Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/c65e48-31c4-4974-89f4-ac2ae483955e/1/rJMIHQLkxom4E-e7Qy3aYsdGMVA.roa
File:                     rJMIHQLkxom4E-e7Qy3aYsdGMVA.roa (raw, json)
Hash identifier:          Fg5t4xG81KRwBzgiOaCNb7xH+qvhUM++MTkXaN72cEY=
Subject key identifier:   AC:93:08:1D:02:E4:C6:89:B8:13:E7:BB:43:2D:DA:62:C7:46:31:50
Certificate issuer:       /CN=19981de8b7720394594448b7a0e625c33a38dc66
Certificate serial:       019528CB753EEA00F0D4F42480D8194081A5
Authority key identifier: 19:98:1D:E8:B7:72:03:94:59:44:48:B7:A0:E6:25:C3:3A:38:DC:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GZgd6LdyA5RZREi3oOYlwzo43GY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/c65e48-31c4-4974-89f4-ac2ae483955e/1/rJMIHQLkxom4E-e7Qy3aYsdGMVA.roa
Signing time:             Fri 21 Feb 2025 13:56:17 +0000
ROA not before:           Fri 21 Feb 2025 13:56:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60781
IP address blocks:        195.190.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/c65e48-31c4-4974-89f4-ac2ae483955e/1/GZgd6LdyA5RZREi3oOYlwzo43GY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/c65e48-31c4-4974-89f4-ac2ae483955e/1/GZgd6LdyA5RZREi3oOYlwzo43GY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GZgd6LdyA5RZREi3oOYlwzo43GY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:28:cb:75:3e:ea:00:f0:d4:f4:24:80:d8:19:40:81:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19981de8b7720394594448b7a0e625c33a38dc66
        Validity
            Not Before: Feb 21 13:56:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac93081d02e4c689b813e7bb432dda62c7463150
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:66:01:32:1e:1d:82:f0:11:73:4b:d2:9c:52:
                    3d:8b:d4:4c:ed:c9:a5:00:72:38:ab:d2:aa:34:c7:
                    1a:88:3f:43:64:84:9e:c2:f1:7d:26:a0:af:28:ed:
                    27:26:6e:c9:9f:ca:46:26:92:2e:98:2a:bc:05:d8:
                    5a:eb:79:b6:6c:d1:9e:53:e5:e2:79:d0:17:f3:48:
                    b2:8e:f4:45:c0:5b:c5:fa:79:2a:cb:1b:75:8e:e8:
                    3a:7a:40:d1:f1:eb:b8:1d:dd:08:3a:93:33:2c:23:
                    a2:9e:31:a6:8a:43:75:2c:06:d4:30:12:09:90:0a:
                    94:34:d6:cb:4f:e3:29:f7:f4:a8:75:4f:4b:26:97:
                    29:8d:49:37:14:7b:3a:09:f2:42:38:ad:30:b7:cc:
                    58:fb:3b:34:c9:ae:85:ad:fc:fc:af:03:21:d2:bf:
                    f7:ba:db:c7:78:d1:ee:9b:16:23:e2:4f:e3:c5:b9:
                    34:94:cc:f4:69:77:62:01:c2:a5:38:7b:49:9a:43:
                    ec:71:0b:00:be:06:57:ac:2e:47:84:11:32:36:cc:
                    9e:b0:11:a5:83:ff:8f:d0:ae:34:b7:93:c7:c5:92:
                    c3:a5:f5:bb:1f:2d:19:90:27:dd:5d:44:b5:9d:16:
                    e4:2a:74:80:cb:9b:8b:12:bd:37:b6:fb:35:a9:89:
                    31:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:93:08:1D:02:E4:C6:89:B8:13:E7:BB:43:2D:DA:62:C7:46:31:50
            X509v3 Authority Key Identifier:
