Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/REFW6rSHBTfRsUnwOYyR16B8o0I.roa
File:                     REFW6rSHBTfRsUnwOYyR16B8o0I.roa (raw, json)
Hash identifier:          XB70ye/c1KysdH/4/hccAGTbjaBXhCjgy7hTvmJtugk=
Subject key identifier:   44:41:56:EA:B4:87:05:37:D1:B1:49:F0:39:8C:91:D7:A0:7C:A3:42
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       0196AA387DC31A3E69AAC458269EEC2BF6E9
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/REFW6rSHBTfRsUnwOYyR16B8o0I.roa
Signing time:             Wed 07 May 2025 10:09:10 +0000
ROA not before:           Wed 07 May 2025 10:09:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136501
IP address blocks:        207.244.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 13:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:aa:38:7d:c3:1a:3e:69:aa:c4:58:26:9e:ec:2b:f6:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: May  7 10:09:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=444156eab4870537d1b149f0398c91d7a07ca342
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:2d:64:57:c5:d1:01:41:42:79:c8:3d:87:6a:
                    17:d0:d7:2d:cd:6a:cb:d8:a5:b3:e8:6f:b6:b5:4c:
                    1b:b4:6b:da:d9:86:c4:24:5f:fc:41:bd:ff:86:bb:
                    b6:01:86:dd:2d:69:2b:21:79:25:ab:74:1e:a9:70:
                    30:ac:9d:bd:86:54:6d:31:89:df:84:3b:e0:79:35:
                    d1:42:98:11:b5:cb:f4:65:2b:8e:df:67:d2:6b:86:
                    00:d5:b2:74:2a:c6:8d:d3:26:0c:e7:87:aa:5e:0c:
                    9a:79:31:1b:82:21:18:86:09:1a:00:72:3c:3d:05:
                    52:54:74:0f:2a:90:80:d5:0a:53:c1:ae:70:1e:60:
                    1f:15:ba:eb:92:ce:b7:16:db:a1:db:9a:b7:bb:9a:
                    45:39:46:81:8e:9b:d7:f5:b2:f3:6c:b1:75:79:3e:
                    1b:64:5e:21:cb:09:c2:3b:63:84:ae:9b:2d:11:8b:
                    ac:da:55:a3:74:ce:86:c0:05:aa:7a:c9:3c:5f:99:
                    e2:dc:f1:aa:08:64:8b:28:68:87:df:5e:c3:36:22:
                    3e:da:ea:9a:c0:1f:65:00:05:5e:fa:c1:fc:ba:ae:
                    39:34:04:9d:01:de:a2:b3:16:96:9c:8a:d8:41:7c:
                    c6:c1:73:25:9e:f6:8e:b5:26:55:52:6c:f7:bc:ad:
                    b3:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:41:56:EA:B4:87:05:37:D1:B1:49:F0:39:8C:91:D7:A0:7C:A3:42
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/REFW6rSHBTfRsUnwOYyR16B8o0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.244.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:21:94:4f:e3:bc:03:25:63:03:0b:3c:41:96:cd:cf:ad:de:
         1f:10:be:e8:9c:77:b7:4a:c6:07:da:4b:2c:fc:24:79:f0:15:
         18:3d:b8:71:53:3f:76:86:f0:18:f4:aa:a0:7a:87:8c:62:a1:
         cb:24:d2:a6:1a:34:d5:4c:36:71:64:36:47:7a:6f:34:b5:e0:
         c0:9e:76:d2:86:a5:79:c5:b0:28:ca:61:80:1f:6f:91:04:9f:
         e1:1a:aa:56:3e:a8:ef:d9:18:0d:a7:48:19:10:f1:5d:86:e6:
         47:a3:e3:dd:10:6e:c2:2f:d1:a1:f5:8a:5a:c9:87:dc:35:28:
         92:86:97:dc:c6:b4:e1:76:79:65:87:80:bb:a8:f6:f5:08:0a:
         4c:c5:9a:c4:f2:d7:ea:b1:f5:c2:d3:23:f7:40:39:de:57:37:
         3c:ac:67:a2:7b:2d:20:ce:0c:a6:81:0c:9d:cf:01:0e:3a:33:
         29:a3:54:11:56:23:47:3d:4b:13:4c:80:19:8f:ea:4b:47:cf:
         f3:95:dd:87:50:31:21:94:49:38:75:ae:ef:f3:be:b3:4e:04:
         15:ef:49:3d:7e:48:bb:c0:9e:6f:30:6a:09:bd:9e:19:64:5e:
         41:00:e7:32:65:60:5f:63:47:10:36:8b:c4:3f:82:96:4f:e7:
         df:4b:56:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaqOH3DGj5pqsRYJp7sK/bpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwNTA3MTAwOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDQxNTZlYWI0ODcwNTM3ZDFiMTQ5ZjAzOThjOTFkN2EwN2NhMzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxC1kV8XRAUFCecg9h2oX0NctzWrL
2KWz6G+2tUwbtGva2YbEJF/8Qb3/hru2AYbdLWkrIXklq3QeqXAwrJ29hlRtMYnf
hDvgeTXRQpgRtcv0ZSuO32fSa4YA1bJ0KsaN0yYM54eqXgyaeTEbgiEYhgkaAHI8
PQVSVHQPKpCA1QpTwa5wHmAfFbrrks63Ftuh25q3u5pFOUaBjpvX9bLzbLF1eT4b
ZF4hywnCO2OErpstEYus2lWjdM6GwAWqesk8X5ni3PGqCGSLKGiH317DNiI+2uqa
wB9lAAVe+sH8uq45NASdAd6isxaWnIrYQXzGwXMlnvaOtSZVUmz3vK2zuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFERBVuq0hwU30bFJ8DmMkdegfKNCMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvUkVGVzZyU0hCVGZSc1Vud09ZeVIxNkI4bzBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAz/TGMA0G
CSqGSIb3DQEBCwUAA4IBAQBrIZRP47wDJWMDCzxBls3Prd4fEL7onHe3SsYH2kss
/CR58BUYPbhxUz92hvAY9KqgeoeMYqHLJNKmGjTVTDZxZDZHem80teDAnnbShqV5
xbAoymGAH2+RBJ/hGqpWPqjv2RgNp0gZEPFdhuZHo+PdEG7CL9Gh9YpayYfcNSiS
hpfcxrThdnllh4C7qPb1CApMxZrE8tfqsfXC0yP3QDneVzc8rGeiey0gzgymgQyd
zwEOOjMpo1QRViNHPUsTTIAZj+pLR8/zld2HUDEhlEk4da7v876zTgQV70k9fki7
wJ5vMGoJvZ4ZZF5BAOcyZWBfY0cQNovEP4KWT+ffS1a3
-----END CERTIFICATE-----