Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/ptYOUflGk6pFNQJoZoKfT0bbtmM.roa
File:                     ptYOUflGk6pFNQJoZoKfT0bbtmM.roa (raw, json)
Hash identifier:          8Lt8b5TZMVNIePmdmCmECPA6HUokd9mJF4o+2vsCSMs=
Subject key identifier:   A6:D6:0E:51:F9:46:93:AA:45:35:02:68:66:82:9F:4F:46:DB:B6:63
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019425FD5C4E5C87679A63E7A6161FE8BF4D
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/ptYOUflGk6pFNQJoZoKfT0bbtmM.roa
Signing time:             Thu 02 Jan 2025 07:49:08 +0000
ROA not before:           Thu 02 Jan 2025 07:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60308
IP address blocks:        212.193.175.0/24 maxlen: 25
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:5c:4e:5c:87:67:9a:63:e7:a6:16:1f:e8:bf:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  2 07:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6d60e51f94693aa4535026866829f4f46dbb663
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:9d:71:44:32:45:d8:a3:d1:b7:38:d1:96:28:
                    d3:70:8c:50:fa:ca:65:c0:5e:01:b5:14:1e:28:e1:
                    54:ae:ca:83:36:dd:24:7b:0a:31:81:16:91:14:5b:
                    fd:39:a1:f2:e0:fe:42:9b:61:be:48:a0:2d:ef:11:
                    8b:0e:20:e9:a5:6d:79:66:b1:f8:87:43:18:d7:31:
                    c7:db:db:a1:5e:95:58:12:b2:b7:56:4d:c2:3b:2e:
                    83:21:a4:3b:be:83:d9:48:6f:b5:b4:8a:91:93:1d:
                    ef:94:a0:28:a4:e9:2f:f0:76:39:1b:b1:52:d3:24:
                    ac:66:35:33:62:f6:a0:47:2a:f6:2f:7d:60:39:2c:
                    3f:b3:c3:64:0f:1a:dc:bf:aa:62:ee:62:2f:56:30:
                    a9:46:ab:d9:94:3a:9e:91:28:90:7c:62:06:e3:2f:
                    2c:dc:6f:46:ec:32:8a:a3:3d:1f:e8:9b:69:a6:ac:
                    08:c1:a9:e7:99:fb:e0:08:30:73:ea:45:d1:c4:5d:
                    b4:f2:77:17:a2:48:e9:b7:cd:e0:0d:24:46:32:a0:
                    c9:b1:c5:9d:26:18:37:6d:bd:5c:b2:8a:00:22:0a:
                    a0:56:93:d0:1c:ea:35:8d:63:e9:e4:af:db:24:51:
                    72:87:53:2d:59:d0:e5:47:c8:56:4d:0d:e3:ef:c7:
                    30:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:D6:0E:51:F9:46:93:AA:45:35:02:68:66:82:9F:4F:46:DB:B6:63
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/ptYOUflGk6pFNQJoZoKfT0bbtmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.193.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:3c:ea:98:ca:46:41:a9:d1:e8:dd:54:bd:8e:58:06:a7:e4:
         5a:4a:66:0f:63:1a:f6:f9:c2:14:64:09:de:67:c3:12:9b:59:
         87:58:ff:33:8d:34:d7:2b:2a:a3:74:9a:c8:39:52:fa:f8:7f:
         76:57:ff:07:cf:8d:47:a2:78:c7:ae:d1:66:97:34:44:0a:e1:
         34:5d:ab:82:90:b5:49:4c:c8:37:f9:a4:12:d5:22:76:65:8c:
         08:23:bf:8b:50:55:d6:95:f5:2f:e0:15:1f:63:e0:57:41:e1:
         42:11:86:14:ef:14:f2:1f:eb:92:5f:58:bb:7f:52:62:f9:75:
         31:d6:90:75:21:01:39:51:5a:6e:1b:c3:54:7c:fc:0a:ea:0c:
         39:bb:47:40:85:a0:96:b5:2f:7d:99:cd:22:ff:e2:55:d5:12:
         e1:18:51:81:6c:19:0d:15:48:88:28:17:6d:2b:3c:2c:2b:01:
         ec:d7:de:9a:53:a9:52:00:d1:a4:31:e9:a8:37:a1:fc:b7:4b:
         62:95:be:b1:05:87:a2:64:38:81:18:78:96:3e:ec:75:e2:1d:
         02:70:85:25:96:ca:a2:8a:5d:94:5c:da:50:88:52:6e:3b:96:
         69:70:84:7f:31:b1:0e:8f:6f:d4:9f:1e:4d:63:f8:fa:98:55:
         a0:f7:8e:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/VxOXIdnmmPnphYf6L9NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwMTAyMDc0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmQ2MGU1MWY5NDY5M2FhNDUzNTAyNjg2NjgyOWY0ZjQ2ZGJiNjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZ1xRDJF2KPRtzjRlijTcIxQ+spl
wF4BtRQeKOFUrsqDNt0kewoxgRaRFFv9OaHy4P5Cm2G+SKAt7xGLDiDppW15ZrH4
h0MY1zHH29uhXpVYErK3Vk3COy6DIaQ7voPZSG+1tIqRkx3vlKAopOkv8HY5G7FS
0ySsZjUzYvagRyr2L31gOSw/s8NkDxrcv6pi7mIvVjCpRqvZlDqekSiQfGIG4y8s
3G9G7DKKoz0f6JtppqwIwannmfvgCDBz6kXRxF208ncXokjpt83gDSRGMqDJscWd
Jhg3bb1csooAIgqgVpPQHOo1jWPp5K/bJFFyh1MtWdDlR8hWTQ3j78cwYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKbWDlH5RpOqRTUCaGaCn09G27ZjMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvcHRZT1VmbEdrNnBGTlFKb1pvS2ZUMGJidG1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MGvMA0G
CSqGSIb3DQEBCwUAA4IBAQAnPOqYykZBqdHo3VS9jlgGp+RaSmYPYxr2+cIUZAne
Z8MSm1mHWP8zjTTXKyqjdJrIOVL6+H92V/8Hz41HonjHrtFmlzRECuE0XauCkLVJ
TMg3+aQS1SJ2ZYwII7+LUFXWlfUv4BUfY+BXQeFCEYYU7xTyH+uSX1i7f1Ji+XUx
1pB1IQE5UVpuG8NUfPwK6gw5u0dAhaCWtS99mc0i/+JV1RLhGFGBbBkNFUiIKBdt
KzwsKwHs196aU6lSANGkMemoN6H8t0tilb6xBYeiZDiBGHiWPux14h0CcIUllsqi
il2UXNpQiFJuO5ZpcIR/MbEOj2/Unx5NY/j6mFWg945Q
-----END CERTIFICATE-----