Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/N-Bn6UoZzfA4_e9vqjwupkidrwM.roa
File:                     N-Bn6UoZzfA4_e9vqjwupkidrwM.roa (raw, json)
Hash identifier:          P0ucGjyfHx1AsSd/Hp9hPmA5fgW6WVVitbxsp2xrVOM=
Subject key identifier:   37:E0:67:E9:4A:19:CD:F0:38:FD:EF:6F:AA:3C:2E:A6:48:9D:AF:03
Certificate issuer:       /CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
Certificate serial:       019681946DB2D87A0A9FA350B605ED9F96B6
Authority key identifier: F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/N-Bn6UoZzfA4_e9vqjwupkidrwM.roa
Signing time:             Tue 29 Apr 2025 12:45:10 +0000
ROA not before:           Tue 29 Apr 2025 12:45:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203172
IP address blocks:        123.253.212.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 03:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:81:94:6d:b2:d8:7a:0a:9f:a3:50:b6:05:ed:9f:96:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
        Validity
            Not Before: Apr 29 12:45:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37e067e94a19cdf038fdef6faa3c2ea6489daf03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:68:33:61:b0:3e:0e:8a:55:1a:2a:76:fe:78:
                    87:aa:f5:75:79:1b:11:0b:65:84:b3:58:02:8b:5f:
                    1c:a8:59:1d:84:43:cf:90:0a:5d:a5:a0:70:07:b3:
                    01:41:86:94:53:9c:55:49:cd:01:8f:03:51:81:53:
                    7f:9e:e7:e3:fd:19:3c:18:9e:d9:9a:c1:ec:33:aa:
                    f0:3f:e9:2c:87:2c:05:33:d5:46:90:25:cc:0f:a2:
                    57:31:78:7b:06:48:be:52:ce:36:a1:b0:9a:06:6a:
                    72:8e:a9:8f:d7:4a:84:c9:e6:93:a5:b0:6e:2e:dc:
                    d9:15:ae:40:25:c3:98:a2:ca:36:a1:6e:9b:9f:74:
                    03:d3:77:ab:c6:f6:33:17:ef:75:f7:33:a3:02:6a:
                    98:a0:80:33:2c:15:21:54:87:fa:bb:15:df:f5:a0:
                    db:c9:2b:33:8f:fa:1b:5d:3e:0f:8e:3b:d7:00:6d:
                    54:33:1f:fa:d3:29:ab:01:cf:bc:17:8f:c6:16:47:
                    4f:db:eb:e3:31:f5:7b:6c:b9:79:e4:c7:5e:3b:7f:
                    53:27:f5:0d:e4:d7:a0:39:01:9c:0f:97:2c:09:93:
                    55:7c:50:f8:f8:a0:b2:40:1f:b5:ea:c8:a1:e5:2f:
                    53:15:61:14:4d:5f:3b:cf:e4:a6:40:7e:e5:f6:f1:
                    c8:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:E0:67:E9:4A:19:CD:F0:38:FD:EF:6F:AA:3C:2E:A6:48:9D:AF:03
            X509v3 Authority Key Identifier:
                keyid:F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/N-Bn6UoZzfA4_e9vqjwupkidrwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  123.253.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8c:0d:34:47:46:e2:0f:a2:a8:98:57:ea:f7:2d:30:65:8e:a1:
         91:6b:49:39:42:3a:7b:2b:9c:d4:c5:cb:73:1d:00:54:28:42:
         1f:da:15:ec:56:95:b2:07:cd:5c:d8:95:d9:38:08:94:6d:54:
         a4:6f:db:ee:29:05:d4:4e:5b:e7:e6:9c:52:e1:1e:ec:3d:ef:
         dc:16:8c:74:3d:9d:8c:9f:9a:9a:22:02:70:13:94:22:fa:97:
         5d:ec:47:a6:c1:85:96:9a:7a:b4:40:0f:f2:ef:35:b4:90:81:
         bf:c4:8e:c4:4e:fc:82:e8:9c:89:a3:34:cf:84:c0:aa:4b:75:
         52:a1:8e:8b:6e:e9:08:90:86:1e:22:9e:d2:48:0d:8b:5b:f2:
         8c:c9:2f:eb:3b:8d:24:62:3f:b7:a8:2e:47:c5:03:94:cf:d4:
         ce:9d:36:20:d5:0e:ef:52:1d:c8:ee:ba:0d:0c:1b:96:ec:c8:
         3f:33:b1:6f:d3:87:b1:44:ce:15:35:a8:dc:e4:67:05:e7:cd:
         76:78:7d:43:57:3e:04:6e:76:65:d7:af:5f:db:26:14:89:ca:
         06:cd:1f:72:f3:03:05:a4:bb:e7:ef:11:81:26:e3:e4:72:17:
         c5:f5:18:52:f6:5b:04:d9:5b:57:17:27:e1:de:1a:49:42:92:
         52:ff:f8:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaBlG2y2HoKn6NQtgXtn5a2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGViMjA0ZjM1ODAwNDc4ODIyNGUyZmIxOGU0ZDVlNzRi
ZWJmOGQwHhcNMjUwNDI5MTI0NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2UwNjdlOTRhMTljZGYwMzhmZGVmNmZhYTNjMmVhNjQ4OWRhZjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+GgzYbA+DopVGip2/niHqvV1eRsR
C2WEs1gCi18cqFkdhEPPkApdpaBwB7MBQYaUU5xVSc0BjwNRgVN/nufj/Rk8GJ7Z
msHsM6rwP+kshywFM9VGkCXMD6JXMXh7Bki+Us42obCaBmpyjqmP10qEyeaTpbBu
LtzZFa5AJcOYoso2oW6bn3QD03erxvYzF+919zOjAmqYoIAzLBUhVIf6uxXf9aDb
ySszj/obXT4PjjvXAG1UMx/60ymrAc+8F4/GFkdP2+vjMfV7bLl55MdeO39TJ/UN
5NegOQGcD5csCZNVfFD4+KCyQB+16sih5S9TFWEUTV87z+SmQH7l9vHIPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDfgZ+lKGc3wOP3vb6o8LqZIna8DMB8GA1UdIwQY
MBaAFPBOsgTzWABHiCJOL7GOTV50vr+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMt
NWM1ODkyYWZhNDg3LzEvTi1CbjZVb1p6ZkE0X2U5dnFqd3Vwa2lkcndNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMtNWM1ODkyYWZhNDg3
LzEvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBe/3UMA0G
CSqGSIb3DQEBCwUAA4IBAQCMDTRHRuIPoqiYV+r3LTBljqGRa0k5Qjp7K5zUxctz
HQBUKEIf2hXsVpWyB81c2JXZOAiUbVSkb9vuKQXUTlvn5pxS4R7sPe/cFox0PZ2M
n5qaIgJwE5Qi+pdd7EemwYWWmnq0QA/y7zW0kIG/xI7ETvyC6JyJozTPhMCqS3VS
oY6LbukIkIYeIp7SSA2LW/KMyS/rO40kYj+3qC5HxQOUz9TOnTYg1Q7vUh3I7roN
DBuW7Mg/M7Fv04exRM4VNajc5GcF5812eH1DVz4EbnZl169f2yYUicoGzR9y8wMF
pLvn7xGBJuPkchfF9RhS9lsE2VtXFyfh3hpJQpJS//jr
-----END CERTIFICATE-----