Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/ZNkg9OflQ5YKRWwotQ2A0ovrwHQ.roa
File:                     ZNkg9OflQ5YKRWwotQ2A0ovrwHQ.roa (raw, json)
Hash identifier:          LvvUg32Av5FL99KOaxCIaCeq6TW7KDy3xgoj08Pwnic=
Subject key identifier:   64:D9:20:F4:E7:E5:43:96:0A:45:6C:28:B5:0D:80:D2:8B:EB:C0:74
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       0194221FCF153EE0C66ABE75DD60AC26DCA8
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/ZNkg9OflQ5YKRWwotQ2A0ovrwHQ.roa
Signing time:             Wed 01 Jan 2025 13:48:17 +0000
ROA not before:           Wed 01 Jan 2025 13:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203689
IP address blocks:        157.25.130.0/23 maxlen: 23
                          157.25.174.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:cf:15:3e:e0:c6:6a:be:75:dd:60:ac:26:dc:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 13:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=64d920f4e7e543960a456c28b50d80d28bebc074
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:5b:cf:13:af:58:6a:79:b9:25:18:c6:c7:db:
                    22:59:26:b7:17:a0:33:71:7e:e6:29:c2:6a:70:4f:
                    30:29:9f:f8:2f:3a:d7:26:d3:22:b7:be:6b:35:ab:
                    73:40:5b:c1:62:af:e4:75:bc:ea:c6:d1:d6:45:3b:
                    fc:9b:45:d3:15:51:72:c6:a2:15:13:b0:1b:17:30:
                    c6:42:48:dc:18:c2:f3:57:37:5f:08:e8:5d:0e:ac:
                    1f:69:b6:1d:8f:63:a4:d0:bc:74:58:84:d3:2c:a8:
                    49:3f:c5:c2:86:59:1f:cb:6e:dc:31:75:f7:36:a1:
                    ea:de:bd:48:cd:64:29:ce:e1:44:15:4e:49:d6:76:
                    69:9d:36:b7:1f:44:c1:b9:0c:78:07:df:65:de:2b:
                    70:08:a6:01:97:61:ed:65:14:d0:11:dc:15:87:82:
                    15:53:05:74:b6:35:18:f1:6c:2d:83:6c:77:b3:25:
                    27:83:65:31:fe:b4:ab:ae:53:c1:65:ef:19:20:93:
                    89:86:99:c6:8f:38:6b:67:30:1e:14:b0:fd:5c:d1:
                    f1:e6:dc:49:37:79:ba:2b:fb:69:0b:85:8e:da:69:
                    77:7a:fb:49:2d:87:1a:00:3a:ff:7f:57:57:aa:5f:
                    9d:03:9c:88:fd:1c:0a:b0:e1:be:13:83:a4:5b:47:
                    20:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:D9:20:F4:E7:E5:43:96:0A:45:6C:28:B5:0D:80:D2:8B:EB:C0:74
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/ZNkg9OflQ5YKRWwotQ2A0ovrwHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.25.130.0/23
                  157.25.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:ad:83:55:7a:58:3b:e3:97:40:b4:52:d8:ee:0c:68:aa:a3:
         1d:08:2f:89:a8:42:74:64:16:98:45:ac:16:42:35:67:a5:bd:
         b9:2b:4d:c7:ad:02:db:ee:37:1b:e3:4f:58:0e:7e:ae:3f:d3:
         60:ff:fd:19:60:00:c0:ee:ae:92:5a:50:c3:b7:52:ca:5c:6e:
         98:c0:4d:ee:72:5b:dd:42:f8:e2:f1:b1:0e:96:75:19:cb:7e:
         2d:0a:88:e8:c1:e1:58:e2:76:66:12:2c:d9:59:bc:d7:0d:b1:
         65:00:30:10:0f:2f:6c:26:a9:cb:1f:30:13:0b:3e:a9:85:10:
         06:03:86:e0:d5:22:ad:48:51:ff:c8:96:39:ce:7f:81:75:f6:
         cf:0d:9b:db:d1:7d:18:b0:e5:24:a7:40:97:3a:15:45:f7:4d:
         06:a9:cf:d1:9b:54:91:6e:b9:58:39:22:fc:10:c8:2a:3a:d1:
         c5:41:08:7a:0d:e7:79:71:dd:2d:d1:e9:99:ee:7c:4e:04:53:
         4a:ec:1b:2d:d3:49:74:85:b0:8c:55:fb:d0:b8:59:82:89:0b:
         ba:bd:a7:fb:0a:cb:83:f9:e3:43:2d:cc:a2:aa:49:77:38:fe:
         b8:7b:e0:5d:13:6c:72:c1:33:5e:c1:42:3b:f3:ce:d8:93:b1:
         2e:c9:63:c2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH88VPuDGar513WCsJtyoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjUwMTAxMTM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGQ5MjBmNGU3ZTU0Mzk2MGE0NTZjMjhiNTBkODBkMjhiZWJjMDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1vPE69Yanm5JRjGx9siWSa3F6Az
cX7mKcJqcE8wKZ/4LzrXJtMit75rNatzQFvBYq/kdbzqxtHWRTv8m0XTFVFyxqIV
E7AbFzDGQkjcGMLzVzdfCOhdDqwfabYdj2Ok0Lx0WITTLKhJP8XChlkfy27cMXX3
NqHq3r1IzWQpzuFEFU5J1nZpnTa3H0TBuQx4B99l3itwCKYBl2HtZRTQEdwVh4IV
UwV0tjUY8Wwtg2x3syUng2Ux/rSrrlPBZe8ZIJOJhpnGjzhrZzAeFLD9XNHx5txJ
N3m6K/tpC4WO2ml3evtJLYcaADr/f1dXql+dA5yI/RwKsOG+E4OkW0cgoQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGTZIPTn5UOWCkVsKLUNgNKL68B0MB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvWk5rZzlPZmxRNVlLUld3b3RRMkEwb3Zyd0hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBnRmCAwQB
nRmuMA0GCSqGSIb3DQEBCwUAA4IBAQBlrYNVelg745dAtFLY7gxoqqMdCC+JqEJ0
ZBaYRawWQjVnpb25K03HrQLb7jcb409YDn6uP9Ng//0ZYADA7q6SWlDDt1LKXG6Y
wE3uclvdQvji8bEOlnUZy34tCojoweFY4nZmEizZWbzXDbFlADAQDy9sJqnLHzAT
Cz6phRAGA4bg1SKtSFH/yJY5zn+BdfbPDZvb0X0YsOUkp0CXOhVF900Gqc/Rm1SR
brlYOSL8EMgqOtHFQQh6Ded5cd0t0emZ7nxOBFNK7Bst00l0hbCMVfvQuFmCiQu6
vaf7CsuD+eNDLcyiqkl3OP64e+BdE2xywTNewUI7887Yk7EuyWPC
-----END CERTIFICATE-----