Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/5bcea5-8e45-458a-b031-b78ff80a8027/1/OY4UYP6MQJjL7Sxg2gh9CE4T1RE.roa
File:                     OY4UYP6MQJjL7Sxg2gh9CE4T1RE.roa (raw, json)
Hash identifier:          ZrfsE/pEoCJELDNN+z7XrdVrqnmY0w2a+56TbedDcbs=
Subject key identifier:   39:8E:14:60:FE:8C:40:98:CB:ED:2C:60:DA:08:7D:08:4E:13:D5:11
Certificate issuer:       /CN=552c9a1c9c4ff793e888bd583dca9815cc4574c0
Certificate serial:       019421B23565EBC600240F556918AEAE930B
Authority key identifier: 55:2C:9A:1C:9C:4F:F7:93:E8:88:BD:58:3D:CA:98:15:CC:45:74:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VSyaHJxP95PoiL1YPcqYFcxFdMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/5bcea5-8e45-458a-b031-b78ff80a8027/1/OY4UYP6MQJjL7Sxg2gh9CE4T1RE.roa
Signing time:             Wed 01 Jan 2025 11:48:34 +0000
ROA not before:           Wed 01 Jan 2025 11:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49234
IP address blocks:        193.24.128.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/5bcea5-8e45-458a-b031-b78ff80a8027/1/VSyaHJxP95PoiL1YPcqYFcxFdMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/5bcea5-8e45-458a-b031-b78ff80a8027/1/VSyaHJxP95PoiL1YPcqYFcxFdMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VSyaHJxP95PoiL1YPcqYFcxFdMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:35:65:eb:c6:00:24:0f:55:69:18:ae:ae:93:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=552c9a1c9c4ff793e888bd583dca9815cc4574c0
        Validity
            Not Before: Jan  1 11:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=398e1460fe8c4098cbed2c60da087d084e13d511
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:14:c7:8a:82:a7:2a:f2:3b:76:c3:7b:62:df:
                    d5:20:1b:4a:cd:e3:86:71:39:b6:c9:b6:f5:e3:ab:
                    c9:f9:2c:0f:57:62:e7:4b:60:f1:78:46:f9:32:d3:
                    32:5c:a7:98:45:9d:d3:91:b6:c0:9e:5b:eb:dc:0b:
                    69:14:6e:0d:e5:ab:a0:65:b7:25:53:3b:48:51:21:
                    1c:da:63:af:75:1d:22:3e:ef:9b:9a:d1:40:30:2b:
                    f2:eb:55:a5:b9:00:e0:ae:e3:3a:be:eb:20:56:81:
                    9d:c9:72:f6:ca:b9:63:e8:07:a3:19:42:a9:fe:88:
                    87:40:6b:76:1c:e6:39:c2:02:b2:57:b1:f3:f7:dc:
                    12:34:93:8e:d1:43:a4:ed:9a:b2:f0:f0:0e:10:b5:
                    5d:82:b0:37:cd:7d:a2:82:11:34:88:26:af:d4:5d:
                    cd:8e:bb:af:d4:c0:6b:61:81:e8:f2:8e:07:0a:e7:
                    2b:1c:3f:37:39:53:29:2f:be:dc:c6:5b:e5:63:a0:
                    75:de:f5:14:69:7a:8f:cf:65:4e:e3:10:31:99:bb:
                    5c:c5:5e:81:65:e5:17:3d:4a:38:e0:67:78:66:13:
                    ca:a9:13:d3:57:58:da:4f:69:b7:9e:9d:1e:78:c0:
                    ea:1d:f8:71:34:e7:5c:ea:d5:de:9c:5e:90:80:46:
                    58:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:8E:14:60:FE:8C:40:98:CB:ED:2C:60:DA:08:7D:08:4E:13:D5:11
            X509v3 Authority Key Identifier:
