Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/N3dTpfOfpvEW8PM53H0QLrXAaWA.roa
File:                     N3dTpfOfpvEW8PM53H0QLrXAaWA.roa (raw, json)
Hash identifier:          gZprjh6uqa9x4fXbMNW0qnE/GHT3XiUusRdcTpA+NoM=
Subject key identifier:   37:77:53:A5:F3:9F:A6:F1:16:F0:F3:39:DC:7D:10:2E:B5:C0:69:60
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019425FD5AD870ABDF9133B04033831A06EC
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/N3dTpfOfpvEW8PM53H0QLrXAaWA.roa
Signing time:             Thu 02 Jan 2025 07:49:08 +0000
ROA not before:           Thu 02 Jan 2025 07:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57503
IP address blocks:        195.209.116.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:5a:d8:70:ab:df:91:33:b0:40:33:83:1a:06:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  2 07:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=377753a5f39fa6f116f0f339dc7d102eb5c06960
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a8:04:ed:20:7b:71:f3:cf:16:e0:72:1f:5d:
                    97:5b:94:f6:07:5d:ae:bc:7c:52:38:d1:89:d7:aa:
                    75:a6:01:ce:59:11:7b:20:a7:67:32:a4:af:80:fa:
                    88:99:c8:8b:e8:6c:d7:96:b1:22:a0:7c:fb:b9:fd:
                    7d:3b:03:86:b7:3a:3a:e2:f5:39:81:87:c7:c6:06:
                    a5:4b:eb:38:c0:a9:e9:e0:2a:4a:54:02:18:52:55:
                    77:30:2f:28:20:ae:b7:29:2c:42:5f:4b:d3:d2:97:
                    c8:be:6b:5b:b9:c7:a3:c1:68:0d:92:7e:16:5f:c3:
                    2d:36:7d:db:53:72:d2:0d:eb:c1:13:46:72:96:93:
                    a9:3b:c7:81:e1:5d:dd:31:d8:b6:92:fb:1a:3e:3c:
                    99:bb:07:55:c5:b0:6c:27:8d:b1:48:44:b5:4c:41:
                    7f:32:50:b2:01:a9:24:05:64:f1:b3:21:87:04:47:
                    f8:c3:f8:44:76:b2:f0:cd:a3:b8:79:a0:c7:a7:b7:
                    0d:39:9d:ab:dc:03:d9:5f:82:43:47:30:34:51:81:
                    f4:ce:9c:0e:3c:7b:94:c5:e2:34:7d:aa:2e:5d:fc:
                    c2:66:be:65:1a:1e:6a:2f:60:0a:46:3e:08:d5:ce:
                    3c:3b:32:ac:b9:bb:65:c2:88:f0:c6:dc:19:88:9f:
                    0f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:77:53:A5:F3:9F:A6:F1:16:F0:F3:39:DC:7D:10:2E:B5:C0:69:60
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/N3dTpfOfpvEW8PM53H0QLrXAaWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.209.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:91:64:58:fa:92:15:e5:88:44:0f:e5:9f:11:c7:6d:85:07:
         ed:ea:a3:3d:81:bc:de:8e:91:90:96:24:0c:ba:52:ba:35:81:
         5c:e3:bb:a6:42:07:a2:f1:8e:71:46:55:93:98:80:34:be:7f:
         57:82:97:b2:12:ac:6b:b3:2c:30:c2:fa:28:e0:63:fe:32:c5:
         21:8e:de:4b:c0:ed:cb:f7:99:66:f5:1e:e1:41:14:26:d6:9a:
         46:a7:45:86:bf:0c:9b:de:8c:6b:02:1f:00:14:ac:44:4a:f9:
         c9:69:21:57:3e:33:c7:3e:8f:55:23:62:fc:5a:ea:5e:8f:f4:
         fc:10:7a:5d:fa:9d:77:da:32:d0:01:ef:8f:a9:ef:6f:61:b4:
         ec:84:80:ea:da:15:03:b2:79:1b:3c:b1:9c:37:02:2c:79:0e:
         9b:70:cb:66:a9:fc:52:d4:b1:ee:2e:64:11:24:7a:0f:30:66:
         12:a6:e5:a8:6b:88:d1:e5:75:dc:e4:23:04:1d:40:73:c6:37:
         32:6f:47:aa:a1:28:57:65:62:ac:bf:a1:84:54:6f:ee:bd:da:
         80:28:f5:42:bd:55:d1:38:69:7d:7c:80:a3:a4:ab:0c:b9:43:
         91:b9:69:5a:fb:f7:fd:d6:f3:e0:b9:bf:2b:bc:13:51:e4:cc:
         ee:55:56:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/VrYcKvfkTOwQDODGgbsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwMTAyMDc0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzc3NTNhNWYzOWZhNmYxMTZmMGYzMzlkYzdkMTAyZWI1YzA2OTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtagE7SB7cfPPFuByH12XW5T2B12u
vHxSONGJ16p1pgHOWRF7IKdnMqSvgPqImciL6GzXlrEioHz7uf19OwOGtzo64vU5
gYfHxgalS+s4wKnp4CpKVAIYUlV3MC8oIK63KSxCX0vT0pfIvmtbucejwWgNkn4W
X8MtNn3bU3LSDevBE0ZylpOpO8eB4V3dMdi2kvsaPjyZuwdVxbBsJ42xSES1TEF/
MlCyAakkBWTxsyGHBEf4w/hEdrLwzaO4eaDHp7cNOZ2r3APZX4JDRzA0UYH0zpwO
PHuUxeI0faouXfzCZr5lGh5qL2AKRj4I1c48OzKsubtlwojwxtwZiJ8PxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDd3U6Xzn6bxFvDzOdx9EC61wGlgMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvTjNkVHBmT2ZwdkVXOFBNNTNIMFFMclhBYVdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw9F0MA0G
CSqGSIb3DQEBCwUAA4IBAQBwkWRY+pIV5YhED+WfEcdthQft6qM9gbzejpGQliQM
ulK6NYFc47umQgei8Y5xRlWTmIA0vn9XgpeyEqxrsywwwvoo4GP+MsUhjt5LwO3L
95lm9R7hQRQm1ppGp0WGvwyb3oxrAh8AFKxESvnJaSFXPjPHPo9VI2L8Wupej/T8
EHpd+p132jLQAe+Pqe9vYbTshIDq2hUDsnkbPLGcNwIseQ6bcMtmqfxS1LHuLmQR
JHoPMGYSpuWoa4jR5XXc5CMEHUBzxjcyb0eqoShXZWKsv6GEVG/uvdqAKPVCvVXR
OGl9fICjpKsMuUORuWla+/f91vPgub8rvBNR5MzuVVad
-----END CERTIFICATE-----