Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/E_pM9gClnsY3irnV9TBBqwpIEn0.roa
File:                     E_pM9gClnsY3irnV9TBBqwpIEn0.roa (raw, json)
Hash identifier:          CQ2seX/OVAp5Auf417qhY8/nv64BvZ1wspoHHMKDWPU=
Subject key identifier:   13:FA:4C:F6:00:A5:9E:C6:37:8A:B9:D5:F5:30:41:AB:0A:48:12:7D
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019425FD5A6CE347CE96929F047B8439C027
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/E_pM9gClnsY3irnV9TBBqwpIEn0.roa
Signing time:             Thu 02 Jan 2025 07:49:08 +0000
ROA not before:           Thu 02 Jan 2025 07:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56994
IP address blocks:        195.208.184.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:5a:6c:e3:47:ce:96:92:9f:04:7b:84:39:c0:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  2 07:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=13fa4cf600a59ec6378ab9d5f53041ab0a48127d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:05:75:46:88:22:9d:96:db:ce:dc:8b:d3:41:
                    00:20:22:17:6b:c5:5f:4d:e1:fc:48:d2:d6:7c:1d:
                    a0:f1:e5:45:c4:eb:44:40:2d:33:25:79:67:2f:67:
                    47:c5:8d:be:80:4a:3a:5a:dd:0c:00:1b:f0:85:54:
                    b4:54:e8:bb:c4:a9:6f:23:12:18:c1:d0:18:f8:52:
                    e9:5e:a7:65:ef:62:9e:45:90:05:ce:28:c7:4d:fd:
                    07:92:94:e3:32:4a:92:8f:3f:65:85:dd:9e:44:88:
                    62:5e:54:80:66:bd:2a:10:d5:b4:f5:1c:f2:17:a0:
                    23:37:53:c5:92:76:e3:b8:78:0a:81:2c:f5:c5:67:
                    b8:12:ef:8f:ed:ea:79:17:c4:23:9b:18:b7:36:7b:
                    f3:a7:da:09:c8:d6:38:0f:98:75:3d:60:af:7c:7d:
                    88:11:54:0c:23:96:c9:58:74:49:74:9e:2d:8b:f1:
                    6d:d5:18:e6:c8:92:8f:8a:53:75:20:ff:f2:9d:5b:
                    d3:8b:7d:3f:76:1f:b2:14:f8:cf:73:f3:0f:be:cd:
                    82:87:52:a8:5b:fd:87:dc:de:b1:0c:1d:68:1f:9c:
                    d6:d9:71:75:39:79:6a:03:ab:47:c9:02:e1:6c:2a:
                    fd:65:c3:0c:4e:cf:f9:43:de:d0:e4:a3:63:95:01:
                    ea:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:FA:4C:F6:00:A5:9E:C6:37:8A:B9:D5:F5:30:41:AB:0A:48:12:7D
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/E_pM9gClnsY3irnV9TBBqwpIEn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.208.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         af:39:d2:68:48:26:d5:da:b0:f8:be:b9:d7:9a:e3:84:b2:a4:
         71:a5:fa:86:b7:c8:09:27:ba:3c:e5:65:34:2c:46:cb:f8:28:
         aa:8a:a4:d2:ca:98:72:ed:08:04:1e:67:10:4c:07:c8:9f:6a:
         ed:db:70:f5:52:4f:98:a5:7d:a0:9a:6f:78:04:6b:50:7d:ad:
         ec:8f:4c:e4:3c:7d:b0:de:eb:2a:38:15:a1:c1:64:88:01:25:
         4a:b0:0a:44:c3:fb:67:05:9c:85:38:81:5b:7f:11:94:80:aa:
         6c:6a:14:4d:a9:7c:18:1a:62:fd:37:38:72:55:26:ab:82:d7:
         4e:8b:33:3c:7e:e5:ab:25:c9:78:45:3f:88:c3:f6:e0:06:f0:
         49:84:33:28:bc:5a:45:48:4c:2f:89:b7:dc:c9:cb:14:21:b7:
         39:63:75:6c:b8:a4:af:bb:27:fe:99:b6:56:0c:f5:e9:75:ee:
         24:0f:2b:6f:33:50:03:73:01:d1:cf:60:35:a5:a6:cf:69:1b:
         75:22:9d:83:dd:b1:b0:94:10:7c:b4:57:1b:e2:c2:e8:2d:94:
         dc:00:29:f0:45:42:67:05:95:39:34:52:25:2e:71:f0:32:7d:
         94:ef:f7:5c:67:2b:ad:cb:32:2b:28:b5:bc:30:2c:45:08:d5:
         e1:8d:4c:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/Vps40fOlpKfBHuEOcAnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwMTAyMDc0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2ZhNGNmNjAwYTU5ZWM2Mzc4YWI5ZDVmNTMwNDFhYjBhNDgxMjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgV1RoginZbbztyL00EAICIXa8Vf
TeH8SNLWfB2g8eVFxOtEQC0zJXlnL2dHxY2+gEo6Wt0MABvwhVS0VOi7xKlvIxIY
wdAY+FLpXqdl72KeRZAFzijHTf0HkpTjMkqSjz9lhd2eRIhiXlSAZr0qENW09Rzy
F6AjN1PFknbjuHgKgSz1xWe4Eu+P7ep5F8Qjmxi3Nnvzp9oJyNY4D5h1PWCvfH2I
EVQMI5bJWHRJdJ4ti/Ft1RjmyJKPilN1IP/ynVvTi30/dh+yFPjPc/MPvs2Ch1Ko
W/2H3N6xDB1oH5zW2XF1OXlqA6tHyQLhbCr9ZcMMTs/5Q97Q5KNjlQHq7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBP6TPYApZ7GN4q51fUwQasKSBJ9MB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvRV9wTTlnQ2xuc1kzaXJuVjlUQkJxd3BJRW4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw9C4MA0G
CSqGSIb3DQEBCwUAA4IBAQCvOdJoSCbV2rD4vrnXmuOEsqRxpfqGt8gJJ7o85WU0
LEbL+CiqiqTSyphy7QgEHmcQTAfIn2rt23D1Uk+YpX2gmm94BGtQfa3sj0zkPH2w
3usqOBWhwWSIASVKsApEw/tnBZyFOIFbfxGUgKpsahRNqXwYGmL9NzhyVSargtdO
izM8fuWrJcl4RT+Iw/bgBvBJhDMovFpFSEwvibfcycsUIbc5Y3VsuKSvuyf+mbZW
DPXpde4kDytvM1ADcwHRz2A1pabPaRt1Ip2D3bGwlBB8tFcb4sLoLZTcACnwRUJn
BZU5NFIlLnHwMn2U7/dcZyutyzIrKLW8MCxFCNXhjUx4
-----END CERTIFICATE-----