Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/Ap5URXBO93O7jJtjlLZVH2pw48c.roa
File:                     Ap5URXBO93O7jJtjlLZVH2pw48c.roa (raw, json)
Hash identifier:          p0iYaq767KbYvMNrK5KRomzTD5nBTVSwaVmB+7Atf7Y=
Subject key identifier:   02:9E:54:45:70:4E:F7:73:BB:8C:9B:63:94:B6:55:1F:6A:70:E3:C7
Certificate issuer:       /CN=a7fd3f89335dcf828666b28fad8ae993bd448878
Certificate serial:       0196AAC66309F9C078758BA6ECBA0C29FEDC
Authority key identifier: A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/Ap5URXBO93O7jJtjlLZVH2pw48c.roa
Signing time:             Wed 07 May 2025 12:44:10 +0000
ROA not before:           Wed 07 May 2025 12:44:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        194.32.144.0/23 maxlen: 23
                          194.32.146.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 21:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:aa:c6:63:09:f9:c0:78:75:8b:a6:ec:ba:0c:29:fe:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7fd3f89335dcf828666b28fad8ae993bd448878
        Validity
            Not Before: May  7 12:44:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=029e5445704ef773bb8c9b6394b6551f6a70e3c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2c:7f:17:be:6e:a6:0a:af:7b:d9:81:d0:be:
                    79:c5:ca:65:09:a6:0f:4f:d1:61:58:d7:0d:27:aa:
                    dc:9b:99:69:c7:15:73:2b:60:54:64:98:03:70:26:
                    32:03:62:3b:94:32:4f:9f:1a:7f:d2:27:0b:5d:a2:
                    50:e7:54:0a:90:ba:ec:eb:94:f0:76:ab:65:02:da:
                    60:30:db:fa:12:18:b5:58:9b:9b:8a:80:75:30:6c:
                    87:8e:49:e4:ce:27:c7:ff:01:11:83:fc:cc:8e:3c:
                    d0:9d:96:ac:56:35:06:89:6a:27:59:ff:d9:32:5c:
                    7a:34:d6:36:ae:30:25:fd:dd:51:cf:03:0c:47:37:
                    4c:6b:75:10:e7:a9:5c:7f:30:65:c0:09:ed:1c:26:
                    9e:ba:fb:73:15:69:a6:e8:f6:46:79:47:91:cf:31:
                    8b:b8:1c:e1:13:0b:6a:de:dd:4d:ab:9b:33:28:27:
                    52:fb:e7:57:c6:2f:e9:31:60:92:2e:89:12:10:42:
                    75:f3:cf:39:8f:b1:a8:9f:5b:8e:8a:02:d2:92:36:
                    37:5d:22:1b:98:91:0b:5d:f6:55:69:5d:58:b7:c7:
                    3b:eb:b9:39:88:b7:cd:7a:a4:63:36:34:4c:0f:bf:
                    76:91:30:6f:52:30:45:c5:e2:7a:0d:13:f3:40:d1:
                    f9:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:9E:54:45:70:4E:F7:73:BB:8C:9B:63:94:B6:55:1F:6A:70:E3:C7
            X509v3 Authority Key Identifier:
                keyid:A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/Ap5URXBO93O7jJtjlLZVH2pw48c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:ee:0b:7e:86:38:fc:2b:4c:cd:e6:e1:9a:eb:fe:3a:6d:c5:
         35:6e:cb:8a:f1:4d:6e:6f:3d:a0:8f:e2:b1:da:b6:3c:e7:47:
         af:88:8c:b4:73:ed:0a:b4:6e:a6:d0:c5:e8:95:c4:bb:3f:2d:
         f4:19:2b:f6:b1:66:30:60:14:d5:7d:4e:b2:91:7c:36:25:27:
         da:60:13:cf:99:9d:f5:09:0c:53:5d:26:f9:c4:6b:75:a3:af:
         a7:85:9d:02:74:97:c7:6d:b4:bf:70:7b:80:9b:24:18:1b:ff:
         fd:51:2d:d0:6a:7c:4b:1d:aa:c6:96:a0:2b:b9:2a:0a:87:7e:
         2f:cf:bb:08:f0:1f:50:e2:8f:4e:45:c2:6f:83:84:f1:6f:e5:
         18:79:e3:a4:54:a0:a7:72:18:8e:eb:2a:28:f4:58:9c:01:42:
         5f:e3:a8:1c:83:98:6b:93:61:9f:d8:ed:bd:16:06:46:08:a7:
         c4:d3:34:dc:31:aa:ac:a8:f3:9e:d9:21:a2:7d:5a:d4:78:81:
         9a:0d:d7:b6:1d:0a:57:29:fb:57:7f:da:3a:37:13:b5:a8:9c:
         14:c6:94:d5:f5:a7:f9:70:d5:0b:89:0c:c6:54:97:6c:43:d2:
         90:5c:bb:58:d6:79:82:83:d6:ad:69:c0:5a:9f:b2:1e:ab:27:
         90:1a:1b:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaqxmMJ+cB4dYum7LoMKf7cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZmQzZjg5MzM1ZGNmODI4NjY2YjI4ZmFkOGFlOTkzYmQ0
NDg4NzgwHhcNMjUwNTA3MTI0NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjllNTQ0NTcwNGVmNzczYmI4YzliNjM5NGI2NTUxZjZhNzBlM2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyx/F75upgqve9mB0L55xcplCaYP
T9FhWNcNJ6rcm5lpxxVzK2BUZJgDcCYyA2I7lDJPnxp/0icLXaJQ51QKkLrs65Tw
dqtlAtpgMNv6Ehi1WJubioB1MGyHjknkzifH/wERg/zMjjzQnZasVjUGiWonWf/Z
Mlx6NNY2rjAl/d1RzwMMRzdMa3UQ56lcfzBlwAntHCaeuvtzFWmm6PZGeUeRzzGL
uBzhEwtq3t1Nq5szKCdS++dXxi/pMWCSLokSEEJ18885j7Gon1uOigLSkjY3XSIb
mJELXfZVaV1Yt8c767k5iLfNeqRjNjRMD792kTBvUjBFxeJ6DRPzQNH5WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAKeVEVwTvdzu4ybY5S2VR9qcOPHMB8GA1UdIwQY
MBaAFKf9P4kzXc+Chmayj62K6ZO9RIh4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTIt
YzBiMWFkNDM1Yjk1LzEvQXA1VVJYQk85M083akp0amxMWlZIMnB3NDhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTItYzBiMWFkNDM1Yjk1
LzEvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiCQMA0G
CSqGSIb3DQEBCwUAA4IBAQCK7gt+hjj8K0zN5uGa6/46bcU1bsuK8U1ubz2gj+Kx
2rY850eviIy0c+0KtG6m0MXolcS7Py30GSv2sWYwYBTVfU6ykXw2JSfaYBPPmZ31
CQxTXSb5xGt1o6+nhZ0CdJfHbbS/cHuAmyQYG//9US3QanxLHarGlqAruSoKh34v
z7sI8B9Q4o9ORcJvg4Txb+UYeeOkVKCnchiO6yoo9FicAUJf46gcg5hrk2Gf2O29
FgZGCKfE0zTcMaqsqPOe2SGifVrUeIGaDde2HQpXKftXf9o6NxO1qJwUxpTV9af5
cNULiQzGVJdsQ9KQXLtY1nmCg9atacBan7IeqyeQGhv6
-----END CERTIFICATE-----