Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/0lMFcdtNp26YfQNn5iPba6FXABM.roa
File:                     0lMFcdtNp26YfQNn5iPba6FXABM.roa (raw, json)
Hash identifier:          qwNKo6mD7mKcqzNSQWlJycWA8l92Zl/i3CclTpihme0=
Subject key identifier:   D2:53:05:71:DB:4D:A7:6E:98:7D:03:67:E6:23:DB:6B:A1:57:00:13
Certificate issuer:       /CN=41f5a10e4fd2655adbbb40ede18b2615ac558ea9
Certificate serial:       01961553BE5AE3A16AB9C31EE889FE299E0E
Authority key identifier: 41:F5:A1:0E:4F:D2:65:5A:DB:BB:40:ED:E1:8B:26:15:AC:55:8E:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/0lMFcdtNp26YfQNn5iPba6FXABM.roa
Signing time:             Tue 08 Apr 2025 12:15:31 +0000
ROA not before:           Tue 08 Apr 2025 12:15:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210644
IP address blocks:        192.109.139.0/24 maxlen: 24
                          192.109.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 06:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:15:53:be:5a:e3:a1:6a:b9:c3:1e:e8:89:fe:29:9e:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41f5a10e4fd2655adbbb40ede18b2615ac558ea9
        Validity
            Not Before: Apr  8 12:15:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2530571db4da76e987d0367e623db6ba1570013
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:bb:86:ba:f4:b9:70:19:95:cd:a7:2c:7f:76:
                    bf:81:32:98:df:1e:21:1d:75:27:21:a9:fc:cd:17:
                    59:b1:84:5f:e1:11:e5:3d:f5:5d:9b:83:46:9e:ef:
                    22:c7:5e:78:e4:90:f0:30:2b:1a:69:7c:37:a6:93:
                    9d:d2:c1:70:81:67:5a:ac:02:8b:40:08:71:29:af:
                    0d:19:d7:d5:ca:38:9e:56:28:db:73:b5:4d:76:d9:
                    78:e0:34:ee:b8:6c:cc:41:1b:47:7d:19:7b:ea:14:
                    5b:a6:1a:6c:9a:d7:ad:85:8e:11:4e:fb:49:4a:c3:
                    13:f1:70:ff:e7:60:ea:8a:e0:f7:43:55:9e:e1:c5:
                    29:a0:4c:fe:8f:43:7d:f5:c1:74:76:ac:1b:41:30:
                    0d:d0:43:94:ea:83:4e:0a:a6:42:ca:cb:60:8f:0a:
                    3a:da:11:67:28:0e:c6:3b:2b:bc:f4:13:d0:94:7f:
                    be:64:08:72:18:1b:1b:fe:92:8e:f3:ea:af:83:88:
                    5c:24:39:98:62:24:37:95:30:d1:e4:ed:87:02:63:
                    2a:bc:f6:99:02:18:fb:9b:9a:74:ac:05:32:35:ea:
                    f2:e9:7f:16:6c:33:8c:4f:03:78:00:f0:51:ca:0c:
                    3b:07:57:11:c0:2c:17:45:69:79:3c:ff:a5:7f:24:
                    7e:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:53:05:71:DB:4D:A7:6E:98:7D:03:67:E6:23:DB:6B:A1:57:00:13
            X509v3 Authority Key Identifier:
                keyid:41:F5:A1:0E:4F:D2:65:5A:DB:BB:40:ED:E1:8B:26:15:AC:55:8E:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/0lMFcdtNp26YfQNn5iPba6FXABM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.139.0/24
