Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/ACvDAIl7vEAGmqFsj0TNJwmuT80.roa
File:                     ACvDAIl7vEAGmqFsj0TNJwmuT80.roa (raw, json)
Hash identifier:          V3yWdi7CsK3W9bYFCc9l/I1hASwQs1PneEsbTKzr0bc=
Subject key identifier:   00:2B:C3:00:89:7B:BC:40:06:9A:A1:6C:8F:44:CD:27:09:AE:4F:CD
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019425FD65E4302915EBB4D802A706586182
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/ACvDAIl7vEAGmqFsj0TNJwmuT80.roa
Signing time:             Thu 02 Jan 2025 07:49:11 +0000
ROA not before:           Thu 02 Jan 2025 07:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208677
IP address blocks:        194.190.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:65:e4:30:29:15:eb:b4:d8:02:a7:06:58:61:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  2 07:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=002bc300897bbc40069aa16c8f44cd2709ae4fcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:51:59:fa:6a:ac:e8:7d:42:45:b9:4b:1e:93:
                    80:23:86:91:70:7f:ad:8d:9a:4a:f1:15:3e:b0:a0:
                    50:ab:83:e9:13:43:04:e4:a6:c2:4e:d5:1f:4a:ba:
                    c4:98:fe:18:3b:e7:24:66:53:3c:f3:d0:22:63:d5:
                    46:0e:c2:dc:1d:75:93:2e:64:6c:6d:9d:95:54:1d:
                    ca:c3:c6:6c:bd:fb:1d:1a:b4:24:22:c4:2a:2f:40:
                    ac:a8:13:30:c5:25:7f:e4:84:2d:a5:01:2a:7d:58:
                    46:77:73:0b:92:d1:4e:2d:a5:c5:8d:28:d8:00:72:
                    25:2d:e9:07:42:56:47:f4:ee:7a:45:37:fb:6e:49:
                    d5:51:f6:02:07:ba:4f:f6:90:b9:42:fe:7f:4c:37:
                    d7:6e:e6:1d:11:52:8d:fd:3c:c8:73:33:e9:41:64:
                    72:c4:6e:fa:be:e4:ee:a5:e1:da:75:74:83:06:32:
                    f4:f4:fa:af:82:16:09:47:05:4c:38:ab:11:0e:c8:
                    14:8f:0b:51:28:af:f2:8b:7d:80:b0:d4:b2:87:c4:
                    72:1a:31:5d:be:5b:f3:de:c7:31:a0:2b:1e:b1:33:
                    ec:3d:cd:f6:06:93:81:74:d1:e6:ce:b1:61:53:56:
                    19:4f:01:2f:95:1a:48:f5:71:75:ae:16:0b:33:d2:
                    f3:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:2B:C3:00:89:7B:BC:40:06:9A:A1:6C:8F:44:CD:27:09:AE:4F:CD
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/ACvDAIl7vEAGmqFsj0TNJwmuT80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.190.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:56:cf:68:2b:64:b3:0c:8c:72:69:9c:75:0d:95:1f:e9:71:
         ca:c7:96:4b:b1:d1:ce:f5:b9:58:40:8c:a2:36:57:54:18:6b:
         06:ba:79:24:3a:2f:c5:e8:c9:e8:bd:fd:01:a4:5b:ff:6d:5f:
         ee:6a:59:53:74:1f:bd:35:5a:32:a1:ef:80:ec:77:75:38:22:
         5d:14:63:76:ea:5b:8e:7c:0b:0c:7b:78:03:ff:b3:54:56:12:
         60:fb:68:b1:c9:bd:e2:5b:48:9d:7b:86:f9:7b:33:35:72:1c:
         95:6e:1a:1a:80:3a:bd:94:c6:8e:be:95:31:29:72:68:66:53:
         72:7b:95:97:ea:69:7c:2d:c7:78:18:36:9e:53:b6:04:3f:a0:
         62:a4:78:1c:13:dd:5d:37:cd:17:44:b7:06:96:72:9f:3b:db:
         48:05:58:30:31:c9:99:5b:2e:9d:3f:21:99:8a:41:48:6a:d6:
         37:56:4b:d8:07:87:93:80:be:63:13:68:a7:79:7d:1b:26:bd:
         df:ea:34:a8:a0:ed:87:a2:84:d1:6a:25:a8:3a:5d:e4:ff:79:
         80:64:a5:40:43:b5:ba:23:f9:c1:5a:b2:b5:b4:de:d6:a3:e8:
         ef:96:a1:92:26:63:6a:93:49:68:15:01:91:df:0c:7d:c9:9a:
         5a:f6:30:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/WXkMCkV67TYAqcGWGGCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwMTAyMDc0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDJiYzMwMDg5N2JiYzQwMDY5YWExNmM4ZjQ0Y2QyNzA5YWU0ZmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1FZ+mqs6H1CRblLHpOAI4aRcH+t
jZpK8RU+sKBQq4PpE0ME5KbCTtUfSrrEmP4YO+ckZlM889AiY9VGDsLcHXWTLmRs
bZ2VVB3Kw8ZsvfsdGrQkIsQqL0CsqBMwxSV/5IQtpQEqfVhGd3MLktFOLaXFjSjY
AHIlLekHQlZH9O56RTf7bknVUfYCB7pP9pC5Qv5/TDfXbuYdEVKN/TzIczPpQWRy
xG76vuTupeHadXSDBjL09PqvghYJRwVMOKsRDsgUjwtRKK/yi32AsNSyh8RyGjFd
vlvz3scxoCsesTPsPc32BpOBdNHmzrFhU1YZTwEvlRpI9XF1rhYLM9LzyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAArwwCJe7xABpqhbI9EzScJrk/NMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvQUN2REFJbDd2RUFHbXFGc2owVE5Kd211VDgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwr5sMA0G
CSqGSIb3DQEBCwUAA4IBAQArVs9oK2SzDIxyaZx1DZUf6XHKx5ZLsdHO9blYQIyi
NldUGGsGunkkOi/F6Mnovf0BpFv/bV/uallTdB+9NVoyoe+A7Hd1OCJdFGN26luO
fAsMe3gD/7NUVhJg+2ixyb3iW0ide4b5ezM1chyVbhoagDq9lMaOvpUxKXJoZlNy
e5WX6ml8Lcd4GDaeU7YEP6BipHgcE91dN80XRLcGlnKfO9tIBVgwMcmZWy6dPyGZ
ikFIatY3VkvYB4eTgL5jE2ineX0bJr3f6jSooO2HooTRaiWoOl3k/3mAZKVAQ7W6
I/nBWrK1tN7Wo+jvlqGSJmNqk0loFQGR3wx9yZpa9jC1
-----END CERTIFICATE-----