Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/L0I_aIh5XJlOpzOfFkqorVhjxu0.roa
File:                     L0I_aIh5XJlOpzOfFkqorVhjxu0.roa (raw, json)
Hash identifier:          01u54i6axBmEnfg+pkHGSBq0i7Kv1JLDiTuMKo2lOm8=
Subject key identifier:   2F:42:3F:68:88:79:5C:99:4E:A7:33:9F:16:4A:A8:AD:58:63:C6:ED
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019425FD64F71666AB31DACEF0E9BFEE923C
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/L0I_aIh5XJlOpzOfFkqorVhjxu0.roa
Signing time:             Thu 02 Jan 2025 07:49:10 +0000
ROA not before:           Thu 02 Jan 2025 07:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207239
IP address blocks:        194.190.220.0/23 maxlen: 23
                          212.192.50.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:64:f7:16:66:ab:31:da:ce:f0:e9:bf:ee:92:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  2 07:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f423f6888795c994ea7339f164aa8ad5863c6ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d2:a7:b9:0b:43:fe:31:48:2f:82:e7:b6:cb:
                    e2:25:60:85:d0:96:8d:b3:4b:cb:4c:bf:39:83:6f:
                    b1:9a:16:1e:ca:1a:54:e3:5d:90:ad:ee:d3:22:82:
                    fd:40:15:0f:a8:21:81:2a:29:67:13:b5:d5:11:fb:
                    00:07:93:29:1d:ed:e7:b0:0c:cd:c9:bd:de:2d:31:
                    09:d6:cd:4a:18:fa:47:70:ff:29:db:a8:8c:d2:7a:
                    84:d9:76:5f:27:87:62:fc:fb:8b:17:7d:73:f1:8d:
                    37:80:9f:17:26:75:70:ac:f7:6b:cc:29:a7:32:f3:
                    cc:3e:dd:81:25:ae:9e:e6:22:dd:79:6c:fb:c3:d0:
                    d4:ac:35:1f:8a:b2:b5:19:a7:53:ca:55:28:5b:20:
                    2a:75:f4:92:e1:1a:2f:00:66:14:b5:c6:5b:4c:58:
                    91:d8:59:87:72:f7:4e:aa:3f:d6:16:3e:00:62:e8:
                    ef:dc:a2:75:e3:a2:a6:f8:51:eb:d4:fc:e6:cf:1e:
                    0e:32:63:ca:d6:8e:12:9c:67:19:4f:5d:60:98:7a:
                    fc:0e:d3:b2:db:f6:c5:19:0e:37:4c:ad:5f:be:1b:
                    79:e1:9b:5a:2e:ba:89:38:30:22:ab:7b:fa:a8:60:
                    96:7f:cb:27:e3:c7:b5:b1:f7:c1:d6:b5:2f:04:f5:
                    72:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:42:3F:68:88:79:5C:99:4E:A7:33:9F:16:4A:A8:AD:58:63:C6:ED
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/L0I_aIh5XJlOpzOfFkqorVhjxu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.190.220.0/23
                  212.192.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:e0:26:88:30:8b:4f:10:f0:ad:01:20:54:90:84:78:34:78:
         dd:ad:e7:4a:79:dc:5e:d2:54:cd:4a:0e:30:bd:ca:a3:2b:4a:
         f8:4b:cf:11:da:20:db:8a:4a:d1:46:b8:46:b0:78:27:1a:40:
         0b:6f:69:20:3f:c0:d0:fc:72:00:ff:7b:cc:6e:89:18:2b:cd:
         5a:29:1d:50:ac:b0:40:f9:21:94:8b:88:b9:3e:d9:f4:52:18:
         bf:20:59:a3:de:22:2f:9d:e2:93:88:29:7d:cf:b0:48:9c:05:
         dc:91:b2:d3:32:13:1f:32:6d:a8:65:3d:33:9e:65:cf:ca:62:
         9a:50:a6:67:44:40:de:45:a2:7d:77:ef:d5:af:9b:35:ac:7e:
         b9:e1:e0:bf:7a:4f:0d:b9:65:ab:cf:49:1f:2f:dc:39:4c:64:
         5a:a7:66:93:ef:b0:20:a1:19:30:63:ac:f5:1a:2c:41:3d:27:
         f8:e0:c6:35:2a:2b:14:e3:ef:69:ee:bb:dc:6f:47:c7:95:c9:
         df:f2:c4:a7:4e:20:9f:b3:73:89:8b:fd:13:cc:47:69:89:cc:
         13:d6:46:70:ce:64:1c:89:bf:fa:ce:e6:71:08:5a:46:c1:49:
         76:c4:0f:5d:89:9d:cc:7f:b7:d8:f7:b1:b6:4a:7a:e0:88:7e:
         c8:77:db:4e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/WT3FmarMdrO8Om/7pI8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwMTAyMDc0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjQyM2Y2ODg4Nzk1Yzk5NGVhNzMzOWYxNjRhYThhZDU4NjNjNmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdKnuQtD/jFIL4LntsviJWCF0JaN
s0vLTL85g2+xmhYeyhpU412Qre7TIoL9QBUPqCGBKilnE7XVEfsAB5MpHe3nsAzN
yb3eLTEJ1s1KGPpHcP8p26iM0nqE2XZfJ4di/PuLF31z8Y03gJ8XJnVwrPdrzCmn
MvPMPt2BJa6e5iLdeWz7w9DUrDUfirK1GadTylUoWyAqdfSS4RovAGYUtcZbTFiR
2FmHcvdOqj/WFj4AYujv3KJ146Km+FHr1Pzmzx4OMmPK1o4SnGcZT11gmHr8DtOy
2/bFGQ43TK1fvht54ZtaLrqJODAiq3v6qGCWf8sn48e1sffB1rUvBPVyzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC9CP2iIeVyZTqcznxZKqK1YY8btMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvTDBJX2FJaDVYSmxPcHpPZkZrcW9yVmhqeHUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwr7cAwQB
1MAyMA0GCSqGSIb3DQEBCwUAA4IBAQBx4CaIMItPEPCtASBUkIR4NHjdredKedxe
0lTNSg4wvcqjK0r4S88R2iDbikrRRrhGsHgnGkALb2kgP8DQ/HIA/3vMbokYK81a
KR1QrLBA+SGUi4i5Ptn0Uhi/IFmj3iIvneKTiCl9z7BInAXckbLTMhMfMm2oZT0z
nmXPymKaUKZnREDeRaJ9d+/Vr5s1rH654eC/ek8NuWWrz0kfL9w5TGRap2aT77Ag
oRkwY6z1GixBPSf44MY1KisU4+9p7rvcb0fHlcnf8sSnTiCfs3OJi/0TzEdpicwT
1kZwzmQcib/6zuZxCFpGwUl2xA9diZ3Mf7fY97G2SnrgiH7Id9tO
-----END CERTIFICATE-----