                keyid:55:2C:9A:1C:9C:4F:F7:93:E8:88:BD:58:3D:CA:98:15:CC:45:74:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VSyaHJxP95PoiL1YPcqYFcxFdMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/5bcea5-8e45-458a-b031-b78ff80a8027/1/OY4UYP6MQJjL7Sxg2gh9CE4T1RE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/5bcea5-8e45-458a-b031-b78ff80a8027/1/VSyaHJxP95PoiL1YPcqYFcxFdMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         b4:9f:34:75:49:08:2f:89:96:0f:d0:ce:3d:2f:7d:94:95:e6:
         35:41:9f:58:54:c1:1f:7c:0a:df:f7:c2:52:92:56:ac:07:2b:
         c3:c5:d9:6f:77:8d:3d:b5:40:ea:1b:9c:66:f0:0d:a5:6d:f1:
         d9:5e:79:73:bb:f0:f4:69:f1:16:4a:be:d5:32:1a:32:87:58:
         35:b1:cd:e9:f1:e7:49:ea:0f:0a:ec:a6:e1:b1:91:57:97:21:
         2f:53:74:61:65:2b:08:e8:f4:e4:55:38:0c:86:73:30:b9:07:
         16:cc:46:a3:e3:22:45:f3:ab:5c:c3:56:3a:ce:e4:c5:48:6b:
         33:86:dd:5a:c1:82:f9:3d:a9:ee:17:51:9a:40:88:8a:38:c3:
         e0:ec:11:41:90:b8:d9:44:04:c4:2e:ce:c0:af:4c:25:a4:19:
         26:a6:7e:42:2e:fd:53:c4:96:e0:b4:b9:09:3d:a0:ba:7c:79:
         3c:9d:0e:96:13:7e:db:79:fe:90:f8:cb:af:59:5e:37:2a:32:
         79:9a:72:10:08:c4:99:15:ba:57:92:ab:f4:4a:a8:9c:52:45:
         65:87:d1:0b:02:36:96:c4:c8:46:a8:b6:6b:9c:a7:6d:03:4b:
         73:5b:19:80:be:72:b7:fa:07:e3:f0:c9:aa:30:53:92:6f:3f:
         e9:b7:c4:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsjVl68YAJA9VaRiurpMLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1MmM5YTFjOWM0ZmY3OTNlODg4YmQ1ODNkY2E5ODE1Y2M0
NTc0YzAwHhcNMjUwMTAxMTE0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOThlMTQ2MGZlOGM0MDk4Y2JlZDJjNjBkYTA4N2QwODRlMTNkNTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBTHioKnKvI7dsN7Yt/VIBtKzeOG
cTm2ybb146vJ+SwPV2LnS2DxeEb5MtMyXKeYRZ3TkbbAnlvr3AtpFG4N5augZbcl
UztIUSEc2mOvdR0iPu+bmtFAMCvy61WluQDgruM6vusgVoGdyXL2yrlj6AejGUKp
/oiHQGt2HOY5wgKyV7Hz99wSNJOO0UOk7Zqy8PAOELVdgrA3zX2ighE0iCav1F3N
jruv1MBrYYHo8o4HCucrHD83OVMpL77cxlvlY6B13vUUaXqPz2VO4xAxmbtcxV6B
ZeUXPUo44Gd4ZhPKqRPTV1jaT2m3np0eeMDqHfhxNOdc6tXenF6QgEZY8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDmOFGD+jECYy+0sYNoIfQhOE9URMB8GA1UdIwQY
MBaAFFUsmhycT/eT6Ii9WD3KmBXMRXTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlN5YUhKeFA5NVBvaUwxWVBjcVlGY3hGZE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi81YmNlYTUtOGU0NS00NThhLWIwMzEt
Yjc4ZmY4MGE4MDI3LzEvT1k0VVlQNk1RSmpMN1N4ZzJnaDlDRTRUMVJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi81YmNlYTUtOGU0NS00NThhLWIwMzEtYjc4ZmY4MGE4MDI3
LzEvVlN5YUhKeFA5NVBvaUwxWVBjcVlGY3hGZE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGwRiAMA0G
CSqGSIb3DQEBCwUAA4IBAQC0nzR1SQgviZYP0M49L32UleY1QZ9YVMEffArf98JS
klasByvDxdlvd409tUDqG5xm8A2lbfHZXnlzu/D0afEWSr7VMhoyh1g1sc3p8edJ
6g8K7KbhsZFXlyEvU3RhZSsI6PTkVTgMhnMwuQcWzEaj4yJF86tcw1Y6zuTFSGsz
ht1awYL5PanuF1GaQIiKOMPg7BFBkLjZRATELs7Ar0wlpBkmpn5CLv1TxJbgtLkJ
PaC6fHk8nQ6WE37bef6Q+MuvWV43KjJ5mnIQCMSZFbpXkqv0SqicUkVlh9ELAjaW
xMhGqLZrnKdtA0tzWxmAvnK3+gfj8MmqMFOSbz/pt8SG
-----END CERTIFICATE-----