Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/yBkaKzlXFcK3PcGLCtOm5su6d6M.roa
File:                     yBkaKzlXFcK3PcGLCtOm5su6d6M.roa (raw, json)
Hash identifier:          m3SGdEJ4+rCqsWied/2AFaRoECo7/X9J6YwW64S5MR0=
Subject key identifier:   C8:19:1A:2B:39:57:15:C2:B7:3D:C1:8B:0A:D3:A6:E6:CB:BA:77:A3
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019425FD634CF93183B155137D0A3DD8AA85
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/yBkaKzlXFcK3PcGLCtOm5su6d6M.roa
Signing time:             Thu 02 Jan 2025 07:49:10 +0000
ROA not before:           Thu 02 Jan 2025 07:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205221
IP address blocks:        195.19.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:63:4c:f9:31:83:b1:55:13:7d:0a:3d:d8:aa:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  2 07:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8191a2b395715c2b73dc18b0ad3a6e6cbba77a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:2d:48:07:8f:ae:d7:01:a7:00:c5:08:8c:ae:
                    4f:31:43:e5:9f:8c:af:a1:94:8b:88:f6:39:6e:d7:
                    ef:20:09:87:0e:d5:33:87:d7:23:d6:fe:17:2c:78:
                    2a:2a:04:09:8a:e6:f0:dc:7d:aa:10:bb:9b:1a:ce:
                    53:e6:70:f5:93:cf:18:c4:f9:df:95:af:63:60:3f:
                    ad:92:8d:f3:98:75:6b:c5:e5:49:9c:12:92:0a:47:
                    57:28:c8:95:70:41:be:75:8e:c0:31:ad:90:4d:a5:
                    eb:07:55:6e:04:6a:be:7b:3d:5e:96:8e:db:3b:b5:
                    c7:0e:c3:ee:56:d9:e0:8f:88:e0:63:95:30:99:1b:
                    34:1a:ad:aa:81:7e:fb:0a:95:42:22:bf:3e:b5:05:
                    52:c8:c2:91:72:05:96:8b:2b:c6:6c:9a:af:3a:dd:
                    b7:56:5b:0f:68:71:db:5c:15:59:40:aa:83:02:60:
                    54:0f:f5:ad:d0:15:cc:bd:3b:2d:0b:fe:ab:21:85:
                    5b:d6:4d:fb:52:b3:39:14:53:21:60:9c:8b:7b:4a:
                    34:57:d2:b6:7c:48:1c:c7:07:43:1d:8a:6e:1c:08:
                    82:eb:59:5c:8f:3f:16:8b:23:6c:bb:7b:e8:6f:41:
                    bf:84:0f:45:e5:56:c3:b4:cc:70:7b:78:cf:8f:b3:
                    2a:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:19:1A:2B:39:57:15:C2:B7:3D:C1:8B:0A:D3:A6:E6:CB:BA:77:A3
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/yBkaKzlXFcK3PcGLCtOm5su6d6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.19.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:83:75:46:83:d6:af:c2:19:4f:cc:62:59:df:fc:23:75:1e:
         e7:65:b9:f3:f3:9a:bc:6f:cb:d4:a3:42:7b:39:0d:fc:97:2d:
         88:be:b2:c4:e3:ae:46:f1:d1:39:48:99:29:e9:27:39:5d:66:
         c3:0e:1a:b1:e2:fa:40:f5:11:6c:89:23:62:42:85:a9:09:ac:
         38:23:c0:fc:95:b3:0c:1b:e9:c6:a2:60:45:29:21:40:16:73:
         e2:27:18:fc:89:72:24:9b:d2:2e:c6:ba:7a:4c:f9:38:ca:89:
         e4:ed:ed:fc:55:7a:93:a6:03:9e:59:79:ba:b2:2c:11:9d:71:
         06:a4:eb:81:aa:51:30:32:f8:cb:ae:6d:f2:eb:ac:06:b2:48:
         f0:98:01:26:e3:a5:33:e7:7c:aa:b2:0e:ea:5c:ba:98:96:1d:
         c9:36:31:18:82:a7:42:36:cb:fb:21:2e:2a:cf:3b:61:bc:9a:
         de:d7:d0:bb:96:11:cc:1a:0d:16:1d:78:00:d1:1c:9c:eb:77:
         b5:f7:af:cd:02:11:f4:27:89:1a:67:71:5c:1e:99:d0:58:0d:
         ac:c8:a6:dd:0c:fe:5b:2f:16:46:37:07:83:7e:1c:89:1b:d4:
         81:4f:86:79:50:5c:62:21:dd:1f:c0:2e:f7:8f:88:27:ee:6a:
         f6:de:c6:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/WNM+TGDsVUTfQo92KqFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwMTAyMDc0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODE5MWEyYjM5NTcxNWMyYjczZGMxOGIwYWQzYTZlNmNiYmE3N2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2y1IB4+u1wGnAMUIjK5PMUPln4yv
oZSLiPY5btfvIAmHDtUzh9cj1v4XLHgqKgQJiubw3H2qELubGs5T5nD1k88YxPnf
la9jYD+tko3zmHVrxeVJnBKSCkdXKMiVcEG+dY7AMa2QTaXrB1VuBGq+ez1elo7b
O7XHDsPuVtngj4jgY5UwmRs0Gq2qgX77CpVCIr8+tQVSyMKRcgWWiyvGbJqvOt23
VlsPaHHbXBVZQKqDAmBUD/Wt0BXMvTstC/6rIYVb1k37UrM5FFMhYJyLe0o0V9K2
fEgcxwdDHYpuHAiC61lcjz8WiyNsu3vob0G/hA9F5VbDtMxwe3jPj7MqQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMgZGis5VxXCtz3BiwrTpubLunejMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEveUJrYUt6bFhGY0szUGNHTEN0T201c3U2ZDZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxPPMA0G
CSqGSIb3DQEBCwUAA4IBAQBXg3VGg9avwhlPzGJZ3/wjdR7nZbnz85q8b8vUo0J7
OQ38ly2IvrLE465G8dE5SJkp6Sc5XWbDDhqx4vpA9RFsiSNiQoWpCaw4I8D8lbMM
G+nGomBFKSFAFnPiJxj8iXIkm9Iuxrp6TPk4yonk7e38VXqTpgOeWXm6siwRnXEG
pOuBqlEwMvjLrm3y66wGskjwmAEm46Uz53yqsg7qXLqYlh3JNjEYgqdCNsv7IS4q
zzthvJre19C7lhHMGg0WHXgA0Ryc63e196/NAhH0J4kaZ3FcHpnQWA2syKbdDP5b
LxZGNweDfhyJG9SBT4Z5UFxiId0fwC73j4gn7mr23saH
-----END CERTIFICATE-----