                keyid:19:98:1D:E8:B7:72:03:94:59:44:48:B7:A0:E6:25:C3:3A:38:DC:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GZgd6LdyA5RZREi3oOYlwzo43GY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/c65e48-31c4-4974-89f4-ac2ae483955e/1/rJMIHQLkxom4E-e7Qy3aYsdGMVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/c65e48-31c4-4974-89f4-ac2ae483955e/1/GZgd6LdyA5RZREi3oOYlwzo43GY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.190.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:59:7e:8e:81:a7:b1:26:a1:e9:e1:8b:0f:f9:58:c7:43:87:
         3b:61:8c:03:e7:78:33:fe:1b:46:04:f8:42:a3:56:1d:4b:a6:
         91:25:18:fd:c5:f8:a2:e5:f8:db:b8:54:0d:a3:51:66:8d:82:
         88:12:b2:d5:89:ed:33:11:24:23:c1:d1:f9:67:c2:36:da:c6:
         2d:de:54:dd:b7:64:cc:1a:bd:f5:d1:fd:38:7d:6f:46:47:a3:
         a0:60:68:fc:28:d1:9b:77:05:63:1f:d8:8c:16:11:a9:cc:23:
         26:ea:66:00:83:f5:90:b0:64:47:11:94:a9:68:3a:21:79:9d:
         ce:bb:d6:00:a1:81:46:01:16:a3:1c:46:14:d5:2e:91:30:a0:
         9b:c3:f2:eb:76:c2:76:2d:63:66:9c:47:be:ca:d8:89:27:3d:
         f4:40:12:e9:63:6c:a5:d1:a3:22:7a:b7:b2:ab:8a:3d:98:5b:
         4d:13:0f:07:8b:15:c4:8b:13:3f:5c:35:dd:a6:46:81:cf:b0:
         b2:13:73:19:5a:30:99:4e:eb:dd:c6:d9:2e:9c:89:02:7b:d1:
         b6:fc:b4:4d:65:79:0c:d4:e3:34:ed:da:a9:95:4b:ff:d8:e0:
         bd:9b:4b:f3:18:e8:84:8e:d1:6b:8b:72:07:1b:fd:d4:a8:7f:
         15:fd:cc:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUoy3U+6gDw1PQkgNgZQIGlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5OTgxZGU4Yjc3MjAzOTQ1OTQ0NDhiN2EwZTYyNWMzM2Ez
OGRjNjYwHhcNMjUwMjIxMTM1NjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzkzMDgxZDAyZTRjNjg5YjgxM2U3YmI0MzJkZGE2MmM3NDYzMTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8mYBMh4dgvARc0vSnFI9i9RM7cml
AHI4q9KqNMcaiD9DZISewvF9JqCvKO0nJm7Jn8pGJpIumCq8Bdha63m2bNGeU+Xi
edAX80iyjvRFwFvF+nkqyxt1jug6ekDR8eu4Hd0IOpMzLCOinjGmikN1LAbUMBIJ
kAqUNNbLT+Mp9/SodU9LJpcpjUk3FHs6CfJCOK0wt8xY+zs0ya6Frfz8rwMh0r/3
utvHeNHumxYj4k/jxbk0lMz0aXdiAcKlOHtJmkPscQsAvgZXrC5HhBEyNsyesBGl
g/+P0K40t5PHxZLDpfW7Hy0ZkCfdXUS1nRbkKnSAy5uLEr03tvs1qYkxbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKyTCB0C5MaJuBPnu0Mt2mLHRjFQMB8GA1UdIwQY
MBaAFBmYHei3cgOUWURIt6DmJcM6ONxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1pnZDZMZHlBNVJaUkVpM29PWWx3em80M0dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9jNjVlNDgtMzFjNC00OTc0LTg5ZjQt
YWMyYWU0ODM5NTVlLzEvckpNSUhRTGt4b200RS1lN1F5M2FZc2RHTVZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9jNjVlNDgtMzFjNC00OTc0LTg5ZjQtYWMyYWU0ODM5NTVl
LzEvR1pnZDZMZHlBNVJaUkVpM29PWWx3em80M0dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw76SMA0G
CSqGSIb3DQEBCwUAA4IBAQB9WX6OgaexJqHp4YsP+VjHQ4c7YYwD53gz/htGBPhC
o1YdS6aRJRj9xfii5fjbuFQNo1FmjYKIErLVie0zESQjwdH5Z8I22sYt3lTdt2TM
Gr310f04fW9GR6OgYGj8KNGbdwVjH9iMFhGpzCMm6mYAg/WQsGRHEZSpaDoheZ3O
u9YAoYFGARajHEYU1S6RMKCbw/LrdsJ2LWNmnEe+ytiJJz30QBLpY2yl0aMierey
q4o9mFtNEw8HixXEixM/XDXdpkaBz7CyE3MZWjCZTuvdxtkunIkCe9G2/LRNZXkM
1OM07dqplUv/2OC9m0vzGOiEjtFri3IHG/3UqH8V/cwo
-----END CERTIFICATE-----