Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/5d454b-9d1d-4e7d-ae73-7f5f4d604731/1/I1VO7zMbx-vbjpttTgauG2K9yC0.roa
File:                     I1VO7zMbx-vbjpttTgauG2K9yC0.roa (raw, json)
Hash identifier:          +jpo7oyuZbYyl/PyBGr6vKJVEKniF9XZYZ9HT6VtMFY=
Subject key identifier:   23:55:4E:EF:33:1B:C7:EB:DB:8E:9B:6D:4E:06:AE:1B:62:BD:C8:2D
Certificate issuer:       /CN=441d4b92dd150364c65b7d21299028678b0a5296
Certificate serial:       01951897E54915D0086C40FC23F57C2A6ECC
Authority key identifier: 44:1D:4B:92:DD:15:03:64:C6:5B:7D:21:29:90:28:67:8B:0A:52:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RB1Lkt0VA2TGW30hKZAoZ4sKUpY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/5d454b-9d1d-4e7d-ae73-7f5f4d604731/1/I1VO7zMbx-vbjpttTgauG2K9yC0.roa
Signing time:             Tue 18 Feb 2025 10:26:02 +0000
ROA not before:           Tue 18 Feb 2025 10:26:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6837
IP address blocks:        144.2.64.0/18 maxlen: 26
                          185.119.176.0/22 maxlen: 27
                          2a02:21b0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/5d454b-9d1d-4e7d-ae73-7f5f4d604731/1/RB1Lkt0VA2TGW30hKZAoZ4sKUpY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/5d454b-9d1d-4e7d-ae73-7f5f4d604731/1/RB1Lkt0VA2TGW30hKZAoZ4sKUpY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RB1Lkt0VA2TGW30hKZAoZ4sKUpY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 16:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:18:97:e5:49:15:d0:08:6c:40:fc:23:f5:7c:2a:6e:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=441d4b92dd150364c65b7d21299028678b0a5296
        Validity
            Not Before: Feb 18 10:26:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23554eef331bc7ebdb8e9b6d4e06ae1b62bdc82d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:af:f5:8e:dd:81:4b:f5:11:d7:b8:ce:52:d8:
                    e6:2a:88:a8:14:06:7b:0c:f5:19:84:9f:a2:84:f4:
                    ac:65:8f:7c:65:7c:21:b5:70:69:70:61:74:c7:fc:
                    61:e5:7a:7f:69:3e:03:a4:7b:93:30:0c:9b:43:78:
                    ca:36:dd:17:0a:b7:a8:20:ad:6b:6a:46:ed:2f:61:
                    8a:b1:ff:f1:74:6d:6c:01:4f:e2:cd:1f:f7:cf:83:
                    0b:f2:dc:7b:2c:92:8c:f9:4c:39:a7:a8:81:b5:5a:
                    8f:2a:d8:e9:cd:9b:9b:1a:67:03:9d:0f:5f:13:8e:
                    c4:70:95:13:76:fa:a1:4d:b1:3a:b0:70:74:5a:f6:
                    1d:b7:b8:3e:84:6b:f8:4b:73:00:fd:19:7c:e3:80:
                    bf:76:c1:9f:c1:ba:16:fb:6f:c4:25:72:61:a7:73:
                    ec:c4:3d:4a:13:02:f9:93:e7:0e:99:ae:3a:ac:07:
                    de:f7:0e:5b:a1:ae:a3:c6:46:fd:44:20:1d:cf:ec:
                    f2:b7:0b:81:51:89:1a:57:d0:4b:25:c5:5b:6c:6a:
                    fa:8f:9e:7d:09:bd:a3:f9:10:da:05:b8:57:7b:37:
                    89:ad:13:07:67:3a:02:de:39:a4:42:21:ea:6c:69:
                    3a:bc:72:d0:df:a7:28:1d:4e:d2:9f:bd:ab:10:3c:
                    c4:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:55:4E:EF:33:1B:C7:EB:DB:8E:9B:6D:4E:06:AE:1B:62:BD:C8:2D
            X509v3 Authority Key Identifier:
