Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/120043-1733-4c72-ad47-bc0e511c20ce/1/oRY9iKk0D5CyNjGBBRC8EKK0Png.roa
File:                     oRY9iKk0D5CyNjGBBRC8EKK0Png.roa (raw, json)
Hash identifier:          ptEHHc6sV9bAwsAg48r335Aq1U2u7iI0S6DteNymbm8=
Subject key identifier:   A1:16:3D:88:A9:34:0F:90:B2:36:31:81:05:10:BC:10:A2:B4:3E:78
Certificate issuer:       /CN=97893182b16718983bc008c8d087f8ddca3d8614
Certificate serial:       01972AD9EE339A9D6B5C2BF875B3D8F667A4
Authority key identifier: 97:89:31:82:B1:67:18:98:3B:C0:08:C8:D0:87:F8:DD:CA:3D:86:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l4kxgrFnGJg7wAjI0If43co9hhQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/120043-1733-4c72-ad47-bc0e511c20ce/1/oRY9iKk0D5CyNjGBBRC8EKK0Png.roa
Signing time:             Sun 01 Jun 2025 09:36:54 +0000
ROA not before:           Sun 01 Jun 2025 09:36:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29018
IP address blocks:        195.225.132.0/24 maxlen: 24
                          2a0b:1306:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/120043-1733-4c72-ad47-bc0e511c20ce/1/l4kxgrFnGJg7wAjI0If43co9hhQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/120043-1733-4c72-ad47-bc0e511c20ce/1/l4kxgrFnGJg7wAjI0If43co9hhQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l4kxgrFnGJg7wAjI0If43co9hhQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:2a:d9:ee:33:9a:9d:6b:5c:2b:f8:75:b3:d8:f6:67:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97893182b16718983bc008c8d087f8ddca3d8614
        Validity
            Not Before: Jun  1 09:36:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1163d88a9340f90b23631810510bc10a2b43e78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c1:dd:17:1a:7c:53:f9:da:78:da:19:c5:a0:
                    28:ca:a9:bc:b8:6c:d6:25:77:19:fb:68:a6:7b:6f:
                    aa:0a:6b:1b:fc:20:c2:d6:1c:d3:1d:d4:cf:28:e3:
                    b7:3e:b5:2a:b0:25:f3:37:c1:c2:3c:84:70:9e:d4:
                    b0:93:70:0b:e7:53:55:d8:1e:5f:81:e6:91:11:b0:
                    fb:e3:63:0d:a2:8f:bc:22:03:6e:eb:9a:a0:65:06:
                    9d:79:a7:04:53:50:5b:0f:b3:73:6d:75:26:21:b0:
                    fe:6c:96:fd:ab:f0:0e:8c:5a:f2:1f:e7:91:2c:7a:
                    3c:bb:30:9b:de:9a:db:fb:7a:0d:ec:52:d9:6b:6f:
                    86:17:e0:0d:32:cc:81:07:61:65:72:27:6a:18:28:
                    e2:2d:23:40:e8:df:a4:67:9c:57:60:9c:45:d6:53:
                    e0:a7:f1:b0:7a:ba:19:da:e7:4c:6d:0c:6d:52:b1:
                    bb:91:38:61:f1:bb:2b:f9:33:c1:af:16:ba:3d:2d:
                    2e:69:c0:b6:76:36:00:9b:23:14:88:cd:50:c5:e4:
                    48:d1:31:40:82:5b:69:e8:57:1a:e9:4f:40:5d:65:
                    94:4e:30:f8:15:52:6f:a6:74:99:2d:fc:60:bd:8a:
                    4b:b8:f9:5d:9c:01:e7:e9:25:03:b3:26:65:a1:46:
                    01:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:16:3D:88:A9:34:0F:90:B2:36:31:81:05:10:BC:10:A2:B4:3E:78
            X509v3 Authority Key Identifier:
                keyid:97:89:31:82:B1:67:18:98:3B:C0:08:C8:D0:87:F8:DD:CA:3D:86:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l4kxgrFnGJg7wAjI0If43co9hhQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/120043-1733-4c72-ad47-bc0e511c20ce/1/oRY9iKk0D5CyNjGBBRC8EKK0Png.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/120043-1733-4c72-ad47-bc0e511c20ce/1/l4kxgrFnGJg7wAjI0If43co9hhQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.225.132.0/24
                IPv6:
                  2a0b:1306:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:f6:f5:a5:94:b6:fc:02:d2:38:bd:8c:67:b3:b3:b4:0e:20:
         0e:9f:62:8d:58:ee:59:f9:81:44:45:c7:c1:5e:67:70:5b:1c:
         1c:df:2c:4c:99:85:0d:86:b0:36:a7:4f:b7:71:b8:8e:ae:5a:
         6e:38:cd:6d:86:af:60:ad:77:4a:30:4f:1f:4d:40:e7:83:1b:
         3d:12:48:e3:9f:c6:01:b0:70:01:9e:d9:9d:31:1e:f0:91:5c:
         8e:ed:00:e6:f6:97:97:d0:90:58:02:d9:fb:55:f1:2b:ee:16:
         ee:d5:68:ec:4c:e7:b7:89:38:dd:12:78:e5:b6:5f:a6:db:fe:
         33:a8:58:88:e0:ec:e9:34:da:44:b9:11:10:a3:9b:a3:53:69:
         1b:60:a8:8a:96:59:f9:7d:2c:a6:38:b9:a3:17:62:db:35:53:
         9c:20:0f:67:cd:d3:d2:00:18:37:c1:43:22:9f:87:d5:5a:62:
         f2:77:98:f7:c8:43:8f:ae:68:68:83:17:9c:06:ab:38:dc:f0:
         01:92:52:0e:77:b2:ed:cf:5b:0f:46:a3:0e:b6:2a:64:5e:d0:
         20:9e:92:ab:37:4a:5f:3f:aa:0f:0b:e6:e0:69:72:46:72:a4:
         76:65:84:2e:c8:15:af:ac:71:fc:35:15:aa:94:6f:11:33:f7:
         1a:46:df:36
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZcq2e4zmp1rXCv4dbPY9mekMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ODkzMTgyYjE2NzE4OTgzYmMwMDhjOGQwODdmOGRkY2Ez
ZDg2MTQwHhcNMjUwNjAxMDkzNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTE2M2Q4OGE5MzQwZjkwYjIzNjMxODEwNTEwYmMxMGEyYjQzZTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsHdFxp8U/naeNoZxaAoyqm8uGzW
JXcZ+2ime2+qCmsb/CDC1hzTHdTPKOO3PrUqsCXzN8HCPIRwntSwk3AL51NV2B5f
geaREbD742MNoo+8IgNu65qgZQadeacEU1BbD7NzbXUmIbD+bJb9q/AOjFryH+eR
LHo8uzCb3prb+3oN7FLZa2+GF+ANMsyBB2FlcidqGCjiLSNA6N+kZ5xXYJxF1lPg
p/GweroZ2udMbQxtUrG7kThh8bsr+TPBrxa6PS0uacC2djYAmyMUiM1QxeRI0TFA
gltp6Fca6U9AXWWUTjD4FVJvpnSZLfxgvYpLuPldnAHn6SUDsyZloUYBswIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKEWPYipNA+QsjYxgQUQvBCitD54MB8GA1UdIwQY
MBaAFJeJMYKxZxiYO8AIyNCH+N3KPYYUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDRreGdyRm5HSmc3d0FqSTBJZjQzY285aGhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8xMjAwNDMtMTczMy00YzcyLWFkNDct
YmMwZTUxMWMyMGNlLzEvb1JZOWlLazBENUN5TmpHQkJSQzhFS0swUG5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8xMjAwNDMtMTczMy00YzcyLWFkNDctYmMwZTUxMWMyMGNl
LzEvbDRreGdyRm5HSmc3d0FqSTBJZjQzY285aGhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw+GEMA8E
AgACMAkDBwAqCxMGAAMwDQYJKoZIhvcNAQELBQADggEBAGz29aWUtvwC0ji9jGez
s7QOIA6fYo1Y7ln5gURFx8FeZ3BbHBzfLEyZhQ2GsDanT7dxuI6uWm44zW2Gr2Ct
d0owTx9NQOeDGz0SSOOfxgGwcAGe2Z0xHvCRXI7tAOb2l5fQkFgC2ftV8SvuFu7V
aOxM57eJON0SeOW2X6bb/jOoWIjg7Ok02kS5ERCjm6NTaRtgqIqWWfl9LKY4uaMX
Yts1U5wgD2fN09IAGDfBQyKfh9VaYvJ3mPfIQ4+uaGiDF5wGqzjc8AGSUg53su3P
Ww9Gow62KmRe0CCekqs3Sl8/qg8L5uBpckZypHZlhC7IFa+scfw1FaqUbxEz9xpG
3zY=
-----END CERTIFICATE-----