Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/JUyxU9F3JlDU8_kPHaIM7D1fTB4.roa
File:                     JUyxU9F3JlDU8_kPHaIM7D1fTB4.roa (raw, json)
Hash identifier:          lVPZY1fXxxj7hHiCvzUwToPcItRxiXJdn4MbDVZ/BIE=
Subject key identifier:   25:4C:B1:53:D1:77:26:50:D4:F3:F9:0F:1D:A2:0C:EC:3D:5F:4C:1E
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       01941FFA0225D5F8C1A3EF42F6E80C430879
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/JUyxU9F3JlDU8_kPHaIM7D1fTB4.roa
Signing time:             Wed 01 Jan 2025 03:47:45 +0000
ROA not before:           Wed 01 Jan 2025 03:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52000
IP address blocks:        193.38.235.0/24 maxlen: 24
                          2a0a:2880::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:34:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:02:25:d5:f8:c1:a3:ef:42:f6:e8:0c:43:08:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Jan  1 03:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=254cb153d1772650d4f3f90f1da20cec3d5f4c1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:01:0f:85:08:9b:79:58:14:4a:b3:c0:97:e0:
                    61:10:75:fe:d6:86:76:fe:e6:73:41:99:ea:31:a0:
                    cb:d0:b4:33:72:ac:76:68:8f:b5:3c:c6:a2:59:cc:
                    8a:24:4e:e9:b9:da:b2:93:d0:af:c5:38:c3:11:36:
                    8c:b5:20:50:af:18:55:7b:7b:99:0b:d1:ed:b2:ed:
                    ce:04:d2:b7:cd:9e:a4:dc:2e:93:72:1d:6e:35:69:
                    05:d7:fb:97:01:39:57:8d:be:94:da:b6:79:54:ce:
                    39:6f:94:d6:da:40:d9:80:05:da:72:63:63:ad:4e:
                    66:40:d6:1e:57:8e:8d:db:32:ab:02:a5:13:9b:f0:
                    39:36:2a:36:92:bd:1f:16:0e:d0:d3:3d:7b:89:a4:
                    52:2f:9f:b1:db:42:6e:70:e4:f5:41:19:19:d5:93:
                    31:e1:0a:4c:5c:de:ac:c5:1e:6c:cf:68:38:5a:5e:
                    7c:2d:21:f1:69:f7:db:23:55:dc:5a:92:3e:82:9f:
                    62:9c:7d:63:fb:78:4b:a9:fe:74:72:d0:80:c8:e6:
                    97:ac:6f:c3:f8:00:08:e4:af:bd:e4:16:de:05:78:
                    39:60:64:9f:ef:cf:86:69:4c:f3:9e:33:f1:64:fd:
                    0e:b3:b9:d4:fe:26:ad:0f:d9:14:60:6f:bd:95:4e:
                    40:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:4C:B1:53:D1:77:26:50:D4:F3:F9:0F:1D:A2:0C:EC:3D:5F:4C:1E
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/JUyxU9F3JlDU8_kPHaIM7D1fTB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.38.235.0/24
                IPv6:
                  2a0a:2880::/29

    Signature Algorithm: sha256WithRSAEncryption
         6d:00:e4:c3:2f:ca:fe:ed:88:a8:f5:bc:e0:94:ee:2a:51:8c:
         a8:a5:34:40:9b:71:c8:7b:3f:d8:5f:f3:3c:a5:7c:0b:e1:7a:
         49:21:de:87:e6:6a:8b:bb:b8:71:06:c7:75:b3:17:7e:7c:4f:
         a5:29:89:2a:16:8b:00:7d:0e:f1:13:0e:20:a5:8e:e8:6c:e6:
         84:24:0c:5d:ef:fd:38:15:13:c9:e2:02:78:14:35:0b:2b:f0:
         d2:26:73:8f:d2:ea:97:96:20:a0:37:41:5b:82:f7:1a:4a:45:
         65:35:b7:98:aa:2a:46:9b:19:3f:7a:db:5c:e5:b0:42:65:29:
         e3:33:01:db:77:61:82:fc:aa:de:51:a7:36:54:e0:85:09:a8:
         95:06:d9:2d:07:6f:06:a2:ab:36:be:93:6f:24:77:9b:f7:6d:
         a1:d0:8d:d3:93:bd:24:09:bb:24:52:f6:1f:77:c4:67:9c:26:
         3b:04:b2:38:c7:4d:eb:71:be:8e:6b:0f:e6:80:9a:24:38:bc:
         05:59:34:24:19:2b:3b:fc:3b:1e:d8:1b:64:72:d7:17:eb:62:
         a2:cc:aa:58:f3:14:eb:8b:f2:b5:c0:4f:85:0e:0e:38:c7:2a:
         9e:ce:3b:54:34:64:e8:f1:95:15:9b:68:cd:11:e7:fe:87:78:
         08:f6:5a:d7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQf+gIl1fjBo+9C9ugMQwh5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjUwMTAxMDM0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTRjYjE1M2QxNzcyNjUwZDRmM2Y5MGYxZGEyMGNlYzNkNWY0YzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwEPhQibeVgUSrPAl+BhEHX+1oZ2
/uZzQZnqMaDL0LQzcqx2aI+1PMaiWcyKJE7pudqyk9CvxTjDETaMtSBQrxhVe3uZ
C9Htsu3OBNK3zZ6k3C6Tch1uNWkF1/uXATlXjb6U2rZ5VM45b5TW2kDZgAXacmNj
rU5mQNYeV46N2zKrAqUTm/A5Nio2kr0fFg7Q0z17iaRSL5+x20JucOT1QRkZ1ZMx
4QpMXN6sxR5sz2g4Wl58LSHxaffbI1XcWpI+gp9inH1j+3hLqf50ctCAyOaXrG/D
+AAI5K+95BbeBXg5YGSf78+GaUzznjPxZP0Os7nU/iatD9kUYG+9lU5AZwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCVMsVPRdyZQ1PP5Dx2iDOw9X0weMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvSlV5eFU5RjNKbERVOF9rUEhhSU03RDFmVEI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwSbrMA0E
AgACMAcDBQMqCiiAMA0GCSqGSIb3DQEBCwUAA4IBAQBtAOTDL8r+7Yio9bzglO4q
UYyopTRAm3HIez/YX/M8pXwL4XpJId6H5mqLu7hxBsd1sxd+fE+lKYkqFosAfQ7x
Ew4gpY7obOaEJAxd7/04FRPJ4gJ4FDULK/DSJnOP0uqXliCgN0FbgvcaSkVlNbeY
qipGmxk/ettc5bBCZSnjMwHbd2GC/KreUac2VOCFCaiVBtktB28Goqs2vpNvJHeb
922h0I3Tk70kCbskUvYfd8RnnCY7BLI4x03rcb6Oaw/mgJokOLwFWTQkGSs7/Dse
2BtkctcX62KizKpY8xTri/K1wE+FDg44xyqezjtUNGTo8ZUVm2jNEef+h3gI9lrX
-----END CERTIFICATE-----