Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/LxmXKshmtuMEZ0BEtI8OZ3pc6a4.roa
File:                     LxmXKshmtuMEZ0BEtI8OZ3pc6a4.roa (raw, json)
Hash identifier:          BE7Guajidy2ZGEl6ojBuTJHw+oa7Wo9qwI9Cz2Rf4Yc=
Subject key identifier:   2F:19:97:2A:C8:66:B6:E3:04:67:40:44:B4:8F:0E:67:7A:5C:E9:AE
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       019422FC262C1BF133B35260823B3F4EAC3F
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/LxmXKshmtuMEZ0BEtI8OZ3pc6a4.roa
Signing time:             Wed 01 Jan 2025 17:48:57 +0000
ROA not before:           Wed 01 Jan 2025 17:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     272825
IP address blocks:        193.37.200.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:26:2c:1b:f1:33:b3:52:60:82:3b:3f:4e:ac:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 17:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f19972ac866b6e304674044b48f0e677a5ce9ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:12:ce:e8:1b:1b:b4:fa:5e:ba:f9:bd:fd:c7:
                    73:f4:aa:21:08:0f:7f:53:fb:8e:c4:07:95:ce:54:
                    99:29:b0:23:79:71:e3:a1:ed:9b:65:65:3a:29:69:
                    75:84:df:64:f9:4c:ff:77:b5:05:be:bb:b3:5a:c6:
                    a4:90:28:3b:77:c8:76:92:10:25:fc:98:65:0e:3f:
                    f2:5e:bb:6b:5e:f7:22:5a:09:3f:d8:83:35:f9:24:
                    00:3d:a6:dc:db:0d:c1:3f:72:a0:e0:5d:35:b5:be:
                    40:24:5c:1a:67:d9:6c:94:cb:5f:7f:2b:be:06:2d:
                    ab:fa:20:04:84:c5:fd:bc:52:2e:da:7f:48:1d:f7:
                    4b:b7:ff:f2:1e:94:3d:db:3c:b4:7c:9f:94:81:36:
                    88:15:fe:f7:7a:37:be:0c:ff:8c:c4:db:0e:24:fd:
                    75:65:75:89:13:48:7f:2f:e3:a8:20:bc:fc:b7:d2:
                    de:d6:58:77:5b:56:6f:67:17:43:ff:76:fd:b1:6b:
                    87:d4:b2:42:27:70:75:5f:70:04:17:e9:0a:fa:15:
                    ed:0e:e8:b5:9c:dd:c7:88:43:03:cf:12:fb:bb:33:
                    67:ba:69:d7:1a:28:0b:94:b1:fb:a4:a6:ea:d4:85:
                    96:20:ac:51:fb:99:9a:8e:6a:a0:95:ef:4e:a2:60:
                    bb:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:19:97:2A:C8:66:B6:E3:04:67:40:44:B4:8F:0E:67:7A:5C:E9:AE
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/LxmXKshmtuMEZ0BEtI8OZ3pc6a4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:0c:c1:ba:ca:b4:8d:23:6f:e8:4f:80:3d:a4:94:1a:25:77:
         59:b5:e9:d2:cf:04:dd:71:ff:70:2e:a7:a5:d5:df:53:46:1f:
         57:ba:75:24:d0:aa:43:c9:07:61:a5:87:5d:0a:59:22:4a:d9:
         06:7b:88:31:98:36:63:5a:92:69:92:8a:c7:fe:fb:cf:05:ea:
         f8:94:e7:09:1a:b9:b4:46:1c:4f:21:b0:b3:7e:10:66:fa:4b:
         38:c0:ee:ef:d5:47:53:3e:a9:81:3b:db:13:05:e4:b2:67:6f:
         8c:95:34:0c:01:31:f9:ba:57:8d:0e:82:2c:6f:f7:af:5e:67:
         35:4c:77:8c:0d:da:da:d8:bc:d1:69:90:f4:1b:58:67:e9:00:
         8b:2d:22:30:9d:e5:ba:57:fa:8c:63:8c:ae:ff:1a:ea:7b:ef:
         2a:5c:50:ea:31:70:00:09:13:d2:b5:02:46:69:0d:4d:6b:f9:
         63:b8:bb:93:0d:99:ad:f6:fb:63:0a:dd:f9:f4:35:be:38:97:
         af:c5:ef:16:ee:61:f1:9f:50:ba:23:5b:2c:fd:92:67:9c:92:
         d3:86:45:24:bb:af:e4:8b:29:fa:f7:5b:3f:3f:bb:e1:11:e5:
         5f:3b:ee:7b:98:15:09:b3:da:a5:ab:76:92:27:4a:be:a4:a0:
         65:4d:7c:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/CYsG/Ezs1Jggjs/Tqw/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjUwMTAxMTc0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjE5OTcyYWM4NjZiNmUzMDQ2NzQwNDRiNDhmMGU2NzdhNWNlOWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhLO6BsbtPpeuvm9/cdz9KohCA9/
U/uOxAeVzlSZKbAjeXHjoe2bZWU6KWl1hN9k+Uz/d7UFvruzWsakkCg7d8h2khAl
/JhlDj/yXrtrXvciWgk/2IM1+SQAPabc2w3BP3Kg4F01tb5AJFwaZ9lslMtffyu+
Bi2r+iAEhMX9vFIu2n9IHfdLt//yHpQ92zy0fJ+UgTaIFf73eje+DP+MxNsOJP11
ZXWJE0h/L+OoILz8t9Le1lh3W1ZvZxdD/3b9sWuH1LJCJ3B1X3AEF+kK+hXtDui1
nN3HiEMDzxL7uzNnumnXGigLlLH7pKbq1IWWIKxR+5majmqgle9OomC7BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC8ZlyrIZrbjBGdARLSPDmd6XOmuMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvTHhtWEtzaG10dU1FWjBCRXRJOE9aM3BjNmE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSXIMA0G
CSqGSIb3DQEBCwUAA4IBAQCHDMG6yrSNI2/oT4A9pJQaJXdZtenSzwTdcf9wLqel
1d9TRh9XunUk0KpDyQdhpYddClkiStkGe4gxmDZjWpJpkorH/vvPBer4lOcJGrm0
RhxPIbCzfhBm+ks4wO7v1UdTPqmBO9sTBeSyZ2+MlTQMATH5uleNDoIsb/evXmc1
THeMDdra2LzRaZD0G1hn6QCLLSIwneW6V/qMY4yu/xrqe+8qXFDqMXAACRPStQJG
aQ1Na/ljuLuTDZmt9vtjCt359DW+OJevxe8W7mHxn1C6I1ss/ZJnnJLThkUku6/k
iyn691s/P7vhEeVfO+57mBUJs9qlq3aSJ0q+pKBlTXy3
-----END CERTIFICATE-----