Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/LvDy9p6ikxqQSJ-VqF7io8zgKSk.roa
File:                     LvDy9p6ikxqQSJ-VqF7io8zgKSk.roa (raw, json)
Hash identifier:          GewoAJAwsWBWLIkno/3RVcfw4AJjUIbGZa9BOK5+n4g=
Subject key identifier:   2E:F0:F2:F6:9E:A2:93:1A:90:48:9F:95:A8:5E:E2:A3:CC:E0:29:29
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       0194221FCEAF55A81E1872938AAE88E9D601
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/LvDy9p6ikxqQSJ-VqF7io8zgKSk.roa
Signing time:             Wed 01 Jan 2025 13:48:17 +0000
ROA not before:           Wed 01 Jan 2025 13:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203685
IP address blocks:        157.25.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:ce:af:55:a8:1e:18:72:93:8a:ae:88:e9:d6:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 13:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ef0f2f69ea2931a90489f95a85ee2a3cce02929
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a4:74:e4:eb:f8:e8:e9:dd:f8:d2:7a:7b:1b:
                    5f:47:5c:0e:31:17:67:db:63:4a:40:18:b9:27:4b:
                    8a:36:4c:52:d5:e5:bd:1d:c7:0c:60:62:7c:9b:53:
                    59:5e:c9:c0:08:75:c8:e4:63:fb:db:32:32:ac:97:
                    5f:45:e8:bc:9d:36:45:4d:e8:43:ce:08:cd:e6:53:
                    03:6b:ad:9a:4e:77:12:c5:af:bd:1c:1d:ed:d3:02:
                    24:e0:e2:b5:72:4c:ef:5f:52:aa:4b:64:a2:63:d6:
                    b1:19:18:e6:b1:3c:94:2a:a2:62:08:77:23:bf:20:
                    b4:eb:fc:d3:b7:83:71:d5:c7:ea:e7:ff:33:27:3d:
                    19:e9:f1:39:5a:65:3c:14:c5:77:fe:23:27:b3:7a:
                    f5:09:a6:08:7e:74:73:90:f7:0a:cc:58:82:b0:3e:
                    bb:56:3d:fb:fc:aa:d4:60:5f:e1:82:1d:ef:fa:ec:
                    a3:3d:87:f7:80:04:39:8f:2f:00:fb:47:56:e7:64:
                    ba:fa:86:34:53:e1:b8:93:0d:ce:9a:d6:b5:e6:c5:
                    07:e0:be:a6:62:e2:ac:32:ad:c4:ba:ee:ee:8d:6a:
                    5e:72:94:e3:e5:24:b0:4f:a7:09:ea:33:d0:ae:ff:
                    5d:f0:94:26:7b:59:cc:3c:ce:f4:0a:4f:2b:83:b8:
                    e8:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:F0:F2:F6:9E:A2:93:1A:90:48:9F:95:A8:5E:E2:A3:CC:E0:29:29
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/LvDy9p6ikxqQSJ-VqF7io8zgKSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.25.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:d0:b9:52:15:e6:9c:7d:b4:9a:4f:95:bd:80:c5:b2:13:3c:
         32:aa:0c:02:c7:3e:e1:31:12:2c:03:38:b2:b7:61:71:10:67:
         fa:ec:0c:d7:00:e9:17:d5:ea:03:f8:a2:e4:b3:e6:31:fb:c6:
         57:61:14:67:1e:de:60:be:0a:82:5e:c4:9c:1a:bb:79:40:e5:
         77:32:38:31:77:44:e0:31:be:76:58:ea:76:09:df:b9:96:ea:
         dd:af:c9:8f:a0:25:4f:57:36:f0:ba:c9:81:49:a6:7e:34:14:
         11:ce:f7:f6:bb:c5:ea:4e:2c:06:00:75:96:ad:28:83:79:81:
         80:d2:22:74:2d:a0:4c:d2:40:51:80:84:73:47:0c:ef:b0:c6:
         ed:61:1d:c2:5a:bb:74:8a:d2:b2:94:43:e2:d2:2e:fa:cc:af:
         81:2a:ec:a8:24:eb:de:16:39:3a:8c:ae:ae:0f:38:27:77:a7:
         1e:7b:6d:c4:e3:ec:c9:11:ee:12:80:73:b3:35:e1:4f:3c:92:
         5a:dd:b0:e0:a2:3e:08:6c:d6:30:02:53:19:ac:ae:a0:fe:be:
         54:85:13:a8:2d:57:bd:60:95:bb:3f:fb:c4:8e:fd:74:3b:b7:
         cb:93:d7:0a:6a:86:32:e4:fa:0f:e4:54:2f:58:4f:95:ba:c2:
         0c:75:9d:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH86vVageGHKTiq6I6dYBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjUwMTAxMTM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWYwZjJmNjllYTI5MzFhOTA0ODlmOTVhODVlZTJhM2NjZTAyOTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaR05Ov46Ond+NJ6extfR1wOMRdn
22NKQBi5J0uKNkxS1eW9HccMYGJ8m1NZXsnACHXI5GP72zIyrJdfRei8nTZFTehD
zgjN5lMDa62aTncSxa+9HB3t0wIk4OK1ckzvX1KqS2SiY9axGRjmsTyUKqJiCHcj
vyC06/zTt4Nx1cfq5/8zJz0Z6fE5WmU8FMV3/iMns3r1CaYIfnRzkPcKzFiCsD67
Vj37/KrUYF/hgh3v+uyjPYf3gAQ5jy8A+0dW52S6+oY0U+G4kw3Omta15sUH4L6m
YuKsMq3Euu7ujWpecpTj5SSwT6cJ6jPQrv9d8JQme1nMPM70Ck8rg7jojwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC7w8vaeopMakEiflahe4qPM4CkpMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvTHZEeTlwNmlreHFRU0otVnFGN2lvOHpnS1NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnRmEMA0G
CSqGSIb3DQEBCwUAA4IBAQBg0LlSFeacfbSaT5W9gMWyEzwyqgwCxz7hMRIsAziy
t2FxEGf67AzXAOkX1eoD+KLks+Yx+8ZXYRRnHt5gvgqCXsScGrt5QOV3Mjgxd0Tg
Mb52WOp2Cd+5lurdr8mPoCVPVzbwusmBSaZ+NBQRzvf2u8XqTiwGAHWWrSiDeYGA
0iJ0LaBM0kBRgIRzRwzvsMbtYR3CWrt0itKylEPi0i76zK+BKuyoJOveFjk6jK6u
Dzgnd6cee23E4+zJEe4SgHOzNeFPPJJa3bDgoj4IbNYwAlMZrK6g/r5UhROoLVe9
YJW7P/vEjv10O7fLk9cKaoYy5PoP5FQvWE+VusIMdZ14
-----END CERTIFICATE-----