Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/0PqHNIextYUeWaRuukCU9ZDkhXg.roa
File:                     0PqHNIextYUeWaRuukCU9ZDkhXg.roa (raw, json)
Hash identifier:          PV9oPev7zk3qt+GmlvP5jRJprYKlp0h1IX1LMGGntk4=
Subject key identifier:   D0:FA:87:34:87:B1:B5:85:1E:59:A4:6E:BA:40:94:F5:90:E4:85:78
Certificate issuer:       /CN=05b3017c1693b945b5eda091ec93f85c1be1df36
Certificate serial:       0194228E29E8E21E528632CABA69E7130CAE
Authority key identifier: 05:B3:01:7C:16:93:B9:45:B5:ED:A0:91:EC:93:F8:5C:1B:E1:DF:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbMBfBaTuUW17aCR7JP4XBvh3zY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/0PqHNIextYUeWaRuukCU9ZDkhXg.roa
Signing time:             Wed 01 Jan 2025 15:48:49 +0000
ROA not before:           Wed 01 Jan 2025 15:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        195.60.208.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/BbMBfBaTuUW17aCR7JP4XBvh3zY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/BbMBfBaTuUW17aCR7JP4XBvh3zY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BbMBfBaTuUW17aCR7JP4XBvh3zY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:29:e8:e2:1e:52:86:32:ca:ba:69:e7:13:0c:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b3017c1693b945b5eda091ec93f85c1be1df36
        Validity
            Not Before: Jan  1 15:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d0fa873487b1b5851e59a46eba4094f590e48578
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:02:f4:ec:c2:0a:26:57:1f:6c:0f:df:36:07:
                    64:66:81:23:3a:06:2d:89:76:57:e2:dd:84:68:1d:
                    2d:20:95:7e:55:6e:19:f3:c8:35:34:af:8a:51:74:
                    d8:2a:8d:39:47:79:03:4d:96:40:d8:c2:87:51:1e:
                    95:0f:4d:b5:ff:79:8d:c7:43:a2:03:2c:9d:b4:21:
                    18:29:45:93:26:6e:ca:1d:d8:ae:e7:17:44:c8:92:
                    70:93:2b:fb:7c:14:8b:df:9d:1d:39:f0:46:59:28:
                    e3:bc:16:f8:84:2f:08:49:ae:99:31:a5:ec:e5:6b:
                    04:12:e0:30:98:c5:3f:f7:53:7c:2b:8f:69:b2:39:
                    04:9b:0f:9b:2d:ae:92:c1:f2:be:41:60:2f:b9:f4:
                    23:7a:9f:5e:c7:ba:20:46:e7:5a:4f:64:00:57:dc:
                    fc:c2:6a:ce:28:2c:f5:41:73:33:68:32:af:1e:36:
                    55:b6:f2:f7:e0:a0:89:89:a7:65:a3:88:9f:0a:c4:
                    49:ba:89:ab:e1:d5:e6:04:db:b8:89:0d:e5:1b:a5:
                    0e:bb:f6:5d:5a:6e:7e:48:95:06:09:2a:db:96:bd:
                    5a:12:9c:e1:4c:0e:51:f2:ed:47:0b:eb:1b:e4:9e:
                    d3:85:5e:05:05:b6:55:bf:c5:9e:8c:0d:33:8f:de:
                    dd:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:FA:87:34:87:B1:B5:85:1E:59:A4:6E:BA:40:94:F5:90:E4:85:78
            X509v3 Authority Key Identifier:
