Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/oRtPJ9obhOoba5gUKMhzJv7EPaY.roa
File:                     oRtPJ9obhOoba5gUKMhzJv7EPaY.roa (raw, json)
Hash identifier:          /ao/oTc+weLg5oqY6EaR079fddOWt9uzR6QghhaRobQ=
Subject key identifier:   A1:1B:4F:27:DA:1B:84:EA:1B:6B:98:14:28:C8:73:26:FE:C4:3D:A6
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0195387E68F5EB5B45F9697395698404ED55
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/oRtPJ9obhOoba5gUKMhzJv7EPaY.roa
Signing time:             Mon 24 Feb 2025 15:06:03 +0000
ROA not before:           Mon 24 Feb 2025 15:06:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207459
IP address blocks:        193.149.28.0/24 maxlen: 24
                          193.149.29.0/24 maxlen: 24
                          193.149.30.0/24 maxlen: 24
                          193.149.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:38:7e:68:f5:eb:5b:45:f9:69:73:95:69:84:04:ed:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb 24 15:06:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a11b4f27da1b84ea1b6b981428c87326fec43da6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:5e:9d:6e:fb:e4:53:cd:8b:02:bd:26:73:71:
                    da:c6:d7:e0:0b:8e:72:02:06:62:28:05:3e:e7:f8:
                    6d:16:81:6c:43:4e:b3:c8:29:cb:f0:60:ae:0e:b3:
                    5b:1d:e0:8c:1c:1b:81:77:b9:cd:d1:ea:66:e1:20:
                    63:50:4a:4e:dc:51:c1:7a:a7:93:c3:18:ec:1d:81:
                    22:e9:aa:3e:6f:71:25:c2:07:bd:75:74:fd:0d:ae:
                    46:ff:65:77:8f:20:8d:e7:2c:ce:13:3b:d4:58:64:
                    a8:c0:f0:c5:58:96:e8:8d:fb:40:d6:56:3a:f0:d7:
                    26:41:d2:65:b2:63:de:ca:d5:8e:b9:22:20:9d:78:
                    e6:7f:8a:d9:d2:e8:38:a7:aa:dc:47:f9:ac:e5:eb:
                    fc:fd:57:de:9c:c1:04:81:9a:f2:3a:bc:b0:40:1d:
                    d6:64:09:72:d9:2f:e9:32:1e:ee:72:45:27:3b:b9:
                    44:2b:fd:53:a5:db:d5:6c:e5:de:f0:32:91:44:72:
                    fd:b1:e1:24:a0:18:c3:63:81:93:15:36:e5:db:41:
                    c1:9b:5f:cb:4d:54:fe:ad:06:1a:35:c8:31:54:6e:
                    dd:2a:a4:21:0a:84:cf:9a:8e:79:99:9c:d6:54:ca:
                    8a:5e:45:58:55:96:35:77:9d:17:1a:75:78:be:54:
                    32:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:1B:4F:27:DA:1B:84:EA:1B:6B:98:14:28:C8:73:26:FE:C4:3D:A6
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/oRtPJ9obhOoba5gUKMhzJv7EPaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.149.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b4:68:f1:e6:59:49:21:78:1c:ad:55:ef:80:31:19:b4:ce:4e:
         d5:ff:c7:17:d3:0a:dd:47:ae:ae:69:f6:4a:82:8e:c3:ee:45:
         5a:9c:98:8f:38:62:ac:38:e0:06:73:6c:96:fb:21:05:d7:ff:
         38:89:5d:25:66:79:40:5f:1e:0c:aa:75:95:ea:b1:44:5b:9d:
         91:54:ca:51:f6:c6:5e:2c:fb:d3:2b:4d:e6:1d:db:25:52:37:
         36:2e:54:ad:14:47:90:e8:81:03:a7:89:ba:59:ca:ee:0e:b7:
         02:e7:a2:6f:7e:a1:d9:5a:b5:91:0b:bd:b2:c9:d4:4c:a5:5f:
         6f:90:d0:de:c5:17:d1:c5:98:7f:15:e3:cb:c6:01:9a:65:1d:
         5c:e6:42:7b:f4:36:33:ac:f8:30:b3:56:2f:b1:e0:74:a6:f2:
         81:d6:af:75:be:01:23:43:4d:d0:9a:d6:07:63:2b:6e:b5:b0:
         71:22:7a:c3:45:c5:3b:a1:4a:8b:7c:04:60:d6:52:6f:77:d9:
         b8:08:1d:45:9b:b8:0a:a2:0b:ae:2a:b0:31:25:57:b1:e5:82:
         86:fc:9f:e5:80:ff:c1:9b:af:dd:13:37:d8:1b:52:0b:8d:d0:
         37:d6:10:5b:5d:92:82:32:45:b7:e9:e1:ef:84:63:0a:03:18:
         c8:b2:96:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZU4fmj161tF+WlzlWmEBO1VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMjI0MTUwNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTFiNGYyN2RhMWI4NGVhMWI2Yjk4MTQyOGM4NzMyNmZlYzQzZGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtl6dbvvkU82LAr0mc3HaxtfgC45y
AgZiKAU+5/htFoFsQ06zyCnL8GCuDrNbHeCMHBuBd7nN0epm4SBjUEpO3FHBeqeT
wxjsHYEi6ao+b3Elwge9dXT9Da5G/2V3jyCN5yzOEzvUWGSowPDFWJbojftA1lY6
8NcmQdJlsmPeytWOuSIgnXjmf4rZ0ug4p6rcR/ms5ev8/VfenMEEgZryOrywQB3W
ZAly2S/pMh7uckUnO7lEK/1TpdvVbOXe8DKRRHL9seEkoBjDY4GTFTbl20HBm1/L
TVT+rQYaNcgxVG7dKqQhCoTPmo55mZzWVMqKXkVYVZY1d50XGnV4vlQyKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKEbTyfaG4TqG2uYFCjIcyb+xD2mMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvb1J0UEo5b2JoT29iYTVnVUtNaHpKdjdFUGFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwZUcMA0G
CSqGSIb3DQEBCwUAA4IBAQC0aPHmWUkheBytVe+AMRm0zk7V/8cX0wrdR66uafZK
go7D7kVanJiPOGKsOOAGc2yW+yEF1/84iV0lZnlAXx4MqnWV6rFEW52RVMpR9sZe
LPvTK03mHdslUjc2LlStFEeQ6IEDp4m6WcruDrcC56JvfqHZWrWRC72yydRMpV9v
kNDexRfRxZh/FePLxgGaZR1c5kJ79DYzrPgws1YvseB0pvKB1q91vgEjQ03QmtYH
YytutbBxInrDRcU7oUqLfARg1lJvd9m4CB1Fm7gKoguuKrAxJVex5YKG/J/lgP/B
m6/dEzfYG1ILjdA31hBbXZKCMkW36eHvhGMKAxjIspak
-----END CERTIFICATE-----