Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/5fd88e-ffb6-4652-a990-3d8bc89b4427/1/R2xDf0hT3bwTslHF7Ulhf-HarRU.roa
File:                     R2xDf0hT3bwTslHF7Ulhf-HarRU.roa (raw, json)
Hash identifier:          NAVYlsHQmPmwP3TvDnFkO23YGDJlDkO0kffvGr4O5Zs=
Subject key identifier:   47:6C:43:7F:48:53:DD:BC:13:B2:51:C5:ED:49:61:7F:E1:DA:AD:15
Certificate issuer:       /CN=94306f68aea4bae124fac85f2c9aa3f5ae850113
Certificate serial:       0195CCF56788AAE6D79B3C328AD624BFFAA3
Authority key identifier: 94:30:6F:68:AE:A4:BA:E1:24:FA:C8:5F:2C:9A:A3:F5:AE:85:01:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lDBvaK6kuuEk-shfLJqj9a6FARM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/5fd88e-ffb6-4652-a990-3d8bc89b4427/1/R2xDf0hT3bwTslHF7Ulhf-HarRU.roa
Signing time:             Tue 25 Mar 2025 10:59:49 +0000
ROA not before:           Tue 25 Mar 2025 10:59:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213541
IP address blocks:        194.76.192.0/24 maxlen: 24
                          194.76.218.0/24 maxlen: 24
                          194.76.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/5fd88e-ffb6-4652-a990-3d8bc89b4427/1/lDBvaK6kuuEk-shfLJqj9a6FARM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/5fd88e-ffb6-4652-a990-3d8bc89b4427/1/lDBvaK6kuuEk-shfLJqj9a6FARM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lDBvaK6kuuEk-shfLJqj9a6FARM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 13:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:cc:f5:67:88:aa:e6:d7:9b:3c:32:8a:d6:24:bf:fa:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94306f68aea4bae124fac85f2c9aa3f5ae850113
        Validity
            Not Before: Mar 25 10:59:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=476c437f4853ddbc13b251c5ed49617fe1daad15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:eb:9f:a5:f7:1d:29:8d:88:c7:fb:8a:93:c0:
                    1b:3a:18:f7:c8:84:e4:36:66:f5:fa:fb:64:21:3d:
                    00:95:1c:cb:54:19:cf:40:ee:5d:b4:6b:11:ef:d1:
                    25:26:dc:fa:83:2f:98:b2:c1:2d:6a:84:07:d3:a6:
                    ff:3d:e8:ab:08:ad:94:31:14:1e:79:2d:54:f3:06:
                    d2:9f:59:2a:dc:b5:16:9d:90:59:fd:bd:23:64:57:
                    ad:b1:cc:be:39:e1:f8:2d:44:25:26:ed:be:f3:ef:
                    80:69:74:28:7a:0b:97:1f:e3:34:1e:32:19:73:31:
                    b9:ac:17:39:e8:ec:7f:06:15:76:e3:0f:dd:3d:8a:
                    5b:e1:be:98:41:38:b5:bf:c2:57:a0:0a:76:64:4f:
                    15:51:b0:d0:1d:67:8d:0b:39:aa:ce:19:e6:dd:52:
                    23:34:bd:2f:d8:ca:1b:df:00:29:68:f0:53:e5:0e:
                    e6:ea:e4:be:36:59:88:60:96:e7:c9:c2:61:f8:93:
                    14:e7:64:53:fb:59:c8:9f:26:21:00:10:05:cd:3d:
                    2a:5f:e5:9d:04:a2:d7:e0:2b:02:d8:3b:e4:76:43:
                    4b:96:2d:fb:10:7a:24:17:75:30:33:95:1c:ac:cc:
                    d5:b7:b7:64:3d:d1:8d:8f:c1:11:d4:b4:62:fb:20:
                    88:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:6C:43:7F:48:53:DD:BC:13:B2:51:C5:ED:49:61:7F:E1:DA:AD:15
            X509v3 Authority Key Identifier:
