Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/LbcsokMSF1j6Qjv2PHGPZyudirk.roa
File:                     LbcsokMSF1j6Qjv2PHGPZyudirk.roa (raw, json)
Hash identifier:          fhLKzw4kjW8mOwK7G7JXM5gOnmDm6ovk76CCGxWtbu8=
Subject key identifier:   2D:B7:2C:A2:43:12:17:58:FA:42:3B:F6:3C:71:8F:67:2B:9D:8A:B9
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019425FD6410EF1726C274291083C9D1572E
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/LbcsokMSF1j6Qjv2PHGPZyudirk.roa
Signing time:             Thu 02 Jan 2025 07:49:10 +0000
ROA not before:           Thu 02 Jan 2025 07:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205312
IP address blocks:        195.208.78.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:64:10:ef:17:26:c2:74:29:10:83:c9:d1:57:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  2 07:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2db72ca243121758fa423bf63c718f672b9d8ab9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ce:0e:5a:a7:d6:00:a7:4d:66:43:5a:42:91:
                    06:2a:bc:5f:33:e7:51:b1:60:a8:21:56:7d:53:6e:
                    e3:f3:d2:da:a8:13:e2:57:f1:1a:c8:67:71:28:39:
                    ac:bc:ec:9a:18:13:f3:f8:08:7e:41:20:bc:3a:7d:
                    53:3a:b9:94:47:d7:5e:30:35:c9:23:9b:fe:81:5b:
                    9f:ef:5e:a6:95:1b:96:f2:71:00:c1:a5:b8:d2:ae:
                    2b:45:74:b6:3d:a0:7f:6e:df:d4:69:76:47:ee:24:
                    91:d2:6d:86:7e:80:ad:15:6a:c6:c6:90:89:f1:db:
                    fe:00:75:aa:22:21:db:f3:85:7c:81:3a:cf:ca:54:
                    cc:76:24:b1:02:75:0a:52:20:a8:65:41:9f:a9:ef:
                    87:24:42:37:65:2c:98:a0:18:3c:89:31:c9:3a:9b:
                    e5:b7:23:21:d7:3a:23:7b:40:f7:56:96:48:d2:3c:
                    0f:93:10:ee:45:d4:b9:d3:cb:cc:91:bd:94:75:e9:
                    5c:6f:0d:7d:bb:f6:1b:30:a2:20:88:29:dc:f7:85:
                    15:51:03:51:ea:6d:cd:d6:96:d5:95:49:0c:6a:ff:
                    f4:39:97:6a:9a:d3:fe:0c:37:62:ee:f9:a9:5b:76:
                    28:f6:d9:db:24:9c:ec:89:70:79:19:08:67:63:6e:
                    a0:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:B7:2C:A2:43:12:17:58:FA:42:3B:F6:3C:71:8F:67:2B:9D:8A:B9
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/LbcsokMSF1j6Qjv2PHGPZyudirk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.208.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:e5:a5:5b:43:24:54:c8:2d:ea:81:ab:39:71:fd:87:41:cb:
         aa:35:bc:23:7d:ac:75:cf:6f:c8:60:68:66:26:2c:47:03:26:
         6c:b7:82:e4:29:85:38:68:ef:91:3e:ce:81:9d:ee:93:9d:b7:
         0b:01:71:4d:ff:2c:1d:26:78:b0:cc:31:22:cd:1f:69:9f:fe:
         ef:58:3e:ef:8d:8f:9f:46:97:d1:3e:e0:0b:04:c2:34:81:1d:
         ad:1a:71:b0:0c:f7:36:45:80:eb:31:03:b6:95:d2:c1:d5:58:
         36:0b:b3:84:46:5d:ad:d0:63:57:68:f3:b6:58:3d:c4:94:40:
         1b:9a:fb:18:3f:1f:c5:ed:c7:73:af:9b:c9:3b:e2:6b:f3:05:
         46:6a:2f:c8:29:98:bb:73:e9:a8:4f:24:39:6b:05:40:7f:d2:
         fb:bb:da:ad:e0:73:44:2c:cc:10:07:e3:c9:75:4d:5a:d6:e4:
         95:c1:1e:5f:09:dd:c1:aa:48:73:ac:9e:93:82:e4:e8:fc:d8:
         f5:ed:d2:3f:e3:c9:9f:4d:1d:1a:23:0b:52:2b:19:77:ee:db:
         70:16:f2:27:9f:a1:e9:3e:85:ce:93:1e:f0:43:a2:76:9a:34:
         06:55:33:34:27:72:14:28:16:4e:a4:37:46:ee:bf:96:2f:49:
         59:e7:34:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/WQQ7xcmwnQpEIPJ0VcuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwMTAyMDc0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGI3MmNhMjQzMTIxNzU4ZmE0MjNiZjYzYzcxOGY2NzJiOWQ4YWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxM4OWqfWAKdNZkNaQpEGKrxfM+dR
sWCoIVZ9U27j89LaqBPiV/EayGdxKDmsvOyaGBPz+Ah+QSC8On1TOrmUR9deMDXJ
I5v+gVuf716mlRuW8nEAwaW40q4rRXS2PaB/bt/UaXZH7iSR0m2GfoCtFWrGxpCJ
8dv+AHWqIiHb84V8gTrPylTMdiSxAnUKUiCoZUGfqe+HJEI3ZSyYoBg8iTHJOpvl
tyMh1zoje0D3VpZI0jwPkxDuRdS508vMkb2Udelcbw19u/YbMKIgiCnc94UVUQNR
6m3N1pbVlUkMav/0OZdqmtP+DDdi7vmpW3Yo9tnbJJzsiXB5GQhnY26g6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC23LKJDEhdY+kI79jxxj2crnYq5MB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvTGJjc29rTVNGMWo2UWp2MlBIR1BaeXVkaXJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw9BOMA0G
CSqGSIb3DQEBCwUAA4IBAQAL5aVbQyRUyC3qgas5cf2HQcuqNbwjfax1z2/IYGhm
JixHAyZst4LkKYU4aO+RPs6Bne6TnbcLAXFN/ywdJniwzDEizR9pn/7vWD7vjY+f
RpfRPuALBMI0gR2tGnGwDPc2RYDrMQO2ldLB1Vg2C7OERl2t0GNXaPO2WD3ElEAb
mvsYPx/F7cdzr5vJO+Jr8wVGai/IKZi7c+moTyQ5awVAf9L7u9qt4HNELMwQB+PJ
dU1a1uSVwR5fCd3BqkhzrJ6TguTo/Nj17dI/48mfTR0aIwtSKxl37ttwFvInn6Hp
PoXOkx7wQ6J2mjQGVTM0J3IUKBZOpDdG7r+WL0lZ5zSx
-----END CERTIFICATE-----