Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/67c8fb-0257-4d60-a0df-6fce03325b3f/1/IzmeYXYlO_xmlW74WeQyL7gffpE.roa
File:                     IzmeYXYlO_xmlW74WeQyL7gffpE.roa (raw, json)
Hash identifier:          Z5XX/V/bAHCE8fRhzNUzhUtEMOMQ14B1YoCinHSL1lM=
Subject key identifier:   23:39:9E:61:76:25:3B:FC:66:95:6E:F8:59:E4:32:2F:B8:1F:7E:91
Certificate issuer:       /CN=c5bfa71a5113fed82464776c14371514c9218ef5
Certificate serial:       0194244500AC261AF1D91ACDB284F37A9613
Authority key identifier: C5:BF:A7:1A:51:13:FE:D8:24:64:77:6C:14:37:15:14:C9:21:8E:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xb-nGlET_tgkZHdsFDcVFMkhjvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/67c8fb-0257-4d60-a0df-6fce03325b3f/1/IzmeYXYlO_xmlW74WeQyL7gffpE.roa
Signing time:             Wed 01 Jan 2025 23:48:09 +0000
ROA not before:           Wed 01 Jan 2025 23:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16347
IP address blocks:        194.0.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/67c8fb-0257-4d60-a0df-6fce03325b3f/1/xb-nGlET_tgkZHdsFDcVFMkhjvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/67c8fb-0257-4d60-a0df-6fce03325b3f/1/xb-nGlET_tgkZHdsFDcVFMkhjvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xb-nGlET_tgkZHdsFDcVFMkhjvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:00:ac:26:1a:f1:d9:1a:cd:b2:84:f3:7a:96:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5bfa71a5113fed82464776c14371514c9218ef5
        Validity
            Not Before: Jan  1 23:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23399e6176253bfc66956ef859e4322fb81f7e91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d3:05:f9:cd:63:2d:95:81:e3:02:c7:8f:0e:
                    06:ff:57:aa:8d:c4:77:8a:85:2d:27:b0:dd:34:a6:
                    1e:48:9e:32:ce:1b:93:05:24:51:c4:0e:18:72:82:
                    4c:8c:48:e6:8a:27:ee:52:f6:ae:6f:42:55:d4:7f:
                    17:16:e2:61:1c:de:7d:7c:2e:9e:16:29:f6:f3:e6:
                    e2:4b:2c:85:ca:b8:66:eb:44:9d:c5:5a:65:ed:52:
                    f5:f2:0e:84:d9:c5:a4:ca:d0:7e:95:f8:0e:64:98:
                    3a:f0:96:20:50:89:a6:75:1e:b9:55:8c:b8:f6:89:
                    a2:45:af:08:14:12:03:eb:bb:ea:f8:26:9c:fa:83:
                    9a:3e:0f:b7:be:71:12:a2:88:fe:4d:89:89:17:cf:
                    97:f4:60:18:f1:80:6f:02:13:22:2b:c4:f7:b7:cc:
                    08:5f:7f:38:d2:02:bc:dc:65:9c:51:81:66:33:7a:
                    46:fa:50:f7:33:1d:ff:1e:b9:b2:4b:e5:5e:b5:c8:
                    3c:20:61:65:ae:7e:ac:2d:87:e2:35:df:07:8f:ce:
                    47:73:29:21:c5:d2:a7:89:61:54:30:7c:fe:e7:61:
                    8d:5c:37:3a:4b:f2:e6:32:17:73:1a:09:fc:17:0b:
                    c3:d9:d1:dc:e2:79:17:5f:69:25:e9:f6:03:26:b7:
                    84:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:39:9E:61:76:25:3B:FC:66:95:6E:F8:59:E4:32:2F:B8:1F:7E:91
            X509v3 Authority Key Identifier:
                keyid:C5:BF:A7:1A:51:13:FE:D8:24:64:77:6C:14:37:15:14:C9:21:8E:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xb-nGlET_tgkZHdsFDcVFMkhjvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/67c8fb-0257-4d60-a0df-6fce03325b3f/1/IzmeYXYlO_xmlW74WeQyL7gffpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/67c8fb-0257-4d60-a0df-6fce03325b3f/1/xb-nGlET_tgkZHdsFDcVFMkhjvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:aa:f0:9b:fa:1e:14:12:fb:c1:1c:89:f8:e6:78:e6:e6:a7:
         11:75:e2:5c:a8:3b:20:fc:96:8f:64:fe:6e:5d:1b:66:a0:21:
         6a:57:9b:f1:d9:e8:88:3c:80:0f:36:f9:eb:9c:82:07:de:71:
         39:2e:43:23:2b:c6:79:8d:5b:d0:18:c7:80:d8:d9:39:c9:f1:
         0e:15:46:ce:9a:1c:a6:05:26:81:2a:ae:c9:52:6e:85:fd:16:
         1e:8c:41:d3:5f:08:e4:07:df:52:84:1a:5f:48:21:9b:9c:28:
         f2:ca:2d:8c:f6:d8:47:54:87:78:bf:21:3a:34:3b:eb:67:28:
         71:4c:fd:05:1c:24:c6:05:04:3f:ef:45:75:ed:68:1f:30:c5:
         b5:55:55:fa:b2:ca:90:e5:2a:8f:41:7e:d1:fe:c9:29:86:22:
         bb:00:e1:52:db:e9:e4:67:97:0a:2d:17:93:4c:f8:f9:02:72:
         79:aa:6e:13:d8:4d:ee:6a:3c:3a:4a:24:df:aa:be:a5:a9:3a:
         12:3a:cf:05:cb:e1:27:8c:f2:7b:27:4a:6f:7f:74:f5:f3:40:
         bb:20:1f:ae:a2:78:72:a0:11:73:db:fd:0f:b8:63:c4:91:9d:
         94:2f:1b:ea:22:e6:71:df:85:8c:80:15:95:a8:f8:07:81:31:
         f1:ca:e5:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRQCsJhrx2RrNsoTzepYTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1YmZhNzFhNTExM2ZlZDgyNDY0Nzc2YzE0MzcxNTE0Yzky
MThlZjUwHhcNMjUwMTAxMjM0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzM5OWU2MTc2MjUzYmZjNjY5NTZlZjg1OWU0MzIyZmI4MWY3ZTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotMF+c1jLZWB4wLHjw4G/1eqjcR3
ioUtJ7DdNKYeSJ4yzhuTBSRRxA4YcoJMjEjmiifuUvaub0JV1H8XFuJhHN59fC6e
Fin28+biSyyFyrhm60SdxVpl7VL18g6E2cWkytB+lfgOZJg68JYgUImmdR65VYy4
9omiRa8IFBID67vq+Cac+oOaPg+3vnESooj+TYmJF8+X9GAY8YBvAhMiK8T3t8wI
X3840gK83GWcUYFmM3pG+lD3Mx3/HrmyS+Vetcg8IGFlrn6sLYfiNd8Hj85Hcykh
xdKniWFUMHz+52GNXDc6S/LmMhdzGgn8FwvD2dHc4nkXX2kl6fYDJreEeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCM5nmF2JTv8ZpVu+FnkMi+4H36RMB8GA1UdIwQY
MBaAFMW/pxpRE/7YJGR3bBQ3FRTJIY71MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGItbkdsRVRfdGdrWkhkc0ZEY1ZGTWtoanZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC82N2M4ZmItMDI1Ny00ZDYwLWEwZGYt
NmZjZTAzMzI1YjNmLzEvSXptZVlYWWxPX3htbFc3NFdlUXlMN2dmZnBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC82N2M4ZmItMDI1Ny00ZDYwLWEwZGYtNmZjZTAzMzI1YjNm
LzEveGItbkdsRVRfdGdrWkhkc0ZEY1ZGTWtoanZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgCZMA0G
CSqGSIb3DQEBCwUAA4IBAQBMqvCb+h4UEvvBHIn45njm5qcRdeJcqDsg/JaPZP5u
XRtmoCFqV5vx2eiIPIAPNvnrnIIH3nE5LkMjK8Z5jVvQGMeA2Nk5yfEOFUbOmhym
BSaBKq7JUm6F/RYejEHTXwjkB99ShBpfSCGbnCjyyi2M9thHVId4vyE6NDvrZyhx
TP0FHCTGBQQ/70V17WgfMMW1VVX6ssqQ5SqPQX7R/skphiK7AOFS2+nkZ5cKLReT
TPj5AnJ5qm4T2E3uajw6SiTfqr6lqToSOs8Fy+EnjPJ7J0pvf3T180C7IB+uonhy
oBFz2/0PuGPEkZ2ULxvqIuZx34WMgBWVqPgHgTHxyuUC
-----END CERTIFICATE-----