Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/L7mO7KFz85O9TLGHw1rnhJTk7S8.roa
File:                     L7mO7KFz85O9TLGHw1rnhJTk7S8.roa (raw, json)
Hash identifier:          UMdz5rJ/zgMVHrBC+qmC+WQlQSXRf1HcpO0Un+UUydo=
Subject key identifier:   2F:B9:8E:EC:A1:73:F3:93:BD:4C:B1:87:C3:5A:E7:84:94:E4:ED:2F
Certificate issuer:       /CN=533802e62965d4584e598d59b76a928be5afd971
Certificate serial:       019527E82F0C27F6196BD1E772F1C1C52FA5
Authority key identifier: 53:38:02:E6:29:65:D4:58:4E:59:8D:59:B7:6A:92:8B:E5:AF:D9:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/L7mO7KFz85O9TLGHw1rnhJTk7S8.roa
Signing time:             Fri 21 Feb 2025 09:48:02 +0000
ROA not before:           Fri 21 Feb 2025 09:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43366
IP address blocks:        141.98.228.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 21:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:27:e8:2f:0c:27:f6:19:6b:d1:e7:72:f1:c1:c5:2f:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=533802e62965d4584e598d59b76a928be5afd971
        Validity
            Not Before: Feb 21 09:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2fb98eeca173f393bd4cb187c35ae78494e4ed2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:39:f1:21:9c:c8:a4:d0:92:eb:12:0c:40:5a:
                    69:77:b4:36:1f:7b:88:0c:9b:0c:8f:14:30:6a:a4:
                    c4:48:af:f7:1a:12:c8:41:37:15:38:37:a6:17:f5:
                    dd:47:f9:73:70:fc:7f:f9:78:37:a7:e2:03:22:e1:
                    58:44:2d:7d:cb:e3:62:72:3e:f8:64:21:84:97:e1:
                    d1:fd:2c:4c:9c:b7:fb:de:63:5b:cb:4a:f7:c3:82:
                    7e:16:e8:1b:39:86:b2:e3:7a:9e:bc:fb:7d:aa:03:
                    7b:bf:b4:eb:b6:c5:c4:57:30:ac:cc:c6:6b:1a:bc:
                    55:1e:86:c2:c3:33:c9:2d:be:d5:a9:c6:24:15:90:
                    f9:f1:90:69:e1:44:4d:f7:6c:a4:07:75:59:fd:09:
                    05:f8:9f:6e:87:33:f8:a2:ae:82:11:34:f6:72:7b:
                    b3:f8:74:e8:a5:2a:c6:84:b1:b7:25:2c:a5:c8:e2:
                    a4:92:6e:2d:ec:1f:77:13:9d:ff:ed:54:33:c4:b1:
                    9e:c6:b7:c9:8b:ee:69:f1:01:d9:a4:37:81:41:4e:
                    f7:81:09:3e:2d:5f:5c:d6:05:45:c4:30:b4:a8:24:
                    96:61:51:d6:a0:cd:38:3f:db:cb:e0:c5:0e:65:19:
                    9e:4a:82:b8:b4:f5:b9:24:2a:b1:c6:00:6f:5e:0e:
                    b6:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:B9:8E:EC:A1:73:F3:93:BD:4C:B1:87:C3:5A:E7:84:94:E4:ED:2F
            X509v3 Authority Key Identifier:
                keyid:53:38:02:E6:29:65:D4:58:4E:59:8D:59:B7:6A:92:8B:E5:AF:D9:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/L7mO7KFz85O9TLGHw1rnhJTk7S8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:8d:04:c8:17:07:89:e8:d2:44:dc:8d:af:e6:3c:98:50:c8:
         5c:da:9b:74:9e:0b:6f:f5:6d:d4:56:4a:2d:c5:ed:f3:42:0f:
         d6:02:05:3d:31:ed:ab:12:db:e4:71:1a:fd:c1:77:d0:03:df:
         d8:15:75:81:dd:44:c3:f3:21:04:4d:51:7f:1b:30:05:5e:02:
         9b:8e:fb:97:a5:d1:c4:2a:05:52:5b:5e:a3:29:e3:f4:60:65:
         ab:19:c3:29:d1:90:7f:de:57:f0:6a:93:d3:ea:7c:d5:f6:13:
         30:60:a6:4c:25:13:a4:c9:28:af:9e:f3:74:78:d8:e3:3b:72:
         0c:bf:cd:04:cd:2f:00:e5:f7:11:66:22:b9:30:e3:e2:5e:d3:
         87:ea:81:43:5f:da:aa:86:e9:5d:1c:97:ff:af:9e:26:9b:91:
         e1:e5:c8:58:5d:2a:a3:55:6f:b2:55:ff:e4:a1:6e:0c:24:c9:
         df:1a:7f:e0:67:a0:2d:dc:3b:bf:d8:cd:d1:18:0f:e1:c4:28:
         a9:8a:14:3c:4c:85:df:1f:1d:45:ca:57:78:31:88:f6:e9:f7:
         8b:b8:61:d9:5c:c3:2d:f5:93:92:c0:af:f3:1f:f9:62:8f:c6:
         47:4f:6f:8c:61:2d:a4:a7:4d:64:f2:17:9a:09:94:c3:82:9a:
         33:4b:5a:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUn6C8MJ/YZa9HncvHBxS+lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMzgwMmU2Mjk2NWQ0NTg0ZTU5OGQ1OWI3NmE5MjhiZTVh
ZmQ5NzEwHhcNMjUwMjIxMDk0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmI5OGVlY2ExNzNmMzkzYmQ0Y2IxODdjMzVhZTc4NDk0ZTRlZDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTnxIZzIpNCS6xIMQFppd7Q2H3uI
DJsMjxQwaqTESK/3GhLIQTcVODemF/XdR/lzcPx/+Xg3p+IDIuFYRC19y+Nicj74
ZCGEl+HR/SxMnLf73mNby0r3w4J+FugbOYay43qevPt9qgN7v7TrtsXEVzCszMZr
GrxVHobCwzPJLb7VqcYkFZD58ZBp4URN92ykB3VZ/QkF+J9uhzP4oq6CETT2cnuz
+HTopSrGhLG3JSylyOKkkm4t7B93E53/7VQzxLGexrfJi+5p8QHZpDeBQU73gQk+
LV9c1gVFxDC0qCSWYVHWoM04P9vL4MUOZRmeSoK4tPW5JCqxxgBvXg62vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC+5juyhc/OTvUyxh8Na54SU5O0vMB8GA1UdIwQY
MBaAFFM4AuYpZdRYTlmNWbdqkovlr9lxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXpnQzVpbGwxRmhPV1kxWnQycVNpLVd2MlhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8wMWE3M2EtOGRhMC00OGI5LWFhZWQt
YTIzYzEzMWMwZDM4LzEvTDdtTzdLRno4NU85VExHSHcxcm5oSlRrN1M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8wMWE3M2EtOGRhMC00OGI5LWFhZWQtYTIzYzEzMWMwZDM4
LzEvVXpnQzVpbGwxRmhPV1kxWnQycVNpLVd2MlhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCjWLkMA0G
CSqGSIb3DQEBCwUAA4IBAQAyjQTIFweJ6NJE3I2v5jyYUMhc2pt0ngtv9W3UVkot
xe3zQg/WAgU9Me2rEtvkcRr9wXfQA9/YFXWB3UTD8yEETVF/GzAFXgKbjvuXpdHE
KgVSW16jKeP0YGWrGcMp0ZB/3lfwapPT6nzV9hMwYKZMJROkySivnvN0eNjjO3IM
v80EzS8A5fcRZiK5MOPiXtOH6oFDX9qqhuldHJf/r54mm5Hh5chYXSqjVW+yVf/k
oW4MJMnfGn/gZ6At3Du/2M3RGA/hxCipihQ8TIXfHx1Fyld4MYj26feLuGHZXMMt
9ZOSwK/zH/lij8ZHT2+MYS2kp01k8heaCZTDgpozS1q/
-----END CERTIFICATE-----