Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/23dc61-7e9d-40b3-91b6-46bd7d794fb6/1/lVsIvIm2siK76Iwlc1JEpwaFSPI.roa
File:                     lVsIvIm2siK76Iwlc1JEpwaFSPI.roa (raw, json)
Hash identifier:          TUnieu9UOgS3hw0oaMGHMZ2FiYRQqrhlAMNc6BYERoE=
Subject key identifier:   95:5B:08:BC:89:B6:B2:22:BB:E8:8C:25:73:52:44:A7:06:85:48:F2
Certificate issuer:       /CN=70b190d6f89a434cce5cb8c0d4b38a1669defb59
Certificate serial:       01941F8C5381E74AF873317275A9B34E71EE
Authority key identifier: 70:B1:90:D6:F8:9A:43:4C:CE:5C:B8:C0:D4:B3:8A:16:69:DE:FB:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cLGQ1viaQ0zOXLjA1LOKFmne-1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/23dc61-7e9d-40b3-91b6-46bd7d794fb6/1/lVsIvIm2siK76Iwlc1JEpwaFSPI.roa
Signing time:             Wed 01 Jan 2025 01:47:57 +0000
ROA not before:           Wed 01 Jan 2025 01:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32181
IP address blocks:        193.203.28.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/23dc61-7e9d-40b3-91b6-46bd7d794fb6/1/cLGQ1viaQ0zOXLjA1LOKFmne-1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/23dc61-7e9d-40b3-91b6-46bd7d794fb6/1/cLGQ1viaQ0zOXLjA1LOKFmne-1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cLGQ1viaQ0zOXLjA1LOKFmne-1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:53:81:e7:4a:f8:73:31:72:75:a9:b3:4e:71:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70b190d6f89a434cce5cb8c0d4b38a1669defb59
        Validity
            Not Before: Jan  1 01:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=955b08bc89b6b222bbe88c25735244a7068548f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:54:bb:98:b4:5a:df:47:7d:e2:ce:81:6d:d8:
                    e2:a2:27:6e:57:31:ab:9f:1c:c6:7f:18:00:ec:0c:
                    cf:8d:ce:eb:d1:22:b7:b7:1a:e5:df:c2:f6:78:f4:
                    01:b3:41:4c:33:f0:7f:d4:22:a5:13:f9:ce:0c:19:
                    43:78:03:35:ac:93:80:7b:b6:3c:45:59:1f:66:83:
                    00:86:d3:49:07:3b:a7:30:97:93:f8:f4:de:93:2b:
                    6b:98:50:66:58:64:f6:68:62:54:6c:bd:16:e7:68:
                    99:58:b6:43:af:41:b3:90:e6:19:0b:79:2e:1c:e3:
                    50:32:62:d5:53:1d:28:87:ef:20:e7:79:95:80:c3:
                    3a:e5:a5:29:6c:11:f8:5d:c9:88:b9:83:b9:bc:ff:
                    70:ed:fb:f9:ad:4b:2e:d7:bf:f1:14:e5:02:33:9c:
                    1a:de:fa:5e:7d:ad:40:4f:e0:8e:0b:83:04:6d:57:
                    d8:82:bb:55:54:d7:54:8f:eb:4a:7e:eb:30:a5:92:
                    93:64:82:0c:73:3e:0f:94:90:a6:78:fc:4c:3f:96:
                    97:71:24:c1:ab:d9:56:0a:8f:b2:22:fb:05:95:e1:
                    68:a0:d7:4a:2e:5e:f3:f1:f2:f3:b0:1d:2a:fe:be:
                    43:94:da:ed:16:6b:8a:34:d9:56:81:59:1b:f4:0e:
                    12:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:5B:08:BC:89:B6:B2:22:BB:E8:8C:25:73:52:44:A7:06:85:48:F2
            X509v3 Authority Key Identifier:
