Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/heL-KNvVnsPaP_8_Pa4KjuGQllI.roa
File:                     heL-KNvVnsPaP_8_Pa4KjuGQllI.roa (raw, json)
Hash identifier:          qmmBsGMpYxIVyHeeSgMDBM6rzt+CkJo6COO8RQROVvY=
Subject key identifier:   85:E2:FE:28:DB:D5:9E:C3:DA:3F:FF:3F:3D:AE:0A:8E:E1:90:96:52
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019425FD67B4328C1CF01DA46D2D0F9443BC
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/heL-KNvVnsPaP_8_Pa4KjuGQllI.roa
Signing time:             Thu 02 Jan 2025 07:49:11 +0000
ROA not before:           Thu 02 Jan 2025 07:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214077
IP address blocks:        194.226.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:67:b4:32:8c:1c:f0:1d:a4:6d:2d:0f:94:43:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  2 07:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85e2fe28dbd59ec3da3fff3f3dae0a8ee1909652
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a9:97:ac:5e:95:db:6e:c9:1f:66:71:30:5b:
                    35:bd:c5:67:e4:14:33:ce:ea:42:c5:54:e7:89:d7:
                    f5:ad:95:b4:b3:13:c5:7c:e1:cc:78:4d:1a:ba:fa:
                    49:33:ef:79:a8:9f:46:e6:06:f9:21:b0:d6:9d:5f:
                    9f:c7:d7:dd:89:fa:0d:aa:41:a4:18:bf:29:76:01:
                    07:a6:c8:84:cb:b9:47:32:68:1c:7e:d4:78:9d:f2:
                    0b:6e:a1:c6:dc:09:95:ec:71:f6:96:e0:a7:6d:41:
                    0a:de:98:e8:15:64:ea:cd:97:0a:0c:42:e6:1b:35:
                    e0:f9:2e:e5:d8:41:ce:75:3d:dc:41:68:ca:8b:d2:
                    e4:0f:c5:3a:95:a7:94:5f:33:bd:b2:34:50:f9:95:
                    94:01:ba:8a:ec:9a:7a:28:ca:94:75:99:01:e3:1c:
                    46:19:19:87:3c:e2:be:1a:22:7b:de:ca:47:3b:c2:
                    6f:4d:09:c3:23:e3:8f:89:58:94:4a:2d:4e:c0:4c:
                    10:95:23:3d:ee:56:8c:83:0b:7e:0f:2b:ae:44:b9:
                    51:16:a7:50:e9:62:6a:c6:50:fd:c0:74:3c:fd:98:
                    a5:da:14:6a:ac:35:08:01:91:3c:41:56:26:08:bc:
                    2c:52:a0:f4:9f:ec:f9:69:7c:fe:0b:3d:f1:fc:15:
                    b5:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:E2:FE:28:DB:D5:9E:C3:DA:3F:FF:3F:3D:AE:0A:8E:E1:90:96:52
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/heL-KNvVnsPaP_8_Pa4KjuGQllI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.226.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:47:63:5d:d0:76:42:ff:39:f2:64:69:ec:3d:56:73:f9:9e:
         5e:25:1f:e7:b0:00:a8:78:c9:e7:b8:77:22:ba:b7:11:73:3a:
         05:d3:f7:80:b9:6c:4b:86:a4:6a:1e:1b:fc:68:c1:d5:48:dd:
         8e:71:cc:23:60:3e:03:f1:f4:30:44:51:c0:ec:2c:ff:e2:f2:
         9c:28:29:32:da:4a:32:a6:dc:a5:f4:1f:42:c8:c2:b0:cf:7b:
         74:4a:c2:1f:68:33:1d:12:5a:8b:da:95:50:02:02:b7:8d:41:
         82:9f:c7:e7:de:0a:15:2b:99:17:49:8e:cd:e9:8e:85:a3:45:
         a0:21:f7:9b:95:58:fe:1d:f2:16:bd:44:a5:c1:96:5c:03:9a:
         68:17:fa:a0:94:b8:d2:77:14:ca:a0:48:4d:bf:85:8a:29:ed:
         38:04:4e:4c:03:82:48:64:00:65:1e:ae:dd:cc:9a:b5:70:66:
         d5:fd:b7:90:c5:0b:53:f0:7a:ac:b6:a2:9d:74:35:c3:ec:ef:
         47:58:c0:d1:3f:a8:4a:16:ff:6e:cd:e9:6f:f7:cb:f2:bb:9e:
         a7:9a:ff:41:e1:39:75:db:96:4f:74:62:48:87:2b:2c:a4:79:
         f8:ec:01:83:e2:1b:6e:a1:f5:89:c8:db:5a:39:e6:99:14:48:
         8a:a5:e8:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/We0Mowc8B2kbS0PlEO8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwMTAyMDc0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWUyZmUyOGRiZDU5ZWMzZGEzZmZmM2YzZGFlMGE4ZWUxOTA5NjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqmXrF6V227JH2ZxMFs1vcVn5BQz
zupCxVTnidf1rZW0sxPFfOHMeE0auvpJM+95qJ9G5gb5IbDWnV+fx9fdifoNqkGk
GL8pdgEHpsiEy7lHMmgcftR4nfILbqHG3AmV7HH2luCnbUEK3pjoFWTqzZcKDELm
GzXg+S7l2EHOdT3cQWjKi9LkD8U6laeUXzO9sjRQ+ZWUAbqK7Jp6KMqUdZkB4xxG
GRmHPOK+GiJ73spHO8JvTQnDI+OPiViUSi1OwEwQlSM97laMgwt+DyuuRLlRFqdQ
6WJqxlD9wHQ8/Zil2hRqrDUIAZE8QVYmCLwsUqD0n+z5aXz+Cz3x/BW1jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIXi/ijb1Z7D2j//Pz2uCo7hkJZSMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvaGVMLUtOdlZuc1BhUF84X1BhNEtqdUdRbGxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwuL5MA0G
CSqGSIb3DQEBCwUAA4IBAQArR2Nd0HZC/znyZGnsPVZz+Z5eJR/nsACoeMnnuHci
urcRczoF0/eAuWxLhqRqHhv8aMHVSN2OccwjYD4D8fQwRFHA7Cz/4vKcKCky2koy
ptyl9B9CyMKwz3t0SsIfaDMdElqL2pVQAgK3jUGCn8fn3goVK5kXSY7N6Y6Fo0Wg
IfeblVj+HfIWvUSlwZZcA5poF/qglLjSdxTKoEhNv4WKKe04BE5MA4JIZABlHq7d
zJq1cGbV/beQxQtT8HqstqKddDXD7O9HWMDRP6hKFv9uzelv98vyu56nmv9B4Tl1
25ZPdGJIhysspHn47AGD4htuofWJyNtaOeaZFEiKpei9
-----END CERTIFICATE-----