Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/O40n3ipAcxAxFGrdJ-G7fHqrQ5o.roa
File:                     O40n3ipAcxAxFGrdJ-G7fHqrQ5o.roa (raw, json)
Hash identifier:          1sQFkG191e2mQ4d9/YFmqPoFzsTjIFFlQTDaPSTvFrU=
Subject key identifier:   3B:8D:27:DE:2A:40:73:10:31:14:6A:DD:27:E1:BB:7C:7A:AB:43:9A
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019425FD5591041FA89D230EDC6AD7E18AEC
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/O40n3ipAcxAxFGrdJ-G7fHqrQ5o.roa
Signing time:             Thu 02 Jan 2025 07:49:06 +0000
ROA not before:           Thu 02 Jan 2025 07:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     45029
IP address blocks:        193.232.166.0/24 maxlen: 24
                          2a0c:a9c7:166::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:55:91:04:1f:a8:9d:23:0e:dc:6a:d7:e1:8a:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  2 07:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b8d27de2a40731031146add27e1bb7c7aab439a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:11:f2:17:27:fd:55:4d:25:61:34:4c:fa:11:
                    ef:fe:79:e0:92:5c:13:59:74:87:39:26:64:f0:7f:
                    02:c9:54:b9:92:44:cd:ee:22:be:d6:8c:72:49:00:
                    f2:a5:67:aa:1b:01:23:5c:2b:aa:3f:73:72:fb:ce:
                    43:e5:e1:c0:b5:8a:57:cd:1c:28:59:68:36:d1:ff:
                    98:05:45:41:ff:b8:3e:b9:90:69:6f:57:f1:a4:d0:
                    f3:9b:f2:7c:91:cd:78:d1:3a:6a:73:74:63:cf:a0:
                    0b:7f:d4:a4:59:85:65:b6:46:1d:f9:bc:93:2f:ca:
                    b0:9f:1a:49:08:64:50:50:e0:6b:7e:a8:01:de:8d:
                    1c:2a:b9:13:95:4a:69:e1:2c:c8:c2:1b:3a:f7:3c:
                    c9:8d:94:79:5b:33:1c:74:3f:f5:a5:42:50:93:89:
                    b9:de:13:27:97:d0:fa:e2:b6:3c:07:45:2b:af:e2:
                    d6:5d:05:ab:42:27:5d:03:a5:1f:6d:c4:81:75:c8:
                    e4:f8:6b:a1:63:3d:1d:68:0c:24:44:ab:9b:fc:32:
                    35:85:75:f0:4a:d6:a2:8c:b3:ad:88:5f:23:4d:c6:
                    fb:39:26:97:0f:c0:67:20:67:f4:df:92:ca:fe:1f:
                    c6:b3:e8:bf:6c:a8:e2:9a:08:83:3c:c7:11:05:32:
                    d7:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:8D:27:DE:2A:40:73:10:31:14:6A:DD:27:E1:BB:7C:7A:AB:43:9A
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/O40n3ipAcxAxFGrdJ-G7fHqrQ5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.232.166.0/24
                IPv6:
                  2a0c:a9c7:166::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:82:80:09:07:d4:9f:d6:4a:76:22:45:a4:02:4d:9d:dc:5d:
         7d:62:c2:3b:9a:fd:37:3e:76:e8:61:bb:57:f9:11:11:fa:ef:
         e2:2e:e3:29:1e:bc:3c:b4:76:c5:20:05:f0:09:b5:e9:ff:ca:
         d5:53:89:ac:c0:9a:13:c6:c9:c6:b0:e0:e9:74:61:f1:4e:8f:
         8d:73:b9:53:69:50:11:7e:45:db:9e:38:77:d5:6a:9f:91:8d:
         d2:f7:7b:d0:20:4d:b3:f0:3d:b0:8c:d3:1e:84:bb:1c:22:a8:
         d7:a3:93:a3:58:0d:49:70:8a:d4:23:27:62:b2:42:2c:d3:dd:
         3d:4a:4f:fb:7c:73:3a:85:e5:8d:ed:0d:e0:12:4c:b8:44:58:
         84:55:0c:88:9a:62:45:31:ad:d9:26:5c:63:c1:c3:02:58:44:
         f7:fe:40:ba:5c:26:c9:dc:32:04:99:94:ef:bf:a9:d3:42:97:
         1f:de:bb:78:21:13:a7:33:64:a5:21:30:ac:88:ae:68:66:03:
         c7:58:c8:b8:74:80:c9:ea:1a:5a:df:e6:61:06:75:1b:a7:5b:
         c4:cd:eb:68:d2:e7:03:de:a5:bc:bc:2c:0f:89:98:e4:5f:3b:
         33:bb:ea:51:ab:b2:38:ca:e1:ec:24:b3:a3:99:9c:fd:02:7d:
         cc:7a:d0:0f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQl/VWRBB+onSMO3GrX4YrsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwMTAyMDc0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjhkMjdkZTJhNDA3MzEwMzExNDZhZGQyN2UxYmI3YzdhYWI0MzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRHyFyf9VU0lYTRM+hHv/nngklwT
WXSHOSZk8H8CyVS5kkTN7iK+1oxySQDypWeqGwEjXCuqP3Ny+85D5eHAtYpXzRwo
WWg20f+YBUVB/7g+uZBpb1fxpNDzm/J8kc140Tpqc3Rjz6ALf9SkWYVltkYd+byT
L8qwnxpJCGRQUOBrfqgB3o0cKrkTlUpp4SzIwhs69zzJjZR5WzMcdD/1pUJQk4m5
3hMnl9D64rY8B0Urr+LWXQWrQiddA6UfbcSBdcjk+GuhYz0daAwkRKub/DI1hXXw
StaijLOtiF8jTcb7OSaXD8BnIGf035LK/h/Gs+i/bKjimgiDPMcRBTLX2wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDuNJ94qQHMQMRRq3Sfhu3x6q0OaMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvTzQwbjNpcEFjeEF4RkdyZEotRzdmSHFyUTVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAweimMA8E
AgACMAkDBwAqDKnHAWYwDQYJKoZIhvcNAQELBQADggEBAEOCgAkH1J/WSnYiRaQC
TZ3cXX1iwjua/Tc+duhhu1f5ERH67+Iu4ykevDy0dsUgBfAJten/ytVTiazAmhPG
ycaw4Ol0YfFOj41zuVNpUBF+RdueOHfVap+RjdL3e9AgTbPwPbCM0x6EuxwiqNej
k6NYDUlwitQjJ2KyQizT3T1KT/t8czqF5Y3tDeASTLhEWIRVDIiaYkUxrdkmXGPB
wwJYRPf+QLpcJsncMgSZlO+/qdNClx/eu3ghE6czZKUhMKyIrmhmA8dYyLh0gMnq
Glrf5mEGdRunW8TN62jS5wPepby8LA+JmORfOzO76lGrsjjK4ewks6OZnP0Cfcx6
0A8=
-----END CERTIFICATE-----