Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/a733bc-68f8-499f-850f-8e924ffbe584/1/CAuOaF0DyRmCYIaIX9MOqTPSAYc.roa
File:                     CAuOaF0DyRmCYIaIX9MOqTPSAYc.roa (raw, json)
Hash identifier:          OgksKEIvnkHiH651enb6l1ninF2syHQEYUUQOdcbbz8=
Subject key identifier:   08:0B:8E:68:5D:03:C9:19:82:60:86:88:5F:D3:0E:A9:33:D2:01:87
Certificate issuer:       /CN=c09fc8a067fa6d2476bdce24afffad17131d9e86
Certificate serial:       0194228D8A45376A01EEF7E009C65F21253B
Authority key identifier: C0:9F:C8:A0:67:FA:6D:24:76:BD:CE:24:AF:FF:AD:17:13:1D:9E:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wJ_IoGf6bSR2vc4kr_-tFxMdnoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/a733bc-68f8-499f-850f-8e924ffbe584/1/CAuOaF0DyRmCYIaIX9MOqTPSAYc.roa
Signing time:             Wed 01 Jan 2025 15:48:08 +0000
ROA not before:           Wed 01 Jan 2025 15:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        216.25.124.0/24 maxlen: 24
                          216.25.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/a733bc-68f8-499f-850f-8e924ffbe584/1/wJ_IoGf6bSR2vc4kr_-tFxMdnoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/a733bc-68f8-499f-850f-8e924ffbe584/1/wJ_IoGf6bSR2vc4kr_-tFxMdnoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wJ_IoGf6bSR2vc4kr_-tFxMdnoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:8a:45:37:6a:01:ee:f7:e0:09:c6:5f:21:25:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c09fc8a067fa6d2476bdce24afffad17131d9e86
        Validity
            Not Before: Jan  1 15:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=080b8e685d03c919826086885fd30ea933d20187
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:6d:74:61:2e:b7:b4:32:0c:f2:7f:08:41:f2:
                    20:42:3b:f8:90:22:44:65:a3:47:0e:35:10:5d:cc:
                    17:61:e4:5b:2a:d0:86:91:ab:8e:89:7b:8c:bc:c5:
                    ae:be:9b:80:cf:de:26:b2:7f:c2:df:2f:64:2c:c5:
                    c8:8a:8e:c4:67:53:22:09:e3:03:7c:6e:7c:c7:78:
                    21:57:40:05:06:24:b0:b0:4b:23:11:b8:7a:59:6e:
                    fd:5a:81:42:a8:db:4c:97:d7:9e:a3:c4:aa:3c:00:
                    93:89:31:58:64:ce:59:47:fb:32:22:36:a0:19:47:
                    0b:82:4a:81:14:2e:b9:85:ca:1a:97:30:71:87:59:
                    15:ea:93:b1:49:6e:d6:cc:be:4f:fe:dc:44:38:13:
                    9d:d1:63:9c:a9:85:c5:b3:97:7d:1b:54:a4:62:50:
                    81:f9:58:c2:d0:5b:85:9e:54:3a:dd:b8:8a:6d:59:
                    31:35:a3:14:e9:3a:8c:8c:fa:c4:09:99:01:db:81:
                    ae:fe:1a:44:a7:17:30:51:08:f6:d9:db:a8:ed:bb:
                    1d:0a:fd:1c:6f:55:e1:8b:88:5e:7a:b7:c5:62:ec:
                    d6:22:61:04:56:dc:52:c3:c8:07:f6:b8:c3:32:e9:
                    f3:3d:08:e9:63:cc:49:f2:2d:f1:f1:0c:72:c8:a2:
                    6f:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:0B:8E:68:5D:03:C9:19:82:60:86:88:5F:D3:0E:A9:33:D2:01:87
            X509v3 Authority Key Identifier:
