Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/LV9zFg6OhamGiAOogtfd9933noA.roa
File:                     LV9zFg6OhamGiAOogtfd9933noA.roa (raw, json)
Hash identifier:          3oyGic5KODlOi2wI1mwft0SxNLi/VyGo0RvwIPc1qwU=
Subject key identifier:   2D:5F:73:16:0E:8E:85:A9:86:88:03:A8:82:D7:DD:F7:DD:F7:9E:80
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01942824B0F7C24A1E13446CCA25FD527835
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/LV9zFg6OhamGiAOogtfd9933noA.roa
Signing time:             Thu 02 Jan 2025 17:51:20 +0000
ROA not before:           Thu 02 Jan 2025 17:51:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205220
IP address blocks:        194.180.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:b0:f7:c2:4a:1e:13:44:6c:ca:25:fd:52:78:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 17:51:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2d5f73160e8e85a9868803a882d7ddf7ddf79e80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:84:40:37:ce:0b:5f:b8:1a:ca:12:f5:b0:45:
                    ea:19:a1:9f:1c:3c:70:7b:40:43:b1:30:51:f5:00:
                    f9:39:ea:a0:f8:47:b7:98:4e:ab:a3:dc:a9:a5:2c:
                    0f:76:e5:1e:d7:7f:92:6d:82:59:3f:4f:1e:b0:09:
                    19:91:7a:ed:96:51:e8:c5:27:f3:7a:f1:1c:ef:7d:
                    ff:6c:0c:ca:13:4c:cb:f9:ab:6a:23:21:41:05:93:
                    75:2d:fb:bd:2d:4a:07:ec:e2:61:e0:77:d3:7c:08:
                    5b:6b:e4:04:8f:c2:37:b5:24:c9:7e:f3:c1:ab:76:
                    2e:c2:ab:16:a3:43:b6:fc:36:b8:89:84:a9:5b:d5:
                    8a:2c:4f:64:be:13:e1:9f:4e:cf:f2:6d:18:62:3d:
                    94:9d:5a:a8:e8:87:b8:e5:f3:00:f6:1c:0c:52:4f:
                    3d:67:73:56:1f:fe:e9:b9:dd:4a:89:56:f8:91:b0:
                    8f:26:b0:f2:3a:ed:d0:f3:7c:5e:28:56:17:39:73:
                    44:aa:90:3b:b4:bb:7d:38:fa:e7:09:19:8d:0d:8c:
                    a1:00:b8:05:ca:0e:6c:ef:54:27:2e:8a:d8:cd:46:
                    be:36:79:d2:da:1e:f6:87:a2:e2:08:2c:a7:3c:20:
                    50:7e:a3:18:69:07:7e:05:d5:05:9d:4a:db:4e:a5:
                    de:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:5F:73:16:0E:8E:85:A9:86:88:03:A8:82:D7:DD:F7:DD:F7:9E:80
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/LV9zFg6OhamGiAOogtfd9933noA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.180.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:0d:86:be:24:26:e7:ae:3d:58:38:52:f7:d0:02:7f:8b:b5:
         2d:0f:09:a5:eb:d4:c1:60:50:cd:5a:02:b9:46:b7:b9:5d:b0:
         cc:c7:8c:15:c7:4a:92:d7:71:b1:ac:40:b0:15:3a:f7:a6:3b:
         da:99:23:22:76:a6:dc:df:44:d7:dc:12:6e:0c:60:aa:54:74:
         25:41:77:b6:b3:93:95:11:f7:6c:fa:15:58:82:80:e7:a2:76:
         1c:2e:20:76:b7:65:6d:8a:1c:d8:72:f8:60:36:f3:ca:60:cc:
         e2:f8:c9:1c:83:45:6f:76:60:c8:a7:ba:50:c6:98:76:c1:99:
         af:28:87:48:ab:37:f1:54:c0:d2:16:c6:b7:40:0b:46:ff:88:
         f2:93:b6:e8:c8:5d:f6:19:1d:77:90:79:c3:88:5f:2f:7a:f0:
         04:49:6c:32:43:d8:93:82:7c:14:ad:f2:04:ca:24:52:93:db:
         e6:c6:85:d5:68:d0:89:b5:a1:5c:a6:00:9d:cb:21:45:5e:b4:
         94:77:c7:84:e7:fb:de:12:75:08:0f:63:f7:1f:6c:ef:8d:58:
         6c:8f:f0:b6:7b:cb:2c:10:94:87:5d:39:54:74:4d:e7:43:a0:
         10:b3:cd:80:31:ef:9e:d1:23:da:bb:66:fa:db:71:25:5b:c5:
         d3:be:08:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJLD3wkoeE0RsyiX9Ung1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDVmNzMxNjBlOGU4NWE5ODY4ODAzYTg4MmQ3ZGRmN2RkZjc5ZTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4RAN84LX7gayhL1sEXqGaGfHDxw
e0BDsTBR9QD5Oeqg+Ee3mE6ro9yppSwPduUe13+SbYJZP08esAkZkXrtllHoxSfz
evEc733/bAzKE0zL+atqIyFBBZN1Lfu9LUoH7OJh4HfTfAhba+QEj8I3tSTJfvPB
q3YuwqsWo0O2/Da4iYSpW9WKLE9kvhPhn07P8m0YYj2UnVqo6Ie45fMA9hwMUk89
Z3NWH/7pud1KiVb4kbCPJrDyOu3Q83xeKFYXOXNEqpA7tLt9OPrnCRmNDYyhALgF
yg5s71QnLorYzUa+NnnS2h72h6LiCCynPCBQfqMYaQd+BdUFnUrbTqXewQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC1fcxYOjoWphogDqILX3ffd956AMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTFY5ekZnNk9oYW1HaUFPb2d0ZmQ5OTMzbm9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrQlMA0G
CSqGSIb3DQEBCwUAA4IBAQBLDYa+JCbnrj1YOFL30AJ/i7UtDwml69TBYFDNWgK5
Rre5XbDMx4wVx0qS13GxrECwFTr3pjvamSMidqbc30TX3BJuDGCqVHQlQXe2s5OV
Efds+hVYgoDnonYcLiB2t2VtihzYcvhgNvPKYMzi+Mkcg0VvdmDIp7pQxph2wZmv
KIdIqzfxVMDSFsa3QAtG/4jyk7boyF32GR13kHnDiF8vevAESWwyQ9iTgnwUrfIE
yiRSk9vmxoXVaNCJtaFcpgCdyyFFXrSUd8eE5/veEnUID2P3H2zvjVhsj/C2e8ss
EJSHXTlUdE3nQ6AQs82AMe+e0SPau2b623ElW8XTvghH
-----END CERTIFICATE-----