Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/25d6a1-b4be-4e6d-b51f-1664c012dbc5/1/cv3ir0aVwg5o-KzIhdEuHfND2u4.roa
File:                     cv3ir0aVwg5o-KzIhdEuHfND2u4.roa (raw, json)
Hash identifier:          g4Ap629n331/KJCQZZEBIV4IL9Vvb7wAJMCzjupgrHc=
Subject key identifier:   72:FD:E2:AF:46:95:C2:0E:68:F8:AC:C8:85:D1:2E:1D:F3:43:DA:EE
Certificate issuer:       /CN=ad85ad0ca493b3bc06c99ba1a4aef5b079dc9efb
Certificate serial:       018CC3B7290C8F171E1C87696047AC679565
Authority key identifier: AD:85:AD:0C:A4:93:B3:BC:06:C9:9B:A1:A4:AE:F5:B0:79:DC:9E:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rYWtDKSTs7wGyZuhpK71sHncnvs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/25d6a1-b4be-4e6d-b51f-1664c012dbc5/1/cv3ir0aVwg5o-KzIhdEuHfND2u4.roa
Signing time:             Mon 01 Jan 2024 06:30:09 +0000
ROA not before:           Mon 01 Jan 2024 06:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41296
IP address blocks:        193.41.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/25d6a1-b4be-4e6d-b51f-1664c012dbc5/1/rYWtDKSTs7wGyZuhpK71sHncnvs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/25d6a1-b4be-4e6d-b51f-1664c012dbc5/1/rYWtDKSTs7wGyZuhpK71sHncnvs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rYWtDKSTs7wGyZuhpK71sHncnvs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:29:0c:8f:17:1e:1c:87:69:60:47:ac:67:95:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad85ad0ca493b3bc06c99ba1a4aef5b079dc9efb
        Validity
            Not Before: Jan  1 06:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72fde2af4695c20e68f8acc885d12e1df343daee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:e1:37:2d:fe:49:12:82:cf:4f:fc:66:95:8c:
                    3f:5a:62:2c:1d:95:de:f6:ba:5b:c5:ae:b5:46:5f:
                    0d:60:0e:7f:1e:85:40:32:82:5a:c1:e7:ec:91:27:
                    5d:40:fe:d0:bf:ab:de:d0:b1:56:f7:ae:30:7b:6f:
                    02:10:99:2e:f3:07:71:f1:3c:82:01:ef:74:59:ce:
                    b7:4a:82:85:91:ba:63:24:32:fe:93:02:d9:b5:51:
                    b6:79:d1:a5:95:d4:a5:a0:43:16:44:4b:2b:1a:20:
                    9f:ad:c8:da:67:33:a7:e7:28:ac:ac:ad:d4:14:e9:
                    37:4d:e2:48:34:ed:b1:a0:8b:63:89:c3:9b:9a:c2:
                    1d:da:85:8a:23:ab:b0:1f:dd:85:b3:7a:ce:32:ee:
                    da:9b:73:25:06:f5:03:f7:1f:18:75:20:9e:92:ea:
                    36:80:21:36:da:3f:02:da:c3:1b:33:c3:93:d7:7f:
                    ab:ab:20:81:2b:60:73:5a:fc:5c:d6:9b:66:12:7b:
                    01:b4:aa:02:9a:b7:be:da:69:8b:94:d7:4e:65:33:
                    a2:b8:44:e9:ca:64:62:04:de:86:9f:fe:ef:f3:78:
                    c7:aa:05:23:24:c8:f7:47:52:d9:c3:e1:0f:fd:38:
                    2e:73:ab:19:ef:f1:19:36:c4:19:6b:4f:8c:4a:2c:
                    72:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:FD:E2:AF:46:95:C2:0E:68:F8:AC:C8:85:D1:2E:1D:F3:43:DA:EE
            X509v3 Authority Key Identifier:
