Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/lFwxYJ9NT0Uy9IOwwYFb_vwGrhw.roa
File:                     lFwxYJ9NT0Uy9IOwwYFb_vwGrhw.roa (raw, json)
Hash identifier:          z+R9el6Zb5OurCcNqlSTJDxPuVgrOIIhwKwpE5Vc65M=
Subject key identifier:   94:5C:31:60:9F:4D:4F:45:32:F4:83:B0:C1:81:5B:FE:FC:06:AE:1C
Certificate issuer:       /CN=2d28cfa3fd2da9caaa659284758dee67099934f8
Certificate serial:       0195B89F42C93CB2316489E6B3821E6588C0
Authority key identifier: 2D:28:CF:A3:FD:2D:A9:CA:AA:65:92:84:75:8D:EE:67:09:99:34:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LSjPo_0tqcqqZZKEdY3uZwmZNPg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/lFwxYJ9NT0Uy9IOwwYFb_vwGrhw.roa
Signing time:             Fri 21 Mar 2025 12:13:19 +0000
ROA not before:           Fri 21 Mar 2025 12:13:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198735
IP address blocks:        217.145.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/LSjPo_0tqcqqZZKEdY3uZwmZNPg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/LSjPo_0tqcqqZZKEdY3uZwmZNPg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LSjPo_0tqcqqZZKEdY3uZwmZNPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Apr 2025 19:45:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b8:9f:42:c9:3c:b2:31:64:89:e6:b3:82:1e:65:88:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d28cfa3fd2da9caaa659284758dee67099934f8
        Validity
            Not Before: Mar 21 12:13:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=945c31609f4d4f4532f483b0c1815bfefc06ae1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:50:b5:49:d5:ed:4f:6d:02:e0:7c:64:4a:dc:
                    3f:b0:95:ec:c2:86:5b:c1:24:9e:3f:56:bc:67:98:
                    7a:06:b3:13:78:e6:2f:d5:fc:6e:9f:f8:f3:2a:24:
                    d5:d6:d4:a9:28:41:a1:71:61:32:1f:e4:e4:ff:f1:
                    ea:a1:9b:58:ba:ab:ac:47:22:44:38:27:23:14:0b:
                    d1:cc:7e:3a:e2:d1:19:d8:8b:a4:5c:89:d8:81:16:
                    84:11:3c:0e:ac:97:cf:f0:86:43:42:db:12:88:85:
                    cb:6f:bd:7b:04:92:c1:ec:c9:3f:3a:64:9a:39:5d:
                    e3:a1:ff:59:1f:e5:c9:ce:0b:f6:87:2b:9f:9d:c8:
                    ff:18:62:c6:09:69:02:ce:46:81:9d:8a:38:97:d5:
                    c9:92:3c:8b:79:f0:ba:79:92:f0:4b:da:7f:8d:a4:
                    bf:d0:85:0a:8f:00:83:e1:f7:a4:d2:72:39:30:1a:
                    8a:ae:b9:5d:38:56:28:6c:2c:67:29:c5:ef:31:f1:
                    25:b5:94:7a:4e:b5:25:ee:43:66:cd:9b:21:08:7f:
                    90:8d:95:db:5a:8a:f6:db:3e:c0:ae:0f:5f:66:b9:
                    e0:7b:5c:e3:f8:47:37:e1:e8:24:1c:53:6c:61:f5:
                    5e:36:37:e1:6f:71:62:f6:83:50:41:aa:37:ea:d2:
                    83:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:5C:31:60:9F:4D:4F:45:32:F4:83:B0:C1:81:5B:FE:FC:06:AE:1C
            X509v3 Authority Key Identifier:
                keyid:2D:28:CF:A3:FD:2D:A9:CA:AA:65:92:84:75:8D:EE:67:09:99:34:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LSjPo_0tqcqqZZKEdY3uZwmZNPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/lFwxYJ9NT0Uy9IOwwYFb_vwGrhw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/febab0-d93a-4704-9a71-3ad52e8b9628/1/LSjPo_0tqcqqZZKEdY3uZwmZNPg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.145.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         de:6a:82:1c:c9:d2:d5:1d:11:b9:dd:78:66:67:b6:06:47:18:
         3a:4e:74:01:f3:3c:76:06:29:3f:de:f5:bd:83:03:6e:67:73:
         07:2c:b7:c0:d8:d7:b4:c5:73:50:72:b6:08:9a:a3:ca:be:2e:
         79:1d:00:54:f2:71:55:fb:0c:55:fe:ae:fd:95:95:fd:8d:c9:
         b9:4d:42:f0:7c:8f:d5:a1:38:ac:de:d5:13:53:24:55:09:ac:
         9a:f9:ef:06:aa:48:3d:05:e3:25:a3:fd:76:5e:ea:ad:51:fc:
         3f:68:d1:41:4c:a8:e9:6f:4b:49:ff:24:2d:7e:97:aa:51:6b:
         43:fb:e6:ca:56:7c:6e:06:0d:03:ae:74:36:8b:d4:85:b3:23:
         f0:aa:a5:ee:30:bf:5c:d7:47:28:42:b1:1b:ec:7f:24:10:d5:
         b5:76:68:15:b1:b7:60:ac:7f:d8:75:7b:6a:96:de:71:6d:ce:
         6c:c8:99:da:fb:3b:6d:c9:ef:e2:13:0e:b2:ba:58:4f:55:50:
         de:4b:b3:86:38:11:69:1b:5f:e2:52:ed:76:8d:51:4b:4a:f9:
         51:e1:93:de:56:a2:3a:4e:c3:9d:ca:51:32:5e:2b:6b:0d:2a:
         f3:8d:30:61:c9:9e:41:39:65:33:1d:03:31:96:b4:46:03:1a:
         a3:65:94:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZW4n0LJPLIxZInms4IeZYjAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMjhjZmEzZmQyZGE5Y2FhYTY1OTI4NDc1OGRlZTY3MDk5
OTM0ZjgwHhcNMjUwMzIxMTIxMzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDVjMzE2MDlmNGQ0ZjQ1MzJmNDgzYjBjMTgxNWJmZWZjMDZhZTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7FC1SdXtT20C4HxkStw/sJXswoZb
wSSeP1a8Z5h6BrMTeOYv1fxun/jzKiTV1tSpKEGhcWEyH+Tk//HqoZtYuqusRyJE
OCcjFAvRzH464tEZ2IukXInYgRaEETwOrJfP8IZDQtsSiIXLb717BJLB7Mk/OmSa
OV3jof9ZH+XJzgv2hyufncj/GGLGCWkCzkaBnYo4l9XJkjyLefC6eZLwS9p/jaS/
0IUKjwCD4fek0nI5MBqKrrldOFYobCxnKcXvMfEltZR6TrUl7kNmzZshCH+QjZXb
Wor22z7Arg9fZrnge1zj+Ec34egkHFNsYfVeNjfhb3Fi9oNQQao36tKDHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJRcMWCfTU9FMvSDsMGBW/78Bq4cMB8GA1UdIwQY
MBaAFC0oz6P9LanKqmWShHWN7mcJmTT4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFNqUG9fMHRxY3FxWlpLRWRZM3Vad21aTlBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mZWJhYjAtZDkzYS00NzA0LTlhNzEt
M2FkNTJlOGI5NjI4LzEvbEZ3eFlKOU5UMFV5OUlPd3dZRmJfdndHcmh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mZWJhYjAtZDkzYS00NzA0LTlhNzEtM2FkNTJlOGI5NjI4
LzEvTFNqUG9fMHRxY3FxWlpLRWRZM3Vad21aTlBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZHnMA0G
CSqGSIb3DQEBCwUAA4IBAQDeaoIcydLVHRG53XhmZ7YGRxg6TnQB8zx2Bik/3vW9
gwNuZ3MHLLfA2Ne0xXNQcrYImqPKvi55HQBU8nFV+wxV/q79lZX9jcm5TULwfI/V
oTis3tUTUyRVCaya+e8Gqkg9BeMlo/12XuqtUfw/aNFBTKjpb0tJ/yQtfpeqUWtD
++bKVnxuBg0DrnQ2i9SFsyPwqqXuML9c10coQrEb7H8kENW1dmgVsbdgrH/YdXtq
lt5xbc5syJna+zttye/iEw6yulhPVVDeS7OGOBFpG1/iUu12jVFLSvlR4ZPeVqI6
TsOdylEyXitrDSrzjTBhyZ5BOWUzHQMxlrRGAxqjZZTv
-----END CERTIFICATE-----