                keyid:94:30:6F:68:AE:A4:BA:E1:24:FA:C8:5F:2C:9A:A3:F5:AE:85:01:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lDBvaK6kuuEk-shfLJqj9a6FARM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/5fd88e-ffb6-4652-a990-3d8bc89b4427/1/R2xDf0hT3bwTslHF7Ulhf-HarRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/5fd88e-ffb6-4652-a990-3d8bc89b4427/1/lDBvaK6kuuEk-shfLJqj9a6FARM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.192.0/24
                  194.76.218.0/24
                  194.76.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:f7:92:ed:53:a8:d5:77:3d:1f:5f:f8:85:4f:e3:f5:da:83:
         45:bc:db:3a:57:f9:be:f0:70:9d:03:03:f3:75:22:4a:50:5a:
         b3:7b:a2:8c:20:8c:3b:65:4a:95:23:6f:37:c3:73:f5:24:0b:
         6d:45:92:23:42:ca:98:06:b7:99:93:db:1a:53:f9:86:09:2a:
         77:c4:9e:0e:26:6a:f5:59:b3:8e:1c:a0:69:41:52:76:af:33:
         f5:ee:b5:d2:8f:cb:b8:5d:13:ad:14:82:f1:20:05:d0:f4:bd:
         89:90:bb:1d:de:f0:49:41:5a:3b:6b:3e:6a:6a:4e:43:32:62:
         ce:f9:0e:ab:5b:d0:7f:fa:f8:ea:b4:3e:20:d3:04:48:e7:b7:
         8a:8b:ef:bf:af:ae:58:5f:57:c9:a1:00:c4:1f:35:32:23:c6:
         b9:11:a8:4f:57:4b:0d:35:23:e3:77:80:e9:76:8e:6b:8c:aa:
         ce:43:79:38:28:f2:09:fa:fd:89:74:10:1c:72:d0:6e:5d:5c:
         3d:db:23:b9:56:82:e0:45:d0:88:f1:fc:fd:13:2d:cb:71:5e:
         a0:a1:7b:d0:d6:ba:65:5e:32:a6:d7:d5:71:41:99:ab:15:57:
         7a:7c:3e:92:ac:e9:51:47:b1:7b:67:2d:67:79:3c:09:aa:a4:
         38:9e:87:83
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZXM9WeIqubXmzwyitYkv/qjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MzA2ZjY4YWVhNGJhZTEyNGZhYzg1ZjJjOWFhM2Y1YWU4
NTAxMTMwHhcNMjUwMzI1MTA1OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzZjNDM3ZjQ4NTNkZGJjMTNiMjUxYzVlZDQ5NjE3ZmUxZGFhZDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOufpfcdKY2Ix/uKk8AbOhj3yITk
Nmb1+vtkIT0AlRzLVBnPQO5dtGsR79ElJtz6gy+YssEtaoQH06b/PeirCK2UMRQe
eS1U8wbSn1kq3LUWnZBZ/b0jZFetscy+OeH4LUQlJu2+8++AaXQoeguXH+M0HjIZ
czG5rBc56Ox/BhV24w/dPYpb4b6YQTi1v8JXoAp2ZE8VUbDQHWeNCzmqzhnm3VIj
NL0v2Mob3wApaPBT5Q7m6uS+NlmIYJbnycJh+JMU52RT+1nInyYhABAFzT0qX+Wd
BKLX4CsC2DvkdkNLli37EHokF3UwM5UcrMzVt7dkPdGNj8ER1LRi+yCIkwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEdsQ39IU928E7JRxe1JYX/h2q0VMB8GA1UdIwQY
MBaAFJQwb2iupLrhJPrIXyyao/WuhQETMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbERCdmFLNmt1dUVrLXNoZkxKcWo5YTZGQVJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC81ZmQ4OGUtZmZiNi00NjUyLWE5OTAt
M2Q4YmM4OWI0NDI3LzEvUjJ4RGYwaFQzYndUc2xIRjdVbGhmLUhhclJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC81ZmQ4OGUtZmZiNi00NjUyLWE5OTAtM2Q4YmM4OWI0NDI3
LzEvbERCdmFLNmt1dUVrLXNoZkxKcWo5YTZGQVJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwkzAAwQA
wkzaAwQAwkzuMA0GCSqGSIb3DQEBCwUAA4IBAQBB95LtU6jVdz0fX/iFT+P12oNF
vNs6V/m+8HCdAwPzdSJKUFqze6KMIIw7ZUqVI283w3P1JAttRZIjQsqYBreZk9sa
U/mGCSp3xJ4OJmr1WbOOHKBpQVJ2rzP17rXSj8u4XROtFILxIAXQ9L2JkLsd3vBJ
QVo7az5qak5DMmLO+Q6rW9B/+vjqtD4g0wRI57eKi++/r65YX1fJoQDEHzUyI8a5
EahPV0sNNSPjd4Dpdo5rjKrOQ3k4KPIJ+v2JdBAcctBuXVw92yO5VoLgRdCI8fz9
Ey3LcV6goXvQ1rplXjKm19VxQZmrFVd6fD6SrOlRR7F7Zy1neTwJqqQ4noeD
-----END CERTIFICATE-----