Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/pFelJKjmsxI5R3DZJlChQC_3MD0.roa
File:                     pFelJKjmsxI5R3DZJlChQC_3MD0.roa (raw, json)
Hash identifier:          L8qIKNFDArN/1ptMdrOTwQqtla8X4v+mnYVreTvvMew=
Subject key identifier:   A4:57:A5:24:A8:E6:B3:12:39:47:70:D9:26:50:A1:40:2F:F7:30:3D
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       019423D7676E3EB87397EDB50DFEB151518D
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/pFelJKjmsxI5R3DZJlChQC_3MD0.roa
Signing time:             Wed 01 Jan 2025 21:48:26 +0000
ROA not before:           Wed 01 Jan 2025 21:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200209
IP address blocks:        178.251.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:67:6e:3e:b8:73:97:ed:b5:0d:fe:b1:51:51:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 21:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a457a524a8e6b312394770d92650a1402ff7303d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:8d:61:e2:c7:7c:13:7c:84:09:06:b5:ac:04:
                    94:c0:2d:9d:10:cc:8d:ec:1d:ee:d5:f8:06:5b:79:
                    01:b4:eb:58:c3:9e:2d:57:1b:3f:76:4f:38:e1:56:
                    36:d2:2b:ec:69:c7:9d:9d:52:d3:60:9d:bd:08:79:
                    25:3a:5e:2e:48:8f:62:e4:9a:69:de:d4:20:e9:b6:
                    e4:be:c0:82:92:ef:88:cf:64:ab:5c:07:7a:73:46:
                    5a:77:cb:ea:3a:1c:06:2c:51:ab:4d:2f:1a:47:71:
                    bb:99:22:60:80:74:da:10:fc:5e:20:8a:04:c5:78:
                    5e:3a:50:ad:df:d2:92:00:a7:bf:7b:f0:7b:c8:24:
                    43:13:d5:57:18:fd:db:38:91:f3:f1:f2:97:1c:04:
                    58:6a:60:b6:94:08:a5:e0:ac:2c:7d:e9:1c:5f:8d:
                    ac:6a:ef:9b:8f:ea:d1:90:e5:33:88:d4:19:2b:31:
                    a9:69:9e:4c:c0:42:4f:06:c4:7e:e8:aa:a8:d8:65:
                    03:bc:53:61:66:a6:07:61:04:74:b4:9d:54:2b:01:
                    d1:ac:6e:43:7d:f8:6d:55:24:38:be:dd:41:a1:89:
                    18:37:29:9b:a2:66:0e:ad:81:78:89:74:36:cc:8e:
                    0c:fe:88:21:a0:a2:d1:bc:b3:ac:4f:bc:de:2d:0d:
                    10:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:57:A5:24:A8:E6:B3:12:39:47:70:D9:26:50:A1:40:2F:F7:30:3D
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/pFelJKjmsxI5R3DZJlChQC_3MD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.251.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:26:bb:46:0a:97:a5:cb:1d:39:62:16:f3:1d:c2:11:c8:20:
         28:bb:05:66:e2:6f:8b:57:7f:55:90:8e:8f:85:89:82:7f:d7:
         f3:0a:ae:7b:90:87:1d:51:4c:7b:6e:ed:87:89:25:f2:d3:bd:
         a9:60:b0:f2:c8:4f:03:ea:76:d0:da:a0:66:82:e7:b6:83:bf:
         be:b8:58:ca:0e:51:78:e3:67:ee:d2:92:f5:63:b5:35:3a:eb:
         a8:52:92:f3:a8:c0:e3:be:df:64:15:17:07:a1:4e:f2:93:49:
         aa:23:06:9b:f8:3e:af:83:68:0e:5a:c8:d7:28:ef:be:aa:44:
         e9:e6:d7:6e:06:dc:27:3e:06:4c:2c:72:a6:61:7d:6e:cc:92:
         06:c7:f5:6f:74:85:4b:75:1b:73:ae:e6:6e:28:aa:db:4d:2b:
         f0:68:f0:34:6d:fc:e4:b2:69:9f:5a:d6:dc:64:4d:3f:50:17:
         90:4e:dd:73:9b:7b:8a:55:cd:54:c4:bb:56:4f:8d:9a:a7:68:
         b2:de:74:27:ce:6b:97:fa:65:c0:55:ca:e9:06:c3:e7:77:41:
         a3:b1:a4:f7:86:cd:cf:a5:12:f0:21:29:ad:b8:ab:c1:bd:3e:
         1f:a8:2c:bf:0b:66:90:24:c4:08:00:9d:6f:66:b0:7b:41:64:
         d8:83:c5:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj12duPrhzl+21Df6xUVGNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjUwMTAxMjE0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDU3YTUyNGE4ZTZiMzEyMzk0NzcwZDkyNjUwYTE0MDJmZjczMDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp41h4sd8E3yECQa1rASUwC2dEMyN
7B3u1fgGW3kBtOtYw54tVxs/dk844VY20ivsacednVLTYJ29CHklOl4uSI9i5Jpp
3tQg6bbkvsCCku+Iz2SrXAd6c0Zad8vqOhwGLFGrTS8aR3G7mSJggHTaEPxeIIoE
xXheOlCt39KSAKe/e/B7yCRDE9VXGP3bOJHz8fKXHARYamC2lAil4KwsfekcX42s
au+bj+rRkOUziNQZKzGpaZ5MwEJPBsR+6Kqo2GUDvFNhZqYHYQR0tJ1UKwHRrG5D
ffhtVSQ4vt1BoYkYNymbomYOrYF4iXQ2zI4M/oghoKLRvLOsT7zeLQ0QuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKRXpSSo5rMSOUdw2SZQoUAv9zA9MB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvcEZlbEpLam1zeEk1UjNEWkpsQ2hRQ18zTUQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsvvnMA0G
CSqGSIb3DQEBCwUAA4IBAQC3JrtGCpelyx05YhbzHcIRyCAouwVm4m+LV39VkI6P
hYmCf9fzCq57kIcdUUx7bu2HiSXy072pYLDyyE8D6nbQ2qBmgue2g7++uFjKDlF4
42fu0pL1Y7U1OuuoUpLzqMDjvt9kFRcHoU7yk0mqIwab+D6vg2gOWsjXKO++qkTp
5tduBtwnPgZMLHKmYX1uzJIGx/VvdIVLdRtzruZuKKrbTSvwaPA0bfzksmmfWtbc
ZE0/UBeQTt1zm3uKVc1UxLtWT42ap2iy3nQnzmuX+mXAVcrpBsPnd0GjsaT3hs3P
pRLwISmtuKvBvT4fqCy/C2aQJMQIAJ1vZrB7QWTYg8Wq
-----END CERTIFICATE-----