Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/oSdrWOCaJ0gBbDhOrwzjpvj5kgk.roa
File:                     oSdrWOCaJ0gBbDhOrwzjpvj5kgk.roa (raw, json)
Hash identifier:          fLc644uvb/7KJE5lOwMGlDoVjD+MslKnwZyZQoL0QcU=
Subject key identifier:   A1:27:6B:58:E0:9A:27:48:01:6C:38:4E:AF:0C:E3:A6:F8:F9:92:09
Certificate issuer:       /CN=e138ec242a43e9c9d4ceb25dc90e5453373d3f46
Certificate serial:       019561B35E2BBA84AE43FE61EAE44C79DA25
Authority key identifier: E1:38:EC:24:2A:43:E9:C9:D4:CE:B2:5D:C9:0E:54:53:37:3D:3F:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/oSdrWOCaJ0gBbDhOrwzjpvj5kgk.roa
Signing time:             Tue 04 Mar 2025 15:08:19 +0000
ROA not before:           Tue 04 Mar 2025 15:08:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60117
IP address blocks:        185.45.193.0/24 maxlen: 24
                          185.117.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 12:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:61:b3:5e:2b:ba:84:ae:43:fe:61:ea:e4:4c:79:da:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e138ec242a43e9c9d4ceb25dc90e5453373d3f46
        Validity
            Not Before: Mar  4 15:08:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1276b58e09a2748016c384eaf0ce3a6f8f99209
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:ea:ab:8e:b1:57:da:5d:f1:27:cc:b5:99:1b:
                    cd:d3:e3:a5:17:6b:e1:09:b6:f6:23:db:56:f3:dc:
                    11:7b:19:52:19:51:70:7a:3c:c5:2e:28:ee:7d:84:
                    f8:d8:b1:de:55:28:c2:76:dd:e4:82:03:15:57:79:
                    af:10:dd:d1:24:01:9b:5d:21:2e:45:1f:20:45:22:
                    20:45:3c:82:fa:9b:d1:75:9b:3b:5f:82:98:f6:3c:
                    84:4d:5f:09:3e:0d:0d:82:47:54:2a:64:bc:42:31:
                    9c:6a:85:39:84:30:ca:5a:2a:dc:62:4c:f0:48:6e:
                    cd:a2:ce:66:5a:b7:07:da:99:e8:24:fd:1e:df:5a:
                    20:45:6f:f2:0e:0b:a7:9a:5a:6e:65:06:ea:22:e1:
                    54:28:c6:14:1d:11:7f:2c:63:c4:39:b5:34:07:6a:
                    22:b0:4d:04:3c:4b:fc:eb:97:7a:da:ef:0f:6c:5b:
                    08:58:6a:6a:ec:11:10:2d:61:28:43:24:7e:58:ae:
                    59:2a:41:fa:a4:e9:c9:ee:45:16:43:c4:fb:93:66:
                    82:e3:4c:b8:47:89:55:47:fd:3d:61:61:94:37:28:
                    1f:c5:8e:50:28:31:33:22:14:0a:3e:9f:5f:ba:1d:
                    ca:35:21:90:b1:62:b1:5f:9b:9e:88:59:d4:de:f5:
                    41:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:27:6B:58:E0:9A:27:48:01:6C:38:4E:AF:0C:E3:A6:F8:F9:92:09
            X509v3 Authority Key Identifier:
                keyid:E1:38:EC:24:2A:43:E9:C9:D4:CE:B2:5D:C9:0E:54:53:37:3D:3F:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/oSdrWOCaJ0gBbDhOrwzjpvj5kgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.193.0/24
