Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/22d175-c71d-4637-a090-b19ad5455bfd/1/oXW8GWaKetGdBKsu2Z2IY-9T_9A.roa
File:                     oXW8GWaKetGdBKsu2Z2IY-9T_9A.roa (raw, json)
Hash identifier:          HV9TKH6QRnK6qfQ0eObEVR7yRAca23tprem52+Wydrk=
Subject key identifier:   A1:75:BC:19:66:8A:7A:D1:9D:04:AB:2E:D9:9D:88:63:EF:53:FF:D0
Certificate issuer:       /CN=3e25ab6985f79ca9de06e98e8b9da245d8559ab6
Certificate serial:       0194266B6CDE4AE553D366104164BFE1F087
Authority key identifier: 3E:25:AB:69:85:F7:9C:A9:DE:06:E9:8E:8B:9D:A2:45:D8:55:9A:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PiWraYX3nKneBumOi52iRdhVmrY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/22d175-c71d-4637-a090-b19ad5455bfd/1/oXW8GWaKetGdBKsu2Z2IY-9T_9A.roa
Signing time:             Thu 02 Jan 2025 09:49:21 +0000
ROA not before:           Thu 02 Jan 2025 09:49:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207429
IP address blocks:        80.253.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/22d175-c71d-4637-a090-b19ad5455bfd/1/PiWraYX3nKneBumOi52iRdhVmrY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/22d175-c71d-4637-a090-b19ad5455bfd/1/PiWraYX3nKneBumOi52iRdhVmrY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PiWraYX3nKneBumOi52iRdhVmrY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 09:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:6c:de:4a:e5:53:d3:66:10:41:64:bf:e1:f0:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e25ab6985f79ca9de06e98e8b9da245d8559ab6
        Validity
            Not Before: Jan  2 09:49:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a175bc19668a7ad19d04ab2ed99d8863ef53ffd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:8c:f7:9a:13:10:63:f9:13:12:fc:40:31:d0:
                    cb:a4:70:b3:18:3d:55:a9:7a:2f:3a:a3:12:4d:72:
                    55:50:2c:54:ad:c0:33:73:ca:1c:31:54:ba:e3:39:
                    4b:99:8f:e4:d4:e2:2a:88:95:eb:50:10:39:c4:4d:
                    da:fd:9c:df:3a:47:dd:84:87:63:4a:86:41:8b:bc:
                    0c:50:78:0e:db:0a:e3:c1:1d:12:dd:07:a1:50:d3:
                    03:bc:3a:81:2c:2a:44:df:3d:a2:f5:fc:06:f6:ff:
                    31:d5:a7:64:19:24:62:ea:da:a6:94:6c:8d:85:b9:
                    05:67:49:65:41:95:25:7b:e7:ac:be:3c:0c:a2:3e:
                    07:98:a5:97:da:7d:6b:84:8b:d1:ac:1d:11:34:1f:
                    4d:21:b8:ce:7e:03:eb:8d:dd:0c:f2:0f:5c:41:53:
                    46:bc:64:c3:41:27:f3:c2:7f:06:e0:65:98:df:02:
                    14:e7:1d:c1:8c:51:2d:66:69:e0:d9:51:7a:35:38:
                    1c:ae:54:c8:ba:8b:d2:4d:7b:71:a1:02:f6:f6:ae:
                    52:b9:e7:20:67:20:15:0c:bf:a3:bc:c4:8a:00:bc:
                    3c:e9:16:35:91:cc:72:ff:d5:16:91:a9:a7:26:6f:
                    77:b8:b8:3e:46:63:b5:6f:4c:c7:2c:d7:db:cf:db:
                    a9:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:75:BC:19:66:8A:7A:D1:9D:04:AB:2E:D9:9D:88:63:EF:53:FF:D0
            X509v3 Authority Key Identifier:
