Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Lw6jlM2evpWhFlwdzl__oEseivo.roa
File:                     Lw6jlM2evpWhFlwdzl__oEseivo.roa (raw, json)
Hash identifier:          O62vBJqfUiBoXZn/qX8IT733rlokeQ16DinF04jzxIA=
Subject key identifier:   2F:0E:A3:94:CD:9E:BE:95:A1:16:5C:1D:CE:5F:FF:A0:4B:1E:8A:FA
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       0194221FC376F40A681C42BA7B675C3A104E
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Lw6jlM2evpWhFlwdzl__oEseivo.roa
Signing time:             Wed 01 Jan 2025 13:48:14 +0000
ROA not before:           Wed 01 Jan 2025 13:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57321
IP address blocks:        157.25.134.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:c3:76:f4:0a:68:1c:42:ba:7b:67:5c:3a:10:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 13:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f0ea394cd9ebe95a1165c1dce5fffa04b1e8afa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:3a:1b:18:ee:09:e8:58:0d:b6:24:34:bd:b7:
                    02:d9:1b:38:18:07:c4:00:ba:95:1f:f4:37:0a:5a:
                    8d:7f:cc:e7:4a:0c:9c:6b:99:c2:d7:0b:61:98:6b:
                    b1:2a:4c:25:84:30:74:ad:21:de:85:c4:2b:cc:0f:
                    58:2c:d4:6d:05:bb:73:81:ab:af:51:a8:f8:dc:82:
                    b8:71:7a:e1:be:90:6b:af:0d:18:9b:a3:67:dd:1a:
                    d5:5a:2d:80:55:d5:4a:79:6a:ad:4b:14:97:72:b2:
                    07:82:36:ea:5d:ef:d2:0e:4b:3b:02:46:40:e8:6f:
                    e6:c4:53:da:f0:9a:0b:1f:36:d5:28:d1:93:cb:62:
                    79:8f:1e:dd:8a:30:31:58:f1:d1:10:de:2c:00:ce:
                    c0:05:9c:65:90:d5:88:ab:5d:89:a7:51:cc:f9:04:
                    43:a7:da:2c:6c:0b:4f:b0:59:9b:44:3b:e6:e2:78:
                    c3:ea:39:56:d6:fd:96:99:6d:7b:d6:a7:23:8e:a2:
                    21:e0:af:69:27:65:31:58:ad:5c:9a:d1:90:08:ac:
                    06:47:43:4d:fa:44:09:83:87:27:97:d8:5f:c7:d7:
                    f0:4f:fd:5e:48:ab:c5:15:cf:4d:4e:72:c8:45:f8:
                    4a:73:51:c8:76:11:72:d6:43:55:d9:c6:4a:c4:8b:
                    54:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:0E:A3:94:CD:9E:BE:95:A1:16:5C:1D:CE:5F:FF:A0:4B:1E:8A:FA
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Lw6jlM2evpWhFlwdzl__oEseivo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.25.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4f:11:72:81:16:97:f5:ad:23:47:83:0f:dd:08:51:05:79:98:
         6f:a1:f0:92:e8:93:fd:ba:a7:18:f9:c1:af:96:a3:de:8e:e9:
         37:c8:fc:26:e1:d6:96:4b:0a:be:13:b2:52:50:70:5f:88:d9:
         ac:11:ae:61:5c:43:e1:db:b6:96:af:14:7f:8a:6a:f2:fc:95:
         6d:d1:4d:31:a9:11:d1:23:48:36:9f:ea:82:94:fe:83:a4:79:
         bd:cc:15:48:aa:6e:e8:0f:15:aa:5b:26:fa:b0:e2:98:b7:9a:
         35:2d:d3:0d:1c:be:5f:88:c4:06:d6:10:0e:84:c3:72:c5:17:
         70:a8:00:59:49:d1:e2:65:39:70:dd:1c:d0:76:a1:83:2a:84:
         52:7b:a8:33:27:ea:6a:60:d8:e7:2e:19:ae:5d:33:26:eb:a8:
         78:37:03:27:e9:b0:4e:a1:22:c9:34:6f:93:12:73:37:4c:bc:
         4b:26:5a:da:10:55:65:5f:9c:97:d3:2d:ff:e9:03:c1:14:71:
         48:83:21:70:19:b9:5f:56:d1:50:88:c8:07:e3:70:7d:0a:cb:
         f0:69:fa:b5:45:53:b4:cf:27:de:f6:c3:f3:b8:1c:be:92:6b:
         6f:32:e0:41:60:72:60:11:0b:e4:0c:8d:c2:d2:b6:d7:53:32:
         d7:77:7e:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH8N29ApoHEK6e2dcOhBOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjUwMTAxMTM0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjBlYTM5NGNkOWViZTk1YTExNjVjMWRjZTVmZmZhMDRiMWU4YWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0zobGO4J6FgNtiQ0vbcC2Rs4GAfE
ALqVH/Q3ClqNf8znSgyca5nC1wthmGuxKkwlhDB0rSHehcQrzA9YLNRtBbtzgauv
Uaj43IK4cXrhvpBrrw0Ym6Nn3RrVWi2AVdVKeWqtSxSXcrIHgjbqXe/SDks7AkZA
6G/mxFPa8JoLHzbVKNGTy2J5jx7dijAxWPHREN4sAM7ABZxlkNWIq12Jp1HM+QRD
p9osbAtPsFmbRDvm4njD6jlW1v2WmW171qcjjqIh4K9pJ2UxWK1cmtGQCKwGR0NN
+kQJg4cnl9hfx9fwT/1eSKvFFc9NTnLIRfhKc1HIdhFy1kNV2cZKxItUawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC8Oo5TNnr6VoRZcHc5f/6BLHor6MB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvTHc2amxNMmV2cFdoRmx3ZHpsX19vRXNlaXZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBnRmGMA0G
CSqGSIb3DQEBCwUAA4IBAQBPEXKBFpf1rSNHgw/dCFEFeZhvofCS6JP9uqcY+cGv
lqPejuk3yPwm4daWSwq+E7JSUHBfiNmsEa5hXEPh27aWrxR/imry/JVt0U0xqRHR
I0g2n+qClP6DpHm9zBVIqm7oDxWqWyb6sOKYt5o1LdMNHL5fiMQG1hAOhMNyxRdw
qABZSdHiZTlw3RzQdqGDKoRSe6gzJ+pqYNjnLhmuXTMm66h4NwMn6bBOoSLJNG+T
EnM3TLxLJlraEFVlX5yX0y3/6QPBFHFIgyFwGblfVtFQiMgH43B9Csvwafq1RVO0
zyfe9sPzuBy+kmtvMuBBYHJgEQvkDI3C0rbXUzLXd357
-----END CERTIFICATE-----