Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/869214-16d4-45e0-b87e-32e932d6fd0e/1/xktUIB6GDLW-h2_LFZTy4dam33Y.roa
File:                     xktUIB6GDLW-h2_LFZTy4dam33Y.roa (raw, json)
Hash identifier:          BgrfS/HN5mPWhSmcXKgkikTloXU/AxYtLSZ8SaD1EM0=
Subject key identifier:   C6:4B:54:20:1E:86:0C:B5:BE:87:6F:CB:15:94:F2:E1:D6:A6:DF:76
Certificate issuer:       /CN=b4f115424c181c67966ccc2467ede69d060ccf53
Certificate serial:       019424B2AB210E727585B44DBD6B535480AE
Authority key identifier: B4:F1:15:42:4C:18:1C:67:96:6C:CC:24:67:ED:E6:9D:06:0C:CF:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPEVQkwYHGeWbMwkZ-3mnQYMz1M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/869214-16d4-45e0-b87e-32e932d6fd0e/1/xktUIB6GDLW-h2_LFZTy4dam33Y.roa
Signing time:             Thu 02 Jan 2025 01:47:56 +0000
ROA not before:           Thu 02 Jan 2025 01:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202269
IP address blocks:        195.248.240.0/24 maxlen: 24
                          195.248.241.0/24 maxlen: 24
                          195.248.242.0/24 maxlen: 24
                          195.248.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/869214-16d4-45e0-b87e-32e932d6fd0e/1/tPEVQkwYHGeWbMwkZ-3mnQYMz1M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/869214-16d4-45e0-b87e-32e932d6fd0e/1/tPEVQkwYHGeWbMwkZ-3mnQYMz1M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPEVQkwYHGeWbMwkZ-3mnQYMz1M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:ab:21:0e:72:75:85:b4:4d:bd:6b:53:54:80:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f115424c181c67966ccc2467ede69d060ccf53
        Validity
            Not Before: Jan  2 01:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c64b54201e860cb5be876fcb1594f2e1d6a6df76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:7d:6e:75:d6:9f:30:9f:3d:94:e8:7d:9b:34:
                    f6:d7:65:ba:7b:7d:4a:b0:fc:90:7a:bc:9c:01:b7:
                    45:55:8a:e4:69:d7:0a:08:ab:82:c4:4a:22:cb:10:
                    78:aa:e6:30:06:27:63:e3:5b:51:e8:e4:02:4a:2b:
                    49:6e:22:4d:cc:94:44:17:d3:70:ab:4d:fa:50:90:
                    02:5f:e9:07:d0:5d:4d:3d:b8:c0:39:5d:0d:b2:93:
                    70:a2:14:93:5e:5b:57:47:9b:e8:0c:50:c7:9f:36:
                    3a:16:6a:b3:0e:df:ff:67:64:2e:61:1d:0f:05:c4:
                    9a:eb:50:24:29:2e:9d:55:cd:69:30:51:8f:5e:8e:
                    d8:3b:5f:1f:86:e0:3a:04:7b:d5:ae:57:47:d1:17:
                    6f:b4:e0:6e:ed:86:3a:37:6e:a9:e7:d6:40:c6:4c:
                    99:ff:fb:2c:bd:8c:5b:ff:21:db:75:8a:4b:49:07:
                    5f:f5:2f:cc:e1:46:bc:c1:01:f7:a3:a5:22:9e:e1:
                    66:a0:a5:af:b3:db:b6:23:00:78:f6:88:dc:49:fe:
                    19:94:cc:45:52:19:89:2a:6d:17:c5:f3:3e:22:df:
                    98:c2:8b:07:73:8e:5d:cc:d5:3d:87:f4:b5:5e:df:
                    00:0b:c6:24:81:09:d7:36:fe:26:c2:44:2a:1c:66:
                    74:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:4B:54:20:1E:86:0C:B5:BE:87:6F:CB:15:94:F2:E1:D6:A6:DF:76