                  192.109.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:82:ae:40:5d:fa:89:0d:ad:3a:32:73:ee:2f:93:a7:71:39:
         6c:5b:92:c0:e5:4f:8b:af:73:4f:a2:9f:03:7b:df:bf:38:24:
         ed:d6:45:ba:22:74:fd:75:21:b4:c2:a8:00:7d:4c:08:d9:cd:
         5d:ad:57:51:f6:06:b0:74:0b:f6:a7:32:a7:84:57:31:a5:1a:
         00:40:53:85:c8:00:9d:26:04:33:82:61:e4:09:5e:51:c2:20:
         63:21:b5:84:ac:8b:6f:64:6c:ac:98:d1:b3:6f:3b:dd:73:e9:
         fc:ec:1b:d5:8a:3d:d4:7c:5e:a2:f5:cb:38:92:51:3c:f7:5a:
         bb:2e:c7:08:6b:58:18:cd:82:b1:13:51:98:77:5b:1b:bb:53:
         37:d6:04:af:16:40:a8:05:bf:9e:0c:85:9a:3a:5f:c4:ba:e4:
         00:5d:1e:4f:68:f6:52:40:dd:3e:6e:b7:94:94:ce:14:85:5d:
         64:b2:72:51:1a:15:6a:40:d5:75:1f:80:c8:aa:64:93:1b:27:
         e8:31:c4:4e:db:56:02:be:93:4e:18:37:19:a3:89:19:3e:90:
         07:67:bc:96:36:87:6c:93:36:83:7c:06:f2:0f:4e:d3:b4:35:
         9d:f0:7e:12:92:ce:f3:67:73:25:12:7a:da:0b:51:8b:e8:b3:
         1e:8e:71:2e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZYVU75a46FqucMe6In+KZ4OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZjVhMTBlNGZkMjY1NWFkYmJiNDBlZGUxOGIyNjE1YWM1
NThlYTkwHhcNMjUwNDA4MTIxNTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjUzMDU3MWRiNGRhNzZlOTg3ZDAzNjdlNjIzZGI2YmExNTcwMDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbuGuvS5cBmVzacsf3a/gTKY3x4h
HXUnIan8zRdZsYRf4RHlPfVdm4NGnu8ix1545JDwMCsaaXw3ppOd0sFwgWdarAKL
QAhxKa8NGdfVyjieVijbc7VNdtl44DTuuGzMQRtHfRl76hRbphpsmtethY4RTvtJ
SsMT8XD/52DqiuD3Q1We4cUpoEz+j0N99cF0dqwbQTAN0EOU6oNOCqZCystgjwo6
2hFnKA7GOyu89BPQlH++ZAhyGBsb/pKO8+qvg4hcJDmYYiQ3lTDR5O2HAmMqvPaZ
Ahj7m5p0rAUyNery6X8WbDOMTwN4APBRygw7B1cRwCwXRWl5PP+lfyR+ywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNJTBXHbTadumH0DZ+Yj22uhVwATMB8GA1UdIwQY
MBaAFEH1oQ5P0mVa27tA7eGLJhWsVY6pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWZXaERrX1NaVnJidTBEdDRZc21GYXhWanFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi84ZDNjODItZTQwMy00ZGE2LWIzMTUt
ODc5MDIwNmYwZDc0LzEvMGxNRmNkdE5wMjZZZlFObjVpUGJhNkZYQUJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi84ZDNjODItZTQwMy00ZGE2LWIzMTUtODc5MDIwNmYwZDc0
LzEvUWZXaERrX1NaVnJidTBEdDRZc21GYXhWanFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwG2LAwQA
wG3IMA0GCSqGSIb3DQEBCwUAA4IBAQAmgq5AXfqJDa06MnPuL5OncTlsW5LA5U+L
r3NPop8De9+/OCTt1kW6InT9dSG0wqgAfUwI2c1drVdR9gawdAv2pzKnhFcxpRoA
QFOFyACdJgQzgmHkCV5RwiBjIbWErItvZGysmNGzbzvdc+n87BvVij3UfF6i9cs4
klE891q7LscIa1gYzYKxE1GYd1sbu1M31gSvFkCoBb+eDIWaOl/EuuQAXR5PaPZS
QN0+breUlM4UhV1ksnJRGhVqQNV1H4DIqmSTGyfoMcRO21YCvpNOGDcZo4kZPpAH
Z7yWNodskzaDfAbyD07TtDWd8H4Sks7zZ3MlEnraC1GL6LMejnEu
-----END CERTIFICATE-----