Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/4b83db-f4ff-4f0c-a3f6-154574fbb389/1/PXbhZwxgnHhuLjwlWCx5dOlGReg.roa
File:                     PXbhZwxgnHhuLjwlWCx5dOlGReg.roa (raw, json)
Hash identifier:          j01BLIn3vk3ptsAnq3fQBlO6Lv4NALx1Y8dTw8r7J30=
Subject key identifier:   3D:76:E1:67:0C:60:9C:78:6E:2E:3C:25:58:2C:79:74:E9:46:45:E8
Certificate issuer:       /CN=7339870e10262c6709b7b61637134b5f9a6c78ca
Certificate serial:       0194266C2BF443113FDB83721AFAE9FCB742
Authority key identifier: 73:39:87:0E:10:26:2C:67:09:B7:B6:16:37:13:4B:5F:9A:6C:78:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/czmHDhAmLGcJt7YWNxNLX5pseMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/4b83db-f4ff-4f0c-a3f6-154574fbb389/1/PXbhZwxgnHhuLjwlWCx5dOlGReg.roa
Signing time:             Thu 02 Jan 2025 09:50:10 +0000
ROA not before:           Thu 02 Jan 2025 09:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25091
IP address blocks:        213.139.244.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/4b83db-f4ff-4f0c-a3f6-154574fbb389/1/czmHDhAmLGcJt7YWNxNLX5pseMo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/4b83db-f4ff-4f0c-a3f6-154574fbb389/1/czmHDhAmLGcJt7YWNxNLX5pseMo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/czmHDhAmLGcJt7YWNxNLX5pseMo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:2b:f4:43:11:3f:db:83:72:1a:fa:e9:fc:b7:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7339870e10262c6709b7b61637134b5f9a6c78ca
        Validity
            Not Before: Jan  2 09:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d76e1670c609c786e2e3c25582c7974e94645e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:fc:f1:03:ad:86:a9:97:4b:cd:12:ee:57:fb:
                    ef:0c:8c:19:19:92:ab:07:bf:42:66:83:93:37:bf:
                    60:f7:e3:10:32:ff:05:83:17:e6:f5:e1:6c:b9:df:
                    b3:b7:6f:f4:89:55:b2:8d:32:7c:8a:0c:ff:4c:87:
                    41:35:8c:27:9d:be:27:2f:9e:3f:e2:c5:4e:1d:53:
                    46:72:72:62:9a:95:a9:72:62:dc:75:e0:c3:83:4e:
                    94:be:9f:0c:b0:af:57:9a:f7:f0:8d:31:14:4f:b1:
                    5a:80:ed:cb:86:b4:e5:f2:1a:c7:f7:c3:70:40:da:
                    69:b6:4b:37:e7:3e:71:96:66:6f:82:1e:f4:5d:49:
                    0a:9c:53:3a:81:62:ae:d4:ba:f0:1d:3b:75:26:f8:
                    c5:6a:8c:aa:4f:8b:68:75:64:dd:68:07:27:3c:c7:
                    a0:3f:8e:33:f4:0e:6c:fb:59:23:f4:66:7b:50:99:
                    48:dd:4d:0a:04:89:24:23:bc:d3:ca:e1:50:ea:11:
                    c4:9b:1b:f6:b9:60:e8:a0:78:7c:81:71:fb:67:00:
                    a2:4c:a4:8a:90:32:6c:15:f1:b9:88:f6:e4:72:c9:
                    a2:72:69:ab:35:89:f5:f2:35:07:d5:78:ed:16:bc:
                    ac:cb:d4:f8:cf:f6:92:5c:96:98:0a:3f:a0:ee:9e:
                    63:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:76:E1:67:0C:60:9C:78:6E:2E:3C:25:58:2C:79:74:E9:46:45:E8
            X509v3 Authority Key Identifier:
