Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/4edbec-ffea-4062-89cb-656600c9e440/1/AhlTJGVn8a8rsbPjwh1Of-tiZ-E.roa
File:                     AhlTJGVn8a8rsbPjwh1Of-tiZ-E.roa (raw, json)
Hash identifier:          PvYJX4JVcBus78Efd+Q4dFc2SvUKpYf6MzmiID5icj0=
Subject key identifier:   02:19:53:24:65:67:F1:AF:2B:B1:B3:E3:C2:1D:4E:7F:EB:62:67:E1
Certificate issuer:       /CN=f32ca4df32dc71f411104f94b51ac14b6675824b
Certificate serial:       0197D4633B67B89FDBE9F7C8C7DC3221850C
Authority key identifier: F3:2C:A4:DF:32:DC:71:F4:11:10:4F:94:B5:1A:C1:4B:66:75:82:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8yyk3zLccfQREE-UtRrBS2Z1gks.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/4edbec-ffea-4062-89cb-656600c9e440/1/AhlTJGVn8a8rsbPjwh1Of-tiZ-E.roa
Signing time:             Fri 04 Jul 2025 07:42:42 +0000
ROA not before:           Fri 04 Jul 2025 07:42:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33915
IP address blocks:        144.2.252.0/22 maxlen: 22
                          144.2.254.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/4edbec-ffea-4062-89cb-656600c9e440/1/8yyk3zLccfQREE-UtRrBS2Z1gks.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/4edbec-ffea-4062-89cb-656600c9e440/1/8yyk3zLccfQREE-UtRrBS2Z1gks.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8yyk3zLccfQREE-UtRrBS2Z1gks.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d4:63:3b:67:b8:9f:db:e9:f7:c8:c7:dc:32:21:85:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f32ca4df32dc71f411104f94b51ac14b6675824b
        Validity
            Not Before: Jul  4 07:42:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=021953246567f1af2bb1b3e3c21d4e7feb6267e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7b:47:94:1f:6d:50:47:91:e1:dc:ab:8f:b0:
                    87:03:15:9e:5b:4d:0e:0c:00:a3:93:54:b8:6f:08:
                    69:33:29:27:d4:d5:67:c3:d3:95:2a:4a:9f:20:1f:
                    d4:27:43:cc:11:86:fb:45:55:5e:cf:58:b3:8d:12:
                    3a:5f:26:56:81:0b:8d:5e:25:2e:33:89:ea:4c:0f:
                    7a:b7:ca:ed:51:d4:05:16:cd:00:f7:68:4b:b3:f6:
                    4a:45:3d:27:b1:37:c6:e6:b1:3c:76:b0:94:33:c1:
                    98:64:46:21:8e:44:1d:28:3d:f0:cb:a5:03:50:8a:
                    dd:45:fb:7f:50:35:45:00:eb:81:ee:d7:9e:9c:26:
                    32:9e:6b:f4:0a:2c:d2:6a:b6:96:da:6a:c1:0e:9d:
                    f3:fe:8a:c4:e7:53:5d:0b:06:ee:e1:44:77:0f:63:
                    2d:42:c9:c2:86:12:81:45:90:2a:3c:aa:64:b5:c5:
                    f2:6f:c9:ac:f4:9c:19:8c:bb:67:2e:32:e6:8f:84:
                    15:fc:a7:3f:3b:a2:9d:54:27:09:4b:ee:12:b7:22:
                    6f:62:be:a9:30:56:0a:75:75:57:7a:2f:92:78:57:
                    2a:2d:13:dd:4c:6b:c1:ca:5c:3d:bd:a7:6b:2d:96:
                    52:a1:71:f2:d8:0c:a9:36:de:9a:28:ac:04:8e:82:
                    bf:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:19:53:24:65:67:F1:AF:2B:B1:B3:E3:C2:1D:4E:7F:EB:62:67:E1
            X509v3 Authority Key Identifier:
