Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/Y6F62YpJCC59YKjCaafVErVjmD0.roa
File:                     Y6F62YpJCC59YKjCaafVErVjmD0.roa (raw, json)
Hash identifier:          jEO2T60ZwCXGhoUV+I/uKBnRTonLbCqMRnu7MLrRR+g=
Subject key identifier:   63:A1:7A:D9:8A:49:08:2E:7D:60:A8:C2:69:A7:D5:12:B5:63:98:3D
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019425FD6595806159C1901F865AAC03F0AD
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/Y6F62YpJCC59YKjCaafVErVjmD0.roa
Signing time:             Thu 02 Jan 2025 07:49:11 +0000
ROA not before:           Thu 02 Jan 2025 07:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208626
IP address blocks:        193.232.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 07:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:65:95:80:61:59:c1:90:1f:86:5a:ac:03:f0:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  2 07:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63a17ad98a49082e7d60a8c269a7d512b563983d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:63:4c:9c:8d:5e:ef:d6:19:7a:83:c9:20:32:
                    6b:e9:56:50:a1:c9:cb:c4:54:57:47:f5:e1:e5:50:
                    7a:9f:ce:2c:f5:15:92:81:a4:f2:28:20:5c:4f:3c:
                    ac:b9:5d:57:58:61:0c:52:58:a6:44:e6:d6:5f:01:
                    aa:1f:58:75:9d:fc:c1:59:ac:d1:fc:9d:6d:91:aa:
                    cd:76:41:98:30:7e:cc:01:17:84:40:d7:fa:19:84:
                    76:74:f6:f5:eb:b9:71:fe:c4:d8:f9:77:5e:03:49:
                    b5:3b:fe:d8:07:8c:50:00:66:8e:57:d4:15:dc:f2:
                    14:63:92:e7:2c:c7:24:4f:35:4f:be:a9:bd:7a:c1:
                    70:2c:55:50:79:ff:c4:36:2e:67:db:37:71:bb:03:
                    54:10:78:e6:58:b7:67:3a:5f:03:d6:6e:71:a3:d2:
                    5b:c5:64:a0:1e:24:cf:d8:78:b2:df:2a:37:ec:d8:
                    b7:48:95:90:6d:24:df:d9:cf:18:10:66:1a:97:86:
                    27:2b:49:c5:68:54:45:c9:1d:2b:8c:45:2a:df:bd:
                    4b:b2:eb:1a:6b:d4:e9:f6:7c:77:31:f2:55:05:11:
                    fb:59:5f:db:bb:64:83:5c:84:2a:73:aa:c5:a1:1d:
                    6a:d5:e8:62:5b:48:ec:56:c1:6e:93:31:67:1c:01:
                    6c:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:A1:7A:D9:8A:49:08:2E:7D:60:A8:C2:69:A7:D5:12:B5:63:98:3D
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/Y6F62YpJCC59YKjCaafVErVjmD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.232.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:61:c7:cb:77:f5:07:4f:cc:c3:e2:fa:39:50:50:45:9e:75:
         64:58:ad:2e:3b:e3:22:12:07:4c:40:1d:cc:ef:a1:8f:db:05:
         ae:e8:5d:ab:ce:b3:cf:28:ca:c2:c6:72:b0:4a:f6:7a:85:a3:
         83:de:84:c8:41:2d:1f:84:2c:3c:a5:e3:f4:0e:33:6d:b5:f1:
         28:40:d6:0c:e5:90:c0:4a:8b:30:1a:0a:44:53:7d:39:e8:4a:
         77:ae:b5:a9:94:84:54:e8:32:ab:5a:e2:fc:1f:62:9a:7f:1c:
         c6:c7:94:88:0f:d7:c3:e8:ab:6f:f3:86:66:45:bf:cf:e8:54:
         2e:cb:77:f1:d6:dd:0c:00:8c:24:74:08:a6:98:58:e4:0e:1a:
         44:40:c4:6f:6c:20:01:80:0d:a1:cd:13:34:47:90:d6:b9:62:
         dc:ae:b2:86:42:52:fa:25:bf:8a:8c:19:2a:90:15:eb:c4:e0:
         e6:e6:e5:37:35:7c:cd:62:32:87:7c:56:6a:40:1a:11:67:55:
         3c:39:26:17:d2:b6:e9:85:73:81:dd:fb:49:ba:03:5c:6a:35:
         65:1f:d5:b6:f6:6a:f7:ce:eb:8a:2a:d6:3a:f0:e9:2a:de:c9:
         cf:97:56:55:09:57:33:8f:83:ae:10:67:93:c8:54:9b:dd:25:
         5e:a8:cb:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/WWVgGFZwZAfhlqsA/CtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwMTAyMDc0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2ExN2FkOThhNDkwODJlN2Q2MGE4YzI2OWE3ZDUxMmI1NjM5ODNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4WNMnI1e79YZeoPJIDJr6VZQocnL
xFRXR/Xh5VB6n84s9RWSgaTyKCBcTzysuV1XWGEMUlimRObWXwGqH1h1nfzBWazR
/J1tkarNdkGYMH7MAReEQNf6GYR2dPb167lx/sTY+XdeA0m1O/7YB4xQAGaOV9QV
3PIUY5LnLMckTzVPvqm9esFwLFVQef/ENi5n2zdxuwNUEHjmWLdnOl8D1m5xo9Jb
xWSgHiTP2Hiy3yo37Ni3SJWQbSTf2c8YEGYal4YnK0nFaFRFyR0rjEUq371Lsusa
a9Tp9nx3MfJVBRH7WV/bu2SDXIQqc6rFoR1q1ehiW0jsVsFukzFnHAFskQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGOhetmKSQgufWCowmmn1RK1Y5g9MB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvWTZGNjJZcEpDQzU5WUtqQ2FhZlZFclZqbUQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweg1MA0G
CSqGSIb3DQEBCwUAA4IBAQAMYcfLd/UHT8zD4vo5UFBFnnVkWK0uO+MiEgdMQB3M
76GP2wWu6F2rzrPPKMrCxnKwSvZ6haOD3oTIQS0fhCw8peP0DjNttfEoQNYM5ZDA
SoswGgpEU3056Ep3rrWplIRU6DKrWuL8H2KafxzGx5SID9fD6Ktv84ZmRb/P6FQu
y3fx1t0MAIwkdAimmFjkDhpEQMRvbCABgA2hzRM0R5DWuWLcrrKGQlL6Jb+KjBkq
kBXrxODm5uU3NXzNYjKHfFZqQBoRZ1U8OSYX0rbphXOB3ftJugNcajVlH9W29mr3
zuuKKtY68Okq3snPl1ZVCVczj4OuEGeTyFSb3SVeqMvB
-----END CERTIFICATE-----