Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/oliA8BAM37bSFmlEX8CXZGYq0BA.roa
File:                     oliA8BAM37bSFmlEX8CXZGYq0BA.roa (raw, json)
Hash identifier:          X5W7NJgp2uaA/OZ+qyJYnKww9vYVja3qexWblAs31co=
Subject key identifier:   A2:58:80:F0:10:0C:DF:B6:D2:16:69:44:5F:C0:97:64:66:2A:D0:10
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       019424B2FA91D36F0F6293415FE61D7118A8
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/oliA8BAM37bSFmlEX8CXZGYq0BA.roa
Signing time:             Thu 02 Jan 2025 01:48:16 +0000
ROA not before:           Thu 02 Jan 2025 01:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202555
IP address blocks:        217.69.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:fa:91:d3:6f:0f:62:93:41:5f:e6:1d:71:18:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 01:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a25880f0100cdfb6d21669445fc09764662ad010
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:9a:94:fe:f5:0a:86:c7:d9:31:91:8c:d7:fb:
                    ec:cd:f7:c8:94:f2:57:4e:0b:4b:68:ea:b0:87:80:
                    df:9c:68:02:f7:59:7a:e3:71:18:42:1b:70:14:e1:
                    44:e1:4b:66:b9:31:1e:a7:68:3f:8b:a6:73:59:76:
                    c6:1b:6a:bb:61:ca:46:f0:a9:27:3a:bb:10:5c:f5:
                    f0:56:bf:f1:fd:fd:05:62:13:b2:1a:39:51:3c:da:
                    6a:75:55:4f:54:44:cb:2e:ea:d8:b4:13:4e:48:59:
                    ea:86:4c:ee:ce:2e:47:66:46:fe:a3:e0:be:e6:6b:
                    56:07:d2:ee:33:9c:8f:5c:90:7d:30:f8:ee:4b:b0:
                    9d:53:60:8d:ec:2a:a7:ba:21:16:42:12:bf:e2:8b:
                    b1:21:18:e0:7b:cc:f4:97:a8:75:a2:7b:36:0c:55:
                    88:db:52:10:83:95:63:ad:b2:15:00:51:76:db:50:
                    aa:ed:ec:a6:b6:0f:a7:17:cc:9c:e1:bc:7a:9f:52:
                    0a:d1:cd:ec:f3:c6:62:95:b2:6f:a7:eb:c5:7d:ce:
                    03:5f:ea:cd:68:86:bd:77:7a:c7:19:e1:8b:c2:17:
                    82:ee:22:33:4c:3d:ea:d7:96:c0:bc:d7:d9:30:0a:
                    60:4f:4f:e5:fa:1e:dc:95:67:9c:c9:9c:54:3b:ab:
                    06:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:58:80:F0:10:0C:DF:B6:D2:16:69:44:5F:C0:97:64:66:2A:D0:10
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/oliA8BAM37bSFmlEX8CXZGYq0BA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.69.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:d7:54:92:85:68:9b:a3:1b:e2:ee:ee:d9:1d:3f:6e:db:97:
         d5:2b:6b:ed:4c:96:df:c1:64:53:89:c2:5c:2c:36:3a:15:51:
         1f:c9:c8:c0:44:38:8d:1e:e7:af:75:e2:7a:16:75:fc:19:c6:
         be:c7:93:c6:e8:c5:68:d0:00:63:ce:b1:d8:07:f5:2b:57:58:
         f4:0d:e4:25:fc:ef:88:b0:80:96:5b:89:a1:d2:63:12:3a:19:
         4a:49:10:12:8d:b8:13:4d:eb:63:49:16:ca:58:77:36:67:80:
         2d:46:74:18:2b:d4:bb:79:2c:52:e8:5f:4c:c0:4a:77:df:54:
         6b:ac:42:22:d8:44:20:f6:3b:68:92:5e:7f:3f:18:dd:f3:03:
         cb:b8:7c:d6:1d:23:c7:3b:f3:a9:00:f2:b3:21:15:5a:61:6e:
         6b:42:98:c8:36:fd:69:9f:7a:93:4e:b8:f1:38:f5:99:0c:a9:
         f3:fa:18:32:40:b4:0c:14:1d:10:06:9a:c4:91:4d:e4:2b:8c:
         37:b8:41:03:0f:fd:3a:86:f8:17:30:26:af:e8:e3:7d:5a:eb:
         9a:f7:23:d7:9d:11:6c:4d:a4:56:75:92:cc:9a:f7:a9:d9:14:
         59:40:9e:ef:a0:8c:3f:bb:42:4c:fc:fb:fc:ce:9e:e3:2a:65:
         26:6a:98:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksvqR028PYpNBX+YdcRioMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjUwMTAyMDE0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjU4ODBmMDEwMGNkZmI2ZDIxNjY5NDQ1ZmMwOTc2NDY2MmFkMDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpqU/vUKhsfZMZGM1/vszffIlPJX
TgtLaOqwh4DfnGgC91l643EYQhtwFOFE4UtmuTEep2g/i6ZzWXbGG2q7YcpG8Kkn
OrsQXPXwVr/x/f0FYhOyGjlRPNpqdVVPVETLLurYtBNOSFnqhkzuzi5HZkb+o+C+
5mtWB9LuM5yPXJB9MPjuS7CdU2CN7CqnuiEWQhK/4ouxIRjge8z0l6h1ons2DFWI
21IQg5VjrbIVAFF221Cq7eymtg+nF8yc4bx6n1IK0c3s88ZilbJvp+vFfc4DX+rN
aIa9d3rHGeGLwheC7iIzTD3q15bAvNfZMApgT0/l+h7clWecyZxUO6sG8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJYgPAQDN+20hZpRF/Al2RmKtAQMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvb2xpQThCQU0zN2JTRm1sRVg4Q1haR1lxMEJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2UVxMA0G
CSqGSIb3DQEBCwUAA4IBAQCo11SShWiboxvi7u7ZHT9u25fVK2vtTJbfwWRTicJc
LDY6FVEfycjARDiNHuevdeJ6FnX8Gca+x5PG6MVo0ABjzrHYB/UrV1j0DeQl/O+I
sICWW4mh0mMSOhlKSRASjbgTTetjSRbKWHc2Z4AtRnQYK9S7eSxS6F9MwEp331Rr
rEIi2EQg9jtokl5/Pxjd8wPLuHzWHSPHO/OpAPKzIRVaYW5rQpjINv1pn3qTTrjx
OPWZDKnz+hgyQLQMFB0QBprEkU3kK4w3uEEDD/06hvgXMCav6ON9Wuua9yPXnRFs
TaRWdZLMmvep2RRZQJ7voIw/u0JM/Pv8zp7jKmUmapge
-----END CERTIFICATE-----