (raw, json)
Hash identifier:          944lZaS4mAfM/S0ieSHEvM3mRV9M0T2Y3u48y1aDIjk=
Subject key identifier:   01:F2:C7:4F:BE:0D:74:BE:18:44:8F:A0:A6:28:8B:3B:C3:CF:4A:13
Certificate issuer:       /CN=0bf543e23e29fb03748d0939726f30fe9affa19e
Certificate serial:       019424B3EC8427692E048EF3039E600B8739
Authority key identifier: 0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/AfLHT74NdL4YRI-gpiiLO8PPShM.roa
Signing time:             Thu 02 Jan 2025 01:49:18 +0000
ROA not before:           Thu 02 Jan 2025 01:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210117
IP address blocks:        188.95.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:ec:84:27:69:2e:04:8e:f3:03:9e:60:0b:87:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bf543e23e29fb03748d0939726f30fe9affa19e
        Validity
            Not Before: Jan  2 01:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=01f2c74fbe0d74be18448fa0a6288b3bc3cf4a13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:09:4d:6d:ef:df:d6:d6:a6:14:5e:26:66:73:
                    af:80:8c:ed:71:16:b6:64:4e:7e:2e:95:c3:e3:cf:
                    cc:4e:85:9d:23:dc:39:d1:c3:40:a8:91:81:e7:b9:
                    b8:f9:97:c9:46:7f:e6:d7:e3:6c:21:7e:1d:d7:83:
                    b3:6e:c1:1b:3e:a4:96:63:42:d2:cd:e3:90:48:8b:
                    80:63:30:63:e3:4f:fe:56:09:1d:d3:80:b6:44:f0:
                    19:df:73:85:52:47:d2:3d:b5:0f:f3:57:52:e6:b9:
                    6f:30:e6:3f:39:cd:4b:4f:c2:d0:ad:0d:b6:74:e2:
                    85:f0:e0:0b:d2:ff:b8:69:55:61:43:07:c0:e8:71:
                    48:0d:fe:14:03:50:3d:dc:1b:04:7d:4d:62:20:39:
                    c4:07:d5:76:c3:51:14:dd:c2:66:a0:91:c2:59:87:
                    54:c8:7f:61:ea:64:73:eb:05:33:a8:56:e3:b7:14:
                    cc:92:76:6b:a8:1b:57:b8:4b:2d:c8:0b:a6:7a:e5:
                    15:b2:bf:71:9a:8e:8a:a9:36:37:53:a2:f2:aa:7d:
                    b8:56:91:01:56:07:32:e2:a5:9c:9f:6e:08:0f:b0:
                    9a:df:2b:1a:05:a8:5f:bf:f7:4f:8a:bf:e3:a9:11:
                    bb:39:6b:59:47:94:95:c0:af:c1:5c:f1:41:c6:8a:
                    44:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:F2:C7:4F:BE:0D:74:BE:18:44:8F:A0:A6:28:8B:3B:C3:CF:4A:13
            X509v3 Authority Key Identifier:
                keyid:0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/AfLHT74NdL4YRI-gpiiLO8PPShM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.95.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:cd:5f:12:a7:01:60:a1:da:7f:2b:4a:f5:8a:4d:4c:9d:72:
         8a:b7:fe:18:1b:e9:d1:2b:f1:45:28:44:a6:84:4d:ee:a2:36:
         2c:39:d2:f3:2c:30:71:7d:11:ba:ab:8d:6e:01:e4:1e:20:d8:
         0d:eb:13:57:63:7f:d2:29:81:f2:18:d1:9a:cd:67:ae:6d:37:
         5c:5e:99:c5:88:b1:fb:00:bf:e4:ba:d1:78:c3:2b:c5:10:bd:
         59:50:a6:1a:4e:8a:b9:c2:8b:81:ca:ab:2f:cf:73:69:80:3b:
         3f:f7:2b:dc:49:d9:19:85:55:b4:43:2d:64:4d:79:1d:eb:0f:
         ae:39:ef:b7:01:de:d9:bf:4c:49:34:44:55:21:b5:e5:8e:0e:
         98:76:e6:fa:42:d9:38:e2:14:2b:cd:dd:ee:1d:69:69:61:0b:
         b0:7f:93:c1:ae:0e:6b:1f:ee:5f:ed:f2:44:1a:ad:0f:f5:d3:
         7c:36:8b:ce:47:1b:e6:a1:76:5e:7b:2d:0d:11:42:f8:e4:a4:
         d5:bc:a3:03:ac:ac:3f:03:a0:5b:c1:5a:3f:51:0f:af:c8:a8:
         6f:99:74:55:c5:76:c9:6c:c5:1a:9c:3d:88:f7:93:b7:9a:86:
         8c:23:be:85:ba:6d:29:35:c2:78:d8:06:9c:ef:7d:69:41:3a:
         16:85:07:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks+yEJ2kuBI7zA55gC4c5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZjU0M2UyM2UyOWZiMDM3NDhkMDkzOTcyNmYzMGZlOWFm
ZmExOWUwHhcNMjUwMTAyMDE0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWYyYzc0ZmJlMGQ3NGJlMTg0NDhmYTBhNjI4OGIzYmMzY2Y0YTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0AlNbe/f1tamFF4mZnOvgIztcRa2
ZE5+LpXD48/MToWdI9w50cNAqJGB57m4+ZfJRn/m1+NsIX4d14OzbsEbPqSWY0LS
zeOQSIuAYzBj40/+Vgkd04C2RPAZ33OFUkfSPbUP81dS5rlvMOY/Oc1LT8LQrQ22
dOKF8OAL0v+4aVVhQwfA6HFIDf4UA1A93BsEfU1iIDnEB9V2w1EU3cJmoJHCWYdU
yH9h6mRz6wUzqFbjtxTMknZrqBtXuEstyAumeuUVsr9xmo6KqTY3U6Lyqn24VpEB
Vgcy4qWcn24ID7Ca3ysaBahfv/dPir/jqRG7OWtZR5SVwK/BXPFBxopE2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAHyx0++DXS+GESPoKYoizvDz0oTMB8GA1UdIwQY
MBaAFAv1Q+I+KfsDdI0JOXJvMP6a/6GeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMt
YTM1ZmM0MzhkNGNhLzEvQWZMSFQ3NE5kTDRZUkktZ3BpaUxPOFBQU2hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMtYTM1ZmM0MzhkNGNh
LzEvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvF+WMA0G
CSqGSIb3DQEBCwUAA4IBAQCFzV8SpwFgodp/K0r1ik1MnXKKt/4YG+nRK/FFKESm
hE3uojYsOdLzLDBxfRG6q41uAeQeINgN6xNXY3/SKYHyGNGazWeubTdcXpnFiLH7
AL/kutF4wyvFEL1ZUKYaToq5wouByqsvz3NpgDs/9yvcSdkZhVW0Qy1kTXkd6w+u
Oe+3Ad7Zv0xJNERVIbXljg6Ydub6Qtk44hQrzd3uHWlpYQuwf5PBrg5rH+5f7fJE
Gq0P9dN8NovORxvmoXZeey0NEUL45KTVvKMDrKw/A6BbwVo/UQ+vyKhvmXRVxXbJ
bMUanD2I95O3moaMI76Fum0pNcJ42Aac731pQToWhQdj
-----END CERTIFICATE-----