                keyid:3E:25:AB:69:85:F7:9C:A9:DE:06:E9:8E:8B:9D:A2:45:D8:55:9A:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PiWraYX3nKneBumOi52iRdhVmrY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/22d175-c71d-4637-a090-b19ad5455bfd/1/oXW8GWaKetGdBKsu2Z2IY-9T_9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/22d175-c71d-4637-a090-b19ad5455bfd/1/PiWraYX3nKneBumOi52iRdhVmrY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.253.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:b8:69:72:f9:c7:af:de:8a:70:36:66:5d:e9:d1:7e:dd:de:
         8e:3d:6e:40:1a:71:42:2c:8e:1c:03:55:1e:c8:2d:30:49:c6:
         ab:55:48:6d:e7:d6:9c:c1:58:0c:3c:46:8a:9b:ab:25:60:c9:
         8f:be:fc:18:56:40:6f:6b:60:ec:94:7c:4a:9c:74:9d:66:65:
         a7:25:e2:db:9a:e1:57:f7:ce:12:4a:bf:21:a2:fa:bf:91:4d:
         f8:b3:c0:b0:a2:49:78:02:7b:f3:81:f1:d4:c0:a3:ab:4a:10:
         e8:bd:79:8f:2c:14:e9:e7:09:70:41:b8:23:ea:4f:4e:ae:e8:
         56:88:fc:17:88:6b:5e:d9:1b:2e:53:5a:31:66:d3:b5:f5:94:
         69:98:1a:a7:bf:40:fa:fd:22:be:70:fd:15:80:d3:a5:8a:8b:
         3d:99:e2:b1:3a:19:28:2b:6d:f2:1a:76:78:0e:cc:ed:e1:97:
         50:07:29:a5:13:30:af:d2:a0:58:a9:55:4d:9e:6e:b5:e5:8d:
         a5:00:a8:a3:d8:63:1c:87:f3:20:2b:2d:a3:66:12:55:1a:6d:
         e3:9f:b8:a4:93:51:9b:cb:d4:ac:59:7b:00:50:de:98:64:ce:
         ad:6f:1d:67:ab:a9:73:57:01:5e:9c:c1:d0:30:dd:86:27:fd:
         f9:ad:0b:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma2zeSuVT02YQQWS/4fCHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMjVhYjY5ODVmNzljYTlkZTA2ZTk4ZThiOWRhMjQ1ZDg1
NTlhYjYwHhcNMjUwMTAyMDk0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTc1YmMxOTY2OGE3YWQxOWQwNGFiMmVkOTlkODg2M2VmNTNmZmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4z3mhMQY/kTEvxAMdDLpHCzGD1V
qXovOqMSTXJVUCxUrcAzc8ocMVS64zlLmY/k1OIqiJXrUBA5xE3a/ZzfOkfdhIdj
SoZBi7wMUHgO2wrjwR0S3QehUNMDvDqBLCpE3z2i9fwG9v8x1adkGSRi6tqmlGyN
hbkFZ0llQZUle+esvjwMoj4HmKWX2n1rhIvRrB0RNB9NIbjOfgPrjd0M8g9cQVNG
vGTDQSfzwn8G4GWY3wIU5x3BjFEtZmng2VF6NTgcrlTIuovSTXtxoQL29q5Suecg
ZyAVDL+jvMSKALw86RY1kcxy/9UWkamnJm93uLg+RmO1b0zHLNfbz9upIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKF1vBlminrRnQSrLtmdiGPvU//QMB8GA1UdIwQY
MBaAFD4lq2mF95yp3gbpjoudokXYVZq2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGlXcmFZWDNuS25lQnVtT2k1MmlSZGhWbXJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS8yMmQxNzUtYzcxZC00NjM3LWEwOTAt
YjE5YWQ1NDU1YmZkLzEvb1hXOEdXYUtldEdkQktzdTJaMklZLTlUXzlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS8yMmQxNzUtYzcxZC00NjM3LWEwOTAtYjE5YWQ1NDU1YmZk
LzEvUGlXcmFZWDNuS25lQnVtT2k1MmlSZGhWbXJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUP30MA0G
CSqGSIb3DQEBCwUAA4IBAQAZuGly+cev3opwNmZd6dF+3d6OPW5AGnFCLI4cA1Ue
yC0wScarVUht59acwVgMPEaKm6slYMmPvvwYVkBva2DslHxKnHSdZmWnJeLbmuFX
984SSr8hovq/kU34s8Cwokl4AnvzgfHUwKOrShDovXmPLBTp5wlwQbgj6k9OruhW
iPwXiGte2RsuU1oxZtO19ZRpmBqnv0D6/SK+cP0VgNOlios9meKxOhkoK23yGnZ4
Dszt4ZdQBymlEzCv0qBYqVVNnm615Y2lAKij2GMch/MgKy2jZhJVGm3jn7ikk1Gb
y9SsWXsAUN6YZM6tbx1nq6lzVwFenMHQMN2GJ/35rQtM
-----END CERTIFICATE-----