                keyid:44:1D:4B:92:DD:15:03:64:C6:5B:7D:21:29:90:28:67:8B:0A:52:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RB1Lkt0VA2TGW30hKZAoZ4sKUpY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/5d454b-9d1d-4e7d-ae73-7f5f4d604731/1/I1VO7zMbx-vbjpttTgauG2K9yC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/5d454b-9d1d-4e7d-ae73-7f5f4d604731/1/RB1Lkt0VA2TGW30hKZAoZ4sKUpY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.2.64.0/18
                  185.119.176.0/22
                IPv6:
                  2a02:21b0::/29

    Signature Algorithm: sha256WithRSAEncryption
         15:c7:e5:55:51:9b:08:28:57:32:06:60:db:d2:35:d6:22:3a:
         6b:1c:df:d7:b1:8f:2d:1d:67:b9:5d:24:81:ad:d3:19:b0:ef:
         d4:a4:cf:23:c7:9a:e3:a8:4e:27:21:4b:4a:7f:ef:74:52:b1:
         33:9b:bc:af:ca:ec:d2:20:c0:a3:c7:74:f3:fc:10:75:00:bb:
         e1:81:9f:57:52:b2:be:79:84:6d:a8:a4:3a:a8:7a:4a:b0:e4:
         9e:bd:c2:87:86:cf:a3:07:da:03:df:ad:a5:71:f6:ab:c9:38:
         99:50:9a:63:49:61:0a:26:bc:ba:6c:8b:42:66:77:f5:f2:a8:
         30:33:29:93:3f:5c:cd:2c:b5:6d:27:98:45:f1:e3:72:d5:86:
         c1:d7:70:0b:a3:d2:61:15:b6:c7:99:91:9b:05:94:c5:7d:01:
         69:3d:f3:c3:fe:75:36:a3:23:4e:05:90:39:78:97:3f:7f:75:
         67:0c:6c:91:70:48:5a:4e:33:93:94:6e:aa:df:6f:ee:00:fa:
         b8:45:ae:70:f9:7b:af:88:a8:50:32:26:d1:ba:a6:e7:df:ab:
         c0:51:02:d9:82:95:db:c0:a6:87:37:cf:3e:08:18:e5:04:19:
         82:ec:84:0c:bf:3d:c8:97:d3:58:93:55:bb:bf:11:4f:8d:a4:
         78:e7:80:f5
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZUYl+VJFdAIbED8I/V8Km7MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0MWQ0YjkyZGQxNTAzNjRjNjViN2QyMTI5OTAyODY3OGIw
YTUyOTYwHhcNMjUwMjE4MTAyNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzU1NGVlZjMzMWJjN2ViZGI4ZTliNmQ0ZTA2YWUxYjYyYmRjODJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoa/1jt2BS/UR17jOUtjmKoioFAZ7
DPUZhJ+ihPSsZY98ZXwhtXBpcGF0x/xh5Xp/aT4DpHuTMAybQ3jKNt0XCreoIK1r
akbtL2GKsf/xdG1sAU/izR/3z4ML8tx7LJKM+Uw5p6iBtVqPKtjpzZubGmcDnQ9f
E47EcJUTdvqhTbE6sHB0WvYdt7g+hGv4S3MA/Rl844C/dsGfwboW+2/EJXJhp3Ps
xD1KEwL5k+cOma46rAfe9w5boa6jxkb9RCAdz+zytwuBUYkaV9BLJcVbbGr6j559
Cb2j+RDaBbhXezeJrRMHZzoC3jmkQiHqbGk6vHLQ36coHU7Sn72rEDzEAwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCNVTu8zG8fr246bbU4GrhtivcgtMB8GA1UdIwQY
MBaAFEQdS5LdFQNkxlt9ISmQKGeLClKWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkIxTGt0MFZBMlRHVzMwaEtaQW9aNHNLVXBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS81ZDQ1NGItOWQxZC00ZTdkLWFlNzMt
N2Y1ZjRkNjA0NzMxLzEvSTFWTzd6TWJ4LXZianB0dFRnYXVHMks5eUMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS81ZDQ1NGItOWQxZC00ZTdkLWFlNzMtN2Y1ZjRkNjA0NzMx
LzEvUkIxTGt0MFZBMlRHVzMwaEtaQW9aNHNLVXBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQGkAJAAwQC
uXewMA0EAgACMAcDBQMqAiGwMA0GCSqGSIb3DQEBCwUAA4IBAQAVx+VVUZsIKFcy
BmDb0jXWIjprHN/XsY8tHWe5XSSBrdMZsO/UpM8jx5rjqE4nIUtKf+90UrEzm7yv
yuzSIMCjx3Tz/BB1ALvhgZ9XUrK+eYRtqKQ6qHpKsOSevcKHhs+jB9oD362lcfar
yTiZUJpjSWEKJry6bItCZnf18qgwMymTP1zNLLVtJ5hF8eNy1YbB13ALo9JhFbbH
mZGbBZTFfQFpPfPD/nU2oyNOBZA5eJc/f3VnDGyRcEhaTjOTlG6q32/uAPq4Ra5w
+XuviKhQMibRuqbn36vAUQLZgpXbwKaHN88+CBjlBBmC7IQMvz3Il9NYk1W7vxFP
jaR454D1
-----END CERTIFICATE-----