                keyid:AD:85:AD:0C:A4:93:B3:BC:06:C9:9B:A1:A4:AE:F5:B0:79:DC:9E:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rYWtDKSTs7wGyZuhpK71sHncnvs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/25d6a1-b4be-4e6d-b51f-1664c012dbc5/1/cv3ir0aVwg5o-KzIhdEuHfND2u4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/25d6a1-b4be-4e6d-b51f-1664c012dbc5/1/rYWtDKSTs7wGyZuhpK71sHncnvs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:be:fb:d1:8f:68:71:3d:05:24:26:2d:b9:40:b8:8a:46:27:
         28:e8:96:5f:71:98:12:85:7f:0d:66:e3:8a:7c:ad:1f:3c:8b:
         c3:9c:4e:f8:57:89:c2:52:c5:76:1e:ed:78:9d:89:12:28:47:
         a1:a4:5d:bb:37:b2:67:7e:39:87:9f:e9:f0:50:bf:db:e3:4a:
         63:a3:1f:40:d7:24:e7:ba:8c:af:9c:68:19:5a:6e:81:b3:ac:
         1c:be:7f:2f:a9:79:77:36:bb:65:74:44:31:c5:a5:60:9f:be:
         c1:cb:22:33:ab:71:df:98:fa:d5:19:95:b8:e2:5c:aa:2e:95:
         c6:a3:01:a3:95:fd:3b:a0:80:eb:4c:36:f3:f4:16:64:86:6d:
         13:7d:5e:ca:96:ab:2f:6c:9a:26:ae:58:77:b9:cf:55:d2:ae:
         4f:3b:85:d9:73:bc:f4:bd:bf:fc:ec:17:2f:b4:e7:0b:bb:ff:
         0c:ed:a4:5d:ac:27:dc:29:30:e0:dc:59:17:b4:c8:cc:15:48:
         64:55:30:d4:a6:3b:d6:95:19:24:de:d7:e3:c8:81:09:ce:a9:
         6c:82:24:6a:ca:83:32:d3:27:16:5e:11:33:cd:0b:34:ed:d4:
         06:03:c6:60:1f:cb:86:52:40:a4:2e:3a:c2:d0:01:ec:39:0a:
         21:70:23:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtykMjxceHIdpYEesZ5VlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkODVhZDBjYTQ5M2IzYmMwNmM5OWJhMWE0YWVmNWIwNzlk
YzllZmIwHhcNMjQwMTAxMDYzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmZkZTJhZjQ2OTVjMjBlNjhmOGFjYzg4NWQxMmUxZGYzNDNkYWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkOE3Lf5JEoLPT/xmlYw/WmIsHZXe
9rpbxa61Rl8NYA5/HoVAMoJawefskSddQP7Qv6ve0LFW964we28CEJku8wdx8TyC
Ae90Wc63SoKFkbpjJDL+kwLZtVG2edGlldSloEMWREsrGiCfrcjaZzOn5yisrK3U
FOk3TeJINO2xoItjicObmsId2oWKI6uwH92Fs3rOMu7am3MlBvUD9x8YdSCekuo2
gCE22j8C2sMbM8OT13+rqyCBK2BzWvxc1ptmEnsBtKoCmre+2mmLlNdOZTOiuETp
ymRiBN6Gn/7v83jHqgUjJMj3R1LZw+EP/Tguc6sZ7/EZNsQZa0+MSixyWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHL94q9GlcIOaPisyIXRLh3zQ9ruMB8GA1UdIwQY
MBaAFK2FrQykk7O8BsmboaSu9bB53J77MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcllXdERLU1RzN3dHeVp1aHBLNzFzSG5jbnZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yNWQ2YTEtYjRiZS00ZTZkLWI1MWYt
MTY2NGMwMTJkYmM1LzEvY3YzaXIwYVZ3ZzVvLUt6SWhkRXVIZk5EMnU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yNWQ2YTEtYjRiZS00ZTZkLWI1MWYtMTY2NGMwMTJkYmM1
LzEvcllXdERLU1RzN3dHeVp1aHBLNzFzSG5jbnZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSnhMA0G
CSqGSIb3DQEBCwUAA4IBAQAwvvvRj2hxPQUkJi25QLiKRico6JZfcZgShX8NZuOK
fK0fPIvDnE74V4nCUsV2Hu14nYkSKEehpF27N7JnfjmHn+nwUL/b40pjox9A1yTn
uoyvnGgZWm6Bs6wcvn8vqXl3NrtldEQxxaVgn77ByyIzq3HfmPrVGZW44lyqLpXG
owGjlf07oIDrTDbz9BZkhm0TfV7KlqsvbJomrlh3uc9V0q5PO4XZc7z0vb/87Bcv
tOcLu/8M7aRdrCfcKTDg3FkXtMjMFUhkVTDUpjvWlRkk3tfjyIEJzqlsgiRqyoMy
0ycWXhEzzQs07dQGA8ZgH8uGUkCkLjrC0AHsOQohcCPn
-----END CERTIFICATE-----