Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/XTfcbX9xqRfHD7SRFqZge2aL6pU.roa
File:                     XTfcbX9xqRfHD7SRFqZge2aL6pU.roa (raw, json)
Hash identifier:          hP275Na+2ALtfSbERacn4uUW130SwTFR00VFn1+Q9gk=
Subject key identifier:   5D:37:DC:6D:7F:71:A9:17:C7:0F:B4:91:16:A6:60:7B:66:8B:EA:95
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       01933E7D9F6F5FF309FE9484C3753AD252FE
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/XTfcbX9xqRfHD7SRFqZge2aL6pU.roa
Signing time:             Mon 18 Nov 2024 08:57:20 +0000
ROA not before:           Mon 18 Nov 2024 08:57:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207239
IP address blocks:        194.190.220.0/23 maxlen: 23
                          212.192.50.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:3e:7d:9f:6f:5f:f3:09:fe:94:84:c3:75:3a:d2:52:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Nov 18 08:57:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d37dc6d7f71a917c70fb49116a6607b668bea95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c3:80:88:34:f6:cd:74:5d:27:71:dd:77:f0:
                    4a:53:ff:cc:23:1b:c5:4a:16:5d:d3:4b:4b:81:f1:
                    50:8d:c1:cb:40:a3:dc:b6:80:8e:04:33:e6:94:db:
                    39:21:91:78:dc:41:63:6b:26:e2:d5:3d:68:b3:19:
                    14:31:e9:ae:8d:1d:b2:3e:fb:eb:b1:fa:ad:c2:fd:
                    f6:be:92:86:e7:a6:ee:cf:f2:a6:ce:cc:9e:69:7a:
                    cd:0e:d3:d7:61:ba:d1:76:8e:32:60:1c:7b:80:a9:
                    49:b4:f9:ee:f5:6f:f3:e8:78:95:11:9f:99:6f:c7:
                    4a:5f:63:68:b3:02:1b:f1:18:30:42:b0:91:7c:2c:
                    de:c0:99:29:52:f2:ab:4f:f8:7d:8e:05:04:0a:05:
                    aa:33:ab:48:6a:4d:ea:f8:41:0a:18:0f:54:88:7a:
                    9b:83:0a:ff:d8:36:78:29:d3:5d:24:0c:1b:16:77:
                    f5:fc:c2:96:66:df:47:86:82:6d:ca:c2:d0:08:c4:
                    85:81:68:5d:c8:11:d7:cd:32:8f:54:14:1a:ce:c3:
                    cc:ee:9b:a3:04:45:48:d9:10:90:e7:2b:f9:18:d5:
                    4f:cc:d2:18:07:2d:fa:9c:14:8d:c6:45:e5:e7:ed:
                    e2:6a:c3:d8:e3:5a:1d:a9:23:00:22:e5:01:fe:80:
                    9f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:37:DC:6D:7F:71:A9:17:C7:0F:B4:91:16:A6:60:7B:66:8B:EA:95
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/XTfcbX9xqRfHD7SRFqZge2aL6pU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.190.220.0/23
                  212.192.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:71:aa:e2:36:ee:d4:6e:47:99:df:aa:b8:3c:88:be:ec:b7:
         82:71:20:3f:48:2d:6d:06:13:7b:00:6e:63:5a:62:31:df:0b:
         a9:e7:8e:69:be:a8:1e:d4:42:ef:2d:61:78:95:7a:2e:a2:45:
         04:4d:9e:68:6d:0f:ee:b0:bc:ac:fe:92:c8:64:6e:58:34:c7:
         4b:18:1e:0d:1b:b0:8c:81:90:8f:74:8c:c6:d6:a7:d1:4d:4b:
         d1:01:2d:ed:92:a6:34:59:8a:a7:d7:f9:2f:9b:37:e4:06:14:
         61:a8:b3:1a:8e:42:7b:76:41:82:df:4f:b2:bb:b2:15:ed:9c:
         f2:5a:ae:cd:67:35:4e:91:f9:82:76:39:98:15:15:10:07:4c:
         ff:03:1b:2f:f9:05:85:de:cd:54:8b:8c:d9:80:7a:a9:7c:83:
         1e:91:e9:b0:d6:19:46:c2:ab:77:58:41:63:4f:95:8c:9a:5f:
         f2:3d:ef:d2:86:6f:dc:8e:00:26:75:50:6a:ef:e1:9c:21:a3:
         b0:3e:ec:5e:8a:72:a7:3d:b0:b6:b9:1a:e1:e1:d4:50:f3:e2:
         7b:89:eb:6b:44:aa:a4:02:2c:c7:92:59:dd:a2:bb:ec:d0:81:
         a0:70:88:f5:ea:28:04:2e:f9:ad:21:f8:72:23:7e:ea:bd:37:
         f9:5b:dc:cf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZM+fZ9vX/MJ/pSEw3U60lL+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQxMTE4MDg1NzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDM3ZGM2ZDdmNzFhOTE3YzcwZmI0OTExNmE2NjA3YjY2OGJlYTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocOAiDT2zXRdJ3Hdd/BKU//MIxvF
ShZd00tLgfFQjcHLQKPctoCOBDPmlNs5IZF43EFjaybi1T1osxkUMemujR2yPvvr
sfqtwv32vpKG56buz/KmzsyeaXrNDtPXYbrRdo4yYBx7gKlJtPnu9W/z6HiVEZ+Z
b8dKX2NoswIb8RgwQrCRfCzewJkpUvKrT/h9jgUECgWqM6tIak3q+EEKGA9UiHqb
gwr/2DZ4KdNdJAwbFnf1/MKWZt9HhoJtysLQCMSFgWhdyBHXzTKPVBQazsPM7puj
BEVI2RCQ5yv5GNVPzNIYBy36nBSNxkXl5+3iasPY41odqSMAIuUB/oCfIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF033G1/cakXxw+0kRamYHtmi+qVMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvWFRmY2JYOXhxUmZIRDdTUkZxWmdlMmFMNnBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwr7cAwQB
1MAyMA0GCSqGSIb3DQEBCwUAA4IBAQA9cariNu7UbkeZ36q4PIi+7LeCcSA/SC1t
BhN7AG5jWmIx3wup545pvqge1ELvLWF4lXouokUETZ5obQ/usLys/pLIZG5YNMdL
GB4NG7CMgZCPdIzG1qfRTUvRAS3tkqY0WYqn1/kvmzfkBhRhqLMajkJ7dkGC30+y
u7IV7ZzyWq7NZzVOkfmCdjmYFRUQB0z/Axsv+QWF3s1Ui4zZgHqpfIMekemw1hlG
wqt3WEFjT5WMml/yPe/Shm/cjgAmdVBq7+GcIaOwPuxeinKnPbC2uRrh4dRQ8+J7
ietrRKqkAizHklndorvs0IGgcIj16igELvmtIfhyI37qvTf5W9zP
-----END CERTIFICATE-----