Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/lA4KE-XkkTWAJTxo2K8swo2A_f8.roa
File:                     lA4KE-XkkTWAJTxo2K8swo2A_f8.roa (raw, json)
Hash identifier:          9Emo3amlBuaZyUevfod2zATXpHr5snaFCrlvo/OfsJQ=
Subject key identifier:   94:0E:0A:13:E5:E4:91:35:80:25:3C:68:D8:AF:2C:C2:8D:80:FD:FF
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       0194221FCB2E619D7A04A79FCDC6CD3A087C
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/lA4KE-XkkTWAJTxo2K8swo2A_f8.roa
Signing time:             Wed 01 Jan 2025 13:48:16 +0000
ROA not before:           Wed 01 Jan 2025 13:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201253
IP address blocks:        217.153.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:cb:2e:61:9d:7a:04:a7:9f:cd:c6:cd:3a:08:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 13:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=940e0a13e5e4913580253c68d8af2cc28d80fdff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:44:9d:ea:35:22:a2:5f:2f:cc:e6:9f:d2:ae:
                    9d:75:19:67:b6:cc:20:20:96:98:94:d6:0c:e3:83:
                    51:f4:d3:ff:37:86:ac:ed:fa:fe:56:d8:b0:d5:09:
                    25:fc:e9:95:49:5d:c8:28:f1:fe:d4:b9:17:12:45:
                    92:76:83:65:46:03:21:c2:82:9d:90:e0:c5:71:11:
                    51:0b:e9:08:96:40:c3:24:fc:b6:03:64:7f:a8:c7:
                    da:e3:af:cf:91:5a:ef:a9:83:f7:ec:c8:b5:56:73:
                    65:82:40:40:cf:80:4b:f7:26:42:37:0b:d3:fe:70:
                    28:f1:1f:c4:c3:5a:fd:04:4a:78:8a:20:b7:90:d4:
                    6e:7b:39:b0:7f:46:41:36:99:9f:34:0e:22:8a:b7:
                    ea:82:32:69:c7:da:11:54:38:ab:e8:e3:03:41:37:
                    51:1d:7b:8d:16:fc:3f:a4:be:21:95:aa:6d:ec:dc:
                    df:7f:29:50:06:bf:60:3c:4a:e5:2b:ca:a5:0a:9b:
                    93:89:ae:8c:ca:ac:b0:b0:33:07:4a:9c:db:06:5b:
                    e8:04:64:0c:37:44:75:76:ca:cb:21:23:68:4a:13:
                    e9:8d:45:16:c9:0b:65:8a:f5:14:31:ee:8e:a8:9a:
                    9c:c7:ac:42:3b:14:7b:9f:f0:cb:4a:b2:1d:d9:1a:
                    0e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:0E:0A:13:E5:E4:91:35:80:25:3C:68:D8:AF:2C:C2:8D:80:FD:FF
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/lA4KE-XkkTWAJTxo2K8swo2A_f8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.153.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:18:88:2d:c6:09:9e:c8:fc:70:b4:70:0f:eb:73:76:1f:91:
         cf:73:cf:e2:17:2a:9a:cf:c7:fb:8f:b5:f4:b9:51:ab:63:5a:
         c6:8e:66:e5:b7:d3:05:5a:ce:78:29:74:f1:0d:51:cb:15:1f:
         53:92:0a:01:2f:93:a7:60:bf:74:29:3b:ad:ee:0f:27:5e:7d:
         5f:22:96:2d:01:75:b4:11:b7:91:93:de:4f:4b:ca:48:8a:aa:
         69:58:4f:04:04:37:ed:0d:e9:13:a6:70:8d:d5:de:6a:ba:62:
         03:07:21:5c:44:ed:b0:b1:b3:f8:d3:52:ac:61:93:00:5a:ce:
         97:9f:35:2d:e8:41:0a:16:23:3a:9d:00:be:9e:a5:cb:fc:fb:
         8d:c6:f7:1c:92:cb:fa:4b:14:7e:c5:b1:d2:a5:d6:4a:f7:40:
         c6:26:f6:d5:17:f8:21:c4:98:bf:81:cb:d9:8f:7f:be:bc:23:
         b0:3b:05:a1:e5:a3:a1:f7:ad:e1:b9:5c:91:9a:13:f9:ea:e9:
         9b:4c:cd:bb:0a:f8:3e:40:35:d0:85:98:db:38:5c:c8:7b:fc:
         2c:bc:19:48:69:9c:e7:65:8b:dc:d7:75:f7:4a:eb:1a:65:e6:
         f1:47:a2:93:d6:5d:61:79:ad:46:fe:c8:4c:55:77:34:9f:4a:
         63:59:ae:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH8suYZ16BKefzcbNOgh8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjUwMTAxMTM0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDBlMGExM2U1ZTQ5MTM1ODAyNTNjNjhkOGFmMmNjMjhkODBmZGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqESd6jUiol8vzOaf0q6ddRlntswg
IJaYlNYM44NR9NP/N4as7fr+Vtiw1Qkl/OmVSV3IKPH+1LkXEkWSdoNlRgMhwoKd
kODFcRFRC+kIlkDDJPy2A2R/qMfa46/PkVrvqYP37Mi1VnNlgkBAz4BL9yZCNwvT
/nAo8R/Ew1r9BEp4iiC3kNRuezmwf0ZBNpmfNA4iirfqgjJpx9oRVDir6OMDQTdR
HXuNFvw/pL4hlapt7NzffylQBr9gPErlK8qlCpuTia6MyqywsDMHSpzbBlvoBGQM
N0R1dsrLISNoShPpjUUWyQtlivUUMe6OqJqcx6xCOxR7n/DLSrId2RoOYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJQOChPl5JE1gCU8aNivLMKNgP3/MB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvbEE0S0UtWGtrVFdBSlR4bzJLOHN3bzJBX2Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Zl+MA0G
CSqGSIb3DQEBCwUAA4IBAQAyGIgtxgmeyPxwtHAP63N2H5HPc8/iFyqaz8f7j7X0
uVGrY1rGjmblt9MFWs54KXTxDVHLFR9TkgoBL5OnYL90KTut7g8nXn1fIpYtAXW0
EbeRk95PS8pIiqppWE8EBDftDekTpnCN1d5qumIDByFcRO2wsbP401KsYZMAWs6X
nzUt6EEKFiM6nQC+nqXL/PuNxvccksv6SxR+xbHSpdZK90DGJvbVF/ghxJi/gcvZ
j3++vCOwOwWh5aOh963huVyRmhP56umbTM27Cvg+QDXQhZjbOFzIe/wsvBlIaZzn
ZYvc13X3SusaZebxR6KT1l1hea1G/shMVXc0n0pjWa6+
-----END CERTIFICATE-----