Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/BHORMztTfGj0yGGFgxmsTi9g4G0.roa
File:                     BHORMztTfGj0yGGFgxmsTi9g4G0.roa (raw, json)
Hash identifier:          7Bp1XV531FyTQEgManyfMshCYK/pbJzwUYryDZm8IP4=
Subject key identifier:   04:73:91:33:3B:53:7C:68:F4:C8:61:85:83:19:AC:4E:2F:60:E0:6D
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019425FD4DFFE7A930FA131AA6E669C2B19E
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/BHORMztTfGj0yGGFgxmsTi9g4G0.roa
Signing time:             Thu 02 Jan 2025 07:49:05 +0000
ROA not before:           Thu 02 Jan 2025 07:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3200
IP address blocks:        195.209.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:4d:ff:e7:a9:30:fa:13:1a:a6:e6:69:c2:b1:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  2 07:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=047391333b537c68f4c861858319ac4e2f60e06d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a8:28:8d:34:7b:41:77:27:8f:23:92:4d:ba:
                    ce:89:9a:c3:f1:e7:a4:38:52:5b:b1:94:ab:0d:18:
                    0b:8e:f4:7f:b4:9d:24:0c:a9:87:14:19:37:50:27:
                    44:64:ad:4d:e7:19:0b:4c:7e:8a:3d:af:4c:e3:5e:
                    e6:f9:d3:85:a7:ed:26:09:fe:26:30:72:94:c2:59:
                    9e:5f:67:8b:7a:63:ba:84:0a:dc:77:dc:e5:ca:50:
                    fb:82:70:4e:0d:d6:d2:ba:8d:87:89:59:ac:91:bb:
                    d1:66:a9:97:f8:26:a8:40:5b:2e:12:29:48:cb:7a:
                    5a:e8:3a:b9:7a:bb:4e:e6:d3:fb:96:60:d2:bb:d1:
                    59:04:0b:08:a1:9b:53:86:98:b9:03:53:69:fd:0c:
                    39:98:73:eb:30:00:cb:6e:33:f0:e8:62:59:95:d3:
                    b1:bb:10:8a:2d:c8:75:71:0a:ff:bc:7b:23:8a:d4:
                    da:fb:f6:f6:b7:a5:29:23:90:15:d8:e3:f2:59:0f:
                    26:87:0d:48:2e:39:31:a8:7a:c3:85:95:4f:34:49:
                    35:a2:b8:4c:b0:bb:d2:a8:94:2d:e0:dd:2e:52:e3:
                    f7:96:4c:ce:44:4c:5a:be:07:16:80:65:e5:2f:f1:
                    54:6d:d2:dc:25:e0:83:9e:79:6b:b6:31:ae:38:92:
                    0c:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:73:91:33:3B:53:7C:68:F4:C8:61:85:83:19:AC:4E:2F:60:E0:6D
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/BHORMztTfGj0yGGFgxmsTi9g4G0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.209.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:46:4f:72:2a:9f:71:14:16:93:20:d3:ac:df:71:ab:6e:91:
         d9:ef:54:d1:81:4e:b1:e0:fc:d2:d1:ef:43:f1:6c:54:f0:b2:
         3d:0c:da:bf:12:bb:81:59:ae:bd:0c:36:f0:49:36:9b:10:a3:
         06:66:be:8a:7c:f6:fa:18:1d:e8:97:86:a8:a1:3a:c7:61:fa:
         d0:16:04:47:d0:5d:94:34:aa:2d:d9:f3:cb:9b:a5:ca:ba:32:
         b4:e9:9b:5a:73:a5:4b:c0:ef:08:93:04:a4:53:04:cf:ce:4c:
         e2:71:0b:10:02:e5:be:90:d9:ed:98:4f:c0:4b:0e:ca:7e:51:
         42:1e:d7:27:df:5e:b3:a1:d8:cb:c6:57:2b:31:35:3b:55:d6:
         12:22:cf:71:b1:25:ab:33:15:1c:8c:20:12:b1:63:46:41:34:
         09:08:5a:7d:a7:25:c9:71:03:7c:4d:3f:48:9f:b7:af:cf:08:
         62:ea:3b:91:b4:7f:74:7e:96:ae:f5:4c:27:62:10:0c:a6:f6:
         d9:83:37:03:77:7b:ed:76:d1:29:d2:8a:76:eb:6b:94:92:e0:
         a4:69:d7:a6:aa:66:95:a3:bb:ea:59:78:39:f0:68:80:b7:17:
         0c:a5:61:be:22:15:69:15:7f:da:c4:cb:fe:fc:8a:c1:3a:b4:
         23:5f:c1:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/U3/56kw+hMapuZpwrGeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwMTAyMDc0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDczOTEzMzNiNTM3YzY4ZjRjODYxODU4MzE5YWM0ZTJmNjBlMDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6gojTR7QXcnjyOSTbrOiZrD8eek
OFJbsZSrDRgLjvR/tJ0kDKmHFBk3UCdEZK1N5xkLTH6KPa9M417m+dOFp+0mCf4m
MHKUwlmeX2eLemO6hArcd9zlylD7gnBODdbSuo2HiVmskbvRZqmX+CaoQFsuEilI
y3pa6Dq5ertO5tP7lmDSu9FZBAsIoZtThpi5A1Np/Qw5mHPrMADLbjPw6GJZldOx
uxCKLch1cQr/vHsjitTa+/b2t6UpI5AV2OPyWQ8mhw1ILjkxqHrDhZVPNEk1orhM
sLvSqJQt4N0uUuP3lkzORExavgcWgGXlL/FUbdLcJeCDnnlrtjGuOJIM2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFARzkTM7U3xo9MhhhYMZrE4vYOBtMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvQkhPUk16dFRmR2oweUdHRmd4bXNUaTlnNEcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9GKMA0G
CSqGSIb3DQEBCwUAA4IBAQCDRk9yKp9xFBaTINOs33GrbpHZ71TRgU6x4PzS0e9D
8WxU8LI9DNq/EruBWa69DDbwSTabEKMGZr6KfPb6GB3ol4aooTrHYfrQFgRH0F2U
NKot2fPLm6XKujK06Ztac6VLwO8IkwSkUwTPzkzicQsQAuW+kNntmE/ASw7KflFC
Htcn316zodjLxlcrMTU7VdYSIs9xsSWrMxUcjCASsWNGQTQJCFp9pyXJcQN8TT9I
n7evzwhi6juRtH90fpau9UwnYhAMpvbZgzcDd3vtdtEp0op262uUkuCkademqmaV
o7vqWXg58GiAtxcMpWG+IhVpFX/axMv+/IrBOrQjX8GK
-----END CERTIFICATE-----