Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/N4HwjJKSX0cNlaYcj3jS4bVMgXE.roa
File:                     N4HwjJKSX0cNlaYcj3jS4bVMgXE.roa (raw, json)
Hash identifier:          YIMBZJbGgThBGYMYz0OP8LMxO+xC4s7B+V+yscfXQzc=
Subject key identifier:   37:81:F0:8C:92:92:5F:47:0D:95:A6:1C:8F:78:D2:E1:B5:4C:81:71
Certificate issuer:       /CN=95b30111b0b720a209f788c8b90f60380b465c2e
Certificate serial:       0196E49D366FDFDE79C9D78A5A08A788FBFD
Authority key identifier: 95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/N4HwjJKSX0cNlaYcj3jS4bVMgXE.roa
Signing time:             Sun 18 May 2025 18:17:10 +0000
ROA not before:           Sun 18 May 2025 18:17:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207412
IP address blocks:        193.108.206.0/23 maxlen: 24
                          212.102.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e4:9d:36:6f:df:de:79:c9:d7:8a:5a:08:a7:88:fb:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95b30111b0b720a209f788c8b90f60380b465c2e
        Validity
            Not Before: May 18 18:17:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3781f08c92925f470d95a61c8f78d2e1b54c8171
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a0:cd:4e:e9:72:2e:da:28:69:d5:1e:33:50:
                    d1:99:00:83:35:0b:96:f0:43:0f:0d:8a:6c:0b:d0:
                    c1:c8:b9:2e:97:11:2b:f6:e3:3e:cc:65:b7:f6:34:
                    b6:7d:a7:b7:ca:23:1b:85:b7:9e:ba:cb:40:40:7a:
                    a3:a2:18:ef:7c:8e:9b:3a:15:78:f7:4d:3b:aa:08:
                    7b:39:81:a6:18:8f:31:d2:70:ca:69:cb:fa:0e:d0:
                    dd:80:be:78:cb:e6:34:1f:02:14:f9:89:e6:8c:03:
                    22:c5:c2:1e:41:a4:88:5c:60:4f:be:25:8b:49:a1:
                    25:20:59:ce:c2:11:61:1f:e7:5a:9f:3c:91:38:84:
                    7d:25:f6:99:b4:31:25:4f:2f:68:02:64:dd:0a:1c:
                    b9:3b:7b:dc:b8:44:6d:df:9d:26:d3:50:7c:5c:db:
                    56:b8:de:d2:7c:4a:ba:30:ba:6f:71:2c:fb:ec:67:
                    67:2f:ca:f6:e4:b3:eb:ed:25:ac:14:4e:15:10:af:
                    6b:07:02:9b:a2:1b:28:a3:d1:16:a1:3f:31:8c:c5:
                    23:62:54:0e:53:0b:57:34:6b:d1:4b:3a:71:f1:b0:
                    d8:9f:d3:e6:b9:4c:80:94:3d:53:4e:60:d5:44:08:
                    3a:f4:2e:d8:be:ed:55:ed:5f:f8:1c:b5:e7:85:aa:
                    87:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:81:F0:8C:92:92:5F:47:0D:95:A6:1C:8F:78:D2:E1:B5:4C:81:71
            X509v3 Authority Key Identifier:
                keyid:95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/N4HwjJKSX0cNlaYcj3jS4bVMgXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.206.0/23
                  212.102.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:78:ba:b1:6f:67:7d:87:68:c8:79:46:ff:8e:de:42:ea:8a:
         6b:ee:f8:55:4f:1e:99:cc:75:79:e0:99:09:18:6e:20:21:3e:
         2e:62:a3:72:5a:c5:8c:73:30:ac:dc:c3:59:e6:b9:96:3e:72:
         0f:33:41:19:79:1d:36:35:1a:7c:1f:35:20:17:86:7d:1d:de:
         cf:67:a4:24:86:49:08:5e:c5:fa:73:87:bd:f1:b1:23:ff:90:
         31:b3:73:89:81:d1:9a:1a:65:11:8b:07:15:38:80:0c:9d:a6:
         af:86:e4:04:e5:fe:ce:66:97:5c:d4:f7:89:96:d0:27:97:89:
         58:aa:7f:c6:1e:23:13:31:aa:db:47:c4:07:0f:14:b6:ae:9e:
         c9:20:11:14:09:a6:ee:aa:cd:c8:94:c5:e5:c4:2e:0b:3f:65:
         57:01:f1:06:1a:27:d4:15:3d:0f:c6:d7:52:b8:0c:2f:4d:9c:
         b3:87:cb:91:27:bd:5c:61:ce:f2:d9:78:1b:91:5e:1f:37:64:
         20:82:34:40:29:ea:a9:d1:3f:2c:e8:cc:cf:6d:72:78:18:f4:
         ca:d1:0b:9f:04:b6:dc:40:d2:3b:6a:43:8c:1e:17:bb:cf:e2:
         b4:c1:83:31:a6:a2:a5:87:7d:bc:b0:d9:38:ca:b9:3d:b4:33:
         cf:66:df:14
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbknTZv3955ydeKWginiPv9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1YjMwMTExYjBiNzIwYTIwOWY3ODhjOGI5MGY2MDM4MGI0
NjVjMmUwHhcNMjUwNTE4MTgxNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzgxZjA4YzkyOTI1ZjQ3MGQ5NWE2MWM4Zjc4ZDJlMWI1NGM4MTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6DNTulyLtooadUeM1DRmQCDNQuW
8EMPDYpsC9DByLkulxEr9uM+zGW39jS2fae3yiMbhbeeustAQHqjohjvfI6bOhV4
9007qgh7OYGmGI8x0nDKacv6DtDdgL54y+Y0HwIU+YnmjAMixcIeQaSIXGBPviWL
SaElIFnOwhFhH+danzyROIR9JfaZtDElTy9oAmTdChy5O3vcuERt350m01B8XNtW
uN7SfEq6MLpvcSz77GdnL8r25LPr7SWsFE4VEK9rBwKbohsoo9EWoT8xjMUjYlQO
UwtXNGvRSzpx8bDYn9PmuUyAlD1TTmDVRAg69C7Yvu1V7V/4HLXnhaqHUwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDeB8IySkl9HDZWmHI940uG1TIFxMB8GA1UdIwQY
MBaAFJWzARGwtyCiCfeIyLkPYDgLRlwuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmIt
OTE2NDZiZjAxNTNkLzEvTjRId2pKS1NYMGNObGFZY2ozalM0YlZNZ1hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmItOTE2NDZiZjAxNTNk
LzEvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwWzOAwQA
1GZvMA0GCSqGSIb3DQEBCwUAA4IBAQC/eLqxb2d9h2jIeUb/jt5C6opr7vhVTx6Z
zHV54JkJGG4gIT4uYqNyWsWMczCs3MNZ5rmWPnIPM0EZeR02NRp8HzUgF4Z9Hd7P
Z6QkhkkIXsX6c4e98bEj/5Axs3OJgdGaGmURiwcVOIAMnaavhuQE5f7OZpdc1PeJ
ltAnl4lYqn/GHiMTMarbR8QHDxS2rp7JIBEUCabuqs3IlMXlxC4LP2VXAfEGGifU
FT0PxtdSuAwvTZyzh8uRJ71cYc7y2XgbkV4fN2QggjRAKeqp0T8s6MzPbXJ4GPTK
0QufBLbcQNI7akOMHhe7z+K0wYMxpqKlh328sNk4yrk9tDPPZt8U
-----END CERTIFICATE-----