Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/n_VaOJr7vRySqZQrlhdcO-3-IeU.roa
File:                     n_VaOJr7vRySqZQrlhdcO-3-IeU.roa (raw, json)
Hash identifier:          GTRXpVgBnyeDGEBaZDZ4AxGx/mBSplpZZWKxLbR7Txc=
Subject key identifier:   9F:F5:5A:38:9A:FB:BD:1C:92:A9:94:2B:96:17:5C:3B:ED:FE:21:E5
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       0194258F4EBD3B2FFF4C72CF7DFBB39369F3
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/n_VaOJr7vRySqZQrlhdcO-3-IeU.roa
Signing time:             Thu 02 Jan 2025 05:48:56 +0000
ROA not before:           Thu 02 Jan 2025 05:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201867
IP address blocks:        213.198.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:4e:bd:3b:2f:ff:4c:72:cf:7d:fb:b3:93:69:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  2 05:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ff55a389afbbd1c92a9942b96175c3bedfe21e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:f2:8f:b6:7e:4d:eb:32:89:8a:d9:5b:45:22:
                    8c:da:ba:f0:1d:90:78:18:13:60:77:06:78:2b:64:
                    99:fb:9a:c4:48:c2:30:51:d2:8f:49:de:57:2c:e6:
                    65:d5:02:a5:a0:98:3f:aa:14:9f:34:16:bc:4c:65:
                    47:2c:de:86:2e:8e:57:cb:50:75:47:91:34:fd:44:
                    d4:d7:b6:2a:e3:25:fb:5f:04:d6:cb:a7:4d:59:6d:
                    0e:b9:72:07:e8:3a:9e:c0:bc:5e:74:5e:95:61:c5:
                    44:4a:66:0c:f3:e0:d1:8e:56:2e:31:21:e9:b3:b9:
                    79:59:bd:34:ac:21:2c:24:d3:0f:6f:2d:f0:32:6d:
                    78:e6:1a:c1:90:3c:a0:9d:ad:1d:b3:c9:4f:50:e9:
                    a6:f6:35:95:53:1d:c3:bc:7b:4d:f7:71:dd:75:82:
                    01:c6:b1:d7:6d:60:2c:df:72:f9:c9:4d:6b:93:e7:
                    7e:55:4e:e0:73:dd:f8:66:c5:b9:d8:c9:59:00:58:
                    63:c4:ec:0b:8a:95:83:95:eb:89:14:4b:35:0e:81:
                    e9:df:8b:69:29:e8:e9:33:db:94:f8:6f:62:5e:5a:
                    6c:0d:c1:3d:f2:ad:62:8c:61:ad:5e:4b:7b:9f:3e:
                    23:aa:58:5f:7b:e0:43:d0:ce:01:58:fa:b1:db:b1:
                    5a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:F5:5A:38:9A:FB:BD:1C:92:A9:94:2B:96:17:5C:3B:ED:FE:21:E5
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/n_VaOJr7vRySqZQrlhdcO-3-IeU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.198.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:bb:17:f5:da:c4:50:1d:95:6f:e8:56:a4:3f:4f:59:dc:50:
         37:11:8a:ac:84:9e:aa:98:50:61:e4:a3:96:b5:6b:e5:5f:97:
         37:d4:3f:4b:3c:d9:9b:22:2b:e2:fc:37:59:66:69:58:de:fb:
         73:41:f6:6f:97:27:20:ae:d6:b4:86:40:4b:61:f7:e0:05:a3:
         c5:dc:2a:21:2c:3a:97:09:5f:88:5d:2c:d6:f6:d4:66:92:be:
         64:1c:72:03:24:8a:1d:57:97:12:04:65:c4:8c:10:27:e7:2c:
         f4:03:1a:a2:bb:43:3b:e1:f8:1d:57:e1:1c:05:fd:54:6e:26:
         7e:c1:08:4d:2c:e5:42:a6:37:5f:a8:a6:c1:e9:39:be:3a:ab:
         74:54:e2:bf:06:49:be:ca:81:3e:16:bb:d0:71:1e:25:be:02:
         b8:25:a6:85:e6:63:06:80:a0:4b:db:3f:b5:c7:24:29:89:62:
         52:a8:63:58:2b:a2:e6:3d:42:25:14:dd:25:b5:20:ea:32:60:
         79:05:c3:94:22:82:29:f1:01:46:24:2d:c5:fc:3a:10:f7:fd:
         0a:92:0f:72:ce:74:16:b2:0f:5a:64:b5:67:5e:ba:9b:cd:f2:
         fd:1a:13:43:8f:47:77:96:e3:3e:ff:56:44:c2:07:7e:bf:18:
         a2:99:e0:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj069Oy//THLPffuzk2nzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjUwMTAyMDU0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmY1NWEzODlhZmJiZDFjOTJhOTk0MmI5NjE3NWMzYmVkZmUyMWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAufKPtn5N6zKJitlbRSKM2rrwHZB4
GBNgdwZ4K2SZ+5rESMIwUdKPSd5XLOZl1QKloJg/qhSfNBa8TGVHLN6GLo5Xy1B1
R5E0/UTU17Yq4yX7XwTWy6dNWW0OuXIH6DqewLxedF6VYcVESmYM8+DRjlYuMSHp
s7l5Wb00rCEsJNMPby3wMm145hrBkDygna0ds8lPUOmm9jWVUx3DvHtN93HddYIB
xrHXbWAs33L5yU1rk+d+VU7gc934ZsW52MlZAFhjxOwLipWDleuJFEs1DoHp34tp
KejpM9uU+G9iXlpsDcE98q1ijGGtXkt7nz4jqlhfe+BD0M4BWPqx27FacQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ/1Wjia+70ckqmUK5YXXDvt/iHlMB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvbl9WYU9Kcjd2UnlTcVpRcmxoZGNPLTMtSWVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1cYdMA0G
CSqGSIb3DQEBCwUAA4IBAQCRuxf12sRQHZVv6FakP09Z3FA3EYqshJ6qmFBh5KOW
tWvlX5c31D9LPNmbIivi/DdZZmlY3vtzQfZvlycgrta0hkBLYffgBaPF3CohLDqX
CV+IXSzW9tRmkr5kHHIDJIodV5cSBGXEjBAn5yz0Axqiu0M74fgdV+EcBf1UbiZ+
wQhNLOVCpjdfqKbB6Tm+Oqt0VOK/Bkm+yoE+FrvQcR4lvgK4JaaF5mMGgKBL2z+1
xyQpiWJSqGNYK6LmPUIlFN0ltSDqMmB5BcOUIoIp8QFGJC3F/DoQ9/0Kkg9yznQW
sg9aZLVnXrqbzfL9GhNDj0d3luM+/1ZEwgd+vxiimeCW
-----END CERTIFICATE-----