                keyid:05:B3:01:7C:16:93:B9:45:B5:ED:A0:91:EC:93:F8:5C:1B:E1:DF:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbMBfBaTuUW17aCR7JP4XBvh3zY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/0PqHNIextYUeWaRuukCU9ZDkhXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/5f75ad-83a6-4984-86fd-aa277e389fdc/1/BbMBfBaTuUW17aCR7JP4XBvh3zY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:fa:62:57:d1:e3:ec:29:a9:b7:0f:89:eb:e6:0d:20:5d:63:
         2d:55:79:4d:8c:16:de:d1:7b:5f:83:0a:48:c1:e9:68:62:5d:
         ea:5b:cc:99:44:8c:ea:3b:fb:97:12:ca:a1:7c:e6:fe:95:50:
         41:9c:79:a8:f2:6c:c0:4e:67:5c:74:c0:24:42:6d:46:b4:17:
         8d:62:0e:ba:83:bc:9e:18:17:b4:6b:7a:28:27:c6:c6:32:63:
         7b:da:15:8b:c3:fc:42:11:11:72:25:af:42:c0:ad:5b:da:d3:
         a7:a5:62:ad:51:4a:20:df:f8:39:ed:27:3c:d6:43:d4:17:44:
         26:0b:26:99:de:7d:cd:c2:bd:52:ff:ed:40:77:cb:23:dd:51:
         b0:42:cd:9c:9e:76:dd:38:37:a0:67:52:f8:6b:87:41:cc:37:
         f3:50:59:af:c1:a0:34:f8:3c:5c:4a:5c:f1:95:1c:67:3f:03:
         b8:71:50:8d:53:8b:e9:b4:ad:6c:4e:18:96:63:a8:eb:76:2b:
         04:b3:fd:a7:5d:6d:98:84:d4:66:47:86:95:1d:44:c9:7e:14:
         d0:ce:93:ac:f9:3d:cb:9d:4e:83:c7:e5:a1:82:82:91:1e:61:
         7f:65:8a:96:52:7e:81:bf:92:85:bb:e9:f4:9d:33:60:03:1e:
         23:9e:dd:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijino4h5ShjLKumnnEwyuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjMwMTdjMTY5M2I5NDViNWVkYTA5MWVjOTNmODVjMWJl
MWRmMzYwHhcNMjUwMTAxMTU0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGZhODczNDg3YjFiNTg1MWU1OWE0NmViYTQwOTRmNTkwZTQ4NTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQL07MIKJlcfbA/fNgdkZoEjOgYt
iXZX4t2EaB0tIJV+VW4Z88g1NK+KUXTYKo05R3kDTZZA2MKHUR6VD021/3mNx0Oi
AyydtCEYKUWTJm7KHdiu5xdEyJJwkyv7fBSL350dOfBGWSjjvBb4hC8ISa6ZMaXs
5WsEEuAwmMU/91N8K49psjkEmw+bLa6SwfK+QWAvufQjep9ex7ogRudaT2QAV9z8
wmrOKCz1QXMzaDKvHjZVtvL34KCJiadlo4ifCsRJuomr4dXmBNu4iQ3lG6UOu/Zd
Wm5+SJUGCSrblr1aEpzhTA5R8u1HC+sb5J7ThV4FBbZVv8WejA0zj97dQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFND6hzSHsbWFHlmkbrpAlPWQ5IV4MB8GA1UdIwQY
MBaAFAWzAXwWk7lFte2gkeyT+Fwb4d82MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJNQmZCYVR1VVcxN2FDUjdKUDRYQnZoM3pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC81Zjc1YWQtODNhNi00OTg0LTg2ZmQt
YWEyNzdlMzg5ZmRjLzEvMFBxSE5JZXh0WVVlV2FSdXVrQ1U5WkRraFhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC81Zjc1YWQtODNhNi00OTg0LTg2ZmQtYWEyNzdlMzg5ZmRj
LzEvQmJNQmZCYVR1VVcxN2FDUjdKUDRYQnZoM3pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwzzQMA0G
CSqGSIb3DQEBCwUAA4IBAQA2+mJX0ePsKam3D4nr5g0gXWMtVXlNjBbe0XtfgwpI
weloYl3qW8yZRIzqO/uXEsqhfOb+lVBBnHmo8mzATmdcdMAkQm1GtBeNYg66g7ye
GBe0a3ooJ8bGMmN72hWLw/xCERFyJa9CwK1b2tOnpWKtUUog3/g57Sc81kPUF0Qm
CyaZ3n3Nwr1S/+1Ad8sj3VGwQs2cnnbdODegZ1L4a4dBzDfzUFmvwaA0+DxcSlzx
lRxnPwO4cVCNU4vptK1sThiWY6jrdisEs/2nXW2YhNRmR4aVHUTJfhTQzpOs+T3L
nU6Dx+WhgoKRHmF/ZYqWUn6Bv5KFu+n0nTNgAx4jnt3o
-----END CERTIFICATE-----