                keyid:70:B1:90:D6:F8:9A:43:4C:CE:5C:B8:C0:D4:B3:8A:16:69:DE:FB:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cLGQ1viaQ0zOXLjA1LOKFmne-1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/23dc61-7e9d-40b3-91b6-46bd7d794fb6/1/lVsIvIm2siK76Iwlc1JEpwaFSPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/23dc61-7e9d-40b3-91b6-46bd7d794fb6/1/cLGQ1viaQ0zOXLjA1LOKFmne-1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.203.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:4b:48:20:1b:5d:e2:6f:36:f8:13:cc:54:d4:f5:20:13:c5:
         9d:4b:34:91:d6:66:a4:cf:5b:4d:6b:ad:ea:fc:0f:63:bd:f8:
         f9:ff:32:ca:11:82:1c:31:3b:25:f8:c8:b5:2d:b9:74:46:8e:
         74:19:3b:ea:e3:e5:4e:14:82:fa:35:94:69:d9:ae:79:94:28:
         14:d0:83:61:97:da:82:30:eb:26:91:ce:64:d7:09:6f:b8:32:
         df:9c:75:01:ab:27:bd:0d:c8:f1:dc:9a:15:86:60:60:1e:9a:
         ed:97:8b:0e:30:50:70:53:fd:37:5c:19:99:48:6d:35:65:9a:
         c3:7e:d5:cc:f1:f7:ca:92:07:a4:7c:6a:27:34:c6:7c:7f:45:
         03:b8:67:12:96:be:e6:5b:8e:3a:49:22:eb:6e:a5:eb:c3:49:
         25:d0:85:a1:3a:c3:53:07:9e:44:fe:49:de:40:ad:d3:27:cd:
         3a:e8:3a:f6:63:4b:dd:7b:b4:c2:8e:18:24:c7:bc:b2:ee:c3:
         64:0e:66:2b:0a:05:80:3a:a9:b5:ec:8f:f9:0c:b5:b5:83:8d:
         9a:e1:26:8d:e1:b0:cd:9c:76:87:f1:1e:db:3c:7b:86:54:f9:
         cb:0e:e3:d3:7a:7b:7f:5e:e9:16:c1:bf:73:de:c7:90:c9:c9:
         6b:45:8c:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjFOB50r4czFydamzTnHuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYjE5MGQ2Zjg5YTQzNGNjZTVjYjhjMGQ0YjM4YTE2Njlk
ZWZiNTkwHhcNMjUwMTAxMDE0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTViMDhiYzg5YjZiMjIyYmJlODhjMjU3MzUyNDRhNzA2ODU0OGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9VS7mLRa30d94s6BbdjioiduVzGr
nxzGfxgA7AzPjc7r0SK3txrl38L2ePQBs0FMM/B/1CKlE/nODBlDeAM1rJOAe7Y8
RVkfZoMAhtNJBzunMJeT+PTekytrmFBmWGT2aGJUbL0W52iZWLZDr0GzkOYZC3ku
HONQMmLVUx0oh+8g53mVgMM65aUpbBH4XcmIuYO5vP9w7fv5rUsu17/xFOUCM5wa
3vpefa1AT+COC4MEbVfYgrtVVNdUj+tKfuswpZKTZIIMcz4PlJCmePxMP5aXcSTB
q9lWCo+yIvsFleFooNdKLl7z8fLzsB0q/r5DlNrtFmuKNNlWgVkb9A4SLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJVbCLyJtrIiu+iMJXNSRKcGhUjyMB8GA1UdIwQY
MBaAFHCxkNb4mkNMzly4wNSzihZp3vtZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0xHUTF2aWFRMHpPWExqQTFMT0tGbW5lLTFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8yM2RjNjEtN2U5ZC00MGIzLTkxYjYt
NDZiZDdkNzk0ZmI2LzEvbFZzSXZJbTJzaUs3Nkl3bGMxSkVwd2FGU1BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8yM2RjNjEtN2U5ZC00MGIzLTkxYjYtNDZiZDdkNzk0ZmI2
LzEvY0xHUTF2aWFRMHpPWExqQTFMT0tGbW5lLTFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwcscMA0G
CSqGSIb3DQEBCwUAA4IBAQAWS0ggG13ibzb4E8xU1PUgE8WdSzSR1makz1tNa63q
/A9jvfj5/zLKEYIcMTsl+Mi1Lbl0Ro50GTvq4+VOFIL6NZRp2a55lCgU0INhl9qC
MOsmkc5k1wlvuDLfnHUBqye9Dcjx3JoVhmBgHprtl4sOMFBwU/03XBmZSG01ZZrD
ftXM8ffKkgekfGonNMZ8f0UDuGcSlr7mW446SSLrbqXrw0kl0IWhOsNTB55E/kne
QK3TJ8066Dr2Y0vde7TCjhgkx7yy7sNkDmYrCgWAOqm17I/5DLW1g42a4SaN4bDN
nHaH8R7bPHuGVPnLDuPTent/XukWwb9z3seQyclrRYwF
-----END CERTIFICATE-----