Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/0PsILassVkdjO3YLqLzhDep43F0.roa
File:                     0PsILassVkdjO3YLqLzhDep43F0.roa (raw, json)
Hash identifier:          BTuwwmqm+lVoIfqGdzicWWpXk8ZLAGxFDZrA6HPrjFA=
Subject key identifier:   D0:FB:08:2D:AB:2C:56:47:63:3B:76:0B:A8:BC:E1:0D:EA:78:DC:5D
Certificate issuer:       /CN=c4df0bd04aa843e68082f6dece0798732b6f8832
Certificate serial:       0194222041154ACB0904FCEBF55A2CD9EF70
Authority key identifier: C4:DF:0B:D0:4A:A8:43:E6:80:82:F6:DE:CE:07:98:73:2B:6F:88:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xN8L0EqoQ-aAgvbezgeYcytviDI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/0PsILassVkdjO3YLqLzhDep43F0.roa
Signing time:             Wed 01 Jan 2025 13:48:46 +0000
ROA not before:           Wed 01 Jan 2025 13:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24631
IP address blocks:        176.122.210.0/24 maxlen: 24
                          176.122.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/xN8L0EqoQ-aAgvbezgeYcytviDI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/xN8L0EqoQ-aAgvbezgeYcytviDI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xN8L0EqoQ-aAgvbezgeYcytviDI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 22:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:41:15:4a:cb:09:04:fc:eb:f5:5a:2c:d9:ef:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4df0bd04aa843e68082f6dece0798732b6f8832
        Validity
            Not Before: Jan  1 13:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d0fb082dab2c5647633b760ba8bce10dea78dc5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c7:f0:52:35:a5:e4:d8:a6:a1:7f:57:6f:2e:
                    5c:61:ea:e5:7d:11:e6:06:19:73:df:a5:44:93:0b:
                    24:f9:a0:1a:3b:43:a5:22:4b:de:cb:64:07:f8:66:
                    54:8a:ec:73:93:f5:2d:a8:81:dc:77:28:5b:d2:8c:
                    7c:00:94:09:2e:ed:88:3e:4e:c0:35:4d:6f:22:a6:
                    43:44:da:5d:e2:47:19:ce:2b:1f:01:e8:cd:fb:e4:
                    e3:13:50:0c:47:51:15:0c:62:0a:14:bb:72:8f:38:
                    1f:26:d5:d2:4e:df:11:c4:88:ae:79:5e:ee:31:7b:
                    2c:99:73:6e:2b:83:66:fd:a4:d0:93:6e:a1:10:c1:
                    d5:3b:b9:37:16:ac:70:31:a2:b4:81:cc:ec:89:f6:
                    79:54:39:29:7f:48:97:65:af:0a:36:5d:05:80:91:
                    69:e0:d9:54:79:b7:2d:a1:a5:8f:77:7f:4e:1a:60:
                    4c:88:59:8e:21:f8:db:6f:f5:c8:44:b7:34:cf:51:
                    06:2a:15:cb:3b:da:7a:ae:6f:61:70:e1:e1:57:69:
                    71:e0:a2:8c:5b:e0:f0:43:91:04:4c:ae:e1:d6:14:
                    7f:92:2e:90:a7:99:07:c1:c9:a8:10:12:95:84:c3:
                    01:a5:16:28:27:59:2b:71:8e:db:02:ab:7e:4f:95:
                    04:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:FB:08:2D:AB:2C:56:47:63:3B:76:0B:A8:BC:E1:0D:EA:78:DC:5D
            X509v3 Authority Key Identifier:
                keyid:C4:DF:0B:D0:4A:A8:43:E6:80:82:F6:DE:CE:07:98:73:2B:6F:88:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xN8L0EqoQ-aAgvbezgeYcytviDI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/0PsILassVkdjO3YLqLzhDep43F0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/xN8L0EqoQ-aAgvbezgeYcytviDI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.122.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         28:0e:09:f0:20:60:fa:7f:74:c4:31:63:92:00:5e:45:51:64:
         47:76:9f:47:84:43:68:af:8b:d8:d9:1f:96:73:5b:84:e8:0e:
         2b:65:72:01:b3:52:67:f0:a7:da:ea:e2:f2:0c:85:a7:17:82:
         09:1e:e6:9c:77:32:52:d5:ec:23:2e:33:0c:ff:24:90:07:58:
         c9:69:3c:b1:e1:53:e4:c9:dd:19:b5:76:bb:78:41:73:e8:de:
         59:f3:80:73:b4:c0:8a:c3:58:59:c4:73:52:d7:31:b4:e9:40:
         08:0c:3f:b6:f7:88:12:b5:2d:c7:72:0b:77:ba:3d:6c:e4:63:
         33:b2:16:8e:05:3c:10:44:a0:f1:a3:c6:b9:60:d2:fe:f9:7e:
         ef:6f:d3:58:8d:79:a0:a6:6a:a9:72:e5:64:c9:d4:2c:a5:e7:
         07:51:6d:2d:2c:40:f4:b7:e9:78:a4:68:90:5d:9d:ca:bb:a3:
         b0:43:44:a7:1f:7a:74:f3:28:37:8b:8e:ff:b2:c0:8d:14:75:
         09:a8:39:15:8d:1b:30:9a:8c:73:40:2f:86:41:cb:2d:31:97:
         a8:8b:35:2f:71:9b:e0:fb:3e:81:d1:0b:53:32:14:2a:34:c1:
         8d:95:64:8c:9e:d6:ad:2c:a9:10:e6:f7:3d:fa:13:86:49:0b:
         7c:fc:84:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIEEVSssJBPzr9Vos2e9wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZGYwYmQwNGFhODQzZTY4MDgyZjZkZWNlMDc5ODczMmI2
Zjg4MzIwHhcNMjUwMTAxMTM0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGZiMDgyZGFiMmM1NjQ3NjMzYjc2MGJhOGJjZTEwZGVhNzhkYzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8fwUjWl5NimoX9Xby5cYerlfRHm
Bhlz36VEkwsk+aAaO0OlIkvey2QH+GZUiuxzk/UtqIHcdyhb0ox8AJQJLu2IPk7A
NU1vIqZDRNpd4kcZzisfAejN++TjE1AMR1EVDGIKFLtyjzgfJtXSTt8RxIiueV7u
MXssmXNuK4Nm/aTQk26hEMHVO7k3FqxwMaK0gczsifZ5VDkpf0iXZa8KNl0FgJFp
4NlUebctoaWPd39OGmBMiFmOIfjbb/XIRLc0z1EGKhXLO9p6rm9hcOHhV2lx4KKM
W+DwQ5EETK7h1hR/ki6Qp5kHwcmoEBKVhMMBpRYoJ1krcY7bAqt+T5UEMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFND7CC2rLFZHYzt2C6i84Q3qeNxdMB8GA1UdIwQY
MBaAFMTfC9BKqEPmgIL23s4HmHMrb4gyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveE44TDBFcW9RLWFBZ3ZiZXpnZVljeXR2aURJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi85NWRlMjEtMGZiYy00ZDEzLWI2ZTAt
Y2I5ZTFlZDc3OWFjLzEvMFBzSUxhc3NWa2RqTzNZTHFMemhEZXA0M0YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi85NWRlMjEtMGZiYy00ZDEzLWI2ZTAtY2I5ZTFlZDc3OWFj
LzEveE44TDBFcW9RLWFBZ3ZiZXpnZVljeXR2aURJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsHrSMA0G
CSqGSIb3DQEBCwUAA4IBAQAoDgnwIGD6f3TEMWOSAF5FUWRHdp9HhENor4vY2R+W
c1uE6A4rZXIBs1Jn8Kfa6uLyDIWnF4IJHuacdzJS1ewjLjMM/ySQB1jJaTyx4VPk
yd0ZtXa7eEFz6N5Z84BztMCKw1hZxHNS1zG06UAIDD+294gStS3Hcgt3uj1s5GMz
shaOBTwQRKDxo8a5YNL++X7vb9NYjXmgpmqpcuVkydQspecHUW0tLED0t+l4pGiQ
XZ3Ku6OwQ0SnH3p08yg3i47/ssCNFHUJqDkVjRswmoxzQC+GQcstMZeoizUvcZvg
+z6B0QtTMhQqNMGNlWSMntatLKkQ5vc9+hOGSQt8/IQt
-----END CERTIFICATE-----