Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/a9f81e-79b2-4c2e-9f3e-7c24ef0259db/1/fLHIwzW8_cNrLeapZHuAdIZBYcw.roa
File:                     fLHIwzW8_cNrLeapZHuAdIZBYcw.roa (raw, json)
Hash identifier:          F9/ou7Gahs7dJNLzKSXF7urkWawKPkOsFDiFbBFZxLc=
Subject key identifier:   7C:B1:C8:C3:35:BC:FD:C3:6B:2D:E6:A9:64:7B:80:74:86:41:61:CC
Certificate issuer:       /CN=128fde2bfc63efe3d132ddac7837e15c7f4b49f4
Certificate serial:       019423D6A771FCE9D3D1C4A5F15290D45D8C
Authority key identifier: 12:8F:DE:2B:FC:63:EF:E3:D1:32:DD:AC:78:37:E1:5C:7F:4B:49:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eo_eK_xj7-PRMt2seDfhXH9LSfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/a9f81e-79b2-4c2e-9f3e-7c24ef0259db/1/fLHIwzW8_cNrLeapZHuAdIZBYcw.roa
Signing time:             Wed 01 Jan 2025 21:47:37 +0000
ROA not before:           Wed 01 Jan 2025 21:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136907
IP address blocks:        193.84.248.0/23 maxlen: 23
                          193.105.244.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/a9f81e-79b2-4c2e-9f3e-7c24ef0259db/1/Eo_eK_xj7-PRMt2seDfhXH9LSfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/a9f81e-79b2-4c2e-9f3e-7c24ef0259db/1/Eo_eK_xj7-PRMt2seDfhXH9LSfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eo_eK_xj7-PRMt2seDfhXH9LSfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:a7:71:fc:e9:d3:d1:c4:a5:f1:52:90:d4:5d:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=128fde2bfc63efe3d132ddac7837e15c7f4b49f4
        Validity
            Not Before: Jan  1 21:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7cb1c8c335bcfdc36b2de6a9647b8074864161cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a0:4f:c0:1b:91:5d:6b:97:34:16:a8:40:48:
                    d5:3b:76:40:f1:83:04:1f:60:1c:f3:fa:bb:86:15:
                    1a:39:27:8a:53:09:51:75:7e:2d:cf:6f:b4:03:a7:
                    42:30:e9:a7:b0:53:c2:1e:31:8e:d5:a3:89:1c:2f:
                    92:86:13:91:81:9d:c8:aa:0d:d5:01:73:18:cd:65:
                    f6:b6:20:f7:2e:cf:3e:fe:e7:fb:04:78:42:eb:8e:
                    25:e0:85:f6:04:31:b1:5f:85:2a:05:dd:6f:2f:bf:
                    35:a1:92:f8:36:b2:99:17:94:8a:1b:b2:f1:68:9c:
                    5d:37:11:16:fb:bf:f8:95:dd:b2:dd:c6:6e:c1:df:
                    1a:9b:dc:01:a5:4b:c1:4d:42:03:b1:3c:cd:4c:d9:
                    03:53:1f:f1:a0:8a:e0:94:4d:39:f1:80:0e:ee:77:
                    a8:2b:26:03:4e:79:6c:08:4f:df:6e:2d:69:03:00:
                    ec:33:ad:e9:57:15:65:49:05:e2:c2:95:9e:89:b7:
                    31:b9:da:07:4e:de:8c:12:69:67:9b:a8:14:87:69:
                    f2:59:cc:f1:42:77:bb:71:5a:0e:e3:3f:fe:11:b5:
                    94:d1:43:8b:87:c6:6a:8a:b7:8e:ed:90:2b:45:4c:
                    8a:76:e7:08:24:23:a6:20:99:3f:1a:c0:ac:df:6a:
                    7d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:B1:C8:C3:35:BC:FD:C3:6B:2D:E6:A9:64:7B:80:74:86:41:61:CC
            X509v3 Authority Key Identifier:
                keyid:12:8F:DE:2B:FC:63:EF:E3:D1:32:DD:AC:78:37:E1:5C:7F:4B:49:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eo_eK_xj7-PRMt2seDfhXH9LSfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/a9f81e-79b2-4c2e-9f3e-7c24ef0259db/1/fLHIwzW8_cNrLeapZHuAdIZBYcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/a9f81e-79b2-4c2e-9f3e-7c24ef0259db/1/Eo_eK_xj7-PRMt2seDfhXH9LSfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.248.0/23
                  193.105.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:25:d8:ca:3d:17:7d:d4:dd:6d:17:5d:ea:7b:61:c4:6b:ec:
         ce:f4:4c:1d:c2:f2:af:9d:46:ee:c6:6b:31:0b:cb:18:6d:ec:
         11:36:57:8c:1f:61:ac:03:d5:e0:97:3d:bf:2e:2a:1c:ec:b8:
         19:e5:83:4f:80:f9:1d:b5:b6:d2:1f:3f:c3:4f:a9:36:38:83:
         d8:ef:27:3b:a3:d8:d2:f7:28:60:56:00:19:b2:81:71:45:27:
         b0:6b:3b:40:ef:14:be:12:0b:0c:d9:83:e2:bc:2d:36:02:d4:
         0d:48:ea:7a:32:d7:d2:8d:0b:10:64:8e:e8:2c:48:ea:74:34:
         51:69:41:7a:cd:58:c6:57:77:6f:5c:ff:3b:d0:b9:54:3b:a2:
         8a:53:50:94:59:e5:94:ac:21:05:f1:4e:d2:2e:89:16:c8:81:
         42:b7:21:95:bb:e2:ef:0c:e7:60:2c:e0:40:52:65:01:2a:dd:
         48:b2:56:51:ed:44:11:b9:cc:c9:d4:55:d0:b1:2c:a0:4d:b1:
         ac:d7:e7:68:01:6a:ff:c5:0d:29:55:be:12:88:64:ee:cf:69:
         67:0f:6b:be:cc:e5:b4:0d:ee:db:8b:fd:e6:48:44:79:5f:9f:
         80:4d:6b:c1:79:8c:07:f6:53:cf:8b:2e:18:ad:71:0d:21:d4:
         56:2c:84:be
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj1qdx/OnT0cSl8VKQ1F2MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyOGZkZTJiZmM2M2VmZTNkMTMyZGRhYzc4MzdlMTVjN2Y0
YjQ5ZjQwHhcNMjUwMTAxMjE0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2IxYzhjMzM1YmNmZGMzNmIyZGU2YTk2NDdiODA3NDg2NDE2MWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaBPwBuRXWuXNBaoQEjVO3ZA8YME
H2Ac8/q7hhUaOSeKUwlRdX4tz2+0A6dCMOmnsFPCHjGO1aOJHC+ShhORgZ3Iqg3V
AXMYzWX2tiD3Ls8+/uf7BHhC644l4IX2BDGxX4UqBd1vL781oZL4NrKZF5SKG7Lx
aJxdNxEW+7/4ld2y3cZuwd8am9wBpUvBTUIDsTzNTNkDUx/xoIrglE058YAO7neo
KyYDTnlsCE/fbi1pAwDsM63pVxVlSQXiwpWeibcxudoHTt6MEmlnm6gUh2nyWczx
Qne7cVoO4z/+EbWU0UOLh8ZqireO7ZArRUyKducIJCOmIJk/GsCs32p9pwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHyxyMM1vP3Day3mqWR7gHSGQWHMMB8GA1UdIwQY
MBaAFBKP3iv8Y+/j0TLdrHg34Vx/S0n0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW9fZUtfeGo3LVBSTXQyc2VEZmhYSDlMU2ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9hOWY4MWUtNzliMi00YzJlLTlmM2Ut
N2MyNGVmMDI1OWRiLzEvZkxISXd6VzhfY05yTGVhcFpIdUFkSVpCWWN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9hOWY4MWUtNzliMi00YzJlLTlmM2UtN2MyNGVmMDI1OWRi
LzEvRW9fZUtfeGo3LVBSTXQyc2VEZmhYSDlMU2ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwVT4AwQB
wWn0MA0GCSqGSIb3DQEBCwUAA4IBAQA8JdjKPRd91N1tF13qe2HEa+zO9EwdwvKv
nUbuxmsxC8sYbewRNleMH2GsA9Xglz2/Lioc7LgZ5YNPgPkdtbbSHz/DT6k2OIPY
7yc7o9jS9yhgVgAZsoFxRSewaztA7xS+EgsM2YPivC02AtQNSOp6MtfSjQsQZI7o
LEjqdDRRaUF6zVjGV3dvXP870LlUO6KKU1CUWeWUrCEF8U7SLokWyIFCtyGVu+Lv
DOdgLOBAUmUBKt1IslZR7UQRuczJ1FXQsSygTbGs1+doAWr/xQ0pVb4SiGTuz2ln
D2u+zOW0De7bi/3mSER5X5+ATWvBeYwH9lPPiy4YrXENIdRWLIS+
-----END CERTIFICATE-----