Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/pLmM5VRQCZjiMpjjS1M4tCmfnig.roa
File:                     pLmM5VRQCZjiMpjjS1M4tCmfnig.roa (raw, json)
Hash identifier:          3KOi4odpqftbHY+r2Rv36i0IHxo8HcR910kJdmQVui8=
Subject key identifier:   A4:B9:8C:E5:54:50:09:98:E2:32:98:E3:4B:53:38:B4:29:9F:9E:28
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018DBCD7E4B1258D189C4AC1EE3CED9E20AA
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/pLmM5VRQCZjiMpjjS1M4tCmfnig.roa
Signing time:             Sun 18 Feb 2024 15:31:21 +0000
ROA not before:           Sun 18 Feb 2024 15:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209641
IP address blocks:        194.226.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:bc:d7:e4:b1:25:8d:18:9c:4a:c1:ee:3c:ed:9e:20:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Feb 18 15:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4b98ce554500998e23298e34b5338b4299f9e28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:6a:3e:b4:d6:63:15:48:9a:b2:15:9d:be:60:
                    b6:c2:0a:2d:9c:39:d5:b9:84:64:c4:87:23:12:22:
                    c1:5b:b3:64:18:48:98:93:b2:40:19:20:ba:6e:af:
                    dd:a8:c0:b0:87:38:85:68:2f:74:d7:fe:ea:09:d8:
                    c8:77:04:b9:b4:65:69:7c:a8:86:fa:c2:b2:da:7f:
                    86:55:d1:db:ff:fd:f9:e2:83:d5:83:4c:4f:61:b3:
                    db:e4:50:9a:05:5a:cb:4a:36:97:13:78:af:a8:d8:
                    ed:af:b2:18:56:43:20:e9:0b:d4:94:47:74:46:9e:
                    2c:0f:e8:6b:0e:6e:dc:8c:ab:f4:7c:95:29:cd:9c:
                    98:e9:94:3d:67:83:5b:66:65:8d:7b:5b:5e:a4:e7:
                    88:74:b6:7b:a2:db:40:22:58:a2:ab:09:c8:9e:14:
                    9b:e9:58:5b:8d:7d:a1:a1:30:97:3e:13:4b:d6:0c:
                    53:82:b0:c8:83:b8:b0:d6:d2:c9:33:98:c8:ae:a7:
                    32:9d:3a:31:04:e4:a0:a4:1b:be:cf:27:a2:68:a0:
                    b2:d5:9f:d4:47:ff:27:6e:33:af:c1:38:ac:d7:09:
                    53:7a:de:a8:3e:7f:40:00:ec:0c:ab:b7:ac:f8:fd:
                    15:b2:59:f6:0f:ee:6b:34:1b:b5:54:6b:63:ee:b8:
                    36:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:B9:8C:E5:54:50:09:98:E2:32:98:E3:4B:53:38:B4:29:9F:9E:28
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/pLmM5VRQCZjiMpjjS1M4tCmfnig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.226.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:6d:90:e5:14:6f:bd:98:cd:96:2c:1a:bf:0b:fa:61:f4:0b:
         6a:28:4b:31:de:bc:7d:fb:a1:8d:f6:93:a6:c2:42:23:d0:46:
         3e:45:31:9d:a5:6d:03:d0:46:19:10:b1:51:1a:6f:66:8e:1d:
         6b:4e:31:99:33:48:66:a0:5d:b7:12:ce:e9:86:8a:54:30:de:
         8c:cc:d6:3f:16:ed:5d:e9:03:dd:e2:6b:b8:05:6f:2b:a5:04:
         cc:cd:c2:03:00:50:36:87:13:af:36:45:7f:80:5e:8b:79:60:
         e5:7e:b7:45:16:a1:8d:35:81:dc:ed:9c:78:53:90:5e:30:bc:
         03:3a:69:99:5c:15:d9:09:25:87:2a:30:ac:d3:e1:4f:3b:19:
         3a:a2:be:1d:6a:98:77:54:8e:66:88:c8:42:32:22:cd:35:bd:
         cf:3f:6a:c5:9c:bc:3a:8b:4d:31:ed:ce:a4:ad:8a:d9:08:b7:
         db:a6:97:79:b8:b9:d4:1e:e5:64:68:7d:d8:72:e7:c0:32:55:
         fe:5f:f2:70:6b:5a:db:e2:b0:47:4f:31:c5:39:98:1b:8a:73:
         0b:6e:34:2c:72:cc:39:06:ec:3c:a4:6f:65:fe:9b:3e:8c:d5:
         43:1a:76:fb:c5:7e:3b:f5:16:4c:a9:c6:30:f9:52:07:b9:38:
         ab:2b:63:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY281+SxJY0YnErB7jztniCqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMjE4MTUzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGI5OGNlNTU0NTAwOTk4ZTIzMjk4ZTM0YjUzMzhiNDI5OWY5ZTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomo+tNZjFUiashWdvmC2wgotnDnV
uYRkxIcjEiLBW7NkGEiYk7JAGSC6bq/dqMCwhziFaC901/7qCdjIdwS5tGVpfKiG
+sKy2n+GVdHb//354oPVg0xPYbPb5FCaBVrLSjaXE3ivqNjtr7IYVkMg6QvUlEd0
Rp4sD+hrDm7cjKv0fJUpzZyY6ZQ9Z4NbZmWNe1tepOeIdLZ7ottAIliiqwnInhSb
6VhbjX2hoTCXPhNL1gxTgrDIg7iw1tLJM5jIrqcynToxBOSgpBu+zyeiaKCy1Z/U
R/8nbjOvwTis1wlTet6oPn9AAOwMq7es+P0Vsln2D+5rNBu1VGtj7rg29wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKS5jOVUUAmY4jKY40tTOLQpn54oMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvcExtTTVWUlFDWmppTXBqalMxTTR0Q21mbmlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwuKLMA0G
CSqGSIb3DQEBCwUAA4IBAQChbZDlFG+9mM2WLBq/C/ph9AtqKEsx3rx9+6GN9pOm
wkIj0EY+RTGdpW0D0EYZELFRGm9mjh1rTjGZM0hmoF23Es7phopUMN6MzNY/Fu1d
6QPd4mu4BW8rpQTMzcIDAFA2hxOvNkV/gF6LeWDlfrdFFqGNNYHc7Zx4U5BeMLwD
OmmZXBXZCSWHKjCs0+FPOxk6or4daph3VI5miMhCMiLNNb3PP2rFnLw6i00x7c6k
rYrZCLfbppd5uLnUHuVkaH3YcufAMlX+X/Jwa1rb4rBHTzHFOZgbinMLbjQscsw5
Buw8pG9l/ps+jNVDGnb7xX479RZMqcYw+VIHuTirK2O1
-----END CERTIFICATE-----