                keyid:F3:2C:A4:DF:32:DC:71:F4:11:10:4F:94:B5:1A:C1:4B:66:75:82:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yyk3zLccfQREE-UtRrBS2Z1gks.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/4edbec-ffea-4062-89cb-656600c9e440/1/AhlTJGVn8a8rsbPjwh1Of-tiZ-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/4edbec-ffea-4062-89cb-656600c9e440/1/8yyk3zLccfQREE-UtRrBS2Z1gks.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.2.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:7b:a4:42:c7:8c:e0:55:5a:5e:1a:d7:5a:d3:5a:3c:36:03:
         a1:f0:c9:a6:bf:d1:66:37:21:bc:95:70:59:0f:f4:a1:67:6a:
         6c:ad:a1:aa:26:be:84:5d:65:23:7a:89:b7:31:d2:a1:c1:1a:
         49:88:e2:5a:ac:32:b5:f3:d2:f7:46:42:bc:d3:46:19:78:eb:
         8d:8a:8b:e5:12:3a:82:d6:58:f7:dd:e4:25:af:e4:b0:39:23:
         a1:16:df:11:e7:a8:48:91:f0:96:f1:1e:c5:35:3a:b2:1f:c5:
         38:f1:25:33:fa:41:a9:7a:57:c6:e0:39:ef:96:f5:c1:06:ee:
         de:95:16:19:cd:ef:d7:4a:2a:35:64:86:56:ae:e5:5e:01:2f:
         c3:f6:82:49:80:36:79:8d:2f:cd:24:5c:39:bd:b5:1b:60:33:
         12:78:dd:4b:48:93:77:5d:3c:a4:72:c1:62:4e:66:18:9b:94:
         f5:a0:39:4d:3d:4a:99:1e:ec:01:ab:75:05:0e:f6:1e:6d:f4:
         e1:e0:c3:cd:cf:2c:0f:81:20:b9:e7:47:2c:20:b6:49:9c:42:
         16:7f:02:6b:b0:2c:ee:2d:b9:3c:9d:d0:eb:d9:5e:6a:71:0e:
         94:af:e5:d6:c6:c5:5b:ce:ed:0c:aa:19:4f:9b:2a:8f:f3:49:
         a3:75:3f:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfUYztnuJ/b6ffIx9wyIYUMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMmNhNGRmMzJkYzcxZjQxMTEwNGY5NGI1MWFjMTRiNjY3
NTgyNGIwHhcNMjUwNzA0MDc0MjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjE5NTMyNDY1NjdmMWFmMmJiMWIzZTNjMjFkNGU3ZmViNjI2N2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3tHlB9tUEeR4dyrj7CHAxWeW00O
DACjk1S4bwhpMykn1NVnw9OVKkqfIB/UJ0PMEYb7RVVez1izjRI6XyZWgQuNXiUu
M4nqTA96t8rtUdQFFs0A92hLs/ZKRT0nsTfG5rE8drCUM8GYZEYhjkQdKD3wy6UD
UIrdRft/UDVFAOuB7teenCYynmv0CizSaraW2mrBDp3z/orE51NdCwbu4UR3D2Mt
QsnChhKBRZAqPKpktcXyb8ms9JwZjLtnLjLmj4QV/Kc/O6KdVCcJS+4StyJvYr6p
MFYKdXVXei+SeFcqLRPdTGvBylw9vadrLZZSoXHy2AypNt6aKKwEjoK/ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAIZUyRlZ/GvK7Gz48IdTn/rYmfhMB8GA1UdIwQY
MBaAFPMspN8y3HH0ERBPlLUawUtmdYJLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHl5azN6TGNjZlFSRUUtVXRSckJTMloxZ2tzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS80ZWRiZWMtZmZlYS00MDYyLTg5Y2It
NjU2NjAwYzllNDQwLzEvQWhsVEpHVm44YThyc2JQandoMU9mLXRpWi1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS80ZWRiZWMtZmZlYS00MDYyLTg5Y2ItNjU2NjAwYzllNDQw
LzEvOHl5azN6TGNjZlFSRUUtVXRSckJTMloxZ2tzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCkAL8MA0G
CSqGSIb3DQEBCwUAA4IBAQBae6RCx4zgVVpeGtda01o8NgOh8Mmmv9FmNyG8lXBZ
D/ShZ2psraGqJr6EXWUjeom3MdKhwRpJiOJarDK189L3RkK800YZeOuNiovlEjqC
1lj33eQlr+SwOSOhFt8R56hIkfCW8R7FNTqyH8U48SUz+kGpelfG4DnvlvXBBu7e
lRYZze/XSio1ZIZWruVeAS/D9oJJgDZ5jS/NJFw5vbUbYDMSeN1LSJN3XTykcsFi
TmYYm5T1oDlNPUqZHuwBq3UFDvYebfTh4MPNzywPgSC550csILZJnEIWfwJrsCzu
Lbk8ndDr2V5qcQ6Ur+XWxsVbzu0MqhlPmyqP80mjdT8F
-----END CERTIFICATE-----