Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/mA4IEAHXR0LDJS0AO7AgvdyymfA.roa
File:                     mA4IEAHXR0LDJS0AO7AgvdyymfA.roa (raw, json)
Hash identifier:          B62czMPy2pKQJ5FL2R2C5ZUZdywtpL+Cj+O5hZ16Rv4=
Subject key identifier:   98:0E:08:10:01:D7:47:42:C3:25:2D:00:3B:B0:20:BD:DC:B2:99:F0
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       0194221FDC6D761462B29B4F30F41D94D060
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/mA4IEAHXR0LDJS0AO7AgvdyymfA.roa
Signing time:             Wed 01 Jan 2025 13:48:20 +0000
ROA not before:           Wed 01 Jan 2025 13:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206446
IP address blocks:        213.137.84.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:dc:6d:76:14:62:b2:9b:4f:30:f4:1d:94:d0:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: Jan  1 13:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=980e081001d74742c3252d003bb020bddcb299f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:0d:b5:c5:20:57:8f:06:4f:22:0e:89:d3:0d:
                    21:62:83:4c:a8:6a:1f:67:fe:01:05:fc:cc:4c:97:
                    ea:8d:66:13:e4:30:90:92:62:05:3a:ab:fb:9d:b7:
                    16:30:ce:f8:c1:c5:fd:6a:f3:96:39:09:62:d8:99:
                    de:b1:a8:a9:c3:49:c9:23:f0:75:91:60:da:b1:69:
                    3b:49:1c:0c:ca:58:81:9f:5a:67:d7:57:15:54:e0:
                    58:4b:ac:db:6c:0d:d3:cd:4d:a4:bd:06:95:96:a6:
                    a5:44:5f:71:37:51:3f:4d:f7:b7:12:32:cd:b2:fa:
                    f6:7a:e6:f8:19:9f:15:ee:90:ad:db:f3:86:c4:8c:
                    93:e1:ed:4e:e0:02:e8:19:9f:e8:26:e0:2c:fb:55:
                    fa:3e:41:85:63:04:9f:7a:33:ad:fd:00:00:96:b3:
                    4f:91:39:8c:84:24:3a:8a:ae:d9:a7:d2:b9:c2:68:
                    e0:0a:dc:28:91:e5:18:11:6d:33:48:43:ba:cb:a6:
                    e5:d4:f8:ff:a4:56:9f:4e:98:e3:91:81:c0:53:86:
                    f4:24:52:97:ba:27:26:f8:15:6b:b5:65:ea:06:a0:
                    84:88:e8:32:87:cb:07:26:25:6e:9b:81:5b:80:65:
                    36:fe:c5:eb:f8:45:0e:46:4d:16:21:49:1a:38:cd:
                    55:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:0E:08:10:01:D7:47:42:C3:25:2D:00:3B:B0:20:BD:DC:B2:99:F0
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/mA4IEAHXR0LDJS0AO7AgvdyymfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.137.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:52:c8:8b:14:f4:0b:bc:76:0c:b2:37:33:8c:9b:30:cf:35:
         54:75:58:bb:44:fd:e6:74:ef:d1:4b:6f:06:c6:12:c1:6e:0f:
         27:35:02:bd:3c:6b:c8:7d:e5:f9:77:75:ff:d6:b5:38:f4:3d:
         88:62:a6:0a:c3:aa:7a:c1:ee:c0:6b:70:6e:94:bc:0a:dd:16:
         df:b9:dc:fd:48:15:69:7a:ae:a5:61:fe:4b:8b:fa:4f:dd:08:
         ca:0f:0c:59:2b:a1:4b:40:38:02:23:c6:2b:d7:8d:2f:ad:9c:
         e7:e0:e9:d4:ba:c8:f3:50:d9:fe:d3:26:44:59:9f:ed:82:36:
         06:01:2f:ee:8d:0f:17:89:4f:f8:69:2e:9b:e5:20:71:a2:61:
         4e:ec:82:9b:72:34:16:ac:ca:83:97:4f:2d:2d:09:07:52:c8:
         d2:8d:bb:60:e7:75:1d:c0:7a:c4:b0:41:bc:dd:82:77:46:fc:
         af:73:42:c6:01:11:2b:32:dd:a6:54:e8:83:86:c9:6b:12:a4:
         ec:c1:39:f9:13:f8:6b:86:15:72:8e:a0:4a:50:5f:fd:16:ab:
         7c:5d:be:91:36:54:47:07:f7:8a:65:8c:b8:5e:6c:de:79:48:
         57:50:4a:ad:7e:77:d1:00:69:4c:50:8e:c0:20:ea:20:11:18:
         8b:00:90:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH9xtdhRisptPMPQdlNBgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjUwMTAxMTM0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODBlMDgxMDAxZDc0NzQyYzMyNTJkMDAzYmIwMjBiZGRjYjI5OWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqA21xSBXjwZPIg6J0w0hYoNMqGof
Z/4BBfzMTJfqjWYT5DCQkmIFOqv7nbcWMM74wcX9avOWOQli2Jnesaipw0nJI/B1
kWDasWk7SRwMyliBn1pn11cVVOBYS6zbbA3TzU2kvQaVlqalRF9xN1E/Tfe3EjLN
svr2eub4GZ8V7pCt2/OGxIyT4e1O4ALoGZ/oJuAs+1X6PkGFYwSfejOt/QAAlrNP
kTmMhCQ6iq7Zp9K5wmjgCtwokeUYEW0zSEO6y6bl1Pj/pFafTpjjkYHAU4b0JFKX
uicm+BVrtWXqBqCEiOgyh8sHJiVum4FbgGU2/sXr+EUORk0WIUkaOM1VHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJgOCBAB10dCwyUtADuwIL3cspnwMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvbUE0SUVBSFhSMExESlMwQU83QWd2ZHl5bWZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1YlUMA0G
CSqGSIb3DQEBCwUAA4IBAQA6UsiLFPQLvHYMsjczjJswzzVUdVi7RP3mdO/RS28G
xhLBbg8nNQK9PGvIfeX5d3X/1rU49D2IYqYKw6p6we7Aa3BulLwK3Rbfudz9SBVp
eq6lYf5Li/pP3QjKDwxZK6FLQDgCI8Yr140vrZzn4OnUusjzUNn+0yZEWZ/tgjYG
AS/ujQ8XiU/4aS6b5SBxomFO7IKbcjQWrMqDl08tLQkHUsjSjbtg53UdwHrEsEG8
3YJ3Rvyvc0LGARErMt2mVOiDhslrEqTswTn5E/hrhhVyjqBKUF/9Fqt8Xb6RNlRH
B/eKZYy4XmzeeUhXUEqtfnfRAGlMUI7AIOogERiLAJCP
-----END CERTIFICATE-----