                  185.117.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:d6:0a:39:64:ce:a5:18:46:98:ec:d0:4b:e5:64:e2:62:bb:
         2d:c2:97:2f:67:55:86:c3:94:ff:a5:33:92:8c:1d:11:01:15:
         25:0b:5d:a2:76:b0:5a:f5:7b:05:7b:0d:24:6c:55:89:b4:2a:
         f5:fa:a3:45:81:94:a7:1d:1b:69:6b:90:18:44:01:38:83:8e:
         e7:09:c0:9c:a4:c4:b6:5a:1e:92:63:2c:28:24:33:d5:ff:0d:
         89:69:01:41:49:ed:4f:db:81:b4:2a:f5:ac:56:07:21:a1:ba:
         17:79:36:8f:06:eb:15:92:35:51:19:e3:09:5d:72:a6:cc:79:
         c8:dd:0e:66:b7:f5:96:d6:3e:6e:c5:2e:a6:81:27:81:25:e9:
         d9:cf:f2:5d:7a:ff:e8:a2:8f:09:86:3c:93:d4:63:10:3c:d9:
         03:04:bb:94:7d:1f:f8:a9:d6:52:76:68:99:a1:22:be:f0:08:
         73:a6:c7:5c:a0:cd:de:58:c0:88:73:db:4d:38:2d:27:08:35:
         e4:2b:59:64:c6:41:f7:09:8c:cd:91:52:be:ad:b7:be:ea:46:
         1a:9d:c7:e6:50:c9:ed:28:54:a4:85:64:da:47:fe:01:e9:ad:
         c9:2b:cb:46:7c:00:4b:cc:c9:a5:bc:1b:31:52:10:87:1b:57:
         40:c7:54:9d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZVhs14ruoSuQ/5h6uRMedolMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMzhlYzI0MmE0M2U5YzlkNGNlYjI1ZGM5MGU1NDUzMzcz
ZDNmNDYwHhcNMjUwMzA0MTUwODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTI3NmI1OGUwOWEyNzQ4MDE2YzM4NGVhZjBjZTNhNmY4Zjk5MjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3eqrjrFX2l3xJ8y1mRvN0+OlF2vh
Cbb2I9tW89wRexlSGVFwejzFLijufYT42LHeVSjCdt3kggMVV3mvEN3RJAGbXSEu
RR8gRSIgRTyC+pvRdZs7X4KY9jyETV8JPg0NgkdUKmS8QjGcaoU5hDDKWircYkzw
SG7Nos5mWrcH2pnoJP0e31ogRW/yDgunmlpuZQbqIuFUKMYUHRF/LGPEObU0B2oi
sE0EPEv865d62u8PbFsIWGpq7BEQLWEoQyR+WK5ZKkH6pOnJ7kUWQ8T7k2aC40y4
R4lVR/09YWGUNygfxY5QKDEzIhQKPp9fuh3KNSGQsWKxX5ueiFnU3vVBlwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKEna1jgmidIAWw4Tq8M46b4+ZIJMB8GA1UdIwQY
MBaAFOE47CQqQ+nJ1M6yXckOVFM3PT9GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFRqc0pDcEQ2Y25VenJKZHlRNVVVemM5UDBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8wYjdmZDMtOTBmMC00NWQxLThhNTgt
Njc4NWNkNDU2ODcxLzEvb1NkcldPQ2FKMGdCYkRoT3J3empwdmo1a2drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8wYjdmZDMtOTBmMC00NWQxLThhNTgtNjc4NWNkNDU2ODcx
LzEvNFRqc0pDcEQ2Y25VenJKZHlRNVVVemM5UDBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuS3BAwQA
uXVKMA0GCSqGSIb3DQEBCwUAA4IBAQAF1go5ZM6lGEaY7NBL5WTiYrstwpcvZ1WG
w5T/pTOSjB0RARUlC12idrBa9XsFew0kbFWJtCr1+qNFgZSnHRtpa5AYRAE4g47n
CcCcpMS2Wh6SYywoJDPV/w2JaQFBSe1P24G0KvWsVgchoboXeTaPBusVkjVRGeMJ
XXKmzHnI3Q5mt/WW1j5uxS6mgSeBJenZz/Jdev/ooo8JhjyT1GMQPNkDBLuUfR/4
qdZSdmiZoSK+8AhzpsdcoM3eWMCIc9tNOC0nCDXkK1lkxkH3CYzNkVK+rbe+6kYa
ncfmUMntKFSkhWTaR/4B6a3JK8tGfABLzMmlvBsxUhCHG1dAx1Sd
-----END CERTIFICATE-----