Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/925ea2-fff8-4095-9d96-01cd47b6ca0d/1/p-RJNh9JzuTGAbonv6SiHIGo-Zs.roa
File:                     p-RJNh9JzuTGAbonv6SiHIGo-Zs.roa (raw, json)
Hash identifier:          CnUaaNmND1hlUYpUdj93kk7BQgZTe17usUCZnw2w4sE=
Subject key identifier:   A7:E4:49:36:1F:49:CE:E4:C6:01:BA:27:BF:A4:A2:1C:81:A8:F9:9B
Certificate issuer:       /CN=6497a4e6acfb72d51d29ee61a62836f6606097a6
Certificate serial:       019421B1E5B6EA706707D2A88E4D42B4F1A2
Authority key identifier: 64:97:A4:E6:AC:FB:72:D5:1D:29:EE:61:A6:28:36:F6:60:60:97:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZJek5qz7ctUdKe5hpig29mBgl6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/925ea2-fff8-4095-9d96-01cd47b6ca0d/1/p-RJNh9JzuTGAbonv6SiHIGo-Zs.roa
Signing time:             Wed 01 Jan 2025 11:48:14 +0000
ROA not before:           Wed 01 Jan 2025 11:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15924
IP address blocks:        195.234.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/925ea2-fff8-4095-9d96-01cd47b6ca0d/1/ZJek5qz7ctUdKe5hpig29mBgl6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/925ea2-fff8-4095-9d96-01cd47b6ca0d/1/ZJek5qz7ctUdKe5hpig29mBgl6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZJek5qz7ctUdKe5hpig29mBgl6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 11:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:e5:b6:ea:70:67:07:d2:a8:8e:4d:42:b4:f1:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6497a4e6acfb72d51d29ee61a62836f6606097a6
        Validity
            Not Before: Jan  1 11:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a7e449361f49cee4c601ba27bfa4a21c81a8f99b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a7:1c:da:bf:06:fc:69:7a:94:98:c0:e9:e8:
                    c9:9a:d2:a6:e2:08:ed:6a:8b:80:02:ba:ee:6d:c4:
                    b2:83:16:84:66:39:b5:71:80:ad:68:71:2b:88:dd:
                    20:2a:fb:33:b3:47:b0:03:ed:9d:63:2d:80:0d:99:
                    42:36:bf:17:61:0c:62:24:28:9a:68:fe:7a:4f:a8:
                    f1:7c:ce:d3:18:a8:4a:3a:08:cf:4c:53:a1:1e:79:
                    fd:a5:a2:e7:83:2a:71:b9:89:98:6f:97:d7:ae:24:
                    25:67:82:12:db:b9:a8:08:9f:83:cd:d4:ae:fd:b9:
                    40:57:e4:7d:06:e5:25:39:8d:53:42:43:7e:e2:5b:
                    cf:09:42:9d:2e:3a:8f:76:e8:8b:10:7e:8d:6e:03:
                    f1:a7:d8:5b:4e:c0:91:27:a3:cb:ff:96:09:7f:9e:
                    95:ef:d2:ae:a4:3b:61:b0:b7:5c:8c:71:d9:8c:67:
                    cc:ab:71:f3:9a:33:5b:f1:2e:06:f8:c6:67:7c:f1:
                    39:2c:de:e9:57:0a:e0:52:b3:0f:79:d8:09:c4:6b:
                    f0:8a:bb:92:58:9b:92:c0:d7:17:2d:ef:f7:6f:8f:
                    3f:44:46:3a:df:be:f7:48:f9:a2:f8:29:b7:d1:69:
                    02:a5:2b:16:fe:ff:d6:89:5e:64:72:02:71:30:e6:
                    52:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:E4:49:36:1F:49:CE:E4:C6:01:BA:27:BF:A4:A2:1C:81:A8:F9:9B
            X509v3 Authority Key Identifier:
