Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/02f8a1-3383-4d21-aa25-e733c262a382/1/L4hlYKajNqyPnVVv7AIxEY7dFGs.roa
File:                     L4hlYKajNqyPnVVv7AIxEY7dFGs.roa (raw, json)
Hash identifier:          dC2HFDiddhP1IjnshflG9aATVdgRr01kQzAT+rfJKcU=
Subject key identifier:   2F:88:65:60:A6:A3:36:AC:8F:9D:55:6F:EC:02:31:11:8E:DD:14:6B
Certificate issuer:       /CN=e31f3656c6ed9a3f9a42c678a78a2e374f8e57d3
Certificate serial:       0194221FB2179F4CED84D4F498EBC81FBD43
Authority key identifier: E3:1F:36:56:C6:ED:9A:3F:9A:42:C6:78:A7:8A:2E:37:4F:8E:57:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4x82Vsbtmj-aQsZ4p4ouN0-OV9M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/02f8a1-3383-4d21-aa25-e733c262a382/1/L4hlYKajNqyPnVVv7AIxEY7dFGs.roa
Signing time:             Wed 01 Jan 2025 13:48:10 +0000
ROA not before:           Wed 01 Jan 2025 13:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209961
IP address blocks:        92.249.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/02f8a1-3383-4d21-aa25-e733c262a382/1/4x82Vsbtmj-aQsZ4p4ouN0-OV9M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/02f8a1-3383-4d21-aa25-e733c262a382/1/4x82Vsbtmj-aQsZ4p4ouN0-OV9M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4x82Vsbtmj-aQsZ4p4ouN0-OV9M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:b2:17:9f:4c:ed:84:d4:f4:98:eb:c8:1f:bd:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e31f3656c6ed9a3f9a42c678a78a2e374f8e57d3
        Validity
            Not Before: Jan  1 13:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f886560a6a336ac8f9d556fec0231118edd146b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:8b:64:61:8a:77:c7:3e:c2:7c:94:4b:7c:7b:
                    34:35:ed:10:e3:65:ca:2f:e1:a2:0c:66:2e:1b:63:
                    c8:ce:77:6c:1a:ec:12:19:ea:89:ad:f2:01:29:fd:
                    f9:ad:27:08:d0:a8:81:29:34:a2:4b:c9:b7:d7:92:
                    32:71:19:60:78:02:f3:55:3d:95:4a:dd:b3:ee:a6:
                    68:d9:78:4e:ae:4b:11:48:23:9b:12:3e:eb:f1:96:
                    6c:5e:17:b1:62:e4:8d:ca:b7:4e:d8:aa:1e:f4:54:
                    e4:37:a6:e2:e6:8b:e5:8e:2d:eb:fc:e3:88:56:5d:
                    a0:36:5f:65:b1:8d:43:3e:3f:b3:6c:e2:f5:43:6c:
                    a4:11:cc:d2:ec:24:b4:c2:1b:96:11:e7:76:73:f2:
                    6a:ca:9a:97:89:a7:24:8b:9b:e2:14:23:2c:b6:b1:
                    5b:8b:4a:4f:c4:26:c9:c3:bf:fd:ee:45:74:9c:48:
                    16:d5:3e:d5:c4:21:97:68:25:c8:3d:fc:ba:9f:5b:
                    ee:3e:36:78:cc:fd:a4:a2:19:25:be:17:6c:65:0f:
                    3f:83:2b:35:fa:96:23:e2:2e:5d:c8:d7:5b:56:d6:
                    2c:2b:de:cd:a1:cb:13:45:fe:28:67:d8:c3:95:24:
                    bb:bc:e3:b4:50:ef:19:62:36:f9:53:05:b3:81:d3:
                    e7:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:88:65:60:A6:A3:36:AC:8F:9D:55:6F:EC:02:31:11:8E:DD:14:6B
            X509v3 Authority Key Identifier:
