Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/j1JcZG88WoDJIAs0TuxaORvfLro.roa
File:                     j1JcZG88WoDJIAs0TuxaORvfLro.roa (raw, json)
Hash identifier:          yIeCKxXutjytoAiiGxkiUBSn0Vk24wB2GDbKm+IJthI=
Subject key identifier:   8F:52:5C:64:6F:3C:5A:80:C9:20:0B:34:4E:EC:5A:39:1B:DF:2E:BA
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       0194228E0F5C005838D16628D437A5028E51
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/j1JcZG88WoDJIAs0TuxaORvfLro.roa
Signing time:             Wed 01 Jan 2025 15:48:42 +0000
ROA not before:           Wed 01 Jan 2025 15:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210203
IP address blocks:        139.45.198.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:0f:5c:00:58:38:d1:66:28:d4:37:a5:02:8e:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Jan  1 15:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f525c646f3c5a80c9200b344eec5a391bdf2eba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:7b:b5:24:4c:df:c3:b2:bf:9c:8b:79:57:8d:
                    71:d4:b6:9a:c1:3f:97:7d:59:99:5f:4f:08:9a:d5:
                    ba:76:3b:7f:bc:cb:e2:f6:4f:08:39:da:e5:67:20:
                    38:b7:a0:db:3c:55:37:54:60:c6:41:f1:97:b8:9c:
                    58:09:b4:4f:99:08:52:23:48:6c:5e:6b:3a:d6:bd:
                    0e:ec:ba:03:9a:28:b4:83:6c:e1:75:9a:a6:68:cd:
                    6c:63:01:2c:02:15:09:d1:55:50:f7:6f:cf:b4:5f:
                    ec:57:41:63:30:6d:8e:ee:bd:df:b2:8c:cb:1a:f3:
                    e0:1f:56:95:b6:6c:9e:6a:7f:03:86:0b:15:ca:cd:
                    1b:2d:a4:cf:21:a2:1f:bf:0c:f0:24:e5:d0:22:fc:
                    f4:d1:98:93:18:fe:4a:27:aa:20:62:a4:68:5e:60:
                    81:7b:73:30:72:99:d3:8e:96:2e:8d:fb:03:6f:d9:
                    5b:b1:f0:12:de:b7:45:3f:8f:a1:81:97:50:1c:63:
                    9a:37:4c:09:30:e6:a7:ab:8a:cc:a9:38:bf:fb:82:
                    c7:8b:33:1f:b0:79:b9:e1:a6:a5:df:90:4e:64:35:
                    65:8c:bf:0b:9d:26:8d:c1:55:f0:3e:52:71:9d:ba:
                    a5:f2:d5:82:f7:35:16:d6:75:3d:0c:45:c0:a9:85:
                    4c:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:52:5C:64:6F:3C:5A:80:C9:20:0B:34:4E:EC:5A:39:1B:DF:2E:BA
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/j1JcZG88WoDJIAs0TuxaORvfLro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.45.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         08:aa:31:4b:de:12:28:d4:f6:59:8a:8a:ca:3a:1e:f5:34:44:
         25:43:cc:3f:1a:d3:9e:2b:8d:32:43:17:23:99:c1:ad:4e:6c:
         1d:30:ee:d6:2f:a3:34:44:f1:bc:5c:a8:de:dd:22:95:4e:8a:
         11:18:0f:d4:fe:30:79:10:a7:7c:04:aa:37:80:48:4e:a9:9f:
         f6:94:15:08:2a:f9:57:74:77:3f:09:3e:b6:df:63:79:f5:c7:
         e0:4e:e8:79:9e:13:71:91:a9:63:73:fb:88:a0:a1:6e:39:ad:
         ba:99:ba:ea:89:31:3a:4d:12:cb:38:47:30:cc:f9:bb:03:e5:
         90:53:7d:f2:ff:1a:9e:ba:50:9d:4a:1b:cd:f5:cc:29:91:9b:
         ba:84:3c:02:a8:c5:ac:18:32:24:03:99:62:6c:98:0c:e5:a9:
         b8:34:ec:0a:5f:78:a6:e8:e5:a7:2b:9a:ec:15:6a:9c:74:d1:
         ae:78:64:9b:39:7a:89:3e:2a:1c:07:76:2a:ed:2f:dd:b9:40:
         80:8b:41:c1:cf:b3:5f:1b:bb:f4:13:7f:db:e8:97:72:b8:04:
         e6:20:fe:93:a7:cc:bb:13:b7:70:fb:3b:5e:d7:5c:31:d6:d7:
         36:4b:90:2a:f7:eb:02:d3:12:1e:a2:1d:23:52:6b:e4:e3:c7:
         48:eb:c8:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijg9cAFg40WYo1DelAo5RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjUwMTAxMTU0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjUyNWM2NDZmM2M1YTgwYzkyMDBiMzQ0ZWVjNWEzOTFiZGYyZWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3u1JEzfw7K/nIt5V41x1LaawT+X
fVmZX08ImtW6djt/vMvi9k8IOdrlZyA4t6DbPFU3VGDGQfGXuJxYCbRPmQhSI0hs
Xms61r0O7LoDmii0g2zhdZqmaM1sYwEsAhUJ0VVQ92/PtF/sV0FjMG2O7r3fsozL
GvPgH1aVtmyean8DhgsVys0bLaTPIaIfvwzwJOXQIvz00ZiTGP5KJ6ogYqRoXmCB
e3MwcpnTjpYujfsDb9lbsfAS3rdFP4+hgZdQHGOaN0wJMOanq4rMqTi/+4LHizMf
sHm54aal35BOZDVljL8LnSaNwVXwPlJxnbql8tWC9zUW1nU9DEXAqYVMjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI9SXGRvPFqAySALNE7sWjkb3y66MB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvajFKY1pHODhXb0RKSUFzMFR1eGFPUnZmTHJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBiy3GMA0G
CSqGSIb3DQEBCwUAA4IBAQAIqjFL3hIo1PZZiorKOh71NEQlQ8w/GtOeK40yQxcj
mcGtTmwdMO7WL6M0RPG8XKje3SKVTooRGA/U/jB5EKd8BKo3gEhOqZ/2lBUIKvlX
dHc/CT6232N59cfgTuh5nhNxkaljc/uIoKFuOa26mbrqiTE6TRLLOEcwzPm7A+WQ
U33y/xqeulCdShvN9cwpkZu6hDwCqMWsGDIkA5libJgM5am4NOwKX3im6OWnK5rs
FWqcdNGueGSbOXqJPiocB3Yq7S/duUCAi0HBz7NfG7v0E3/b6JdyuATmIP6Tp8y7
E7dw+zte11wx1tc2S5Aq9+sC0xIeoh0jUmvk48dI68jR
-----END CERTIFICATE-----