                keyid:C0:9F:C8:A0:67:FA:6D:24:76:BD:CE:24:AF:FF:AD:17:13:1D:9E:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wJ_IoGf6bSR2vc4kr_-tFxMdnoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/a733bc-68f8-499f-850f-8e924ffbe584/1/CAuOaF0DyRmCYIaIX9MOqTPSAYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/a733bc-68f8-499f-850f-8e924ffbe584/1/wJ_IoGf6bSR2vc4kr_-tFxMdnoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.25.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:c3:e8:00:fa:d4:c5:e6:33:1c:18:f0:e9:ad:99:24:b8:ee:
         f7:03:75:99:e4:e0:93:2e:9f:9a:d0:98:2a:63:58:87:6b:33:
         cf:3c:6d:3a:d5:b8:31:26:f2:8d:62:05:e7:6d:22:4d:26:00:
         dd:b6:fa:c8:18:be:dc:df:ab:d7:b3:73:d0:bd:30:3a:c0:df:
         26:88:b0:1b:70:7e:fd:43:4b:63:17:03:90:b7:9f:97:b0:06:
         19:0f:a7:dc:aa:59:e5:f8:3b:53:2b:b6:8c:f2:7c:27:ca:11:
         fb:05:ba:0a:a1:ef:af:84:5d:d0:d6:82:1f:2a:fc:2b:88:c3:
         bb:13:07:74:be:cb:cf:5b:be:f9:99:ac:91:6c:5e:17:04:da:
         d8:d7:59:cf:6f:fb:e5:81:29:0e:ae:0d:6b:63:04:9b:e5:7e:
         34:33:88:61:87:ae:5b:d7:7a:8b:bc:0d:99:bb:bf:19:43:10:
         ae:9d:2d:49:a9:d5:46:1e:05:d2:d6:65:82:ad:64:03:b9:7f:
         ff:2d:80:ff:dd:82:85:e2:22:6a:e4:ae:dc:31:52:01:ee:ca:
         4b:ba:8c:e8:d3:0e:42:04:83:2e:3e:e6:67:a2:5b:5f:40:31:
         37:01:71:e2:14:dd:a5:07:7f:73:94:fb:64:6f:c7:f4:7d:0f:
         45:dc:39:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijYpFN2oB7vfgCcZfISU7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwOWZjOGEwNjdmYTZkMjQ3NmJkY2UyNGFmZmZhZDE3MTMx
ZDllODYwHhcNMjUwMTAxMTU0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODBiOGU2ODVkMDNjOTE5ODI2MDg2ODg1ZmQzMGVhOTMzZDIwMTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArW10YS63tDIM8n8IQfIgQjv4kCJE
ZaNHDjUQXcwXYeRbKtCGkauOiXuMvMWuvpuAz94msn/C3y9kLMXIio7EZ1MiCeMD
fG58x3ghV0AFBiSwsEsjEbh6WW79WoFCqNtMl9eeo8SqPACTiTFYZM5ZR/syIjag
GUcLgkqBFC65hcoalzBxh1kV6pOxSW7WzL5P/txEOBOd0WOcqYXFs5d9G1SkYlCB
+VjC0FuFnlQ63biKbVkxNaMU6TqMjPrECZkB24Gu/hpEpxcwUQj22duo7bsdCv0c
b1Xhi4heerfFYuzWImEEVtxSw8gH9rjDMunzPQjpY8xJ8i3x8QxyyKJvLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAgLjmhdA8kZgmCGiF/TDqkz0gGHMB8GA1UdIwQY
MBaAFMCfyKBn+m0kdr3OJK//rRcTHZ6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0pfSW9HZjZiU1IydmM0a3JfLXRGeE1kbm9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9hNzMzYmMtNjhmOC00OTlmLTg1MGYt
OGU5MjRmZmJlNTg0LzEvQ0F1T2FGMER5Um1DWUlhSVg5TU9xVFBTQVljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9hNzMzYmMtNjhmOC00OTlmLTg1MGYtOGU5MjRmZmJlNTg0
LzEvd0pfSW9HZjZiU1IydmM0a3JfLXRGeE1kbm9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2Bl8MA0G
CSqGSIb3DQEBCwUAA4IBAQA0w+gA+tTF5jMcGPDprZkkuO73A3WZ5OCTLp+a0Jgq
Y1iHazPPPG061bgxJvKNYgXnbSJNJgDdtvrIGL7c36vXs3PQvTA6wN8miLAbcH79
Q0tjFwOQt5+XsAYZD6fcqlnl+DtTK7aM8nwnyhH7BboKoe+vhF3Q1oIfKvwriMO7
Ewd0vsvPW775mayRbF4XBNrY11nPb/vlgSkOrg1rYwSb5X40M4hhh65b13qLvA2Z
u78ZQxCunS1JqdVGHgXS1mWCrWQDuX//LYD/3YKF4iJq5K7cMVIB7spLuozo0w5C
BIMuPuZnoltfQDE3AXHiFN2lB39zlPtkb8f0fQ9F3DlO
-----END CERTIFICATE-----