Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/7UKeHiOo-3Ms61-HTNgT4zSyBl8.roa
File:                     7UKeHiOo-3Ms61-HTNgT4zSyBl8.roa (raw, json)
Hash identifier:          oNDXIdQSHMwS3jofYXTk87fvQLElvK9NGjmLBnhcnes=
Subject key identifier:   ED:42:9E:1E:23:A8:FB:73:2C:EB:5F:87:4C:D8:13:E3:34:B2:06:5F
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019425FD57761BE6BEA7E7040ED3E2EE1EF1
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/7UKeHiOo-3Ms61-HTNgT4zSyBl8.roa
Signing time:             Thu 02 Jan 2025 07:49:07 +0000
ROA not before:           Thu 02 Jan 2025 07:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50214
IP address blocks:        194.226.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:57:76:1b:e6:be:a7:e7:04:0e:d3:e2:ee:1e:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  2 07:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed429e1e23a8fb732ceb5f874cd813e334b2065f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:d6:96:e7:e8:b2:f5:30:80:a5:de:c2:6c:2d:
                    af:ff:4d:ee:52:7f:8a:bb:db:49:42:fd:57:4d:7b:
                    22:e7:95:73:09:c1:74:3c:96:bd:84:c8:94:11:67:
                    21:94:0f:c7:3b:5c:07:15:bf:76:f8:71:94:d8:72:
                    05:08:e3:35:34:d7:89:de:8c:2e:99:be:cf:fe:63:
                    d9:b0:fc:35:3b:96:f5:63:46:39:71:9b:36:10:80:
                    da:a0:f7:23:21:b6:c6:99:15:53:bb:aa:83:8e:c3:
                    0f:35:32:e9:fc:5d:db:03:e3:37:19:fc:d9:7f:59:
                    23:46:6c:f3:7a:9b:7d:d5:96:26:ce:44:17:ad:c2:
                    92:8c:9a:bc:6f:89:fc:95:8f:1c:05:50:7d:db:b9:
                    60:ce:fe:ac:d4:19:57:97:2c:d0:a4:38:18:bf:b7:
                    3d:06:0a:e9:eb:e0:58:11:f0:99:79:c3:58:b1:c4:
                    8a:86:97:5c:32:0a:c9:ec:b7:b0:82:38:a7:49:4c:
                    fe:f7:3c:43:44:9e:b1:37:be:41:b2:1c:18:42:c5:
                    31:9b:7c:b2:bb:65:09:32:1e:db:de:7b:5d:47:dd:
                    4c:93:5e:8b:c2:15:7b:85:29:25:e6:42:18:40:9e:
                    ec:c0:63:78:5b:06:cb:38:5d:cd:d3:b6:ba:6d:8d:
                    fc:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:42:9E:1E:23:A8:FB:73:2C:EB:5F:87:4C:D8:13:E3:34:B2:06:5F
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/7UKeHiOo-3Ms61-HTNgT4zSyBl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.226.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:15:9a:46:d3:b0:78:5c:97:3b:81:4f:dd:c4:9f:4b:31:40:
         54:05:b6:55:58:ff:6f:19:74:c2:ac:f3:1c:06:6f:4f:97:58:
         b2:91:be:5b:87:60:0e:87:b6:55:93:d3:98:06:66:d2:51:68:
         1b:4d:15:0d:a7:d9:05:53:fb:27:62:fc:3e:a7:17:36:d2:65:
         2e:18:34:84:fe:0c:b8:8b:60:60:d7:47:25:ba:31:36:e3:52:
         18:d0:16:51:dc:d5:e7:65:48:cc:0b:c2:b9:f5:3f:38:9a:2b:
         28:7b:f8:cf:df:4d:02:8d:b9:38:ed:c9:fd:a2:fc:47:61:7a:
         a9:70:b8:47:dc:ac:78:d1:c2:3e:1b:f1:31:8d:e2:6c:c2:12:
         b4:0d:8d:a1:8f:1b:39:b1:8d:73:89:12:11:12:ed:4c:7f:c7:
         62:14:5f:78:d8:aa:eb:c8:ec:74:2d:23:55:9c:78:e6:39:40:
         fb:ec:b8:ac:1e:55:fa:b8:fa:c3:bd:3f:70:72:c0:35:ae:d5:
         07:20:fc:80:8c:07:ab:b7:4f:77:2f:c0:cf:23:ef:5e:e7:1d:
         3a:de:c8:19:f6:36:66:1a:fb:89:8b:44:28:ca:87:06:8f:38:
         15:bb:86:cf:7f:da:48:2d:54:87:1d:13:d3:bd:b4:e4:bd:a4:
         a4:2d:27:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/Vd2G+a+p+cEDtPi7h7xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwMTAyMDc0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDQyOWUxZTIzYThmYjczMmNlYjVmODc0Y2Q4MTNlMzM0YjIwNjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0NaW5+iy9TCApd7CbC2v/03uUn+K
u9tJQv1XTXsi55VzCcF0PJa9hMiUEWchlA/HO1wHFb92+HGU2HIFCOM1NNeJ3owu
mb7P/mPZsPw1O5b1Y0Y5cZs2EIDaoPcjIbbGmRVTu6qDjsMPNTLp/F3bA+M3GfzZ
f1kjRmzzept91ZYmzkQXrcKSjJq8b4n8lY8cBVB927lgzv6s1BlXlyzQpDgYv7c9
Bgrp6+BYEfCZecNYscSKhpdcMgrJ7LewgjinSUz+9zxDRJ6xN75BshwYQsUxm3yy
u2UJMh7b3ntdR91Mk16LwhV7hSkl5kIYQJ7swGN4WwbLOF3N07a6bY38UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO1Cnh4jqPtzLOtfh0zYE+M0sgZfMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvN1VLZUhpT28tM01zNjEtSFROZ1Q0elN5Qmw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwuKLMA0G
CSqGSIb3DQEBCwUAA4IBAQCMFZpG07B4XJc7gU/dxJ9LMUBUBbZVWP9vGXTCrPMc
Bm9Pl1iykb5bh2AOh7ZVk9OYBmbSUWgbTRUNp9kFU/snYvw+pxc20mUuGDSE/gy4
i2Bg10clujE241IY0BZR3NXnZUjMC8K59T84misoe/jP300Cjbk47cn9ovxHYXqp
cLhH3Kx40cI+G/ExjeJswhK0DY2hjxs5sY1ziRIREu1Mf8diFF942KrryOx0LSNV
nHjmOUD77LisHlX6uPrDvT9wcsA1rtUHIPyAjAert093L8DPI+9e5x063sgZ9jZm
GvuJi0QoyocGjzgVu4bPf9pILVSHHRPTvbTkvaSkLSeN
-----END CERTIFICATE-----