Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/d5e5cb-5b27-47f6-8acb-0350787225c8/1/AFiiX1ExBRX0sjF1OFaXff5vX-o.roa
File:                     AFiiX1ExBRX0sjF1OFaXff5vX-o.roa (raw, json)
Hash identifier:          s6dqOT6FYSZSQT8asyjr/q9SCL3Hless8wyrxiVHEwU=
Subject key identifier:   00:58:A2:5F:51:31:05:15:F4:B2:31:75:38:56:97:7D:FE:6F:5F:EA
Certificate issuer:       /CN=bc903403c20a6cdb22366cc7acf48e9f99be34ff
Certificate serial:       019427B626F6568CD77046D7224BE1690D66
Authority key identifier: BC:90:34:03:C2:0A:6C:DB:22:36:6C:C7:AC:F4:8E:9F:99:BE:34:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vJA0A8IKbNsiNmzHrPSOn5m-NP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/d5e5cb-5b27-47f6-8acb-0350787225c8/1/AFiiX1ExBRX0sjF1OFaXff5vX-o.roa
Signing time:             Thu 02 Jan 2025 15:50:36 +0000
ROA not before:           Thu 02 Jan 2025 15:50:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39385
IP address blocks:        195.254.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/d5e5cb-5b27-47f6-8acb-0350787225c8/1/vJA0A8IKbNsiNmzHrPSOn5m-NP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/d5e5cb-5b27-47f6-8acb-0350787225c8/1/vJA0A8IKbNsiNmzHrPSOn5m-NP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vJA0A8IKbNsiNmzHrPSOn5m-NP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:26:f6:56:8c:d7:70:46:d7:22:4b:e1:69:0d:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc903403c20a6cdb22366cc7acf48e9f99be34ff
        Validity
            Not Before: Jan  2 15:50:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0058a25f51310515f4b231753856977dfe6f5fea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:eb:27:68:70:14:df:d7:a8:11:f2:c2:18:15:
                    83:0e:ed:26:62:40:c5:cb:b3:65:43:4b:55:de:cb:
                    39:60:15:86:5b:56:eb:4c:21:ea:71:c0:e1:05:8b:
                    02:2f:5d:76:eb:c2:8b:41:d2:d3:3d:2b:a0:27:2a:
                    99:33:8a:f1:b8:81:ef:bb:fa:46:43:eb:cf:a3:87:
                    3b:5c:26:01:28:f6:cf:37:23:e7:50:43:8f:5d:40:
                    e7:8e:52:0d:e9:b1:33:ee:72:ad:62:ea:89:a3:14:
                    82:11:d2:3d:66:45:c5:38:b3:63:8e:55:ec:b2:d2:
                    2e:cf:ff:b8:29:c2:43:42:01:e9:94:58:fb:0b:07:
                    92:60:9f:2f:27:7a:60:66:b2:40:ac:c5:86:52:85:
                    fa:de:4f:3e:d7:01:29:61:db:d3:bb:10:f4:dc:d3:
                    aa:3c:6b:8a:bc:14:ba:8c:9a:a6:80:bf:f1:51:b0:
                    4c:a3:a7:68:38:15:b5:95:9f:fd:35:4a:0b:b9:c0:
                    02:c9:ab:b8:1c:e5:5c:0a:76:9e:36:59:94:b2:50:
                    4d:a0:90:77:e4:bd:b9:bc:3e:0a:e1:fb:7b:5f:2c:
                    77:ff:fb:f9:5a:85:d1:83:0c:8e:ae:b3:c8:41:b4:
                    59:5b:c5:9b:84:93:dc:2b:12:4b:84:dc:d7:33:af:
                    da:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:58:A2:5F:51:31:05:15:F4:B2:31:75:38:56:97:7D:FE:6F:5F:EA
            X509v3 Authority Key Identifier:
                keyid:BC:90:34:03:C2:0A:6C:DB:22:36:6C:C7:AC:F4:8E:9F:99:BE:34:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vJA0A8IKbNsiNmzHrPSOn5m-NP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/d5e5cb-5b27-47f6-8acb-0350787225c8/1/AFiiX1ExBRX0sjF1OFaXff5vX-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/d5e5cb-5b27-47f6-8acb-0350787225c8/1/vJA0A8IKbNsiNmzHrPSOn5m-NP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.254.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:e6:b6:36:f1:00:67:fd:26:9e:31:eb:3f:29:a1:35:c7:03:
         dd:a2:c8:3c:f6:12:4d:17:cf:4c:76:3e:2a:8a:37:c3:02:33:
         de:f4:6f:ad:d2:6d:41:c4:c8:cc:e1:c4:f6:64:7f:1d:82:93:
         4e:2c:8b:1d:71:8c:45:cd:d7:15:56:88:fc:de:7a:c7:dd:4e:
         d8:a0:19:f1:31:85:03:31:28:2d:1a:f3:5b:d5:03:0c:8e:23:
         2c:59:5d:6e:cd:98:11:f4:b9:e4:9d:d7:52:1a:88:de:b5:d6:
         7d:84:92:e7:e0:0f:2b:90:30:7c:f2:e5:83:7e:fb:80:0c:d1:
         8b:4d:50:b0:56:4c:10:50:a2:bb:64:d2:da:ba:fe:f6:61:45:
         2a:4a:14:ab:cf:01:fe:11:0f:b4:b6:50:02:38:2c:0e:f1:2c:
         f7:4b:cd:e3:ca:5d:65:69:13:70:06:c3:88:e8:ed:c0:46:fb:
         38:70:49:e4:0b:8a:2f:a7:c7:86:51:a6:32:97:8f:6d:46:f9:
         03:95:35:7f:e5:ae:37:71:05:13:38:6e:20:44:cf:d7:75:74:
         52:0b:21:9d:9b:e9:c4:30:d4:62:7e:01:71:6d:a1:d9:e6:28:
         4a:9e:99:89:b9:00:71:8b:49:b7:0e:b5:32:de:86:6e:c1:d1:
         dc:b5:df:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntib2VozXcEbXIkvhaQ1mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjOTAzNDAzYzIwYTZjZGIyMjM2NmNjN2FjZjQ4ZTlmOTli
ZTM0ZmYwHhcNMjUwMTAyMTU1MDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDU4YTI1ZjUxMzEwNTE1ZjRiMjMxNzUzODU2OTc3ZGZlNmY1ZmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOsnaHAU39eoEfLCGBWDDu0mYkDF
y7NlQ0tV3ss5YBWGW1brTCHqccDhBYsCL11268KLQdLTPSugJyqZM4rxuIHvu/pG
Q+vPo4c7XCYBKPbPNyPnUEOPXUDnjlIN6bEz7nKtYuqJoxSCEdI9ZkXFOLNjjlXs
stIuz/+4KcJDQgHplFj7CweSYJ8vJ3pgZrJArMWGUoX63k8+1wEpYdvTuxD03NOq
PGuKvBS6jJqmgL/xUbBMo6doOBW1lZ/9NUoLucACyau4HOVcCnaeNlmUslBNoJB3
5L25vD4K4ft7Xyx3//v5WoXRgwyOrrPIQbRZW8WbhJPcKxJLhNzXM6/atwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFABYol9RMQUV9LIxdThWl33+b1/qMB8GA1UdIwQY
MBaAFLyQNAPCCmzbIjZsx6z0jp+ZvjT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkpBMEE4SUtiTnNpTm16SHJQU09uNW0tTlA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9kNWU1Y2ItNWIyNy00N2Y2LThhY2It
MDM1MDc4NzIyNWM4LzEvQUZpaVgxRXhCUlgwc2pGMU9GYVhmZjV2WC1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9kNWU1Y2ItNWIyNy00N2Y2LThhY2ItMDM1MDc4NzIyNWM4
LzEvdkpBMEE4SUtiTnNpTm16SHJQU09uNW0tTlA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/6FMA0G
CSqGSIb3DQEBCwUAA4IBAQAD5rY28QBn/SaeMes/KaE1xwPdosg89hJNF89Mdj4q
ijfDAjPe9G+t0m1BxMjM4cT2ZH8dgpNOLIsdcYxFzdcVVoj83nrH3U7YoBnxMYUD
MSgtGvNb1QMMjiMsWV1uzZgR9LnknddSGojetdZ9hJLn4A8rkDB88uWDfvuADNGL
TVCwVkwQUKK7ZNLauv72YUUqShSrzwH+EQ+0tlACOCwO8Sz3S83jyl1laRNwBsOI
6O3ARvs4cEnkC4ovp8eGUaYyl49tRvkDlTV/5a43cQUTOG4gRM/XdXRSCyGdm+nE
MNRifgFxbaHZ5ihKnpmJuQBxi0m3DrUy3oZuwdHctd/U
-----END CERTIFICATE-----