Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/poXwpvkvRg633LYFGk-iWzlj3Rk.roa
File:                     poXwpvkvRg633LYFGk-iWzlj3Rk.roa (raw, json)
Hash identifier:          W5a6ZZcfOFTcK7kPUq/ojL8WGj2xf0i5VWR/Jf3A3hg=
Subject key identifier:   A6:85:F0:A6:F9:2F:46:0E:B7:DC:B6:05:1A:4F:A2:5B:39:63:DD:19
Certificate issuer:       /CN=25bbed0bff7ffeab67f302b411a00701854a6c30
Certificate serial:       0196761F14676412DA82D3E0157F2FE3336A
Authority key identifier: 25:BB:ED:0B:FF:7F:FE:AB:67:F3:02:B4:11:A0:07:01:85:4A:6C:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/poXwpvkvRg633LYFGk-iWzlj3Rk.roa
Signing time:             Sun 27 Apr 2025 07:21:10 +0000
ROA not before:           Sun 27 Apr 2025 07:21:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5065
IP address blocks:        194.104.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 14:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:76:1f:14:67:64:12:da:82:d3:e0:15:7f:2f:e3:33:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25bbed0bff7ffeab67f302b411a00701854a6c30
        Validity
            Not Before: Apr 27 07:21:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a685f0a6f92f460eb7dcb6051a4fa25b3963dd19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c3:28:5e:aa:0d:26:aa:9b:fb:da:54:2e:9d:
                    f4:69:79:90:7c:8f:bb:17:5a:0d:e5:4e:f1:96:4e:
                    97:77:25:be:9d:71:0e:dc:f5:b9:e9:4a:71:b9:ca:
                    75:68:ec:ca:98:88:f5:a8:25:e7:5d:91:ca:92:4c:
                    31:04:48:19:76:14:9f:db:46:e2:70:cf:c8:56:36:
                    a0:2a:f0:ed:9e:65:22:f8:15:fc:b3:fb:33:c7:01:
                    b0:46:b3:85:73:bb:aa:f5:1c:ce:24:39:f3:27:c9:
                    05:dd:65:b7:2a:30:78:86:76:ac:93:78:44:ae:9d:
                    9c:9a:31:c2:46:46:b3:7d:51:de:46:76:82:13:da:
                    e8:12:77:2a:f3:c1:1a:0b:48:2f:17:16:e8:aa:b8:
                    b6:4e:6b:cf:5d:28:4e:c7:bb:f8:98:1a:1e:d5:82:
                    ae:bb:11:30:ee:47:e4:7c:89:79:7e:b9:fd:6a:87:
                    e9:7c:fe:0a:e1:a6:91:ed:90:c5:68:46:c8:a6:0f:
                    f7:05:dd:37:ff:e6:69:3a:41:88:30:0a:71:31:28:
                    dd:e3:bb:e4:91:be:86:ce:ab:17:4f:59:23:cc:c5:
                    50:19:70:f7:16:17:36:89:a3:54:05:28:78:92:a2:
                    dc:46:d8:29:f4:22:be:72:61:7b:0e:64:e7:d3:16:
                    be:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:85:F0:A6:F9:2F:46:0E:B7:DC:B6:05:1A:4F:A2:5B:39:63:DD:19
            X509v3 Authority Key Identifier:
