Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/RJwe2BfOH2L8b2xvYWAb7A5I8YI.roa
File:                     RJwe2BfOH2L8b2xvYWAb7A5I8YI.roa (raw, json)
Hash identifier:          Ua7R/78tPOt1hUU0nncJ70Fr//DWyVNm+5rSWWhtzSo=
Subject key identifier:   44:9C:1E:D8:17:CE:1F:62:FC:6F:6C:6F:61:60:1B:EC:0E:48:F1:82
Certificate issuer:       /CN=84f824d32df1a5113d82101345d785a38addbde5
Certificate serial:       01966CB7790EE6E71B34A3CDA755B878C8FE
Authority key identifier: 84:F8:24:D3:2D:F1:A5:11:3D:82:10:13:45:D7:85:A3:8A:DD:BD:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hPgk0y3xpRE9ghATRdeFo4rdveU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/RJwe2BfOH2L8b2xvYWAb7A5I8YI.roa
Signing time:             Fri 25 Apr 2025 11:31:25 +0000
ROA not before:           Fri 25 Apr 2025 11:31:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398465
IP address blocks:        86.107.72.0/24 maxlen: 24
                          93.114.52.0/23 maxlen: 23
                          194.41.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/hPgk0y3xpRE9ghATRdeFo4rdveU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/hPgk0y3xpRE9ghATRdeFo4rdveU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hPgk0y3xpRE9ghATRdeFo4rdveU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6c:b7:79:0e:e6:e7:1b:34:a3:cd:a7:55:b8:78:c8:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84f824d32df1a5113d82101345d785a38addbde5
        Validity
            Not Before: Apr 25 11:31:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=449c1ed817ce1f62fc6f6c6f61601bec0e48f182
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:b4:9b:21:ef:b2:f8:2a:17:6c:b9:64:02:b0:
                    e3:39:48:7d:aa:c1:44:ff:03:26:6c:2e:a1:1e:74:
                    80:a1:be:0d:14:9c:c2:85:08:8d:12:19:8d:2e:d3:
                    31:20:f1:a8:4e:77:ab:5f:be:b3:c5:bd:11:83:64:
                    33:a4:5c:01:57:e1:b5:e6:48:16:3f:9d:3c:ff:c8:
                    9b:53:54:08:55:75:24:9c:6a:94:e1:3a:37:a8:f8:
                    39:9a:e7:61:5f:36:04:34:dd:f3:8b:bd:95:7c:5e:
                    1f:af:ee:98:08:76:d1:ca:de:b3:30:06:fd:82:c4:
                    69:8a:a0:1f:19:a9:c0:03:6c:9c:73:b7:d2:d1:b6:
                    19:19:f5:6f:8a:f7:b4:c7:d7:52:fb:fd:90:99:59:
                    5c:ca:06:bc:35:51:73:eb:83:d7:89:5e:38:56:37:
                    4d:a0:33:27:bf:a5:54:86:5f:a1:89:20:00:bf:a4:
                    e9:30:bc:7e:95:e9:17:0f:6a:3b:e4:8a:e1:52:3f:
                    04:d4:b6:24:f7:e0:ce:77:5a:cd:24:f5:c2:98:4e:
                    35:0d:42:d5:f6:88:23:de:59:fb:8b:89:87:65:c2:
                    13:1a:61:b8:54:0f:6c:96:6f:60:dd:f5:2f:01:91:
                    3e:4b:41:6d:bc:5d:5a:23:10:0f:85:31:55:3e:aa:
                    3f:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:9C:1E:D8:17:CE:1F:62:FC:6F:6C:6F:61:60:1B:EC:0E:48:F1:82
            X509v3 Authority Key Identifier:
                keyid:84:F8:24:D3:2D:F1:A5:11:3D:82:10:13:45:D7:85:A3:8A:DD:BD:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hPgk0y3xpRE9ghATRdeFo4rdveU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/RJwe2BfOH2L8b2xvYWAb7A5I8YI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/hPgk0y3xpRE9ghATRdeFo4rdveU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.107.72.0/24
                  93.114.52.0/23
                  194.41.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:8d:90:35:43:93:10:05:f4:14:54:fb:24:0d:54:6e:f4:8f:
         a4:a2:a1:ef:ef:bf:0f:cb:d8:57:fb:9b:29:03:54:39:1b:28:
         38:36:93:fd:dc:ae:f2:6c:2b:e5:b4:77:bb:4d:84:9e:18:63:
         a8:3d:47:0f:88:4e:e2:58:c4:c6:b7:20:0a:7a:f1:48:c0:6e:
         ce:5b:14:84:1d:46:d4:fe:04:36:61:49:00:a7:bb:92:e7:b1:
         67:c5:08:df:72:01:22:44:8d:8e:17:75:0a:d3:39:62:db:ee:
         d8:1b:31:ad:af:de:45:c3:55:5e:da:5d:d9:fb:b3:a1:5d:9a:
         89:22:0e:71:b0:75:ed:80:b9:2f:2d:f8:51:42:cf:cc:21:94:
         3e:f6:8a:43:8a:ff:b4:99:84:c6:58:29:e8:98:65:31:d7:7f:
         09:fa:a4:0f:c1:95:3b:85:a6:c4:33:08:c3:a0:32:68:2d:43:
         94:98:89:7c:74:e9:fd:01:04:86:12:4f:73:70:dc:69:e2:c8:
         0f:6a:67:c6:ad:36:45:47:0c:7f:78:ae:bc:54:2f:d3:b0:94:
         8e:dd:6a:ee:7a:03:6b:b9:22:23:56:4c:bf:00:da:2b:8c:9d:
         b8:fb:c7:e3:ab:11:d3:6c:56:29:40:e4:17:a7:10:eb:ca:18:
         65:55:11:97
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZZst3kO5ucbNKPNp1W4eMj+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0ZjgyNGQzMmRmMWE1MTEzZDgyMTAxMzQ1ZDc4NWEzOGFk
ZGJkZTUwHhcNMjUwNDI1MTEzMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDljMWVkODE3Y2UxZjYyZmM2ZjZjNmY2MTYwMWJlYzBlNDhmMTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5rSbIe+y+CoXbLlkArDjOUh9qsFE
/wMmbC6hHnSAob4NFJzChQiNEhmNLtMxIPGoTnerX76zxb0Rg2QzpFwBV+G15kgW
P508/8ibU1QIVXUknGqU4To3qPg5mudhXzYENN3zi72VfF4fr+6YCHbRyt6zMAb9
gsRpiqAfGanAA2ycc7fS0bYZGfVvive0x9dS+/2QmVlcyga8NVFz64PXiV44VjdN
oDMnv6VUhl+hiSAAv6TpMLx+lekXD2o75IrhUj8E1LYk9+DOd1rNJPXCmE41DULV
9ogj3ln7i4mHZcITGmG4VA9slm9g3fUvAZE+S0FtvF1aIxAPhTFVPqo/ZwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEScHtgXzh9i/G9sb2FgG+wOSPGCMB8GA1UdIwQY
MBaAFIT4JNMt8aURPYIQE0XXhaOK3b3lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFBnazB5M3hwUkU5Z2hBVFJkZUZvNHJkdmVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85ZDY1YmItYWI0Zi00M2FhLWJiYTgt
NDM3Mzk0OTM4YzUyLzEvUkp3ZTJCZk9IMkw4YjJ4dllXQWI3QTVJOFlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85ZDY1YmItYWI0Zi00M2FhLWJiYTgtNDM3Mzk0OTM4YzUy
LzEvaFBnazB5M3hwUkU5Z2hBVFJkZUZvNHJkdmVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVmtIAwQB
XXI0AwQAwik9MA0GCSqGSIb3DQEBCwUAA4IBAQCojZA1Q5MQBfQUVPskDVRu9I+k
oqHv778Py9hX+5spA1Q5Gyg4NpP93K7ybCvltHe7TYSeGGOoPUcPiE7iWMTGtyAK
evFIwG7OWxSEHUbU/gQ2YUkAp7uS57FnxQjfcgEiRI2OF3UK0zli2+7YGzGtr95F
w1Ve2l3Z+7OhXZqJIg5xsHXtgLkvLfhRQs/MIZQ+9opDiv+0mYTGWCnomGUx138J
+qQPwZU7habEMwjDoDJoLUOUmIl8dOn9AQSGEk9zcNxp4sgPamfGrTZFRwx/eK68
VC/TsJSO3WruegNruSIjVky/ANorjJ24+8fjqxHTbFYpQOQXpxDryhhlVRGX
-----END CERTIFICATE-----