Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/a48388-2ed7-44cf-9557-f38b289ff969/1/rZdLB-nkZ2OLpeWsHhrhAYZ-Yb0.roa
File:                     rZdLB-nkZ2OLpeWsHhrhAYZ-Yb0.roa (raw, json)
Hash identifier:          ONBID9kxST62ok3WcSlhvuvF7lzwreYA67GNbNM2J58=
Subject key identifier:   AD:97:4B:07:E9:E4:67:63:8B:A5:E5:AC:1E:1A:E1:01:86:7E:61:BD
Certificate issuer:       /CN=256452a3420f4f18dfa3a14d26b3348fdfcf3d3b
Certificate serial:       018CC3492A1D5B9204B81645CB1A9A7E58F2
Authority key identifier: 25:64:52:A3:42:0F:4F:18:DF:A3:A1:4D:26:B3:34:8F:DF:CF:3D:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JWRSo0IPTxjfo6FNJrM0j9_PPTs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/a48388-2ed7-44cf-9557-f38b289ff969/1/rZdLB-nkZ2OLpeWsHhrhAYZ-Yb0.roa
Signing time:             Mon 01 Jan 2024 04:30:01 +0000
ROA not before:           Mon 01 Jan 2024 04:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41480
IP address blocks:        193.25.97.0/24 maxlen: 24
                          193.25.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/a48388-2ed7-44cf-9557-f38b289ff969/1/JWRSo0IPTxjfo6FNJrM0j9_PPTs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/a48388-2ed7-44cf-9557-f38b289ff969/1/JWRSo0IPTxjfo6FNJrM0j9_PPTs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JWRSo0IPTxjfo6FNJrM0j9_PPTs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:2a:1d:5b:92:04:b8:16:45:cb:1a:9a:7e:58:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=256452a3420f4f18dfa3a14d26b3348fdfcf3d3b
        Validity
            Not Before: Jan  1 04:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad974b07e9e467638ba5e5ac1e1ae101867e61bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:3a:28:fb:3b:e6:74:6c:ce:27:b2:c3:ac:97:
                    81:58:9d:d6:f5:2b:1a:2c:49:2f:e7:3d:e1:76:65:
                    63:2d:8b:93:60:a4:77:aa:82:c4:16:ac:62:36:ce:
                    a8:9e:dc:09:83:59:22:fa:eb:b2:d0:71:f9:8e:c7:
                    2c:9d:48:c3:8f:37:96:56:18:72:6b:65:db:81:af:
                    db:20:ed:0e:c4:21:53:df:8c:5e:c8:fe:8b:6c:70:
                    ed:b4:18:8a:d0:51:ff:d2:fb:81:85:55:6d:f0:34:
                    a7:96:03:47:6c:c2:91:79:f4:15:f4:2a:a3:e0:10:
                    b7:28:24:d6:ce:15:69:6a:69:27:e4:b4:6b:91:5b:
                    e1:51:10:28:69:1f:47:98:da:b4:b3:3e:8c:98:ac:
                    80:26:57:3c:9a:51:10:25:3a:f2:f3:52:dd:17:8d:
                    8e:68:98:16:15:83:e1:55:57:d6:f2:a2:c4:42:8d:
                    4a:f4:ce:b4:2e:dd:8b:b6:b6:08:0d:01:ae:a0:a5:
                    04:0a:94:7c:d7:fa:3f:83:b0:fb:a1:fe:30:f8:9c:
                    be:46:af:f9:be:1f:1c:3c:90:76:43:a9:51:7b:f8:
                    8b:ca:4d:b0:d8:32:5d:4f:a1:f6:dc:1a:41:22:70:
                    55:47:ed:49:ad:82:20:5a:9d:ca:3c:86:2a:24:13:
                    ef:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:97:4B:07:E9:E4:67:63:8B:A5:E5:AC:1E:1A:E1:01:86:7E:61:BD
            X509v3 Authority Key Identifier:
                keyid:25:64:52:A3:42:0F:4F:18:DF:A3:A1:4D:26:B3:34:8F:DF:CF:3D:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JWRSo0IPTxjfo6FNJrM0j9_PPTs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/a48388-2ed7-44cf-9557-f38b289ff969/1/rZdLB-nkZ2OLpeWsHhrhAYZ-Yb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/a48388-2ed7-44cf-9557-f38b289ff969/1/JWRSo0IPTxjfo6FNJrM0j9_PPTs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:86:b3:31:29:3a:26:b0:25:66:b0:09:13:2a:5f:7d:5e:53:
         d2:35:50:3c:3d:e6:43:91:fb:21:02:3f:fa:82:b4:cd:28:a5:
         07:2b:a4:c4:93:ad:f2:dd:4c:be:ad:a4:d3:86:65:0f:7c:76:
         f1:da:7c:01:82:6b:cc:4e:ec:37:f2:9a:f7:e0:e8:42:53:4e:
         49:aa:2b:0d:c3:a1:84:b7:c2:30:d6:7d:cf:f7:08:08:6e:43:
         19:af:0a:2a:51:a3:99:36:66:7b:a7:d1:9b:a4:16:41:6e:19:
         c5:9c:f3:e3:33:fe:7e:d3:60:c2:53:4c:ff:48:f1:e8:99:c6:
         1c:d1:1e:3e:a1:b9:0e:67:ec:83:e0:57:04:0f:8b:85:df:b6:
         ce:fd:19:f0:dc:94:5b:d5:41:5f:63:87:22:b5:b5:89:8a:a4:
         d9:04:ba:85:80:b2:91:10:77:ab:9c:31:d7:54:7c:d2:b0:98:
         29:fd:92:4c:f6:f3:c6:26:8d:10:b5:11:f5:35:a3:d4:aa:96:
         9d:e2:e5:ac:14:8b:3e:8e:bc:d1:47:cb:fe:c9:ee:de:79:1b:
         0d:07:32:f3:6b:8a:06:59:9f:b6:7b:5a:78:0f:35:8b:36:60:
         21:cf:f2:eb:e0:7b:bf:3a:54:cb:6c:81:09:50:b5:86:6e:46:
         0e:c6:bd:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSSodW5IEuBZFyxqafljyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NjQ1MmEzNDIwZjRmMThkZmEzYTE0ZDI2YjMzNDhmZGZj
ZjNkM2IwHhcNMjQwMTAxMDQzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDk3NGIwN2U5ZTQ2NzYzOGJhNWU1YWMxZTFhZTEwMTg2N2U2MWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzoo+zvmdGzOJ7LDrJeBWJ3W9Ssa
LEkv5z3hdmVjLYuTYKR3qoLEFqxiNs6ontwJg1ki+uuy0HH5jscsnUjDjzeWVhhy
a2Xbga/bIO0OxCFT34xeyP6LbHDttBiK0FH/0vuBhVVt8DSnlgNHbMKRefQV9Cqj
4BC3KCTWzhVpamkn5LRrkVvhURAoaR9HmNq0sz6MmKyAJlc8mlEQJTry81LdF42O
aJgWFYPhVVfW8qLEQo1K9M60Lt2LtrYIDQGuoKUECpR81/o/g7D7of4w+Jy+Rq/5
vh8cPJB2Q6lRe/iLyk2w2DJdT6H23BpBInBVR+1JrYIgWp3KPIYqJBPvnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK2XSwfp5Gdji6XlrB4a4QGGfmG9MB8GA1UdIwQY
MBaAFCVkUqNCD08Y36OhTSazNI/fzz07MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSldSU28wSVBUeGpmbzZGTkpyTTBqOV9QUFRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9hNDgzODgtMmVkNy00NGNmLTk1NTct
ZjM4YjI4OWZmOTY5LzEvclpkTEItbmtaMk9McGVXc0hocmhBWVotWWIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9hNDgzODgtMmVkNy00NGNmLTk1NTctZjM4YjI4OWZmOTY5
LzEvSldSU28wSVBUeGpmbzZGTkpyTTBqOV9QUFRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwRlgMA0G
CSqGSIb3DQEBCwUAA4IBAQB7hrMxKTomsCVmsAkTKl99XlPSNVA8PeZDkfshAj/6
grTNKKUHK6TEk63y3Uy+raTThmUPfHbx2nwBgmvMTuw38pr34OhCU05JqisNw6GE
t8Iw1n3P9wgIbkMZrwoqUaOZNmZ7p9GbpBZBbhnFnPPjM/5+02DCU0z/SPHomcYc
0R4+obkOZ+yD4FcED4uF37bO/Rnw3JRb1UFfY4citbWJiqTZBLqFgLKREHernDHX
VHzSsJgp/ZJM9vPGJo0QtRH1NaPUqpad4uWsFIs+jrzRR8v+ye7eeRsNBzLza4oG
WZ+2e1p4DzWLNmAhz/Lr4Hu/OlTLbIEJULWGbkYOxr32
-----END CERTIFICATE-----