Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/3fa09a-e874-4f34-bf45-2c0eda70666a/1/pTXcU1-027t2C2Vu9gFY335XMJc.roa
File:                     pTXcU1-027t2C2Vu9gFY335XMJc.roa (raw, json)
Hash identifier:          VazQFR0+HiS2IaElmJ/i9QSFb0To3uFvpZ1ELlNt0rw=
Subject key identifier:   A5:35:DC:53:5F:B4:DB:BB:76:0B:65:6E:F6:01:58:DF:7E:57:30:97
Certificate issuer:       /CN=d10e38b0b7a33ef3a16e15433402987d6d678da1
Certificate serial:       0194266C26DC26262233105BE41E9EA03749
Authority key identifier: D1:0E:38:B0:B7:A3:3E:F3:A1:6E:15:43:34:02:98:7D:6D:67:8D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Q44sLejPvOhbhVDNAKYfW1njaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/3fa09a-e874-4f34-bf45-2c0eda70666a/1/pTXcU1-027t2C2Vu9gFY335XMJc.roa
Signing time:             Thu 02 Jan 2025 09:50:09 +0000
ROA not before:           Thu 02 Jan 2025 09:50:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15847
IP address blocks:        195.20.198.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/3fa09a-e874-4f34-bf45-2c0eda70666a/1/0Q44sLejPvOhbhVDNAKYfW1njaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/3fa09a-e874-4f34-bf45-2c0eda70666a/1/0Q44sLejPvOhbhVDNAKYfW1njaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Q44sLejPvOhbhVDNAKYfW1njaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:26:dc:26:26:22:33:10:5b:e4:1e:9e:a0:37:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d10e38b0b7a33ef3a16e15433402987d6d678da1
        Validity
            Not Before: Jan  2 09:50:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a535dc535fb4dbbb760b656ef60158df7e573097
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:5f:ab:68:1d:ec:8c:f8:50:4a:d7:97:0a:b6:
                    94:0c:ed:4c:76:71:11:b0:51:f0:b8:d2:77:25:a6:
                    2f:91:94:30:ba:be:a6:4b:cb:14:11:28:99:82:30:
                    65:30:75:4b:ea:70:be:5d:f1:e6:f6:64:55:e3:fa:
                    32:6d:58:35:15:dd:91:94:a7:9e:a8:74:31:fe:03:
                    e1:cd:15:ef:19:4e:52:a3:03:05:81:6d:97:3a:05:
                    78:af:8b:32:5a:e1:15:57:9e:97:2a:88:82:5a:61:
                    04:dd:c3:2c:45:ef:12:ac:ce:3e:ea:ed:e8:95:16:
                    ea:22:0c:c2:b8:a7:2d:32:9c:89:f4:19:e1:16:11:
                    f9:bd:68:cb:cd:3b:8b:5c:30:ec:fc:6e:25:b1:1b:
                    91:df:93:1f:6e:18:c7:0c:46:03:c9:22:c3:33:4e:
                    b6:0b:4e:f2:07:9a:29:12:12:75:7c:bc:0f:c7:b8:
                    a4:ed:5d:48:9b:5c:7f:63:69:c7:83:85:54:58:5c:
                    59:89:ac:23:44:3c:64:d4:83:7e:0f:5b:bb:8b:61:
                    45:cb:75:a2:cd:7f:8c:36:b1:6e:f9:56:ed:f0:5b:
                    f2:2d:9f:e7:b3:68:79:b8:d9:c5:b6:4e:93:10:e1:
                    77:80:47:2a:4a:37:28:98:2f:ac:11:95:47:a7:d4:
                    a1:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:35:DC:53:5F:B4:DB:BB:76:0B:65:6E:F6:01:58:DF:7E:57:30:97
            X509v3 Authority Key Identifier:
                keyid:D1:0E:38:B0:B7:A3:3E:F3:A1:6E:15:43:34:02:98:7D:6D:67:8D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Q44sLejPvOhbhVDNAKYfW1njaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/3fa09a-e874-4f34-bf45-2c0eda70666a/1/pTXcU1-027t2C2Vu9gFY335XMJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/3fa09a-e874-4f34-bf45-2c0eda70666a/1/0Q44sLejPvOhbhVDNAKYfW1njaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:1b:d4:3f:8f:83:22:db:85:70:47:84:9b:d6:b2:97:2b:d3:
         c2:a9:bf:b0:e9:32:22:c5:7d:da:37:42:7a:29:08:06:e8:94:
         e1:fe:32:66:41:38:31:35:ca:d1:fe:5e:58:d5:fc:56:bd:d7:
         97:d8:55:32:97:27:e8:70:58:01:b3:88:6f:66:db:0e:70:f2:
         f0:e2:1a:5a:3b:50:ec:55:94:6b:ee:f5:bf:8e:b2:08:20:81:
         77:03:df:4b:39:2b:78:7b:bf:68:0d:32:86:7a:62:7f:c0:cd:
         84:ad:72:70:91:20:02:50:ee:70:ff:7a:f2:07:ca:75:67:f6:
         c0:01:e0:d2:8a:df:aa:66:63:7f:0a:a8:fc:2c:39:11:29:07:
         59:84:5f:bb:1d:ed:8b:5e:ab:99:e6:7a:37:3f:f4:48:bf:b6:
         ac:cd:b4:5e:98:f9:c3:26:59:79:8b:f1:7c:8a:78:68:33:c8:
         e3:57:91:c2:82:1b:f3:63:40:aa:22:d4:bc:ba:a2:97:b6:f8:
         8b:10:ec:d0:b6:e7:b2:2d:29:c0:6a:4a:d2:9f:3c:81:3a:c9:
         ea:31:c6:42:60:96:44:6e:16:e6:ab:30:87:72:19:c7:a2:60:
         99:da:3a:01:41:49:4e:7c:92:7c:2a:7f:73:fa:e2:5f:8e:63:
         fd:62:cc:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbCbcJiYiMxBb5B6eoDdJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxMGUzOGIwYjdhMzNlZjNhMTZlMTU0MzM0MDI5ODdkNmQ2
NzhkYTEwHhcNMjUwMTAyMDk1MDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTM1ZGM1MzVmYjRkYmJiNzYwYjY1NmVmNjAxNThkZjdlNTczMDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1+raB3sjPhQSteXCraUDO1MdnER
sFHwuNJ3JaYvkZQwur6mS8sUESiZgjBlMHVL6nC+XfHm9mRV4/oybVg1Fd2RlKee
qHQx/gPhzRXvGU5SowMFgW2XOgV4r4syWuEVV56XKoiCWmEE3cMsRe8SrM4+6u3o
lRbqIgzCuKctMpyJ9BnhFhH5vWjLzTuLXDDs/G4lsRuR35MfbhjHDEYDySLDM062
C07yB5opEhJ1fLwPx7ik7V1Im1x/Y2nHg4VUWFxZiawjRDxk1IN+D1u7i2FFy3Wi
zX+MNrFu+Vbt8FvyLZ/ns2h5uNnFtk6TEOF3gEcqSjcomC+sEZVHp9ShmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKU13FNftNu7dgtlbvYBWN9+VzCXMB8GA1UdIwQY
MBaAFNEOOLC3oz7zoW4VQzQCmH1tZ42hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFE0NHNMZWpQdk9oYmhWRE5BS1lmVzFuamFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy8zZmEwOWEtZTg3NC00ZjM0LWJmNDUt
MmMwZWRhNzA2NjZhLzEvcFRYY1UxLTAyN3QyQzJWdTlnRlkzMzVYTUpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy8zZmEwOWEtZTg3NC00ZjM0LWJmNDUtMmMwZWRhNzA2NjZh
LzEvMFE0NHNMZWpQdk9oYmhWRE5BS1lmVzFuamFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwxTGMA0G
CSqGSIb3DQEBCwUAA4IBAQALG9Q/j4Mi24VwR4Sb1rKXK9PCqb+w6TIixX3aN0J6
KQgG6JTh/jJmQTgxNcrR/l5Y1fxWvdeX2FUylyfocFgBs4hvZtsOcPLw4hpaO1Ds
VZRr7vW/jrIIIIF3A99LOSt4e79oDTKGemJ/wM2ErXJwkSACUO5w/3ryB8p1Z/bA
AeDSit+qZmN/Cqj8LDkRKQdZhF+7He2LXquZ5no3P/RIv7aszbRemPnDJll5i/F8
inhoM8jjV5HCghvzY0CqItS8uqKXtviLEOzQtueyLSnAakrSnzyBOsnqMcZCYJZE
bhbmqzCHchnHomCZ2joBQUlOfJJ8Kn9z+uJfjmP9YsyF
-----END CERTIFICATE-----