Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/2a727b-a745-4339-925a-4d00d6032afe/1/i9ojhRN5HPqLEONrX8zwsFoi9sk.roa
File:                     i9ojhRN5HPqLEONrX8zwsFoi9sk.roa (raw, json)
Hash identifier:          MIYLI6ZlVjLLI/2sB5M12T0X1D0wb0+Le0eSAFyUiKg=
Subject key identifier:   8B:DA:23:85:13:79:1C:FA:8B:10:E3:6B:5F:CC:F0:B0:5A:22:F6:C9
Certificate issuer:       /CN=b244d27188fe526bd72636738195d1eb7f606335
Certificate serial:       01941F8C54CC74BFFE2C64D49A9EC4E7A217
Authority key identifier: B2:44:D2:71:88:FE:52:6B:D7:26:36:73:81:95:D1:EB:7F:60:63:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/skTScYj-UmvXJjZzgZXR639gYzU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/2a727b-a745-4339-925a-4d00d6032afe/1/i9ojhRN5HPqLEONrX8zwsFoi9sk.roa
Signing time:             Wed 01 Jan 2025 01:47:57 +0000
ROA not before:           Wed 01 Jan 2025 01:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25522
IP address blocks:        194.153.120.0/22 maxlen: 22
                          194.153.124.0/22 maxlen: 22
                          2001:67c:704::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/2a727b-a745-4339-925a-4d00d6032afe/1/skTScYj-UmvXJjZzgZXR639gYzU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/2a727b-a745-4339-925a-4d00d6032afe/1/skTScYj-UmvXJjZzgZXR639gYzU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/skTScYj-UmvXJjZzgZXR639gYzU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 16:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:54:cc:74:bf:fe:2c:64:d4:9a:9e:c4:e7:a2:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b244d27188fe526bd72636738195d1eb7f606335
        Validity
            Not Before: Jan  1 01:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8bda238513791cfa8b10e36b5fccf0b05a22f6c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b0:48:0f:6c:89:8a:1d:a8:19:de:26:3c:9a:
                    70:f2:32:a9:c5:fa:c0:f0:00:12:55:7a:de:d5:c4:
                    c5:ed:1d:c7:da:57:44:99:c1:2e:e8:bd:e7:78:48:
                    9f:cc:c0:3b:9e:b7:89:fc:85:b9:2b:5d:5e:98:e2:
                    7f:1f:bb:e5:39:b2:2b:ec:4e:9e:08:45:07:be:ad:
                    39:9f:43:5b:1f:98:9b:2c:5d:7e:76:73:ea:0e:1a:
                    e6:25:10:c4:dd:9b:5e:fe:47:d8:9c:ac:9e:6f:77:
                    cd:d7:fa:6c:46:03:8f:a0:81:3c:cd:d1:2b:63:06:
                    ca:97:b6:51:a4:f1:7e:7f:cb:6a:73:80:4a:cb:58:
                    07:31:00:d9:ee:e8:fe:91:d5:b3:b6:4a:c9:03:90:
                    00:d4:65:2b:3c:aa:1a:3c:a4:97:02:2e:30:ba:1e:
                    58:b0:9d:f5:67:14:7a:73:ab:86:de:f2:56:bb:5f:
                    bf:73:85:fa:53:3d:07:9f:92:ab:c4:6d:5e:84:28:
                    6c:93:a2:99:5e:8d:ba:ef:38:0c:e1:be:33:1e:c9:
                    df:a4:c7:59:04:56:61:fc:0e:87:67:33:1a:45:6a:
                    57:41:5d:8a:62:98:f0:11:84:f1:fc:fe:ba:48:84:
                    29:69:7b:6b:e6:42:5b:0e:db:b1:6e:02:94:dd:8c:
                    63:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:DA:23:85:13:79:1C:FA:8B:10:E3:6B:5F:CC:F0:B0:5A:22:F6:C9
            X509v3 Authority Key Identifier:
                keyid:B2:44:D2:71:88:FE:52:6B:D7:26:36:73:81:95:D1:EB:7F:60:63:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/skTScYj-UmvXJjZzgZXR639gYzU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2a727b-a745-4339-925a-4d00d6032afe/1/i9ojhRN5HPqLEONrX8zwsFoi9sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2a727b-a745-4339-925a-4d00d6032afe/1/skTScYj-UmvXJjZzgZXR639gYzU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.120.0/21
                IPv6:
                  2001:67c:704::/48

    Signature Algorithm: sha256WithRSAEncryption
         b4:ad:bd:c6:1b:44:da:64:dc:b8:c6:b1:f3:7b:9f:19:85:e5:
         3c:fa:1e:ca:fc:a8:a7:af:0c:99:72:99:22:60:fe:2b:d7:71:
         e7:29:d1:62:84:81:4d:61:bb:a9:33:dd:23:1e:a1:44:35:59:
         f1:b0:79:00:16:5d:cf:cb:43:43:c0:32:a9:6c:88:83:61:38:
         da:fe:67:48:0c:aa:bd:ff:21:cd:d5:8e:2a:f7:39:a2:f7:ea:
         e5:29:3a:03:50:b8:d9:9c:64:af:9a:66:32:f2:2e:4d:66:eb:
         9b:02:80:01:73:a2:f7:8a:a4:8c:83:56:74:9e:2e:9a:f2:24:
         f3:32:04:3f:cf:35:14:85:8c:ee:65:13:15:e0:64:3f:34:9a:
         e6:e6:6d:a0:89:1d:5c:a8:86:50:79:c8:0f:d3:09:1b:f0:7e:
         f7:78:14:47:51:7d:b9:f0:cf:46:1d:3a:c5:d7:fc:b5:71:ec:
         2f:56:9f:42:91:77:98:b0:57:e7:9f:04:fc:7f:9e:e2:7d:74:
         32:d1:b7:11:a9:35:f7:4d:31:fd:87:2f:0e:b7:0e:da:bb:7d:
         75:88:f9:2e:4b:82:78:1e:2d:3b:de:1b:07:12:13:ba:6b:69:
         89:9b:a4:f4:b2:29:f5:5d:7e:79:d7:b7:22:a3:30:a8:00:27:
         f0:10:8c:33
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQfjFTMdL/+LGTUmp7E56IXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNDRkMjcxODhmZTUyNmJkNzI2MzY3MzgxOTVkMWViN2Y2
MDYzMzUwHhcNMjUwMTAxMDE0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmRhMjM4NTEzNzkxY2ZhOGIxMGUzNmI1ZmNjZjBiMDVhMjJmNmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLBID2yJih2oGd4mPJpw8jKpxfrA
8AASVXre1cTF7R3H2ldEmcEu6L3neEifzMA7nreJ/IW5K11emOJ/H7vlObIr7E6e
CEUHvq05n0NbH5ibLF1+dnPqDhrmJRDE3Zte/kfYnKyeb3fN1/psRgOPoIE8zdEr
YwbKl7ZRpPF+f8tqc4BKy1gHMQDZ7uj+kdWztkrJA5AA1GUrPKoaPKSXAi4wuh5Y
sJ31ZxR6c6uG3vJWu1+/c4X6Uz0Hn5KrxG1ehChsk6KZXo267zgM4b4zHsnfpMdZ
BFZh/A6HZzMaRWpXQV2KYpjwEYTx/P66SIQpaXtr5kJbDtuxbgKU3YxjJQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIvaI4UTeRz6ixDja1/M8LBaIvbJMB8GA1UdIwQY
MBaAFLJE0nGI/lJr1yY2c4GV0et/YGM1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2tUU2NZai1VbXZYSmpaemdaWFI2MzlnWXpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8yYTcyN2ItYTc0NS00MzM5LTkyNWEt
NGQwMGQ2MDMyYWZlLzEvaTlvamhSTjVIUHFMRU9Oclg4endzRm9pOXNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8yYTcyN2ItYTc0NS00MzM5LTkyNWEtNGQwMGQ2MDMyYWZl
LzEvc2tUU2NZai1VbXZYSmpaemdaWFI2MzlnWXpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwpl4MA8E
AgACMAkDBwAgAQZ8BwQwDQYJKoZIhvcNAQELBQADggEBALStvcYbRNpk3LjGsfN7
nxmF5Tz6Hsr8qKevDJlymSJg/ivXcecp0WKEgU1hu6kz3SMeoUQ1WfGweQAWXc/L
Q0PAMqlsiINhONr+Z0gMqr3/Ic3Vjir3OaL36uUpOgNQuNmcZK+aZjLyLk1m65sC
gAFzoveKpIyDVnSeLpryJPMyBD/PNRSFjO5lExXgZD80mubmbaCJHVyohlB5yA/T
CRvwfvd4FEdRfbnwz0YdOsXX/LVx7C9Wn0KRd5iwV+efBPx/nuJ9dDLRtxGpNfdN
Mf2HLw63Dtq7fXWI+S5LgngeLTveGwcSE7praYmbpPSyKfVdfnnXtyKjMKgAJ/AQ
jDM=
-----END CERTIFICATE-----