                keyid:73:39:87:0E:10:26:2C:67:09:B7:B6:16:37:13:4B:5F:9A:6C:78:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/czmHDhAmLGcJt7YWNxNLX5pseMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/4b83db-f4ff-4f0c-a3f6-154574fbb389/1/PXbhZwxgnHhuLjwlWCx5dOlGReg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/4b83db-f4ff-4f0c-a3f6-154574fbb389/1/czmHDhAmLGcJt7YWNxNLX5pseMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:78:43:c0:0e:45:1d:e0:d4:42:55:b1:c4:24:3c:08:f7:6f:
         ec:82:47:c6:e3:2a:dd:68:7d:50:ed:e3:bf:e0:23:cb:18:28:
         46:8c:9d:f3:dc:d8:8a:81:89:d5:ff:50:b7:26:7d:b8:b6:11:
         46:4b:a3:32:4c:32:a1:52:37:d6:db:e9:4f:7b:03:de:9f:fb:
         89:1a:3b:b2:9e:01:63:36:69:7a:64:65:c5:9c:9c:58:97:51:
         72:0d:87:99:3b:56:61:aa:87:4b:fd:ef:b5:e4:07:0a:c3:f3:
         7f:08:7b:d4:08:0c:60:7c:63:b9:d4:b2:a6:24:8d:55:25:e7:
         06:7e:3c:8a:2d:e8:ca:59:3c:5d:89:40:6f:15:5e:c8:ee:dd:
         92:4c:c1:bd:cb:96:5a:f2:05:4e:7a:dc:20:10:4a:d9:1b:29:
         da:0f:27:8a:23:83:9c:aa:63:46:d9:17:71:87:94:80:08:9d:
         ec:ef:ca:79:05:ac:bf:f9:1f:c9:a7:97:80:38:0f:ba:fd:52:
         ed:6b:00:62:3b:ea:9a:80:1c:f9:e7:12:f6:02:59:6e:47:99:
         23:98:16:3c:d4:2c:17:6b:01:c3:cb:02:b3:39:7f:fd:c1:de:
         68:fc:5c:cf:f2:3e:31:6a:b3:c3:1e:78:68:14:0e:72:68:e7:
         ef:00:77:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbCv0QxE/24NyGvrp/LdCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczMzk4NzBlMTAyNjJjNjcwOWI3YjYxNjM3MTM0YjVmOWE2
Yzc4Y2EwHhcNMjUwMTAyMDk1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDc2ZTE2NzBjNjA5Yzc4NmUyZTNjMjU1ODJjNzk3NGU5NDY0NWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfzxA62GqZdLzRLuV/vvDIwZGZKr
B79CZoOTN79g9+MQMv8Fgxfm9eFsud+zt2/0iVWyjTJ8igz/TIdBNYwnnb4nL54/
4sVOHVNGcnJimpWpcmLcdeDDg06Uvp8MsK9XmvfwjTEUT7FagO3LhrTl8hrH98Nw
QNpptks35z5xlmZvgh70XUkKnFM6gWKu1LrwHTt1JvjFaoyqT4todWTdaAcnPMeg
P44z9A5s+1kj9GZ7UJlI3U0KBIkkI7zTyuFQ6hHEmxv2uWDooHh8gXH7ZwCiTKSK
kDJsFfG5iPbkcsmicmmrNYn18jUH1XjtFrysy9T4z/aSXJaYCj+g7p5jnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD124WcMYJx4bi48JVgseXTpRkXoMB8GA1UdIwQY
MBaAFHM5hw4QJixnCbe2FjcTS1+abHjKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3ptSERoQW1MR2NKdDdZV054TkxYNXBzZU1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS80YjgzZGItZjRmZi00ZjBjLWEzZjYt
MTU0NTc0ZmJiMzg5LzEvUFhiaFp3eGduSGh1TGp3bFdDeDVkT2xHUmVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS80YjgzZGItZjRmZi00ZjBjLWEzZjYtMTU0NTc0ZmJiMzg5
LzEvY3ptSERoQW1MR2NKdDdZV054TkxYNXBzZU1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1Yv0MA0G
CSqGSIb3DQEBCwUAA4IBAQB1eEPADkUd4NRCVbHEJDwI92/sgkfG4yrdaH1Q7eO/
4CPLGChGjJ3z3NiKgYnV/1C3Jn24thFGS6MyTDKhUjfW2+lPewPen/uJGjuyngFj
Nml6ZGXFnJxYl1FyDYeZO1ZhqodL/e+15AcKw/N/CHvUCAxgfGO51LKmJI1VJecG
fjyKLejKWTxdiUBvFV7I7t2STMG9y5Za8gVOetwgEErZGynaDyeKI4OcqmNG2Rdx
h5SACJ3s78p5Bay/+R/Jp5eAOA+6/VLtawBiO+qagBz55xL2AlluR5kjmBY81CwX
awHDywKzOX/9wd5o/FzP8j4xarPDHnhoFA5yaOfvAHfe
-----END CERTIFICATE-----