Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/D2xpzyHPnJHLCiw1yfaYvfiwd00.roa
File:                     D2xpzyHPnJHLCiw1yfaYvfiwd00.roa (raw, json)
Hash identifier:          0bEFmYYQI5kKxLcmLw/pj8idZ+OIHYpDBXaAjvcRxpo=
Subject key identifier:   0F:6C:69:CF:21:CF:9C:91:CB:0A:2C:35:C9:F6:98:BD:F8:B0:77:4D
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019425FD5CD26E14F71D97AEBF9742DA5BCE
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/D2xpzyHPnJHLCiw1yfaYvfiwd00.roa
Signing time:             Thu 02 Jan 2025 07:49:08 +0000
ROA not before:           Thu 02 Jan 2025 07:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60375
IP address blocks:        195.209.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:5c:d2:6e:14:f7:1d:97:ae:bf:97:42:da:5b:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  2 07:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f6c69cf21cf9c91cb0a2c35c9f698bdf8b0774d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:cf:f3:e3:35:63:6f:66:93:63:46:fb:86:60:
                    f5:ca:dc:2c:3b:a9:b6:67:56:8e:b8:13:96:1d:f9:
                    0b:48:31:d2:44:88:51:a4:d4:58:04:4a:a4:a6:4d:
                    8d:75:5d:66:16:6d:7a:7c:89:9f:ff:b3:a9:46:be:
                    10:f0:0a:2f:2e:9c:56:af:1a:bd:e8:ca:c1:e6:8c:
                    dc:9f:b8:21:a5:05:66:58:59:d5:6d:52:d7:ed:01:
                    3a:ee:3f:2a:d6:c5:84:83:78:f6:0d:5e:59:dc:19:
                    ad:67:26:1d:ee:a6:28:eb:ae:40:94:60:68:b0:0b:
                    33:2a:39:cd:3d:45:51:e2:4f:f3:85:ad:57:fc:ec:
                    7c:06:ae:af:5c:16:b6:ab:05:25:66:9c:aa:53:7d:
                    77:32:6e:5f:a2:f3:66:6c:f0:12:88:53:d9:3a:1f:
                    a1:8a:82:0e:ef:3e:ad:58:bd:11:bf:b4:b0:c3:89:
                    1f:30:d2:73:af:79:12:e5:d1:dc:66:eb:dc:3a:d0:
                    95:10:0b:df:2d:a5:1d:44:7c:67:a2:78:72:e0:08:
                    12:61:29:03:a1:b7:3e:76:91:64:63:19:38:c8:3c:
                    ec:24:52:b9:fb:60:f6:3c:39:f6:46:c2:5a:2a:2d:
                    79:90:95:dc:15:8c:cc:1d:e0:c8:1b:2e:a1:04:8d:
                    29:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:6C:69:CF:21:CF:9C:91:CB:0A:2C:35:C9:F6:98:BD:F8:B0:77:4D
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/D2xpzyHPnJHLCiw1yfaYvfiwd00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.209.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:ac:a5:72:49:fa:ac:b6:1c:29:35:f3:ef:32:ea:4f:24:dd:
         7e:08:28:b3:8b:e6:51:fe:7d:d4:36:5f:96:9e:94:ae:44:0d:
         f2:0a:39:56:5c:e9:c0:ba:31:14:0f:eb:02:b8:22:c7:7f:48:
         f6:ef:87:59:9c:96:95:95:13:b7:e4:43:4d:3d:0c:e4:69:e5:
         1b:18:a4:c3:74:f8:34:81:54:2d:46:e9:8c:3c:e2:4b:6a:f9:
         1e:96:41:b0:cd:91:14:a0:d8:9a:58:78:e6:40:4c:5b:bc:c5:
         30:39:81:11:ae:4d:71:52:0c:a7:2b:e5:4c:01:2b:67:f6:08:
         5d:d7:12:36:9b:0a:c0:f0:a0:bc:24:bc:61:0a:f7:2d:af:71:
         de:4d:7d:bc:45:3e:f3:43:af:3b:d7:5c:e4:8a:e2:95:03:cd:
         4f:a6:74:59:c4:a6:bd:3d:8d:44:f4:1f:ef:6b:9d:61:3c:49:
         9c:30:94:e1:9e:b4:33:f7:15:7d:aa:e0:33:d3:55:4c:79:76:
         ad:30:ed:d4:69:1f:f6:71:7e:15:04:64:ff:28:79:4b:4d:2b:
         65:de:5d:93:cf:2a:cc:e7:fc:46:81:52:23:2a:43:26:f1:bc:
         33:e0:4f:01:ba:dc:4c:a3:c2:ad:2a:93:07:ef:33:84:02:07:
         db:be:0f:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/VzSbhT3HZeuv5dC2lvOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwMTAyMDc0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjZjNjljZjIxY2Y5YzkxY2IwYTJjMzVjOWY2OThiZGY4YjA3NzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyM/z4zVjb2aTY0b7hmD1ytwsO6m2
Z1aOuBOWHfkLSDHSRIhRpNRYBEqkpk2NdV1mFm16fImf/7OpRr4Q8AovLpxWrxq9
6MrB5ozcn7ghpQVmWFnVbVLX7QE67j8q1sWEg3j2DV5Z3BmtZyYd7qYo665AlGBo
sAszKjnNPUVR4k/zha1X/Ox8Bq6vXBa2qwUlZpyqU313Mm5fovNmbPASiFPZOh+h
ioIO7z6tWL0Rv7Sww4kfMNJzr3kS5dHcZuvcOtCVEAvfLaUdRHxnonhy4AgSYSkD
obc+dpFkYxk4yDzsJFK5+2D2PDn2RsJaKi15kJXcFYzMHeDIGy6hBI0prwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA9sac8hz5yRywosNcn2mL34sHdNMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvRDJ4cHp5SFBuSkhMQ2l3MXlmYVl2Zml3ZDAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9FoMA0G
CSqGSIb3DQEBCwUAA4IBAQAcrKVySfqsthwpNfPvMupPJN1+CCizi+ZR/n3UNl+W
npSuRA3yCjlWXOnAujEUD+sCuCLHf0j274dZnJaVlRO35ENNPQzkaeUbGKTDdPg0
gVQtRumMPOJLavkelkGwzZEUoNiaWHjmQExbvMUwOYERrk1xUgynK+VMAStn9ghd
1xI2mwrA8KC8JLxhCvctr3HeTX28RT7zQ68711zkiuKVA81PpnRZxKa9PY1E9B/v
a51hPEmcMJThnrQz9xV9quAz01VMeXatMO3UaR/2cX4VBGT/KHlLTStl3l2TzyrM
5/xGgVIjKkMm8bwz4E8ButxMo8KtKpMH7zOEAgfbvg/F
-----END CERTIFICATE-----