Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/H39PTMA2gGFe9xH1KV-JqWq7MjU.roa
File:                     H39PTMA2gGFe9xH1KV-JqWq7MjU.roa (raw, json)
Hash identifier:          k7B5bfuejXmx2Owh01QsOa96PVf7Mq09gHYS7Tkg7z4=
Subject key identifier:   1F:7F:4F:4C:C0:36:80:61:5E:F7:11:F5:29:5F:89:A9:6A:BB:32:35
Certificate issuer:       /CN=4dd1b2587490ad061cb207176bdeec81a531588c
Certificate serial:       0194266C15CA036C730A23246955F153077C
Authority key identifier: 4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/H39PTMA2gGFe9xH1KV-JqWq7MjU.roa
Signing time:             Thu 02 Jan 2025 09:50:05 +0000
ROA not before:           Thu 02 Jan 2025 09:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8297
IP address blocks:        195.219.88.0/24 maxlen: 24
                          2a01:3e0:ff71::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:15:ca:03:6c:73:0a:23:24:69:55:f1:53:07:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd1b2587490ad061cb207176bdeec81a531588c
        Validity
            Not Before: Jan  2 09:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f7f4f4cc03680615ef711f5295f89a96abb3235
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:84:a0:b9:03:3d:23:ca:7e:cf:85:e5:d8:76:
                    94:9a:71:fc:c3:b7:8a:a7:69:ca:e1:bf:53:47:ab:
                    d0:b2:2a:3f:10:84:27:68:5c:97:68:80:06:20:76:
                    1f:ca:1c:58:81:cf:e0:c3:af:d0:ee:f2:e7:cc:33:
                    42:41:c8:e6:ec:34:aa:ba:e8:f3:d0:ef:65:d3:ce:
                    41:04:d6:27:cd:e8:4c:96:4a:25:ac:e2:3a:29:14:
                    e0:23:a2:23:49:41:9b:74:15:64:8b:50:a5:a5:1f:
                    34:cd:98:49:e8:4f:7f:4f:ef:c8:f1:29:6d:14:c4:
                    bb:1d:48:82:e5:66:1c:dc:3d:bc:8d:39:d6:e6:7b:
                    1d:fd:ee:85:83:75:16:48:f7:1f:6c:5b:00:3f:0b:
                    09:29:5c:e9:95:8f:04:7a:b2:39:2c:e5:bc:f8:91:
                    8e:84:23:51:1b:89:08:02:dc:ae:a4:55:d3:d9:bf:
                    02:43:91:35:56:53:ff:94:cd:81:30:ed:46:e5:d5:
                    24:29:44:f8:67:99:f1:ee:bc:8d:18:53:98:18:c9:
                    8b:d6:19:0d:49:f7:e2:fc:c0:e2:31:a7:6a:7e:c8:
                    6f:49:8e:7f:eb:7e:a4:01:f5:a3:4c:52:08:46:ba:
                    e2:f3:26:42:b0:f6:7a:ce:8e:46:e3:54:e2:f8:74:
                    f0:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:7F:4F:4C:C0:36:80:61:5E:F7:11:F5:29:5F:89:A9:6A:BB:32:35
            X509v3 Authority Key Identifier:
                keyid:4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/H39PTMA2gGFe9xH1KV-JqWq7MjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.219.88.0/24
                IPv6:
                  2a01:3e0:ff71::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:f8:3e:53:54:6e:4c:cd:fa:9c:44:f6:00:de:ac:5d:a7:cd:
         92:47:52:b5:f3:95:ec:13:ff:3e:eb:e7:32:43:1e:ba:16:83:
         fe:8c:82:2a:07:8b:de:76:53:43:91:15:16:cd:87:ef:ba:a6:
         92:31:18:f1:47:63:04:6d:05:02:c9:d5:27:45:fa:61:c5:bd:
         b5:a5:98:7f:e2:c6:95:13:ad:a4:a3:6a:d5:54:40:15:33:65:
         60:33:d3:9c:f1:28:4b:fd:93:50:f4:a3:10:3d:24:c3:ed:04:
         63:1b:3d:67:35:26:97:e9:76:79:9c:98:cf:b0:27:ee:33:12:
         20:90:6d:07:57:b0:fa:d5:b0:91:1a:1c:17:15:0a:29:bc:6b:
         04:64:da:7c:fe:07:44:a4:0d:42:e5:62:9f:44:54:be:bd:91:
         df:d5:35:cc:4d:b4:89:30:6b:09:9e:4a:96:00:13:36:0c:9a:
         db:93:e6:2a:b6:26:8f:87:79:d4:f3:fd:4b:8e:c0:1c:b8:4d:
         be:f3:14:fc:3a:82:4e:a6:07:65:8e:9d:13:c8:1a:85:c8:d1:
         c6:b5:01:56:2f:38:ec:83:2e:45:8e:c9:38:69:c3:55:39:7c:
         e6:12:ed:99:8a:7e:72:5f:c9:25:23:9a:c4:30:a9:d5:03:52:
         6c:2d:31:b7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQmbBXKA2xzCiMkaVXxUwd8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDFiMjU4NzQ5MGFkMDYxY2IyMDcxNzZiZGVlYzgxYTUz
MTU4OGMwHhcNMjUwMTAyMDk1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjdmNGY0Y2MwMzY4MDYxNWVmNzExZjUyOTVmODlhOTZhYmIzMjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0oSguQM9I8p+z4Xl2HaUmnH8w7eK
p2nK4b9TR6vQsio/EIQnaFyXaIAGIHYfyhxYgc/gw6/Q7vLnzDNCQcjm7DSquujz
0O9l085BBNYnzehMlkolrOI6KRTgI6IjSUGbdBVki1ClpR80zZhJ6E9/T+/I8Slt
FMS7HUiC5WYc3D28jTnW5nsd/e6Fg3UWSPcfbFsAPwsJKVzplY8EerI5LOW8+JGO
hCNRG4kIAtyupFXT2b8CQ5E1VlP/lM2BMO1G5dUkKUT4Z5nx7ryNGFOYGMmL1hkN
Sffi/MDiMadqfshvSY5/636kAfWjTFIIRrri8yZCsPZ6zo5G41Ti+HTwHwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB9/T0zANoBhXvcR9SlfialquzI1MB8GA1UdIwQY
MBaAFE3Rslh0kK0GHLIHF2ve7IGlMViMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUt
ZGI0NjNjNWZiMGI0LzEvSDM5UFRNQTJnR0ZlOXhIMUtWLUpxV3E3TWpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUtZGI0NjNjNWZiMGI0
LzEvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw9tYMA8E
AgACMAkDBwAqAQPg/3EwDQYJKoZIhvcNAQELBQADggEBAJn4PlNUbkzN+pxE9gDe
rF2nzZJHUrXzlewT/z7r5zJDHroWg/6MgioHi952U0ORFRbNh++6ppIxGPFHYwRt
BQLJ1SdF+mHFvbWlmH/ixpUTraSjatVUQBUzZWAz05zxKEv9k1D0oxA9JMPtBGMb
PWc1JpfpdnmcmM+wJ+4zEiCQbQdXsPrVsJEaHBcVCim8awRk2nz+B0SkDULlYp9E
VL69kd/VNcxNtIkwawmeSpYAEzYMmtuT5iq2Jo+HedTz/UuOwBy4Tb7zFPw6gk6m
B2WOnRPIGoXI0ca1AVYvOOyDLkWOyThpw1U5fOYS7ZmKfnJfySUjmsQwqdUDUmwt
Mbc=
-----END CERTIFICATE-----