Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/1-LkhLBKkcj54UocdAxlIInyFc8w.roa
File:                     1-LkhLBKkcj54UocdAxlIInyFc8w.roa (raw, json)
Hash identifier:          nBYN95YGAJSbiE6yyJzIhCMy20uciRwVyVUw4AqhZCw=
Subject key identifier:   F8:B9:21:2C:12:A4:72:3E:78:52:87:1D:03:19:48:22:7C:85:73:CC
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       019423D713752176C26C4C78271B0687C6B2
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/1-LkhLBKkcj54UocdAxlIInyFc8w.roa
Signing time:             Wed 01 Jan 2025 21:48:05 +0000
ROA not before:           Wed 01 Jan 2025 21:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213261
IP address blocks:        213.238.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:13:75:21:76:c2:6c:4c:78:27:1b:06:87:c6:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jan  1 21:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8b9212c12a4723e7852871d031948227c8573cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:1b:0d:95:7f:cd:7f:dd:6b:58:35:c2:85:16:
                    2e:2d:e2:e4:52:7f:15:0a:63:a3:19:7f:14:bb:9b:
                    ca:a9:59:ec:c1:17:20:b9:f4:94:71:6b:69:b2:3e:
                    7f:aa:62:bf:ed:b3:8d:27:4b:b5:f6:18:df:42:29:
                    ba:53:e4:d8:ca:d0:f5:d1:ee:2c:2b:e8:62:d3:a1:
                    1d:8a:4c:f1:c6:1e:58:ee:dd:72:a9:75:85:e9:92:
                    6d:f0:48:07:1d:0a:7d:6d:2f:7a:27:84:ee:91:7f:
                    ab:30:c8:e1:5d:fa:e1:4e:7a:d1:da:2f:60:9b:f6:
                    55:54:d7:0e:01:ed:91:60:b0:dc:4c:7e:9b:d1:1e:
                    ef:ed:da:f0:05:5e:e1:6b:97:6b:fe:a5:10:a0:a6:
                    64:6c:54:cf:85:dc:48:d3:27:10:fb:66:cc:dc:c0:
                    40:60:a7:f5:81:ee:49:c0:12:b9:57:07:93:71:48:
                    ba:0e:1d:fb:20:c7:56:2d:d5:25:38:80:1b:29:6a:
                    a9:ba:91:cc:b0:57:24:8e:e8:dd:88:6e:28:83:c0:
                    98:9f:2e:2a:57:c5:24:bd:b4:4d:5d:cb:e9:c4:23:
                    a8:27:bf:fe:09:c1:83:f2:c1:15:fc:4f:36:e0:c2:
                    57:6a:d5:16:9f:cc:e4:5b:51:ae:9d:88:34:82:4c:
                    b9:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:B9:21:2C:12:A4:72:3E:78:52:87:1D:03:19:48:22:7C:85:73:CC
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/1-LkhLBKkcj54UocdAxlIInyFc8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:e9:d4:80:96:71:54:ea:44:82:05:ec:47:6e:6d:f5:61:57:
         cf:37:f2:46:fa:d0:4c:7b:48:78:8e:1d:10:2d:b1:c7:ac:da:
         10:b5:fb:31:ff:2e:50:13:4f:be:c6:01:80:1e:91:b3:c8:64:
         0f:45:c9:76:1c:17:7f:c8:77:96:7f:7f:ce:11:63:00:6b:bd:
         1e:eb:a5:36:75:e8:af:e3:ca:dd:78:bd:1c:37:4d:86:fd:4d:
         f0:49:20:ff:a7:c4:9e:27:f9:b8:20:e5:6b:2a:1e:61:68:eb:
         60:08:60:ba:22:a1:a8:fd:9d:b2:b3:e8:e8:a0:d6:33:f8:d8:
         b1:c6:23:0c:a4:e6:8f:24:42:8a:9a:ac:f0:65:ff:28:24:24:
         a5:8f:03:51:1a:2b:95:ef:26:9a:38:0c:4c:32:ae:1d:1b:e7:
         1b:46:a9:f6:96:57:13:05:91:be:16:5a:9f:1d:5d:e9:3c:68:
         bc:fa:ae:e0:97:07:4b:e6:17:c9:ca:ce:6d:17:42:ab:c7:7a:
         e0:a1:73:07:07:ef:86:a2:ae:09:ae:02:c0:f0:a7:e8:7b:c8:
         ac:cb:12:b0:49:59:70:75:d8:53:25:17:95:37:97:c9:2b:d8:
         73:cd:4d:12:39:dc:f4:e3:23:8d:dc:86:91:52:22:77:38:c0:
         ec:1c:b6:cd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQj1xN1IXbCbEx4JxsGh8ayMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjUwMTAxMjE0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGI5MjEyYzEyYTQ3MjNlNzg1Mjg3MWQwMzE5NDgyMjdjODU3M2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxsNlX/Nf91rWDXChRYuLeLkUn8V
CmOjGX8Uu5vKqVnswRcgufSUcWtpsj5/qmK/7bONJ0u19hjfQim6U+TYytD10e4s
K+hi06Edikzxxh5Y7t1yqXWF6ZJt8EgHHQp9bS96J4TukX+rMMjhXfrhTnrR2i9g
m/ZVVNcOAe2RYLDcTH6b0R7v7drwBV7ha5dr/qUQoKZkbFTPhdxI0ycQ+2bM3MBA
YKf1ge5JwBK5VweTcUi6Dh37IMdWLdUlOIAbKWqpupHMsFckjujdiG4og8CYny4q
V8UkvbRNXcvpxCOoJ7/+CcGD8sEV/E824MJXatUWn8zkW1GunYg0gky5KwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPi5ISwSpHI+eFKHHQMZSCJ8hXPMMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvMS1Ma2hMQktrY2o1NFVvY2RBeGxJSW55RmM4dy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzAvNmQ2MWQ5LTBiZjctNDRiYi1iODBmLWNkMzE2MTVkMDFh
OS8xL1ZNdmFlTEhSdGhQZlZsXzVsd0MycnVsQTNqOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANXuvDAN
BgkqhkiG9w0BAQsFAAOCAQEArenUgJZxVOpEggXsR25t9WFXzzfyRvrQTHtIeI4d
EC2xx6zaELX7Mf8uUBNPvsYBgB6Rs8hkD0XJdhwXf8h3ln9/zhFjAGu9HuulNnXo
r+PK3Xi9HDdNhv1N8Ekg/6fEnif5uCDlayoeYWjrYAhguiKhqP2dsrPo6KDWM/jY
scYjDKTmjyRCipqs8GX/KCQkpY8DURorle8mmjgMTDKuHRvnG0ap9pZXEwWRvhZa
nx1d6TxovPqu4JcHS+YXycrObRdCq8d64KFzBwfvhqKuCa4CwPCn6HvIrMsSsElZ
cHXYUyUXlTeXySvYc81NEjnc9OMjjdyGkVIidzjA7By2zQ==
-----END CERTIFICATE-----