Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/iO2XymkwIF7WlUW5qz2qQNgB2Ak.roa
File:                     iO2XymkwIF7WlUW5qz2qQNgB2Ak.roa (raw, json)
Hash identifier:          L1lYpnfPbbUaWlpO5SVeEau2RnCcWEeITZOvJxCDImc=
Subject key identifier:   88:ED:97:CA:69:30:20:5E:D6:95:45:B9:AB:3D:AA:40:D8:01:D8:09
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0194236A03C3D48B9FC0CD2AE1376BD49B11
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/iO2XymkwIF7WlUW5qz2qQNgB2Ak.roa
Signing time:             Wed 01 Jan 2025 19:48:57 +0000
ROA not before:           Wed 01 Jan 2025 19:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400039
IP address blocks:        146.19.237.0/24 maxlen: 24
                          188.93.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:03:c3:d4:8b:9f:c0:cd:2a:e1:37:6b:d4:9b:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 19:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88ed97ca6930205ed69545b9ab3daa40d801d809
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:36:f4:c9:d7:a1:a9:7a:c1:cd:eb:c3:13:d9:
                    67:38:88:55:91:3a:1e:96:da:32:d0:72:f4:1b:97:
                    b6:f4:6d:9c:20:1d:b0:c7:6d:53:a2:7c:de:8c:3f:
                    b7:e4:2e:fb:e2:f5:62:bd:31:02:40:4e:1a:4e:17:
                    68:70:14:0e:c3:fe:33:65:d7:7e:e6:18:06:af:02:
                    d9:82:85:7c:b9:b5:03:93:b1:d0:d1:82:36:0d:86:
                    5d:4b:0b:d1:58:63:e7:95:d7:bd:8f:8c:0c:d5:f5:
                    f0:e7:29:89:76:85:41:4c:02:6f:c2:66:49:39:9b:
                    2f:24:df:98:96:be:96:39:56:c4:e7:aa:4d:2d:68:
                    f2:df:2d:c5:5b:12:90:8b:f3:8b:93:68:18:88:9e:
                    cb:e7:3b:9b:65:82:b1:de:16:ae:45:87:85:0e:b7:
                    8d:14:f5:46:19:67:d0:f4:31:15:1c:d9:c5:e1:81:
                    36:6b:7b:a7:b7:e8:97:0b:c6:c2:6f:06:10:2e:61:
                    83:bd:71:89:20:2b:28:ca:69:bf:3e:2b:d9:39:81:
                    22:77:32:f0:6e:bb:88:0b:e6:4f:2a:e0:f3:25:d8:
                    96:46:fb:ed:ae:b9:0b:a0:c9:32:9c:d9:29:c9:2e:
                    63:69:00:f8:39:01:ec:2f:9b:49:b9:98:ec:46:30:
                    91:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:ED:97:CA:69:30:20:5E:D6:95:45:B9:AB:3D:AA:40:D8:01:D8:09
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/iO2XymkwIF7WlUW5qz2qQNgB2Ak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.237.0/24
                  188.93.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:3c:6c:a8:30:77:c8:c1:23:6b:f0:f2:0b:bf:cc:24:ed:0c:
         d4:8b:6c:8c:f0:6d:7f:27:d1:c9:ec:df:37:e2:13:c2:9b:10:
         a4:36:65:77:f6:ce:ab:6a:12:c6:9e:19:2b:3f:8f:a9:2a:ce:
         f6:a2:9e:ba:bd:86:fb:f8:ff:a3:9f:dc:87:96:8c:e8:18:fc:
         9a:ef:98:a8:6b:dd:6b:a7:5e:af:7e:4c:9f:da:3e:0e:9b:74:
         bf:cb:91:90:77:69:d6:b4:28:44:83:ec:74:a6:cc:47:31:31:
         9f:5d:a1:11:5e:fb:74:4f:6a:a7:e6:db:3a:11:d0:7c:45:4e:
         64:6c:94:f8:de:04:d8:29:0b:6e:b9:12:3f:d0:a1:3d:c7:58:
         f7:69:e1:8a:2b:d4:61:3d:5e:1c:e8:5d:04:b3:48:76:39:58:
         31:09:0a:90:00:ab:da:5d:71:72:37:c0:b4:3e:de:1d:95:c8:
         25:f7:38:12:79:1a:8a:7d:1c:e8:40:67:9e:e4:63:e3:5a:cb:
         57:a9:66:dd:59:7b:75:b7:e7:af:47:af:9f:46:30:c0:45:25:
         d2:8c:0a:de:c5:9a:35:0d:c6:f0:ff:c8:21:07:b4:46:e6:67:
         44:d7:ba:6f:d8:e3:3e:ae:71:b0:71:1b:4e:f6:f4:c4:26:d3:
         16:74:72:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQjagPD1IufwM0q4Tdr1JsRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMTAxMTk0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGVkOTdjYTY5MzAyMDVlZDY5NTQ1YjlhYjNkYWE0MGQ4MDFkODA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDb0ydehqXrBzevDE9lnOIhVkToe
ltoy0HL0G5e29G2cIB2wx21TonzejD+35C774vVivTECQE4aThdocBQOw/4zZdd+
5hgGrwLZgoV8ubUDk7HQ0YI2DYZdSwvRWGPnlde9j4wM1fXw5ymJdoVBTAJvwmZJ
OZsvJN+Ylr6WOVbE56pNLWjy3y3FWxKQi/OLk2gYiJ7L5zubZYKx3hauRYeFDreN
FPVGGWfQ9DEVHNnF4YE2a3unt+iXC8bCbwYQLmGDvXGJICsoymm/PivZOYEidzLw
bruIC+ZPKuDzJdiWRvvtrrkLoMkynNkpyS5jaQD4OQHsL5tJuZjsRjCRdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIjtl8ppMCBe1pVFuas9qkDYAdgJMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvaU8yWHlta3dJRjdXbFVXNXF6MnFRTmdCMkFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkhPtAwQA
vF2JMA0GCSqGSIb3DQEBCwUAA4IBAQCdPGyoMHfIwSNr8PILv8wk7QzUi2yM8G1/
J9HJ7N834hPCmxCkNmV39s6rahLGnhkrP4+pKs72op66vYb7+P+jn9yHlozoGPya
75ioa91rp16vfkyf2j4Om3S/y5GQd2nWtChEg+x0psxHMTGfXaERXvt0T2qn5ts6
EdB8RU5kbJT43gTYKQtuuRI/0KE9x1j3aeGKK9RhPV4c6F0Es0h2OVgxCQqQAKva
XXFyN8C0Pt4dlcgl9zgSeRqKfRzoQGee5GPjWstXqWbdWXt1t+evR6+fRjDARSXS
jArexZo1Dcbw/8ghB7RG5mdE17pv2OM+rnGwcRtO9vTEJtMWdHIC
-----END CERTIFICATE-----