Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/CXhT6O8qTFxXvoa8CsXpOAzPPss.roa
File:                     CXhT6O8qTFxXvoa8CsXpOAzPPss.roa (raw, json)
Hash identifier:          0wWc+pU8dO2IsPDto97pPe5Q3Y1psffWd7uh5+0lCQ0=
Subject key identifier:   09:78:53:E8:EF:2A:4C:5C:57:BE:86:BC:0A:C5:E9:38:0C:CF:3E:CB
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       01942747691ECA3DE7B57E518FD44B2FE82A
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/CXhT6O8qTFxXvoa8CsXpOAzPPss.roa
Signing time:             Thu 02 Jan 2025 13:49:38 +0000
ROA not before:           Thu 02 Jan 2025 13:49:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25198
IP address blocks:        217.25.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:69:1e:ca:3d:e7:b5:7e:51:8f:d4:4b:2f:e8:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Jan  2 13:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=097853e8ef2a4c5c57be86bc0ac5e9380ccf3ecb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:8d:48:c3:cd:8e:a0:2a:fc:d6:c5:0f:db:45:
                    90:2e:e4:52:dc:99:e3:a5:4f:8b:37:81:03:fc:55:
                    ad:d2:0f:df:e5:91:99:38:c0:15:3d:9c:bb:1f:8c:
                    81:8a:b1:7b:c9:a3:1a:ab:6a:f4:3b:b3:16:fc:6e:
                    ad:22:9f:b4:e4:8b:2d:dc:f6:bb:c5:7c:1d:18:fc:
                    a2:72:32:a0:4d:64:4b:a1:9b:8f:f3:7a:86:c1:1e:
                    32:f6:ad:06:31:ba:48:bf:54:39:16:61:f7:bb:e7:
                    9c:d3:6e:55:b8:34:00:28:61:4d:ca:7c:09:ec:da:
                    a3:94:68:7b:e7:b7:00:1e:01:41:fb:c8:76:5c:91:
                    ae:b1:9e:2b:c5:2c:05:cd:2c:12:b9:cc:7e:c6:76:
                    d5:d8:51:a2:0a:6b:b0:a3:04:1d:d6:79:b2:40:ff:
                    1f:2c:b2:7b:84:55:97:24:2f:e7:0a:b4:58:94:fa:
                    72:ef:d2:f4:4f:4e:0c:0d:56:be:5b:74:10:82:36:
                    09:07:3a:e1:b7:46:57:96:88:7f:a2:f3:ba:38:30:
                    0f:a4:21:d8:02:69:48:78:2d:05:1a:37:83:af:38:
                    66:b0:b7:99:f4:86:a5:3f:0e:30:1b:08:05:76:00:
                    19:7d:7b:ee:c5:cd:70:1f:c2:d9:6d:59:3e:ac:b1:
                    89:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:78:53:E8:EF:2A:4C:5C:57:BE:86:BC:0A:C5:E9:38:0C:CF:3E:CB
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/CXhT6O8qTFxXvoa8CsXpOAzPPss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.25.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:c5:60:2b:02:51:82:44:13:20:99:5a:18:02:2b:79:38:54:
         c2:e3:b4:0e:c3:b6:38:d8:ec:2a:ab:90:6e:7e:34:a5:a7:62:
         08:0b:c5:b6:07:04:5c:30:df:6e:c9:a9:70:d5:1b:d8:c1:d0:
         18:04:60:ba:45:3a:97:ca:0d:18:69:43:be:6d:8b:f1:47:a7:
         38:65:d3:d2:87:4f:05:fc:2a:ad:e0:51:18:c2:3b:99:67:36:
         e6:8b:68:54:8f:2f:c2:e0:4b:16:6a:7b:5b:a2:7e:87:71:d4:
         44:5a:9c:28:c2:35:c4:01:bf:e8:cc:79:23:fc:b6:fa:b0:01:
         72:46:b0:77:3e:de:08:0d:ea:c9:e9:e2:04:9d:7f:8f:1a:18:
         07:fd:97:d8:21:0e:cd:3c:dc:d1:07:dd:25:63:07:55:36:bf:
         f3:eb:c1:51:bb:46:8b:b7:81:fd:c4:93:34:f3:7e:c7:33:06:
         d9:ad:5a:db:60:db:7a:74:5e:d6:e5:15:c5:06:7c:3f:88:fd:
         77:38:03:e6:56:fe:3f:df:65:82:f3:18:2c:ef:8b:e0:62:c7:
         26:38:96:d1:4f:24:78:7c:a1:26:cf:8c:8a:a5:b9:e0:45:6a:
         98:ae:cf:a2:97:ae:85:95:d8:44:61:60:9c:a8:8a:cb:0a:19:
         13:90:68:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR2keyj3ntX5Rj9RLL+gqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjUwMTAyMTM0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTc4NTNlOGVmMmE0YzVjNTdiZTg2YmMwYWM1ZTkzODBjY2YzZWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuY1Iw82OoCr81sUP20WQLuRS3Jnj
pU+LN4ED/FWt0g/f5ZGZOMAVPZy7H4yBirF7yaMaq2r0O7MW/G6tIp+05Ist3Pa7
xXwdGPyicjKgTWRLoZuP83qGwR4y9q0GMbpIv1Q5FmH3u+ec025VuDQAKGFNynwJ
7NqjlGh757cAHgFB+8h2XJGusZ4rxSwFzSwSucx+xnbV2FGiCmuwowQd1nmyQP8f
LLJ7hFWXJC/nCrRYlPpy79L0T04MDVa+W3QQgjYJBzrht0ZXloh/ovO6ODAPpCHY
AmlIeC0FGjeDrzhmsLeZ9IalPw4wGwgFdgAZfXvuxc1wH8LZbVk+rLGJ8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAl4U+jvKkxcV76GvArF6TgMzz7LMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvQ1hoVDZPOHFURnhYdm9hOENzWHBPQXpQUHNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RkDMA0G
CSqGSIb3DQEBCwUAA4IBAQAmxWArAlGCRBMgmVoYAit5OFTC47QOw7Y42Owqq5Bu
fjSlp2IIC8W2BwRcMN9uyalw1RvYwdAYBGC6RTqXyg0YaUO+bYvxR6c4ZdPSh08F
/Cqt4FEYwjuZZzbmi2hUjy/C4EsWantbon6HcdREWpwowjXEAb/ozHkj/Lb6sAFy
RrB3Pt4IDerJ6eIEnX+PGhgH/ZfYIQ7NPNzRB90lYwdVNr/z68FRu0aLt4H9xJM0
837HMwbZrVrbYNt6dF7W5RXFBnw/iP13OAPmVv4/32WC8xgs74vgYscmOJbRTyR4
fKEmz4yKpbngRWqYrs+il66FldhEYWCcqIrLChkTkGgJ
-----END CERTIFICATE-----