Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/_VjKlmvzYVy8ktZu-wqjmjiAJmo.roa
File:                     _VjKlmvzYVy8ktZu-wqjmjiAJmo.roa (raw, json)
Hash identifier:          sT06t+r7xF4EKER4Eq9ja2KenwXiwwXnRLng7zaXna4=
Subject key identifier:   FD:58:CA:96:6B:F3:61:5C:BC:92:D6:6E:FB:0A:A3:9A:38:80:26:6A
Certificate issuer:       /CN=2415bf9c61c85db7c99ac4cdf79257e7997ab77c
Certificate serial:       0194228D2C2604ADAEAF55CA34AC150A7E55
Authority key identifier: 24:15:BF:9C:61:C8:5D:B7:C9:9A:C4:CD:F7:92:57:E7:99:7A:B7:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JBW_nGHIXbfJmsTN95JX55l6t3w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/_VjKlmvzYVy8ktZu-wqjmjiAJmo.roa
Signing time:             Wed 01 Jan 2025 15:47:44 +0000
ROA not before:           Wed 01 Jan 2025 15:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398395
IP address blocks:        37.153.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/JBW_nGHIXbfJmsTN95JX55l6t3w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/JBW_nGHIXbfJmsTN95JX55l6t3w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JBW_nGHIXbfJmsTN95JX55l6t3w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 12:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:2c:26:04:ad:ae:af:55:ca:34:ac:15:0a:7e:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2415bf9c61c85db7c99ac4cdf79257e7997ab77c
        Validity
            Not Before: Jan  1 15:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd58ca966bf3615cbc92d66efb0aa39a3880266a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ed:b5:0a:40:1a:de:2e:6a:f1:82:b9:e6:5a:
                    04:b0:54:5e:f2:2b:ca:65:f4:91:a0:14:65:f0:fd:
                    26:a5:c2:6f:9e:98:c1:b3:24:6f:ac:64:c5:5b:91:
                    3b:65:a4:28:e3:0f:21:b9:4b:e6:be:d7:a6:b7:da:
                    d6:e5:b8:91:f6:88:30:fe:fa:cf:a5:b5:26:87:1f:
                    5c:48:15:04:5b:eb:c2:6d:eb:bb:de:24:d8:73:05:
                    d9:27:9a:9b:2b:52:08:cc:10:81:aa:d3:44:9a:c9:
                    5b:06:b6:c8:e1:e3:a2:53:32:e2:1e:67:1b:29:6f:
                    6b:8d:a1:07:86:57:e3:ab:33:a5:c6:a7:0c:1d:a0:
                    f7:b9:9f:a7:ba:04:b2:56:52:85:28:74:a7:56:fe:
                    38:e9:c9:34:65:2d:f7:da:12:34:8e:92:4f:64:d4:
                    c3:e4:82:7a:2f:fa:5f:83:35:66:cf:ea:db:0e:2a:
                    0c:db:59:34:17:04:0b:f0:7e:d2:e2:73:dd:67:51:
                    74:e8:67:f1:a0:d1:fc:79:7d:7e:d7:94:0c:5f:5f:
                    23:67:76:3f:eb:30:d3:bf:6a:fd:91:05:3f:a5:d1:
                    56:7f:21:54:a0:bd:bc:25:03:75:d0:8b:3b:74:09:
                    d9:b7:34:eb:0c:f3:d8:49:b6:55:d3:e1:16:e3:74:
                    cd:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:58:CA:96:6B:F3:61:5C:BC:92:D6:6E:FB:0A:A3:9A:38:80:26:6A
            X509v3 Authority Key Identifier:
                keyid:24:15:BF:9C:61:C8:5D:B7:C9:9A:C4:CD:F7:92:57:E7:99:7A:B7:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JBW_nGHIXbfJmsTN95JX55l6t3w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/_VjKlmvzYVy8ktZu-wqjmjiAJmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/JBW_nGHIXbfJmsTN95JX55l6t3w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:f8:82:3f:0f:1b:29:e4:01:d1:6e:a0:e5:fe:e2:a9:8e:1f:
         dd:2d:fe:41:2c:16:c3:ef:12:0c:db:15:c4:49:e8:41:99:31:
         8e:80:e5:a1:0c:3d:c9:1f:91:a1:a0:81:81:2f:db:a9:54:28:
         6b:c9:06:b5:b6:a5:a4:a9:a1:62:18:18:4f:cd:7d:c2:df:52:
         48:80:3f:ee:6e:01:8c:8e:aa:8e:16:18:e7:43:94:13:11:be:
         ce:db:f6:82:2c:a6:92:12:50:f8:1b:4d:34:fd:c1:5a:21:9c:
         39:e8:15:1b:bb:ed:b9:62:8e:c8:57:fb:23:55:1b:1d:16:14:
         86:04:8a:bf:cb:ae:b6:60:2f:fb:5c:c1:b9:88:57:3e:a2:27:
         1c:bc:a5:14:9c:5d:b4:6c:f2:0d:29:08:c9:c3:50:8f:21:5a:
         29:f4:07:3c:ee:2f:ce:fd:52:18:68:ce:e9:d6:cf:e8:e4:f4:
         72:e5:db:33:14:f4:39:7b:7c:6f:90:2d:d9:30:50:77:ab:a3:
         46:a2:f8:ec:75:b9:15:fb:da:0b:00:76:f0:31:e4:6c:83:51:
         ce:24:c1:35:73:d6:b5:b1:5b:af:a1:19:bd:59:fa:72:a7:21:
         4f:d7:28:d0:97:a6:63:f4:e3:d5:bc:c1:18:a8:4a:8d:92:2c:
         32:fd:34:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijSwmBK2ur1XKNKwVCn5VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MTViZjljNjFjODVkYjdjOTlhYzRjZGY3OTI1N2U3OTk3
YWI3N2MwHhcNMjUwMTAxMTU0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDU4Y2E5NjZiZjM2MTVjYmM5MmQ2NmVmYjBhYTM5YTM4ODAyNjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuu21CkAa3i5q8YK55loEsFRe8ivK
ZfSRoBRl8P0mpcJvnpjBsyRvrGTFW5E7ZaQo4w8huUvmvtemt9rW5biR9ogw/vrP
pbUmhx9cSBUEW+vCbeu73iTYcwXZJ5qbK1IIzBCBqtNEmslbBrbI4eOiUzLiHmcb
KW9rjaEHhlfjqzOlxqcMHaD3uZ+nugSyVlKFKHSnVv446ck0ZS332hI0jpJPZNTD
5IJ6L/pfgzVmz+rbDioM21k0FwQL8H7S4nPdZ1F06GfxoNH8eX1+15QMX18jZ3Y/
6zDTv2r9kQU/pdFWfyFUoL28JQN10Is7dAnZtzTrDPPYSbZV0+EW43TN7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1YypZr82FcvJLWbvsKo5o4gCZqMB8GA1UdIwQY
MBaAFCQVv5xhyF23yZrEzfeSV+eZerd8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkJXX25HSElYYmZKbXNUTjk1Slg1NWw2dDN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8zMzg5ZWItMTg1Ny00OWQyLTg0MWMt
NmExOGRjODgxNmRiLzEvX1ZqS2xtdnpZVnk4a3RadS13cWptamlBSm1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8zMzg5ZWItMTg1Ny00OWQyLTg0MWMtNmExOGRjODgxNmRi
LzEvSkJXX25HSElYYmZKbXNUTjk1Slg1NWw2dDN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZmbMA0G
CSqGSIb3DQEBCwUAA4IBAQCV+II/Dxsp5AHRbqDl/uKpjh/dLf5BLBbD7xIM2xXE
SehBmTGOgOWhDD3JH5GhoIGBL9upVChryQa1tqWkqaFiGBhPzX3C31JIgD/ubgGM
jqqOFhjnQ5QTEb7O2/aCLKaSElD4G000/cFaIZw56BUbu+25Yo7IV/sjVRsdFhSG
BIq/y662YC/7XMG5iFc+oiccvKUUnF20bPINKQjJw1CPIVop9Ac87i/O/VIYaM7p
1s/o5PRy5dszFPQ5e3xvkC3ZMFB3q6NGovjsdbkV+9oLAHbwMeRsg1HOJME1c9a1
sVuvoRm9WfpypyFP1yjQl6Zj9OPVvMEYqEqNkiwy/TRp
-----END CERTIFICATE-----