Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/5yN22ahrdAN1NXIIN6NZ1jhN7Jg.roa
File:                     5yN22ahrdAN1NXIIN6NZ1jhN7Jg.roa (raw, json)
Hash identifier:          j0qMcGfpFNrPYWDQOmrLH7ZMvqbrcA5XzAeaKGehsQA=
Subject key identifier:   E7:23:76:D9:A8:6B:74:03:75:35:72:08:37:A3:59:D6:38:4D:EC:98
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       0194CACD679DEF8BF438572D5BA7FC68384D
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/5yN22ahrdAN1NXIIN6NZ1jhN7Jg.roa
Signing time:             Mon 03 Feb 2025 07:54:06 +0000
ROA not before:           Mon 03 Feb 2025 07:54:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54339
IP address blocks:        195.8.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ca:cd:67:9d:ef:8b:f4:38:57:2d:5b:a7:fc:68:38:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Feb  3 07:54:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e72376d9a86b74037535720837a359d6384dec98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:eb:63:e6:e6:b2:2e:63:c2:18:ee:38:9a:9c:
                    68:51:4a:eb:b9:b9:d4:a5:13:92:20:c7:80:b5:6f:
                    00:28:34:34:8a:2c:3e:90:46:d6:73:d2:46:82:bb:
                    a6:28:ab:58:ac:12:5c:80:5e:25:cf:81:a9:95:3f:
                    0b:a4:f8:7b:18:01:c6:2b:ac:b2:73:53:ef:93:ab:
                    57:40:c3:4c:32:c4:f1:be:a5:d8:f7:08:88:be:b7:
                    a9:0d:27:ef:61:fa:ce:1f:b8:2c:fe:8a:dc:17:87:
                    c4:93:ef:3e:cd:c4:ba:4f:9d:79:30:fb:42:af:bc:
                    44:84:bc:6f:5c:94:d4:58:13:c6:54:d9:9d:dd:cb:
                    36:16:47:1f:cb:cc:4c:e1:31:82:80:7c:33:ef:81:
                    50:47:ea:f1:f8:65:ba:df:5a:31:ee:8f:90:df:33:
                    13:6c:e0:49:ff:f2:c7:33:7a:ff:f2:f0:38:3c:6a:
                    47:ae:22:93:f6:84:81:e3:5b:06:b0:8c:51:d5:a0:
                    54:c0:fe:42:5d:64:d1:b2:4f:8f:75:86:29:0d:82:
                    4d:7e:b5:28:dd:84:0f:21:12:81:01:1c:5e:50:bb:
                    8d:b8:a3:b2:f1:5d:c2:90:58:1f:5b:63:29:c2:2a:
                    39:ca:4d:a4:91:9a:48:5c:8e:2d:e4:33:6d:78:b5:
                    c5:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:23:76:D9:A8:6B:74:03:75:35:72:08:37:A3:59:D6:38:4D:EC:98
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/5yN22ahrdAN1NXIIN6NZ1jhN7Jg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:66:59:2a:08:d9:9f:75:73:6e:9a:1a:94:f6:e4:77:35:f3:
         37:e2:ec:83:db:5d:e0:56:bc:18:ba:5f:16:22:a1:64:ae:23:
         53:7f:73:bb:89:19:05:81:84:34:c5:5b:2f:f4:df:d8:e4:58:
         27:de:d7:40:d5:a7:dd:59:3f:cf:f5:bb:2e:d8:b3:61:9a:a4:
         06:90:7b:2d:bb:cb:25:75:5d:2c:f1:8a:2f:ea:18:cf:04:ad:
         f7:f8:a8:a4:5b:6e:43:e4:95:00:88:a0:68:95:53:21:e3:08:
         4e:f2:41:a7:c8:3f:97:57:17:fc:28:51:e1:b9:00:ba:d4:0a:
         be:bf:93:a6:9c:9f:4e:97:6a:6d:2c:d1:5b:45:00:e6:7b:90:
         21:7d:33:ea:13:da:f0:29:8f:62:83:52:68:9c:4d:ea:26:12:
         f9:62:70:26:8f:35:76:c2:72:88:f0:e7:01:ca:bb:94:08:e7:
         b5:09:83:53:56:26:bb:cb:fa:96:4c:43:22:71:fc:d8:1e:4c:
         3d:b1:ec:b6:48:8f:22:2f:13:9e:b1:02:67:b7:59:c9:fb:bb:
         52:e2:f9:f9:29:02:f6:54:44:b5:43:87:12:f6:44:b9:17:ef:
         41:3e:17:d0:97:67:ff:91:e0:89:65:59:6e:6e:4d:53:df:12:
         56:a4:55:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTKzWed74v0OFctW6f8aDhNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjUwMjAzMDc1NDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzIzNzZkOWE4NmI3NDAzNzUzNTcyMDgzN2EzNTlkNjM4NGRlYzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOtj5uayLmPCGO44mpxoUUrrubnU
pROSIMeAtW8AKDQ0iiw+kEbWc9JGgrumKKtYrBJcgF4lz4GplT8LpPh7GAHGK6yy
c1Pvk6tXQMNMMsTxvqXY9wiIvrepDSfvYfrOH7gs/orcF4fEk+8+zcS6T515MPtC
r7xEhLxvXJTUWBPGVNmd3cs2Fkcfy8xM4TGCgHwz74FQR+rx+GW631ox7o+Q3zMT
bOBJ//LHM3r/8vA4PGpHriKT9oSB41sGsIxR1aBUwP5CXWTRsk+PdYYpDYJNfrUo
3YQPIRKBARxeULuNuKOy8V3CkFgfW2Mpwio5yk2kkZpIXI4t5DNteLXFOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOcjdtmoa3QDdTVyCDejWdY4TeyYMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvNXlOMjJhaHJkQU4xTlhJSU42TloxamhON0pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwjIMA0G
CSqGSIb3DQEBCwUAA4IBAQCyZlkqCNmfdXNumhqU9uR3NfM34uyD213gVrwYul8W
IqFkriNTf3O7iRkFgYQ0xVsv9N/Y5Fgn3tdA1afdWT/P9bsu2LNhmqQGkHstu8sl
dV0s8Yov6hjPBK33+KikW25D5JUAiKBolVMh4whO8kGnyD+XVxf8KFHhuQC61Aq+
v5OmnJ9Ol2ptLNFbRQDme5AhfTPqE9rwKY9ig1JonE3qJhL5YnAmjzV2wnKI8OcB
yruUCOe1CYNTVia7y/qWTEMicfzYHkw9sey2SI8iLxOesQJnt1nJ+7tS4vn5KQL2
VES1Q4cS9kS5F+9BPhfQl2f/keCJZVlubk1T3xJWpFUs
-----END CERTIFICATE-----