                keyid:25:BB:ED:0B:FF:7F:FE:AB:67:F3:02:B4:11:A0:07:01:85:4A:6C:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/poXwpvkvRg633LYFGk-iWzlj3Rk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:83:9f:d1:52:aa:36:f7:74:34:59:9f:45:5c:84:3d:d2:fa:
         7a:ec:6e:77:2b:62:1b:f6:9b:70:e1:53:28:6b:d5:bc:79:dc:
         c9:61:c3:b5:66:21:fb:76:a1:21:9d:9f:c7:1e:73:38:a6:a0:
         18:ea:95:c1:50:3a:5c:d5:cf:3a:79:75:a7:5b:d7:09:db:da:
         f8:d2:71:71:16:04:de:44:d3:01:9d:8e:18:63:2a:df:04:1e:
         ca:59:3e:ad:c8:0e:13:e9:b0:55:e2:5d:82:79:1f:39:74:8e:
         ff:9b:1e:2d:14:0d:d3:bc:26:86:74:b0:2c:4b:b4:6b:4d:cd:
         1f:42:83:10:9c:83:dd:6d:27:38:a5:8d:f6:26:dc:13:59:92:
         1b:89:ea:b1:a4:49:57:7d:df:67:2b:c3:24:5e:87:7e:53:2a:
         07:4d:d0:45:93:d9:0d:d8:27:8b:93:fa:0b:52:72:79:bf:86:
         ad:d7:11:a9:a9:60:b9:f3:21:cf:9d:ca:64:b7:6b:02:4d:ad:
         b6:fc:9a:3c:ff:cb:41:b1:54:b9:91:73:07:ea:eb:35:4e:f8:
         f7:27:13:02:8f:8d:79:42:87:bb:99:dd:3a:2f:4e:5e:3e:ec:
         d6:40:6a:76:75:55:86:43:42:f0:49:9d:6b:8f:4c:f9:b7:d3:
         40:7e:40:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ2HxRnZBLagtPgFX8v4zNqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YmJlZDBiZmY3ZmZlYWI2N2YzMDJiNDExYTAwNzAxODU0
YTZjMzAwHhcNMjUwNDI3MDcyMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjg1ZjBhNmY5MmY0NjBlYjdkY2I2MDUxYTRmYTI1YjM5NjNkZDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMMoXqoNJqqb+9pULp30aXmQfI+7
F1oN5U7xlk6XdyW+nXEO3PW56Upxucp1aOzKmIj1qCXnXZHKkkwxBEgZdhSf20bi
cM/IVjagKvDtnmUi+BX8s/szxwGwRrOFc7uq9RzOJDnzJ8kF3WW3KjB4hnask3hE
rp2cmjHCRkazfVHeRnaCE9roEncq88EaC0gvFxboqri2TmvPXShOx7v4mBoe1YKu
uxEw7kfkfIl5frn9aofpfP4K4aaR7ZDFaEbIpg/3Bd03/+ZpOkGIMApxMSjd47vk
kb6GzqsXT1kjzMVQGXD3Fhc2iaNUBSh4kqLcRtgp9CK+cmF7DmTn0xa+BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKaF8Kb5L0YOt9y2BRpPols5Y90ZMB8GA1UdIwQY
MBaAFCW77Qv/f/6rZ/MCtBGgBwGFSmwwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmJ2dENfOV9fcXRuOHdLMEVhQUhBWVZLYkRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8zYjlhZmYtZjAwZC00MTg3LWFmOTQt
NTcxN2I0NTQ0MjM3LzEvcG9Yd3B2a3ZSZzYzM0xZRkdrLWlXemxqM1JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8zYjlhZmYtZjAwZC00MTg3LWFmOTQtNTcxN2I0NTQ0MjM3
LzEvSmJ2dENfOV9fcXRuOHdLMEVhQUhBWVZLYkRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmiKMA0G
CSqGSIb3DQEBCwUAA4IBAQAgg5/RUqo293Q0WZ9FXIQ90vp67G53K2Ib9ptw4VMo
a9W8edzJYcO1ZiH7dqEhnZ/HHnM4pqAY6pXBUDpc1c86eXWnW9cJ29r40nFxFgTe
RNMBnY4YYyrfBB7KWT6tyA4T6bBV4l2CeR85dI7/mx4tFA3TvCaGdLAsS7RrTc0f
QoMQnIPdbSc4pY32JtwTWZIbieqxpElXfd9nK8MkXod+UyoHTdBFk9kN2CeLk/oL
UnJ5v4at1xGpqWC58yHPncpkt2sCTa22/Jo8/8tBsVS5kXMH6us1Tvj3JxMCj415
Qoe7md06L05ePuzWQGp2dVWGQ0LwSZ1rj0z5t9NAfkAP
-----END CERTIFICATE-----