Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/oZM32iF_dXj13arj49Wk-8MpltE.roa
File:                     oZM32iF_dXj13arj49Wk-8MpltE.roa (raw, json)
Hash identifier:          5tf4bR4lHe0bW1GmHBLlcRANn/eBaErboF4s852Z1mo=
Subject key identifier:   A1:93:37:DA:21:7F:75:78:F5:DD:AA:E3:E3:D5:A4:FB:C3:29:96:D1
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       019420D614A80F76A09BF93127A5BA208DD4
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/oZM32iF_dXj13arj49Wk-8MpltE.roa
Signing time:             Wed 01 Jan 2025 07:48:08 +0000
ROA not before:           Wed 01 Jan 2025 07:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39629
IP address blocks:        139.28.8.0/22 maxlen: 24
                          2a10:c300::/30 maxlen: 30
                          2a10:c304::/30 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 02:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:14:a8:0f:76:a0:9b:f9:31:27:a5:ba:20:8d:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  1 07:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a19337da217f7578f5ddaae3e3d5a4fbc32996d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8a:5f:ae:c3:ad:67:b7:19:a9:5d:df:1c:0a:
                    ba:d6:0e:69:0d:8b:1f:bf:a5:96:ab:40:83:8a:f7:
                    46:17:38:28:86:fc:2a:0b:f5:31:a3:1f:27:dd:27:
                    af:69:a0:1e:71:89:9f:f8:26:7f:ed:53:05:97:50:
                    79:df:31:49:bc:b3:eb:e4:71:99:9c:a3:8d:0e:dd:
                    c6:29:f3:7b:eb:83:45:07:c1:38:cf:7e:33:15:c5:
                    a1:e9:8f:a7:3b:a1:b5:c7:a6:8f:0b:e9:e7:5e:0d:
                    16:68:73:37:08:ce:f6:56:05:d9:ba:b8:04:e1:42:
                    7f:49:e5:a5:34:d8:9a:6f:3f:6e:e0:23:02:6b:04:
                    ff:ae:20:98:e7:2b:d7:3f:32:11:27:46:45:83:ac:
                    3e:d2:5e:78:f7:01:2f:e1:a0:0d:96:51:ee:80:74:
                    31:88:95:2c:94:70:e0:d1:de:f4:c0:80:26:b4:c9:
                    cb:3f:a9:61:49:73:b2:cc:5d:e9:3b:f6:7f:d8:7a:
                    a5:5b:7f:9c:d8:de:82:b9:e6:4d:cd:11:07:66:fd:
                    90:49:9c:b0:dc:84:c8:be:ca:cf:c9:e0:93:30:2e:
                    fa:f9:30:be:79:4f:82:b1:32:25:45:40:81:ac:6b:
                    85:2d:eb:65:52:ad:d7:bf:1f:9c:aa:9a:ce:2e:01:
                    b0:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:93:37:DA:21:7F:75:78:F5:DD:AA:E3:E3:D5:A4:FB:C3:29:96:D1
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/oZM32iF_dXj13arj49Wk-8MpltE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.8.0/22
                IPv6:
                  2a10:c300::/29

    Signature Algorithm: sha256WithRSAEncryption
         15:6f:d0:3f:55:47:31:48:f3:31:e9:a3:b7:ae:0b:c8:fc:13:
         9f:85:cc:05:08:04:c1:88:38:3a:ca:3a:53:cc:3e:14:bd:47:
         d1:4c:98:2b:9a:21:c0:e9:fa:9a:d0:12:5c:c7:6f:00:68:fd:
         e8:bb:a3:6a:0c:61:2a:d8:57:32:3b:88:f7:31:f1:1c:2b:a1:
         49:43:15:bd:e8:d9:b1:35:ed:a8:d7:87:e4:50:e4:c8:a0:4d:
         49:94:f3:fc:d5:09:9a:b9:51:58:bc:24:c9:92:c9:74:42:04:
         1a:c7:56:f8:14:8e:ca:51:49:a1:46:02:99:e5:65:7f:d5:26:
         d6:fd:6c:5d:ab:c2:f3:f6:ee:fe:b2:db:3c:e3:ef:59:e5:87:
         82:5b:97:19:2b:88:bc:2a:b8:b9:57:9a:27:2b:20:5d:a4:40:
         cd:7a:f2:c9:cd:6b:e4:f9:c4:7c:ab:97:06:2c:eb:89:54:65:
         c3:c0:ed:22:ec:83:09:9a:6d:fd:ae:f2:13:18:4d:21:1e:70:
         33:31:5b:46:a2:96:e0:cd:40:fb:18:90:23:59:65:a1:43:e7:
         3d:48:8a:c2:a8:0e:7a:6a:d8:c0:ed:6d:e7:d7:79:eb:c1:20:
         e0:2a:ea:b7:19:b4:cb:23:3c:fa:be:60:99:33:b1:82:d7:a9:
         65:f5:58:42
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQg1hSoD3agm/kxJ6W6II3UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjUwMTAxMDc0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTkzMzdkYTIxN2Y3NTc4ZjVkZGFhZTNlM2Q1YTRmYmMzMjk5NmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4pfrsOtZ7cZqV3fHAq61g5pDYsf
v6WWq0CDivdGFzgohvwqC/Uxox8n3SevaaAecYmf+CZ/7VMFl1B53zFJvLPr5HGZ
nKONDt3GKfN764NFB8E4z34zFcWh6Y+nO6G1x6aPC+nnXg0WaHM3CM72VgXZurgE
4UJ/SeWlNNiabz9u4CMCawT/riCY5yvXPzIRJ0ZFg6w+0l549wEv4aANllHugHQx
iJUslHDg0d70wIAmtMnLP6lhSXOyzF3pO/Z/2HqlW3+c2N6CueZNzREHZv2QSZyw
3ITIvsrPyeCTMC76+TC+eU+CsTIlRUCBrGuFLetlUq3Xvx+cqprOLgGwkwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKGTN9ohf3V49d2q4+PVpPvDKZbRMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvb1pNMzJpRl9kWGoxM2FyajQ5V2stOE1wbHRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCixwIMA0E
AgACMAcDBQMqEMMAMA0GCSqGSIb3DQEBCwUAA4IBAQAVb9A/VUcxSPMx6aO3rgvI
/BOfhcwFCATBiDg6yjpTzD4UvUfRTJgrmiHA6fqa0BJcx28AaP3ou6NqDGEq2Fcy
O4j3MfEcK6FJQxW96NmxNe2o14fkUOTIoE1JlPP81QmauVFYvCTJksl0QgQax1b4
FI7KUUmhRgKZ5WV/1SbW/Wxdq8Lz9u7+sts84+9Z5YeCW5cZK4i8Kri5V5onKyBd
pEDNevLJzWvk+cR8q5cGLOuJVGXDwO0i7IMJmm39rvITGE0hHnAzMVtGopbgzUD7
GJAjWWWhQ+c9SIrCqA56atjA7W3n13nrwSDgKuq3GbTLIzz6vmCZM7GC16ll9VhC
-----END CERTIFICATE-----