Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/0hR_0c7RQJiSWec5GOXGTkJBB-o.roa
File:                     0hR_0c7RQJiSWec5GOXGTkJBB-o.roa (raw, json)
Hash identifier:          6B95v6L3QKq5sJN6SrWqfMlBSuwCIbwLv0Gvp6AwXSs=
Subject key identifier:   D2:14:7F:D1:CE:D1:40:98:92:59:E7:39:18:E5:C6:4E:42:41:07:EA
Certificate issuer:       /CN=8f51b5b8132f9e307b717a3e1e54d1f7f45ae517
Certificate serial:       01941FFA4DEE88850E024C49C6E8DA07C741
Authority key identifier: 8F:51:B5:B8:13:2F:9E:30:7B:71:7A:3E:1E:54:D1:F7:F4:5A:E5:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/0hR_0c7RQJiSWec5GOXGTkJBB-o.roa
Signing time:             Wed 01 Jan 2025 03:48:05 +0000
ROA not before:           Wed 01 Jan 2025 03:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        193.239.162.0/24 maxlen: 24
                          193.239.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:4d:ee:88:85:0e:02:4c:49:c6:e8:da:07:c7:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f51b5b8132f9e307b717a3e1e54d1f7f45ae517
        Validity
            Not Before: Jan  1 03:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2147fd1ced140989259e73918e5c64e424107ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:f5:bb:11:aa:ba:f6:41:db:fe:05:2d:dd:ac:
                    5a:c7:89:e7:b5:fd:f5:ad:fe:0c:94:a5:40:70:0f:
                    d1:0d:e1:9f:6b:fb:ae:dc:dc:1c:b5:af:15:8d:5b:
                    bd:bf:2d:7f:cb:7e:31:20:51:c2:5f:65:bc:a1:12:
                    6e:8c:58:ad:44:70:53:49:f2:93:30:d3:a0:0a:4a:
                    bd:b0:56:2f:78:e8:a9:85:70:0c:b7:40:9c:a4:38:
                    0e:d6:65:3c:04:97:a1:ae:96:4e:27:a6:e1:00:2f:
                    60:ad:71:50:5d:13:bc:d0:7e:0e:01:3b:f4:4d:a5:
                    72:10:f6:ae:99:90:06:f7:b9:82:18:ee:90:2b:7f:
                    71:19:39:5b:27:b2:34:ec:7b:03:0e:5d:62:87:be:
                    d7:6d:86:67:6c:b9:8c:ec:9c:67:be:71:bc:6f:e6:
                    ba:3d:cd:b9:c2:c4:7c:b3:7c:0a:0c:f5:3e:62:03:
                    93:38:ad:c9:8a:ac:0e:12:36:98:94:c0:89:b0:77:
                    9d:c2:2e:cf:70:23:15:e9:18:95:92:ae:06:9f:4e:
                    d5:58:0b:e7:14:ee:ec:62:09:05:0b:a2:f9:15:81:
                    85:6a:b8:c9:e5:e8:e1:af:17:0e:68:7c:92:24:ba:
                    e7:cc:46:96:fc:ad:76:de:87:6f:ee:85:4a:6a:8a:
                    64:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:14:7F:D1:CE:D1:40:98:92:59:E7:39:18:E5:C6:4E:42:41:07:EA
            X509v3 Authority Key Identifier:
                keyid:8F:51:B5:B8:13:2F:9E:30:7B:71:7A:3E:1E:54:D1:F7:F4:5A:E5:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/0hR_0c7RQJiSWec5GOXGTkJBB-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:1d:3a:df:e9:22:72:42:87:59:71:a0:68:f0:74:81:74:80:
         99:7f:dc:7e:be:8f:0f:49:85:76:9d:09:4b:e7:0e:91:74:71:
         73:1f:98:3e:4a:df:33:0b:ec:d6:d0:ba:00:4b:58:16:cd:1c:
         58:c3:7b:9a:a6:d0:a3:ca:3a:d6:a5:05:ad:68:f2:a8:56:fe:
         72:f1:27:5e:36:91:8a:ec:5b:c5:f3:23:af:ac:5c:68:de:fd:
         21:f3:c1:2c:f5:71:1e:07:11:fa:51:33:99:90:9e:a5:33:e3:
         71:a0:f7:76:38:e0:44:41:41:06:62:2c:cd:0d:3c:83:2f:a6:
         63:b3:8f:92:64:ac:b1:8b:00:c5:0b:20:a7:a2:9f:63:83:80:
         4c:6c:13:e6:9c:ab:c7:94:d6:4c:3e:d6:27:de:31:46:01:a2:
         be:50:71:22:3e:69:25:2c:60:16:fc:d0:82:c7:25:b9:7b:f2:
         ad:b5:03:73:ec:50:6e:34:7f:31:e4:f6:fc:1f:33:d2:87:2c:
         23:c9:f0:90:a1:1e:f3:1d:1d:87:19:25:3f:e4:6d:5f:4c:51:
         37:4b:8c:1f:a6:d6:a8:9c:3e:9a:16:f1:b2:67:93:b2:b3:ca:
         cc:fd:aa:4e:46:48:11:0e:e3:73:6c:82:e0:d0:4e:8f:72:83:
         82:3a:3d:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+k3uiIUOAkxJxujaB8dBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmNTFiNWI4MTMyZjllMzA3YjcxN2EzZTFlNTRkMWY3ZjQ1
YWU1MTcwHhcNMjUwMTAxMDM0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjE0N2ZkMWNlZDE0MDk4OTI1OWU3MzkxOGU1YzY0ZTQyNDEwN2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/W7Eaq69kHb/gUt3axax4nntf31
rf4MlKVAcA/RDeGfa/uu3Nwcta8VjVu9vy1/y34xIFHCX2W8oRJujFitRHBTSfKT
MNOgCkq9sFYveOiphXAMt0CcpDgO1mU8BJehrpZOJ6bhAC9grXFQXRO80H4OATv0
TaVyEPaumZAG97mCGO6QK39xGTlbJ7I07HsDDl1ih77XbYZnbLmM7JxnvnG8b+a6
Pc25wsR8s3wKDPU+YgOTOK3JiqwOEjaYlMCJsHedwi7PcCMV6RiVkq4Gn07VWAvn
FO7sYgkFC6L5FYGFarjJ5ejhrxcOaHySJLrnzEaW/K123odv7oVKaopk8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNIUf9HO0UCYklnnORjlxk5CQQfqMB8GA1UdIwQY
MBaAFI9RtbgTL54we3F6Ph5U0ff0WuUXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajFHMXVCTXZuakI3Y1hvLUhsVFI5X1JhNVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9kYTI0MjctYjMzYi00YjgxLWFmMzct
ZTIyNTFlNDg5Y2JiLzEvMGhSXzBjN1JRSmlTV2VjNUdPWEdUa0pCQi1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9kYTI0MjctYjMzYi00YjgxLWFmMzctZTIyNTFlNDg5Y2Ji
LzEvajFHMXVCTXZuakI3Y1hvLUhsVFI5X1JhNVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwe+iMA0G
CSqGSIb3DQEBCwUAA4IBAQAjHTrf6SJyQodZcaBo8HSBdICZf9x+vo8PSYV2nQlL
5w6RdHFzH5g+St8zC+zW0LoAS1gWzRxYw3uaptCjyjrWpQWtaPKoVv5y8SdeNpGK
7FvF8yOvrFxo3v0h88Es9XEeBxH6UTOZkJ6lM+NxoPd2OOBEQUEGYizNDTyDL6Zj
s4+SZKyxiwDFCyCnop9jg4BMbBPmnKvHlNZMPtYn3jFGAaK+UHEiPmklLGAW/NCC
xyW5e/KttQNz7FBuNH8x5Pb8HzPShywjyfCQoR7zHR2HGSU/5G1fTFE3S4wfptao
nD6aFvGyZ5Oys8rM/apORkgRDuNzbILg0E6PcoOCOj1j
-----END CERTIFICATE-----