                keyid:64:97:A4:E6:AC:FB:72:D5:1D:29:EE:61:A6:28:36:F6:60:60:97:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZJek5qz7ctUdKe5hpig29mBgl6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/925ea2-fff8-4095-9d96-01cd47b6ca0d/1/p-RJNh9JzuTGAbonv6SiHIGo-Zs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/925ea2-fff8-4095-9d96-01cd47b6ca0d/1/ZJek5qz7ctUdKe5hpig29mBgl6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:c2:bb:97:93:74:45:ce:cf:d5:1f:da:bf:aa:c4:36:54:e0:
         87:22:0b:5c:dc:7e:ac:f4:53:af:55:e2:91:88:e7:64:d1:48:
         3d:76:98:10:72:fc:83:87:47:08:df:a4:3d:9b:de:d1:a9:cb:
         9a:e1:b3:d4:ed:29:c0:19:9b:33:6b:61:a6:be:71:78:8a:4f:
         91:ed:9f:1b:df:95:25:77:ae:da:19:66:ef:b4:de:96:4a:45:
         85:f1:64:c0:63:9d:ed:ca:52:8c:99:22:c6:65:97:96:e2:11:
         2b:2b:09:c2:fb:c4:26:b4:ed:8f:f8:f4:d0:2c:30:86:1b:e9:
         38:6e:51:bf:29:01:41:7e:68:e5:85:41:22:37:dd:e3:a4:70:
         29:c0:0d:a8:2c:a1:1f:fc:08:a9:d9:2b:4c:6e:33:27:14:ad:
         0e:88:d7:f8:6e:b5:c3:67:3d:e3:60:55:45:03:eb:69:3a:77:
         25:79:8a:69:04:f3:65:ff:f7:b7:c5:b0:18:cb:75:71:79:b1:
         10:9e:19:2b:4c:b2:7b:a1:25:3a:14:5c:7e:fb:02:5a:56:53:
         dd:2a:e8:63:72:96:39:38:09:ce:ca:cc:4f:2f:7e:a8:e4:24:
         b1:b9:a6:15:db:5d:52:6b:f0:47:f2:af:de:37:c5:eb:40:5e:
         51:ee:6c:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhseW26nBnB9Kojk1CtPGiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0OTdhNGU2YWNmYjcyZDUxZDI5ZWU2MWE2MjgzNmY2NjA2
MDk3YTYwHhcNMjUwMTAxMTE0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2U0NDkzNjFmNDljZWU0YzYwMWJhMjdiZmE0YTIxYzgxYThmOTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6cc2r8G/Gl6lJjA6ejJmtKm4gjt
aouAArrubcSygxaEZjm1cYCtaHEriN0gKvszs0ewA+2dYy2ADZlCNr8XYQxiJCia
aP56T6jxfM7TGKhKOgjPTFOhHnn9paLngypxuYmYb5fXriQlZ4IS27moCJ+DzdSu
/blAV+R9BuUlOY1TQkN+4lvPCUKdLjqPduiLEH6NbgPxp9hbTsCRJ6PL/5YJf56V
79KupDthsLdcjHHZjGfMq3HzmjNb8S4G+MZnfPE5LN7pVwrgUrMPedgJxGvwiruS
WJuSwNcXLe/3b48/REY63773SPmi+Cm30WkCpSsW/v/WiV5kcgJxMOZSWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKfkSTYfSc7kxgG6J7+kohyBqPmbMB8GA1UdIwQY
MBaAFGSXpOas+3LVHSnuYaYoNvZgYJemMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkplazVxejdjdFVkS2U1aHBpZzI5bUJnbDZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85MjVlYTItZmZmOC00MDk1LTlkOTYt
MDFjZDQ3YjZjYTBkLzEvcC1SSk5oOUp6dVRHQWJvbnY2U2lISUdvLVpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85MjVlYTItZmZmOC00MDk1LTlkOTYtMDFjZDQ3YjZjYTBk
LzEvWkplazVxejdjdFVkS2U1aHBpZzI5bUJnbDZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+pRMA0G
CSqGSIb3DQEBCwUAA4IBAQA9wruXk3RFzs/VH9q/qsQ2VOCHIgtc3H6s9FOvVeKR
iOdk0Ug9dpgQcvyDh0cI36Q9m97Rqcua4bPU7SnAGZsza2GmvnF4ik+R7Z8b35Ul
d67aGWbvtN6WSkWF8WTAY53tylKMmSLGZZeW4hErKwnC+8QmtO2P+PTQLDCGG+k4
blG/KQFBfmjlhUEiN93jpHApwA2oLKEf/Aip2StMbjMnFK0OiNf4brXDZz3jYFVF
A+tpOncleYppBPNl//e3xbAYy3VxebEQnhkrTLJ7oSU6FFx++wJaVlPdKuhjcpY5
OAnOysxPL36o5CSxuaYV211Sa/BH8q/eN8XrQF5R7mwr
-----END CERTIFICATE-----