            X509v3 Authority Key Identifier:
                keyid:B4:F1:15:42:4C:18:1C:67:96:6C:CC:24:67:ED:E6:9D:06:0C:CF:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPEVQkwYHGeWbMwkZ-3mnQYMz1M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/869214-16d4-45e0-b87e-32e932d6fd0e/1/xktUIB6GDLW-h2_LFZTy4dam33Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/869214-16d4-45e0-b87e-32e932d6fd0e/1/tPEVQkwYHGeWbMwkZ-3mnQYMz1M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.248.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:4b:31:fe:5f:42:ad:09:92:e1:93:96:3e:d4:e5:6a:2c:56:
         f3:54:d6:be:a7:b1:88:4b:63:1f:93:8b:88:04:57:19:09:21:
         54:a0:a6:b0:95:d2:db:cf:14:5a:7e:61:05:9b:8e:99:52:93:
         40:3a:bf:7e:88:62:dc:44:4c:4c:98:d6:26:16:47:28:23:0a:
         ba:2a:80:a9:d0:ab:c2:40:31:a9:22:3a:87:ec:7c:60:4e:7e:
         a5:8a:6f:5f:47:df:00:83:3f:07:77:0a:e1:e7:c3:32:cc:7e:
         34:ab:b0:9a:71:6a:84:31:4f:62:2a:9d:ca:3f:4a:9b:f3:40:
         e7:89:8a:3f:12:d6:b5:e1:b6:62:92:50:20:d5:d2:e5:32:cc:
         51:ed:33:18:8f:b0:9d:40:aa:16:c2:c6:84:a3:93:31:1b:f5:
         a8:26:d3:de:13:1a:1c:89:9c:33:87:a1:43:8b:ba:27:0e:a3:
         75:42:05:2d:41:44:57:c6:08:82:50:3a:90:7c:11:f6:24:3b:
         f8:dd:1a:1e:ef:bf:5f:5f:ac:2b:0e:48:60:7d:eb:16:e0:e7:
         d3:f8:49:9d:eb:db:26:23:a4:fc:47:20:30:c8:76:b0:b5:b6:
         9b:d0:70:0e:6b:fc:b5:e8:5a:09:d2:9a:6a:ba:63:86:49:26:
         94:d3:7a:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksqshDnJ1hbRNvWtTVICuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZjExNTQyNGMxODFjNjc5NjZjY2MyNDY3ZWRlNjlkMDYw
Y2NmNTMwHhcNMjUwMTAyMDE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjRiNTQyMDFlODYwY2I1YmU4NzZmY2IxNTk0ZjJlMWQ2YTZkZjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwX1uddafMJ89lOh9mzT212W6e31K
sPyQerycAbdFVYrkadcKCKuCxEoiyxB4quYwBidj41tR6OQCSitJbiJNzJREF9Nw
q036UJACX+kH0F1NPbjAOV0NspNwohSTXltXR5voDFDHnzY6FmqzDt//Z2QuYR0P
BcSa61AkKS6dVc1pMFGPXo7YO18fhuA6BHvVrldH0RdvtOBu7YY6N26p59ZAxkyZ
//ssvYxb/yHbdYpLSQdf9S/M4Ua8wQH3o6UinuFmoKWvs9u2IwB49ojcSf4ZlMxF
UhmJKm0XxfM+It+YwosHc45dzNU9h/S1Xt8AC8YkgQnXNv4mwkQqHGZ0JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZLVCAehgy1vodvyxWU8uHWpt92MB8GA1UdIwQY
MBaAFLTxFUJMGBxnlmzMJGft5p0GDM9TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBFVlFrd1lIR2VXYk13a1otM21uUVlNejFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS84NjkyMTQtMTZkNC00NWUwLWI4N2Ut
MzJlOTMyZDZmZDBlLzEveGt0VUlCNkdETFctaDJfTEZaVHk0ZGFtMzNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS84NjkyMTQtMTZkNC00NWUwLWI4N2UtMzJlOTMyZDZmZDBl
LzEvdFBFVlFrd1lIR2VXYk13a1otM21uUVlNejFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw/jwMA0G
CSqGSIb3DQEBCwUAA4IBAQAZSzH+X0KtCZLhk5Y+1OVqLFbzVNa+p7GIS2Mfk4uI
BFcZCSFUoKawldLbzxRafmEFm46ZUpNAOr9+iGLcRExMmNYmFkcoIwq6KoCp0KvC
QDGpIjqH7HxgTn6lim9fR98Agz8Hdwrh58MyzH40q7CacWqEMU9iKp3KP0qb80Dn
iYo/Eta14bZiklAg1dLlMsxR7TMYj7CdQKoWwsaEo5MxG/WoJtPeExociZwzh6FD
i7onDqN1QgUtQURXxgiCUDqQfBH2JDv43Roe779fX6wrDkhgfesW4OfT+Emd69sm
I6T8RyAwyHawtbab0HAOa/y16FoJ0ppqumOGSSaU03qI
-----END CERTIFICATE-----