                keyid:E3:1F:36:56:C6:ED:9A:3F:9A:42:C6:78:A7:8A:2E:37:4F:8E:57:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4x82Vsbtmj-aQsZ4p4ouN0-OV9M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/02f8a1-3383-4d21-aa25-e733c262a382/1/L4hlYKajNqyPnVVv7AIxEY7dFGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/02f8a1-3383-4d21-aa25-e733c262a382/1/4x82Vsbtmj-aQsZ4p4ouN0-OV9M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.249.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:c0:73:c6:d7:34:6c:68:20:2f:8a:1f:1e:f3:47:f6:4b:50:
         4d:c2:14:2e:db:2d:46:50:5c:c4:7e:29:88:60:42:10:df:58:
         d8:8e:74:47:57:e6:92:9a:33:ee:fa:ab:8c:b9:1f:bc:7b:49:
         6b:6b:48:c4:8e:a0:f5:b2:08:8c:4c:46:1b:b0:fb:de:83:d3:
         88:d5:e4:d1:ea:f2:a8:92:20:df:6f:79:fa:1d:ef:a7:03:8d:
         ea:df:09:35:50:b9:33:6e:d3:41:6b:61:2a:3c:75:67:1e:51:
         e1:3c:98:bf:8b:3d:3f:40:65:f7:10:da:3a:e7:4b:72:c5:ee:
         31:68:cd:aa:57:2a:60:28:ab:29:8d:26:f3:a2:42:c2:3f:01:
         18:99:5f:05:d2:6a:1b:27:51:1c:30:6a:9f:80:f2:e5:d0:e2:
         a5:2e:bb:74:4d:9e:36:fa:f6:08:be:d9:f4:ac:57:44:e9:bf:
         6f:e5:55:15:98:7d:58:de:d8:d8:c2:93:58:47:22:57:47:e0:
         41:9a:50:eb:51:dc:b7:23:1f:08:65:9b:23:f3:fa:42:64:c1:
         db:69:9b:09:c4:21:b8:1d:4e:f7:69:e2:df:7f:20:1e:b1:0c:
         a8:b7:d2:77:e5:21:fe:c6:ce:43:2c:4e:91:a0:6d:8a:bc:b3:
         24:f7:89:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH7IXn0zthNT0mOvIH71DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMWYzNjU2YzZlZDlhM2Y5YTQyYzY3OGE3OGEyZTM3NGY4
ZTU3ZDMwHhcNMjUwMTAxMTM0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjg4NjU2MGE2YTMzNmFjOGY5ZDU1NmZlYzAyMzExMThlZGQxNDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA24tkYYp3xz7CfJRLfHs0Ne0Q42XK
L+GiDGYuG2PIzndsGuwSGeqJrfIBKf35rScI0KiBKTSiS8m315IycRlgeALzVT2V
St2z7qZo2XhOrksRSCObEj7r8ZZsXhexYuSNyrdO2Koe9FTkN6bi5ovlji3r/OOI
Vl2gNl9lsY1DPj+zbOL1Q2ykEczS7CS0whuWEed2c/JqypqXiacki5viFCMstrFb
i0pPxCbJw7/97kV0nEgW1T7VxCGXaCXIPfy6n1vuPjZ4zP2kohklvhdsZQ8/gys1
+pYj4i5dyNdbVtYsK97NocsTRf4oZ9jDlSS7vOO0UO8ZYjb5UwWzgdPn4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC+IZWCmozasj51Vb+wCMRGO3RRrMB8GA1UdIwQY
MBaAFOMfNlbG7Zo/mkLGeKeKLjdPjlfTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHg4MlZzYnRtai1hUXNaNHA0b3VOMC1PVjlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8wMmY4YTEtMzM4My00ZDIxLWFhMjUt
ZTczM2MyNjJhMzgyLzEvTDRobFlLYWpOcXlQblZWdjdBSXhFWTdkRkdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8wMmY4YTEtMzM4My00ZDIxLWFhMjUtZTczM2MyNjJhMzgy
LzEvNHg4MlZzYnRtai1hUXNaNHA0b3VOMC1PVjlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXPkZMA0G
CSqGSIb3DQEBCwUAA4IBAQBAwHPG1zRsaCAvih8e80f2S1BNwhQu2y1GUFzEfimI
YEIQ31jYjnRHV+aSmjPu+quMuR+8e0lra0jEjqD1sgiMTEYbsPveg9OI1eTR6vKo
kiDfb3n6He+nA43q3wk1ULkzbtNBa2EqPHVnHlHhPJi/iz0/QGX3ENo650tyxe4x
aM2qVypgKKspjSbzokLCPwEYmV8F0mobJ1EcMGqfgPLl0OKlLrt0TZ42+vYIvtn0
rFdE6b9v5VUVmH1Y3tjYwpNYRyJXR+BBmlDrUdy3Ix8IZZsj8/pCZMHbaZsJxCG4
HU73aeLffyAesQyot9J35SH+xs5DLE6RoG2KvLMk94lN
-----END CERTIFICATE-----