Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/5835be-69e0-469b-bcba-00d14a203eb1/1/0w0EpLZYR7z2XsoCgghcY3pUnoU.roa
File:                     0w0EpLZYR7z2XsoCgghcY3pUnoU.roa (raw, json)
Hash identifier:          lVpl8mTP6YZbuLjsob401TFZW5nVn9qmK2OvSpdRlfk=
Subject key identifier:   D3:0D:04:A4:B6:58:47:BC:F6:5E:CA:02:82:08:5C:63:7A:54:9E:85
Certificate issuer:       /CN=0b6efda3edcb2f745cccabb45e20b79e79a9fc98
Certificate serial:       01942144063AE5D5BBCC3176D9DA73237C03
Authority key identifier: 0B:6E:FD:A3:ED:CB:2F:74:5C:CC:AB:B4:5E:20:B7:9E:79:A9:FC:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C279o-3LL3RczKu0XiC3nnmp_Jg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/5835be-69e0-469b-bcba-00d14a203eb1/1/0w0EpLZYR7z2XsoCgghcY3pUnoU.roa
Signing time:             Wed 01 Jan 2025 09:48:13 +0000
ROA not before:           Wed 01 Jan 2025 09:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1754
IP address blocks:        131.169.0.0/16 maxlen: 24
                          141.34.0.0/16 maxlen: 16
                          192.76.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/5835be-69e0-469b-bcba-00d14a203eb1/1/C279o-3LL3RczKu0XiC3nnmp_Jg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/5835be-69e0-469b-bcba-00d14a203eb1/1/C279o-3LL3RczKu0XiC3nnmp_Jg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C279o-3LL3RczKu0XiC3nnmp_Jg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:06:3a:e5:d5:bb:cc:31:76:d9:da:73:23:7c:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b6efda3edcb2f745cccabb45e20b79e79a9fc98
        Validity
            Not Before: Jan  1 09:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d30d04a4b65847bcf65eca0282085c637a549e85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:af:63:5c:77:47:95:fa:99:99:e2:96:a5:8b:
                    cf:a6:56:af:4e:b4:99:79:a1:b9:7d:77:c6:e7:a6:
                    98:da:37:aa:47:dc:fb:4b:57:03:e2:29:08:a9:7a:
                    8d:3f:b3:45:15:3a:d1:72:d5:5d:a3:40:5a:d6:64:
                    e2:3a:f8:5a:ce:be:1e:07:0f:52:d2:9d:e5:a4:98:
                    b6:3b:42:23:88:58:93:d6:d9:5d:bb:26:2b:e9:42:
                    b4:9b:21:84:a2:8a:02:b4:32:54:2e:60:51:d1:1f:
                    bf:c3:0f:2a:d9:3c:c0:45:ee:3e:61:ad:14:d7:21:
                    a3:a4:a9:60:08:97:70:df:bd:04:02:31:4c:4e:7a:
                    b0:1e:30:e1:c7:7f:52:39:ee:23:cb:32:76:21:ef:
                    86:ce:8d:63:ef:68:f9:a9:57:2d:37:79:05:3c:5c:
                    10:f5:16:e9:50:b0:1b:db:92:aa:d0:e4:f8:c8:2a:
                    40:79:fa:62:5f:08:71:bc:ba:23:2b:11:a3:7a:6c:
                    b7:ea:72:36:c7:cc:5a:50:71:43:02:2a:06:92:29:
                    9f:11:b7:17:0d:1e:c0:10:8c:2d:25:ae:98:71:83:
                    2b:5c:0b:45:fe:6a:4f:ee:1d:35:c0:a0:a9:66:13:
                    92:cb:44:d3:e8:44:96:e9:49:e7:fd:cd:92:77:f8:
                    9f:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:0D:04:A4:B6:58:47:BC:F6:5E:CA:02:82:08:5C:63:7A:54:9E:85
            X509v3 Authority Key Identifier:
                keyid:0B:6E:FD:A3:ED:CB:2F:74:5C:CC:AB:B4:5E:20:B7:9E:79:A9:FC:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C279o-3LL3RczKu0XiC3nnmp_Jg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/5835be-69e0-469b-bcba-00d14a203eb1/1/0w0EpLZYR7z2XsoCgghcY3pUnoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/5835be-69e0-469b-bcba-00d14a203eb1/1/C279o-3LL3RczKu0XiC3nnmp_Jg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.169.0.0/16
                  141.34.0.0/16
                  192.76.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:d5:7e:c4:9e:fc:e2:06:e6:83:df:38:64:28:fa:30:08:42:
         b8:ec:01:5a:15:93:8e:32:43:5c:d7:87:6c:f1:e0:fa:40:49:
         4b:97:a6:95:f0:f3:d3:a9:4f:ad:d2:3b:62:84:94:7c:e2:2c:
         17:66:10:a9:ca:6e:50:cd:88:93:67:df:50:ac:9b:6a:dc:3e:
         9f:0d:6e:3f:7f:63:8c:c2:c8:16:d7:c5:44:29:ab:8e:56:f5:
         00:59:c0:90:1d:7e:08:70:ea:ba:24:68:e2:2b:c4:07:3f:66:
         bb:79:ed:15:ff:a5:27:8e:3d:f6:6e:0b:53:49:8c:1c:35:48:
         8f:6f:37:96:22:82:f2:dd:9a:25:bf:fd:78:3c:82:3c:b6:04:
         b4:60:1f:b2:88:53:4a:b1:eb:22:0a:44:6e:f0:99:3b:06:a8:
         61:dc:d6:e3:b2:94:72:da:94:0a:5b:6f:eb:57:4d:24:b2:46:
         91:76:36:8c:ca:df:22:1e:f9:83:46:80:15:cf:b3:36:ed:6f:
         f2:36:40:4f:72:df:6d:b6:6a:be:89:9d:44:24:a3:61:37:e2:
         ed:f6:88:a3:f4:43:9b:59:ff:b2:62:60:0c:06:1d:3d:5b:5e:
         5d:bb:6d:eb:15:7e:d3:04:3a:72:70:3f:e8:c8:dc:eb:20:42:
         06:a7:72:ad
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZQhRAY65dW7zDF22dpzI3wDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNmVmZGEzZWRjYjJmNzQ1Y2NjYWJiNDVlMjBiNzllNzlh
OWZjOTgwHhcNMjUwMTAxMDk0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzBkMDRhNGI2NTg0N2JjZjY1ZWNhMDI4MjA4NWM2MzdhNTQ5ZTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAla9jXHdHlfqZmeKWpYvPplavTrSZ
eaG5fXfG56aY2jeqR9z7S1cD4ikIqXqNP7NFFTrRctVdo0Ba1mTiOvhazr4eBw9S
0p3lpJi2O0IjiFiT1tlduyYr6UK0myGEoooCtDJULmBR0R+/ww8q2TzARe4+Ya0U
1yGjpKlgCJdw370EAjFMTnqwHjDhx39SOe4jyzJ2Ie+Gzo1j72j5qVctN3kFPFwQ
9RbpULAb25Kq0OT4yCpAefpiXwhxvLojKxGjemy36nI2x8xaUHFDAioGkimfEbcX
DR7AEIwtJa6YcYMrXAtF/mpP7h01wKCpZhOSy0TT6ESW6Unn/c2Sd/if5QIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFNMNBKS2WEe89l7KAoIIXGN6VJ6FMB8GA1UdIwQY
MBaAFAtu/aPtyy90XMyrtF4gt555qfyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzI3OW8tM0xMM1Jjekt1MFhpQzNubm1wX0pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS81ODM1YmUtNjllMC00NjliLWJjYmEt
MDBkMTRhMjAzZWIxLzEvMHcwRXBMWllSN3oyWHNvQ2dnaGNZM3BVbm9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS81ODM1YmUtNjllMC00NjliLWJjYmEtMDBkMTRhMjAzZWIx
LzEvQzI3OW8tM0xMM1Jjekt1MFhpQzNubm1wX0pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAATAQAwMAg6kDAwCN
IgMEAMBMrDANBgkqhkiG9w0BAQsFAAOCAQEAL9V+xJ784gbmg984ZCj6MAhCuOwB
WhWTjjJDXNeHbPHg+kBJS5emlfDz06lPrdI7YoSUfOIsF2YQqcpuUM2Ik2ffUKyb
atw+nw1uP39jjMLIFtfFRCmrjlb1AFnAkB1+CHDquiRo4ivEBz9mu3ntFf+lJ449
9m4LU0mMHDVIj283liKC8t2aJb/9eDyCPLYEtGAfsohTSrHrIgpEbvCZOwaoYdzW
47KUctqUCltv61dNJLJGkXY2jMrfIh75g0aAFc+zNu1v8jZAT3LfbbZqvomdRCSj
YTfi7faIo/RDm1n/smJgDAYdPVteXbtt6xV+0wQ6cnA/6Mjc6yBCBqdyrQ==
-----END CERTIFICATE-----