Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/45e738-286e-4f9a-ba02-d9431140e6f1/1/O1NX1SHolf4Je2aEzJJZvHyU16A.roa
File:                     O1NX1SHolf4Je2aEzJJZvHyU16A.roa (raw, json)
Hash identifier:          po5PkDRV33bzHbue9Doph6bDM4MKCS5aDFumD95q9kE=
Subject key identifier:   3B:53:57:D5:21:E8:95:FE:09:7B:66:84:CC:92:59:BC:7C:94:D7:A0
Certificate issuer:       /CN=f286832adda40a97eb863a5a6482c946931a66ef
Certificate serial:       0197FE4BC819AE9509FB25B63F97C5075750
Authority key identifier: F2:86:83:2A:DD:A4:0A:97:EB:86:3A:5A:64:82:C9:46:93:1A:66:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8oaDKt2kCpfrhjpaZILJRpMaZu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/45e738-286e-4f9a-ba02-d9431140e6f1/1/O1NX1SHolf4Je2aEzJJZvHyU16A.roa
Signing time:             Sat 12 Jul 2025 11:01:08 +0000
ROA not before:           Sat 12 Jul 2025 11:01:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42831
IP address blocks:        193.200.158.0/24 maxlen: 24
                          2001:678:10b0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/45e738-286e-4f9a-ba02-d9431140e6f1/1/8oaDKt2kCpfrhjpaZILJRpMaZu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/45e738-286e-4f9a-ba02-d9431140e6f1/1/8oaDKt2kCpfrhjpaZILJRpMaZu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8oaDKt2kCpfrhjpaZILJRpMaZu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:fe:4b:c8:19:ae:95:09:fb:25:b6:3f:97:c5:07:57:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f286832adda40a97eb863a5a6482c946931a66ef
        Validity
            Not Before: Jul 12 11:01:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b5357d521e895fe097b6684cc9259bc7c94d7a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:5f:96:03:28:3e:18:82:de:f0:f8:fa:26:44:
                    84:88:ee:af:95:c0:a0:4c:b7:81:4b:b2:da:4d:b3:
                    17:0d:6e:36:92:92:4a:fd:bd:43:00:5c:6b:e6:f3:
                    7a:ea:dc:c1:d8:92:32:1d:97:a9:dd:50:98:22:bf:
                    42:d8:a8:a4:3a:86:48:da:07:4a:b1:f4:4f:51:82:
                    85:f5:f3:1d:0a:a2:98:c7:5b:a7:da:ee:29:60:1c:
                    e9:19:62:97:27:5a:26:0f:28:1e:d9:7b:24:6c:f4:
                    20:3f:44:21:94:44:c1:8e:a6:28:1e:de:f1:6a:dd:
                    20:2c:d4:49:ec:54:b5:6b:ab:c6:1d:02:a1:65:2c:
                    c5:ac:d1:84:53:fb:e7:7b:e0:f0:0d:e3:ed:c5:79:
                    ea:68:8d:69:ac:72:82:18:80:52:3a:44:03:59:78:
                    5e:82:57:b1:db:df:ba:b3:b4:98:c4:a0:d1:fb:1c:
                    c0:92:8e:5c:28:1a:cc:d8:a5:0a:24:57:d9:01:e4:
                    bf:52:dd:a5:47:99:3e:b9:a8:ec:33:51:1c:a1:45:
                    05:1a:92:b9:e4:bb:c5:e0:f8:6a:fa:be:30:67:00:
                    38:6d:42:da:59:95:f1:27:f6:58:0b:cb:44:ca:90:
                    01:5e:68:c2:b3:2c:b7:7a:a2:46:b4:01:0b:96:4b:
                    3c:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:53:57:D5:21:E8:95:FE:09:7B:66:84:CC:92:59:BC:7C:94:D7:A0
            X509v3 Authority Key Identifier:
                keyid:F2:86:83:2A:DD:A4:0A:97:EB:86:3A:5A:64:82:C9:46:93:1A:66:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8oaDKt2kCpfrhjpaZILJRpMaZu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/45e738-286e-4f9a-ba02-d9431140e6f1/1/O1NX1SHolf4Je2aEzJJZvHyU16A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/45e738-286e-4f9a-ba02-d9431140e6f1/1/8oaDKt2kCpfrhjpaZILJRpMaZu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.158.0/24
                IPv6:
                  2001:678:10b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:52:f0:56:f6:46:9c:c2:1a:cc:38:ee:b4:64:41:a2:5d:2d:
         41:76:dd:bb:07:07:34:7c:3b:26:5a:22:70:c7:28:5d:07:45:
         44:3a:31:82:c9:4a:e3:d6:5a:f3:9f:28:0a:49:28:de:9e:f0:
         61:e1:31:eb:b5:67:9b:12:19:01:34:06:85:64:6a:33:4c:3f:
         bb:08:09:90:3e:e4:bf:28:ff:a9:f1:3e:e0:33:dd:b5:d1:31:
         e5:b1:00:63:b7:b2:90:6c:b8:49:65:b7:8b:ec:4a:38:fb:7a:
         d4:83:0d:84:5e:b5:01:9a:ba:54:e0:0a:95:33:37:52:91:50:
         f3:c6:58:9e:20:01:c5:92:d7:ca:74:b9:c4:f4:bd:b7:4d:a4:
         83:c8:20:1a:23:d7:6c:72:5c:d9:90:cc:3b:78:d0:bc:b7:13:
         c7:0a:47:92:65:15:c9:df:1b:01:9d:a1:66:91:c5:58:ef:b6:
         25:43:ea:d4:e5:db:bb:87:6b:0f:91:a3:7d:b7:3a:1d:f4:de:
         1b:d0:32:f5:64:f3:a2:86:78:ea:c4:6f:eb:c8:e7:5a:09:92:
         ca:27:ed:35:3f:ce:d3:16:fa:68:43:43:d4:f6:30:a8:c0:58:
         31:3c:31:8f:fc:07:88:ca:48:ba:72:5f:2f:b3:74:79:0a:53:
         eb:b5:7c:0b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZf+S8gZrpUJ+yW2P5fFB1dQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyODY4MzJhZGRhNDBhOTdlYjg2M2E1YTY0ODJjOTQ2OTMx
YTY2ZWYwHhcNMjUwNzEyMTEwMTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjUzNTdkNTIxZTg5NWZlMDk3YjY2ODRjYzkyNTliYzdjOTRkN2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsl+WAyg+GILe8Pj6JkSEiO6vlcCg
TLeBS7LaTbMXDW42kpJK/b1DAFxr5vN66tzB2JIyHZep3VCYIr9C2KikOoZI2gdK
sfRPUYKF9fMdCqKYx1un2u4pYBzpGWKXJ1omDyge2XskbPQgP0QhlETBjqYoHt7x
at0gLNRJ7FS1a6vGHQKhZSzFrNGEU/vne+DwDePtxXnqaI1prHKCGIBSOkQDWXhe
glex29+6s7SYxKDR+xzAko5cKBrM2KUKJFfZAeS/Ut2lR5k+uajsM1EcoUUFGpK5
5LvF4Phq+r4wZwA4bULaWZXxJ/ZYC8tEypABXmjCsyy3eqJGtAELlks8jwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDtTV9Uh6JX+CXtmhMySWbx8lNegMB8GA1UdIwQY
MBaAFPKGgyrdpAqX64Y6WmSCyUaTGmbvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOG9hREt0MmtDcGZyaGpwYVpJTEpScE1hWnU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC80NWU3MzgtMjg2ZS00ZjlhLWJhMDIt
ZDk0MzExNDBlNmYxLzEvTzFOWDFTSG9sZjRKZTJhRXpKSlp2SHlVMTZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC80NWU3MzgtMjg2ZS00ZjlhLWJhMDItZDk0MzExNDBlNmYx
LzEvOG9hREt0MmtDcGZyaGpwYVpJTEpScE1hWnU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwcieMA8E
AgACMAkDBwAgAQZ4ELAwDQYJKoZIhvcNAQELBQADggEBAF5S8Fb2RpzCGsw47rRk
QaJdLUF23bsHBzR8OyZaInDHKF0HRUQ6MYLJSuPWWvOfKApJKN6e8GHhMeu1Z5sS
GQE0BoVkajNMP7sICZA+5L8o/6nxPuAz3bXRMeWxAGO3spBsuEllt4vsSjj7etSD
DYRetQGaulTgCpUzN1KRUPPGWJ4gAcWS18p0ucT0vbdNpIPIIBoj12xyXNmQzDt4
0Ly3E8cKR5JlFcnfGwGdoWaRxVjvtiVD6tTl27uHaw+Ro323Oh303hvQMvVk86KG
eOrEb+vI51oJkson7TU/ztMW+mhDQ9T2MKjAWDE8MY/8B4jKSLpyXy+zdHkKU+u1
fAs=
-----END CERTIFICATE-----