Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/Lp5kKoVBpi7GZDZtlzBG6jARCxY.roa
File:                     Lp5kKoVBpi7GZDZtlzBG6jARCxY.roa (raw, json)
Hash identifier:          sMZZ5D0TCK3MmXTdANDa/2g4olHgpuL3jywnvCFTk6U=
Subject key identifier:   2E:9E:64:2A:85:41:A6:2E:C6:64:36:6D:97:30:46:EA:30:11:0B:16
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       01973C1C9EDDA01B7674637C30D094028D0B
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/Lp5kKoVBpi7GZDZtlzBG6jARCxY.roa
Signing time:             Wed 04 Jun 2025 18:03:17 +0000
ROA not before:           Wed 04 Jun 2025 18:03:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200063
IP address blocks:        194.15.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 22:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3c:1c:9e:dd:a0:1b:76:74:63:7c:30:d0:94:02:8d:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jun  4 18:03:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e9e642a8541a62ec664366d973046ea30110b16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ef:47:cb:4e:74:2b:8f:2d:aa:18:b1:11:49:
                    92:7d:ee:1a:44:d8:e4:f1:a8:85:f1:a0:88:b2:04:
                    a3:a7:af:4f:13:b7:37:2a:10:29:cb:86:6b:62:a1:
                    e0:f5:5e:d8:0b:57:3d:76:14:19:24:e8:53:09:d0:
                    2f:94:87:0a:46:e1:f3:03:ef:92:de:3f:74:84:11:
                    1b:c9:c6:d9:8d:de:ea:0c:7f:28:7a:ce:9c:17:17:
                    8d:f5:71:14:11:5f:3c:46:84:39:9f:36:87:13:ec:
                    22:a5:14:4a:ee:0c:39:1a:44:40:77:6d:91:02:1a:
                    49:9e:4d:92:db:cf:02:1a:53:64:17:b0:c0:dd:f4:
                    ac:81:cc:c7:bb:01:06:50:02:cf:11:a3:67:7b:ff:
                    79:20:ac:00:38:d2:02:83:f7:d8:9e:e0:4e:ae:29:
                    c6:f9:3d:ee:69:cc:26:c2:4d:52:af:9f:8e:58:7e:
                    a5:ae:3e:63:b1:07:5b:93:7f:a0:be:19:67:4d:e0:
                    c5:79:92:46:7e:87:10:20:76:ec:94:1f:24:93:e4:
                    75:72:0b:fb:cf:86:1b:8b:62:a5:56:c8:08:db:93:
                    f6:8f:03:87:8c:7a:e2:ec:eb:8a:a3:6e:53:7f:ba:
                    a4:ac:7d:25:aa:e3:34:71:4d:8c:5b:d8:a6:9a:d8:
                    dd:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:9E:64:2A:85:41:A6:2E:C6:64:36:6D:97:30:46:EA:30:11:0B:16
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/Lp5kKoVBpi7GZDZtlzBG6jARCxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:f3:2b:8c:bb:d4:3c:9e:79:d9:7b:3d:ab:aa:97:52:50:83:
         8e:5f:94:3c:6d:c6:b0:ed:69:d0:7c:77:b8:ec:cf:06:da:dd:
         84:81:4c:24:26:9e:bb:b8:a2:d4:ff:f7:0e:07:eb:42:0c:eb:
         f8:2c:79:0b:59:d7:84:64:0b:0c:0f:e8:b5:af:5b:10:da:d5:
         f0:a2:4d:18:49:36:e2:cf:f5:c9:db:ae:0b:f2:16:6d:a7:98:
         d4:a2:01:90:88:ac:36:14:a7:33:d4:c4:fb:06:53:fa:38:af:
         a2:99:8c:3e:d6:f2:3e:09:a2:c8:c4:2f:b5:cd:ed:0e:b9:f8:
         ee:30:bb:68:11:7d:ee:f6:02:16:48:8e:76:eb:34:74:2f:0a:
         ed:65:65:f2:af:a4:08:05:54:b9:48:65:e2:ae:30:0c:c3:76:
         c6:5d:9d:25:18:df:b2:ca:f7:15:58:e4:20:60:b3:af:ad:99:
         02:11:bd:11:95:6d:43:ac:1d:cc:36:3a:6a:e2:0c:f6:e3:02:
         a8:ab:3c:96:51:be:c2:18:c4:e2:be:36:95:b4:25:28:06:83:
         37:09:dd:e9:66:51:3d:90:ef:a1:6a:5b:9d:69:c1:03:74:16:
         b3:e4:62:e3:bc:18:5d:c3:53:37:cc:71:7d:b0:d0:e6:2f:83:
         1c:43:f9:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc8HJ7doBt2dGN8MNCUAo0LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwNjA0MTgwMzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTllNjQyYTg1NDFhNjJlYzY2NDM2NmQ5NzMwNDZlYTMwMTEwYjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyO9Hy050K48tqhixEUmSfe4aRNjk
8aiF8aCIsgSjp69PE7c3KhApy4ZrYqHg9V7YC1c9dhQZJOhTCdAvlIcKRuHzA++S
3j90hBEbycbZjd7qDH8oes6cFxeN9XEUEV88RoQ5nzaHE+wipRRK7gw5GkRAd22R
AhpJnk2S288CGlNkF7DA3fSsgczHuwEGUALPEaNne/95IKwAONICg/fYnuBOrinG
+T3uacwmwk1Sr5+OWH6lrj5jsQdbk3+gvhlnTeDFeZJGfocQIHbslB8kk+R1cgv7
z4Ybi2KlVsgI25P2jwOHjHri7OuKo25Tf7qkrH0lquM0cU2MW9immtjdUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC6eZCqFQaYuxmQ2bZcwRuowEQsWMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvTHA1a0tvVkJwaTdHWkRadGx6Qkc2akFSQ3hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg81MA0G
CSqGSIb3DQEBCwUAA4IBAQB08yuMu9Q8nnnZez2rqpdSUIOOX5Q8bcaw7WnQfHe4
7M8G2t2EgUwkJp67uKLU//cOB+tCDOv4LHkLWdeEZAsMD+i1r1sQ2tXwok0YSTbi
z/XJ264L8hZtp5jUogGQiKw2FKcz1MT7BlP6OK+imYw+1vI+CaLIxC+1ze0Oufju
MLtoEX3u9gIWSI526zR0LwrtZWXyr6QIBVS5SGXirjAMw3bGXZ0lGN+yyvcVWOQg
YLOvrZkCEb0RlW1DrB3MNjpq4gz24wKoqzyWUb7CGMTivjaVtCUoBoM3Cd3pZlE9
kO+haludacEDdBaz5GLjvBhdw1M3zHF9sNDmL4McQ/ll
-----END CERTIFICATE-----