Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/olvBi524Gp3rI2E2UN409GVcjvQ.roa
File:                     olvBi524Gp3rI2E2UN409GVcjvQ.roa (raw, json)
Hash identifier:          vTG53M/PHsVm4KjJT/BnZq8SO+0VF2H1PbNP7yYXlSU=
Subject key identifier:   A2:5B:C1:8B:9D:B8:1A:9D:EB:23:61:36:50:DE:34:F4:65:5C:8E:F4
Certificate issuer:       /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial:       01963496CB0B2F8EAC7E972131A134E80827
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/olvBi524Gp3rI2E2UN409GVcjvQ.roa
Signing time:             Mon 14 Apr 2025 13:56:59 +0000
ROA not before:           Mon 14 Apr 2025 13:56:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8245
IP address blocks:        217.19.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:34:96:cb:0b:2f:8e:ac:7e:97:21:31:a1:34:e8:08:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
        Validity
            Not Before: Apr 14 13:56:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a25bc18b9db81a9deb23613650de34f4655c8ef4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:58:81:fe:ed:ee:8e:39:8a:49:36:9e:1d:fd:
                    ed:a7:46:77:da:e8:e9:92:31:36:56:09:8c:ac:e6:
                    89:28:bf:86:ef:72:7e:df:d0:da:22:7f:01:78:5d:
                    e2:74:da:8b:bb:5f:91:12:04:cd:ca:e9:7c:67:ed:
                    5b:e6:e3:e7:4e:79:f0:4a:7f:39:fa:97:06:70:2c:
                    c1:5c:54:97:f3:08:9d:2b:8c:91:18:11:ca:7a:75:
                    f9:56:8f:b0:9a:27:ed:76:09:9c:52:6d:9f:71:91:
                    7b:4e:98:98:7c:25:bf:e4:b8:52:64:b6:a7:f1:b7:
                    f0:87:ab:63:b9:7d:21:02:8f:2e:4a:66:80:07:2e:
                    8a:a1:52:ef:14:0c:93:1e:e2:4c:9b:d4:b1:a3:06:
                    31:a1:1f:da:09:58:fc:eb:1b:1a:fd:99:d4:19:12:
                    0d:a9:29:6c:90:f3:a4:ba:9e:53:ee:10:8e:a4:e9:
                    04:51:3e:f0:5d:12:4e:2b:85:52:e8:53:5b:e8:25:
                    e9:6e:b6:17:bc:0d:51:0b:7f:13:bd:44:d4:9d:aa:
                    42:3b:b0:e6:30:25:1f:f0:86:47:f6:7c:43:b9:80:
                    15:d0:cf:03:5d:31:4c:0b:93:08:56:64:2b:a1:be:
                    ca:07:3b:81:83:78:5c:da:1f:7e:cd:12:93:98:c1:
                    da:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:5B:C1:8B:9D:B8:1A:9D:EB:23:61:36:50:DE:34:F4:65:5C:8E:F4
            X509v3 Authority Key Identifier:
                keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/olvBi524Gp3rI2E2UN409GVcjvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.19.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:b4:02:2c:38:1d:ce:bc:c9:33:53:9f:ed:01:05:5e:fa:87:
         19:6a:6a:67:1b:a6:d3:60:1d:42:9d:12:3d:1b:fb:9f:8c:39:
         d0:db:e3:d8:61:53:8d:87:54:25:52:2a:38:9e:08:24:85:16:
         01:d3:6b:80:e0:d2:4a:fb:23:bb:a4:66:a3:79:84:8e:53:9d:
         db:aa:91:87:fd:5b:c2:8a:7d:1d:0a:94:f1:b8:42:6c:b6:ee:
         ac:5b:01:d9:40:fe:ff:80:c5:ef:b5:fd:4b:e4:7c:db:9c:fb:
         0f:ea:bc:42:18:4a:cb:99:70:b4:3d:b7:52:77:4d:98:8c:e8:
         45:f2:55:63:15:e4:43:7c:b5:ca:d7:eb:cd:c8:7a:04:b9:4f:
         c8:2b:c2:34:7b:b0:9d:ba:d1:9f:69:cb:07:4f:fe:98:41:74:
         0b:d3:be:39:40:9a:a8:59:50:3e:87:2f:9a:d7:ee:40:84:94:
         5f:54:f8:19:54:22:72:64:ee:c8:b7:de:c8:d0:bd:94:8e:62:
         34:1c:cf:8e:93:dd:81:6b:8a:f9:f1:e5:19:bd:67:e4:f7:b9:
         f3:31:60:6c:b4:ba:f5:63:9f:3f:79:8e:3d:cc:72:04:13:9b:
         e6:5c:50:80:2a:b2:8a:da:68:39:e9:65:63:1d:e2:f4:0b:49:
         ff:0d:b2:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY0lssLL46sfpchMaE06AgnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjUwNDE0MTM1NjU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjViYzE4YjlkYjgxYTlkZWIyMzYxMzY1MGRlMzRmNDY1NWM4ZWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA71iB/u3ujjmKSTaeHf3tp0Z32ujp
kjE2VgmMrOaJKL+G73J+39DaIn8BeF3idNqLu1+REgTNyul8Z+1b5uPnTnnwSn85
+pcGcCzBXFSX8widK4yRGBHKenX5Vo+wmiftdgmcUm2fcZF7TpiYfCW/5LhSZLan
8bfwh6tjuX0hAo8uSmaABy6KoVLvFAyTHuJMm9SxowYxoR/aCVj86xsa/ZnUGRIN
qSlskPOkup5T7hCOpOkEUT7wXRJOK4VS6FNb6CXpbrYXvA1RC38TvUTUnapCO7Dm
MCUf8IZH9nxDuYAV0M8DXTFMC5MIVmQrob7KBzuBg3hc2h9+zRKTmMHaVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJbwYuduBqd6yNhNlDeNPRlXI70MB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEvb2x2Qmk1MjRHcDNySTJFMlVONDA5R1ZjanZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RMsMA0G
CSqGSIb3DQEBCwUAA4IBAQCftAIsOB3OvMkzU5/tAQVe+ocZampnG6bTYB1CnRI9
G/ufjDnQ2+PYYVONh1QlUio4nggkhRYB02uA4NJK+yO7pGajeYSOU53bqpGH/VvC
in0dCpTxuEJstu6sWwHZQP7/gMXvtf1L5HzbnPsP6rxCGErLmXC0PbdSd02YjOhF
8lVjFeRDfLXK1+vNyHoEuU/IK8I0e7CdutGfacsHT/6YQXQL0745QJqoWVA+hy+a
1+5AhJRfVPgZVCJyZO7It97I0L2UjmI0HM+Ok92Ba4r58eUZvWfk97nzMWBstLr1
Y58/eY49zHIEE5vmXFCAKrKK2mg56WVjHeL0C0n/DbLN
-----END CERTIFICATE-----