Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/7847fb-f55a-4995-8531-ec0262ab33f1/1/LlAa--5nsX3tUHGAFZ_HSMFrn7I.roa
File:                     LlAa--5nsX3tUHGAFZ_HSMFrn7I.roa (raw, json)
Hash identifier:          3b1C9Ph3SGavY+PSGpBTlLw28V2WqXhlaeYP73oghL4=
Subject key identifier:   2E:50:1A:FB:EE:67:B1:7D:ED:50:71:80:15:9F:C7:48:C1:6B:9F:B2
Certificate issuer:       /CN=d484e0cee575c619053f8ee2b1004cc442fd2ced
Certificate serial:       0194236A34D510FB189779A354F8FE5C5F49
Authority key identifier: D4:84:E0:CE:E5:75:C6:19:05:3F:8E:E2:B1:00:4C:C4:42:FD:2C:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1ITgzuV1xhkFP47isQBMxEL9LO0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/7847fb-f55a-4995-8531-ec0262ab33f1/1/LlAa--5nsX3tUHGAFZ_HSMFrn7I.roa
Signing time:             Wed 01 Jan 2025 19:49:10 +0000
ROA not before:           Wed 01 Jan 2025 19:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31027
IP address blocks:        193.163.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/7847fb-f55a-4995-8531-ec0262ab33f1/1/1ITgzuV1xhkFP47isQBMxEL9LO0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/7847fb-f55a-4995-8531-ec0262ab33f1/1/1ITgzuV1xhkFP47isQBMxEL9LO0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1ITgzuV1xhkFP47isQBMxEL9LO0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:34:d5:10:fb:18:97:79:a3:54:f8:fe:5c:5f:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d484e0cee575c619053f8ee2b1004cc442fd2ced
        Validity
            Not Before: Jan  1 19:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e501afbee67b17ded507180159fc748c16b9fb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:43:b7:f8:45:b3:4c:71:ca:91:0f:0f:f8:80:
                    fe:a7:1a:9a:c5:98:3b:78:7d:65:2a:72:f1:9d:02:
                    63:b4:8e:99:12:f2:30:7c:9d:10:64:16:52:c9:1b:
                    62:eb:ed:83:ca:39:87:db:ce:40:19:d9:d7:65:27:
                    ef:6b:b3:ee:40:d3:ec:e0:47:71:00:24:42:e5:8e:
                    b8:4e:10:fa:3b:7c:be:54:3f:81:a3:5d:42:9f:dd:
                    e6:a8:00:14:7e:de:8d:74:23:91:ec:d3:eb:4a:00:
                    e4:ed:77:f9:30:0b:68:0a:87:3b:e7:4b:4e:bc:06:
                    9a:09:23:94:08:4c:d4:b3:6f:d6:5b:ed:2b:bd:fe:
                    cd:8e:dd:d6:8e:56:91:68:3d:85:af:23:17:a6:9d:
                    21:1c:44:a8:1d:a0:8f:be:c6:4e:54:b9:46:f9:69:
                    59:38:c7:dd:b8:a9:44:57:47:7a:72:dd:aa:f1:8d:
                    86:e0:46:2c:6e:03:12:fc:26:e1:f5:08:36:3c:03:
                    7b:7f:09:10:09:5b:16:c7:59:87:17:06:9c:00:2f:
                    15:f3:ff:da:0e:65:63:03:41:82:87:29:6e:78:7e:
                    8c:98:c2:a2:4f:82:2f:95:6e:0d:88:71:fb:a4:9a:
                    32:f2:87:37:e0:82:14:78:4b:ad:ed:73:06:1e:c5:
                    e4:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:50:1A:FB:EE:67:B1:7D:ED:50:71:80:15:9F:C7:48:C1:6B:9F:B2
            X509v3 Authority Key Identifier:
                keyid:D4:84:E0:CE:E5:75:C6:19:05:3F:8E:E2:B1:00:4C:C4:42:FD:2C:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1ITgzuV1xhkFP47isQBMxEL9LO0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/7847fb-f55a-4995-8531-ec0262ab33f1/1/LlAa--5nsX3tUHGAFZ_HSMFrn7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/7847fb-f55a-4995-8531-ec0262ab33f1/1/1ITgzuV1xhkFP47isQBMxEL9LO0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:f8:aa:25:68:23:34:dc:c5:93:9a:bd:f4:62:bf:93:80:1e:
         68:82:c5:73:86:b3:0c:82:51:93:ab:8c:ee:f7:aa:fe:72:5f:
         e2:7b:6a:84:a4:dd:21:a5:ad:65:ba:62:b8:7d:fc:1d:9a:14:
         e1:f4:4a:1c:f6:f6:46:ff:13:65:ca:84:3d:38:ae:a8:5a:33:
         bf:ca:a5:3d:8a:49:73:5e:3d:ec:72:89:28:e7:71:9a:d1:aa:
         ae:49:ca:1b:4b:21:aa:67:91:23:9a:ec:6b:2a:f5:24:e3:94:
         11:a3:4f:3f:a4:53:9f:71:07:60:88:0e:ce:6d:56:ab:26:1e:
         97:f6:33:cc:43:ac:8f:c5:cb:7e:7c:b5:a3:16:28:e6:e3:73:
         10:38:9b:2a:0a:49:42:dc:69:c4:1a:46:63:af:26:e4:79:fa:
         dd:c5:47:ba:1f:c7:9e:ee:f3:2b:d9:f8:4e:00:fc:20:43:53:
         e1:45:7c:3f:fd:6b:6f:2e:0c:34:7d:aa:3c:31:44:51:e3:97:
         c7:57:11:3c:23:25:e2:2e:a3:e4:03:4c:c3:ca:70:88:76:ae:
         aa:1a:af:1e:19:cc:e8:3f:03:5d:38:e5:d1:6a:5f:a4:2a:30:
         af:3e:9a:6e:d1:b6:1a:d8:94:42:77:67:bc:a5:4c:e2:a7:9d:
         e3:1a:7d:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjajTVEPsYl3mjVPj+XF9JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ODRlMGNlZTU3NWM2MTkwNTNmOGVlMmIxMDA0Y2M0NDJm
ZDJjZWQwHhcNMjUwMTAxMTk0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTUwMWFmYmVlNjdiMTdkZWQ1MDcxODAxNTlmYzc0OGMxNmI5ZmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEO3+EWzTHHKkQ8P+ID+pxqaxZg7
eH1lKnLxnQJjtI6ZEvIwfJ0QZBZSyRti6+2DyjmH285AGdnXZSfva7PuQNPs4Edx
ACRC5Y64ThD6O3y+VD+Bo11Cn93mqAAUft6NdCOR7NPrSgDk7Xf5MAtoCoc750tO
vAaaCSOUCEzUs2/WW+0rvf7Njt3WjlaRaD2FryMXpp0hHESoHaCPvsZOVLlG+WlZ
OMfduKlEV0d6ct2q8Y2G4EYsbgMS/Cbh9Qg2PAN7fwkQCVsWx1mHFwacAC8V8//a
DmVjA0GChylueH6MmMKiT4IvlW4NiHH7pJoy8oc34IIUeEut7XMGHsXkQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC5QGvvuZ7F97VBxgBWfx0jBa5+yMB8GA1UdIwQY
MBaAFNSE4M7ldcYZBT+O4rEATMRC/SztMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlUZ3p1VjF4aGtGUDQ3aXNRQk14RUw5TE8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC83ODQ3ZmItZjU1YS00OTk1LTg1MzEt
ZWMwMjYyYWIzM2YxLzEvTGxBYS0tNW5zWDN0VUhHQUZaX0hTTUZybjdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC83ODQ3ZmItZjU1YS00OTk1LTg1MzEtZWMwMjYyYWIzM2Yx
LzEvMUlUZ3p1VjF4aGtGUDQ3aXNRQk14RUw5TE8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaPeMA0G
CSqGSIb3DQEBCwUAA4IBAQAU+KolaCM03MWTmr30Yr+TgB5ogsVzhrMMglGTq4zu
96r+cl/ie2qEpN0hpa1lumK4ffwdmhTh9Eoc9vZG/xNlyoQ9OK6oWjO/yqU9iklz
Xj3scoko53Ga0aquScobSyGqZ5EjmuxrKvUk45QRo08/pFOfcQdgiA7ObVarJh6X
9jPMQ6yPxct+fLWjFijm43MQOJsqCklC3GnEGkZjrybkefrdxUe6H8ee7vMr2fhO
APwgQ1PhRXw//WtvLgw0fao8MURR45fHVxE8IyXiLqPkA0zDynCIdq6qGq8eGczo
PwNdOOXRal+kKjCvPppu0bYa2JRCd2e8pUzip53jGn3r
-----END CERTIFICATE-----