Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/pvy3-nx29RKViT06UxrUYw1AzTo.roa
File:                     pvy3-nx29RKViT06UxrUYw1AzTo.roa (raw, json)
Hash identifier:          nHQQO26YuBvgg5pjQpGDifgfNXLzURzmwyk3WNYTJrw=
Subject key identifier:   A6:FC:B7:FA:7C:76:F5:12:95:89:3D:3A:53:1A:D4:63:0D:40:CD:3A
Certificate issuer:       /CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Certificate serial:       019420686B16EA5340E31B62E31C47CD428E
Authority key identifier: 52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/pvy3-nx29RKViT06UxrUYw1AzTo.roa
Signing time:             Wed 01 Jan 2025 05:48:21 +0000
ROA not before:           Wed 01 Jan 2025 05:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204800
IP address blocks:        192.250.228.0/24 maxlen: 24
                          192.250.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:6b:16:ea:53:40:e3:1b:62:e3:1c:47:cd:42:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
        Validity
            Not Before: Jan  1 05:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6fcb7fa7c76f51295893d3a531ad4630d40cd3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:21:eb:29:b3:96:44:49:12:d3:45:d6:87:06:
                    3e:54:bc:df:b5:4b:36:f9:94:24:1a:f0:7f:05:27:
                    6c:c7:9a:52:04:d1:d9:4a:25:20:a4:6d:8b:a0:fe:
                    65:a5:f4:5f:4b:a2:fd:99:62:26:36:13:c3:05:d8:
                    30:02:7b:b3:4e:8e:32:00:10:36:07:53:1b:a2:08:
                    dc:4b:20:ec:68:5c:f1:ab:f2:a6:1c:b5:aa:b3:36:
                    cf:42:63:a9:aa:96:56:a9:f2:dd:0d:01:79:74:e8:
                    64:3d:de:01:82:b2:95:35:19:4c:e7:59:5e:04:14:
                    d7:89:a8:02:c6:a9:ea:c6:5b:e0:9f:10:f0:68:30:
                    51:5f:f5:7e:73:1b:12:83:7e:6f:ab:96:2c:b0:ee:
                    21:d9:10:ed:ff:7f:ae:98:5a:5b:62:b4:1b:41:da:
                    f7:27:06:b7:ff:c1:81:f8:1a:eb:5f:63:48:26:0d:
                    29:1d:14:c3:82:c2:e6:70:f9:7f:40:bc:2f:1a:c1:
                    31:52:49:a2:20:34:3b:81:9c:a0:7e:5f:03:51:1e:
                    93:87:5f:e7:e2:25:7e:a9:7d:2f:b1:28:69:c5:aa:
                    96:c7:96:db:53:53:99:ac:0c:9f:f2:07:2a:60:21:
                    c6:2e:a3:8a:ef:08:3c:01:1c:6d:b3:73:9c:04:6a:
                    fe:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:FC:B7:FA:7C:76:F5:12:95:89:3D:3A:53:1A:D4:63:0D:40:CD:3A
            X509v3 Authority Key Identifier:
                keyid:52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/pvy3-nx29RKViT06UxrUYw1AzTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.250.228.0/24
                  192.250.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:4f:23:45:e3:d5:b8:b7:f9:50:e7:d5:3b:73:1c:87:ce:e0:
         15:16:2d:5b:7a:48:a7:11:ad:59:59:61:69:56:80:5c:55:ff:
         ad:24:7e:dc:14:6d:de:24:bd:e3:a1:03:8d:46:af:88:d3:59:
         75:ed:ca:71:56:e9:9e:94:19:a1:50:85:05:da:24:4e:d2:48:
         44:64:ad:ab:ca:b4:89:49:8f:ab:6c:c7:ae:b7:b0:c3:20:a3:
         7b:6d:25:f1:7d:37:3e:83:d0:cd:7d:2d:87:b4:7f:5c:ad:2d:
         af:17:96:24:cc:64:5f:db:a4:d8:36:8b:df:4f:48:60:0b:36:
         60:2e:e0:e0:9b:63:38:45:97:d4:53:f3:4f:99:a6:62:7f:ca:
         fa:60:30:35:b7:48:63:aa:2b:3d:51:03:97:4b:8c:5c:70:43:
         ba:48:d1:2b:64:09:e3:7c:12:34:a9:a9:f9:d1:f3:8e:ce:67:
         5e:8e:18:56:3c:08:8b:0d:4f:d7:85:e3:26:e4:c9:5c:8a:ca:
         7c:3f:5c:8a:a4:49:51:de:39:67:c0:36:80:07:2e:88:ae:21:
         2e:11:54:19:7c:af:16:60:c0:92:96:1e:09:47:1f:2e:a2:87:
         74:87:d5:26:a6:1b:0a:93:88:23:e7:99:f8:02:44:7e:0b:cf:
         89:cd:1a:69
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQgaGsW6lNA4xti4xxHzUKOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2Q5YTY1MTJkYmYyNWE1ZjE5YjgyN2Q3YTJjN2UyMmEy
ZWU4ZGQwHhcNMjUwMTAxMDU0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmZjYjdmYTdjNzZmNTEyOTU4OTNkM2E1MzFhZDQ2MzBkNDBjZDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyHrKbOWREkS00XWhwY+VLzftUs2
+ZQkGvB/BSdsx5pSBNHZSiUgpG2LoP5lpfRfS6L9mWImNhPDBdgwAnuzTo4yABA2
B1MbogjcSyDsaFzxq/KmHLWqszbPQmOpqpZWqfLdDQF5dOhkPd4BgrKVNRlM51le
BBTXiagCxqnqxlvgnxDwaDBRX/V+cxsSg35vq5YssO4h2RDt/3+umFpbYrQbQdr3
Jwa3/8GB+BrrX2NIJg0pHRTDgsLmcPl/QLwvGsExUkmiIDQ7gZygfl8DUR6Th1/n
4iV+qX0vsShpxaqWx5bbU1OZrAyf8gcqYCHGLqOK7wg8ARxts3OcBGr+kQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKb8t/p8dvUSlYk9OlMa1GMNQM06MB8GA1UdIwQY
MBaAFFLNmmUS2/JaXxm4J9eix+IqLujdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUt
Y2NhMzc2MDZiZjE4LzEvcHZ5My1ueDI5UktWaVQwNlV4clVZdzFBelRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUtY2NhMzc2MDZiZjE4
LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwPrkAwQA
wPrrMA0GCSqGSIb3DQEBCwUAA4IBAQBdTyNF49W4t/lQ59U7cxyHzuAVFi1bekin
Ea1ZWWFpVoBcVf+tJH7cFG3eJL3joQONRq+I01l17cpxVumelBmhUIUF2iRO0khE
ZK2ryrSJSY+rbMeut7DDIKN7bSXxfTc+g9DNfS2HtH9crS2vF5YkzGRf26TYNovf
T0hgCzZgLuDgm2M4RZfUU/NPmaZif8r6YDA1t0hjqis9UQOXS4xccEO6SNErZAnj
fBI0qan50fOOzmdejhhWPAiLDU/XheMm5Mlcisp8P1yKpElR3jlnwDaABy6IriEu
EVQZfK8WYMCSlh4JRx8uood0h9UmphsKk4gj55n4AkR+C8+JzRpp
-----END CERTIFICATE-----