Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/d41c4a-9bef-4737-95a1-08f17c410765/1/Ovla5EJUgy9GZRovhELArfkHbLc.roa
File:                     Ovla5EJUgy9GZRovhELArfkHbLc.roa (raw, json)
Hash identifier:          1ZYYi0oYPWoj0xBQr1HbwZ7BRAZOIkZmTAi9EvpW7yY=
Subject key identifier:   3A:F9:5A:E4:42:54:83:2F:46:65:1A:2F:84:42:C0:AD:F9:07:6C:B7
Certificate issuer:       /CN=2ddfdca73cd64d75e656dd0a3a4427ed61982a3d
Certificate serial:       01963D51C1B53D7632B1F167682128BD3FAB
Authority key identifier: 2D:DF:DC:A7:3C:D6:4D:75:E6:56:DD:0A:3A:44:27:ED:61:98:2A:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ld_cpzzWTXXmVt0KOkQn7WGYKj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/d41c4a-9bef-4737-95a1-08f17c410765/1/Ovla5EJUgy9GZRovhELArfkHbLc.roa
Signing time:             Wed 16 Apr 2025 06:38:10 +0000
ROA not before:           Wed 16 Apr 2025 06:38:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15547
IP address blocks:        185.205.108.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/d41c4a-9bef-4737-95a1-08f17c410765/1/Ld_cpzzWTXXmVt0KOkQn7WGYKj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/d41c4a-9bef-4737-95a1-08f17c410765/1/Ld_cpzzWTXXmVt0KOkQn7WGYKj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ld_cpzzWTXXmVt0KOkQn7WGYKj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3d:51:c1:b5:3d:76:32:b1:f1:67:68:21:28:bd:3f:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ddfdca73cd64d75e656dd0a3a4427ed61982a3d
        Validity
            Not Before: Apr 16 06:38:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3af95ae44254832f46651a2f8442c0adf9076cb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:d1:15:9e:71:95:df:b3:4c:22:87:26:38:1e:
                    6e:12:ef:79:5c:28:4f:b4:46:ff:b1:07:eb:93:08:
                    b0:8f:95:ee:40:45:34:2c:8e:9c:9c:04:28:30:81:
                    9e:a4:a9:8e:30:8d:75:b5:0c:e3:da:5e:47:b1:6d:
                    c1:e4:12:c0:77:7e:cc:11:5a:14:62:bc:b8:51:82:
                    2f:42:49:7b:4e:84:dd:2a:da:8e:13:c5:58:6c:e3:
                    75:6c:de:db:02:b9:bc:b6:64:0b:14:14:bd:ce:65:
                    5c:2d:8c:75:6c:ef:a2:fa:43:60:c1:54:1a:b5:06:
                    be:1f:da:12:9e:92:c1:84:a8:f8:ae:e4:5d:9e:6b:
                    87:df:b3:a0:ee:cb:67:00:3f:2d:18:34:4e:08:62:
                    fd:fa:fb:aa:0a:4e:b1:e7:7e:46:cd:5f:8b:f4:56:
                    c7:65:89:2d:53:ff:ac:50:28:d1:52:58:9d:71:87:
                    d9:fd:c7:0b:e6:57:66:23:a5:de:2e:54:d6:e4:4c:
                    f3:79:1c:21:3b:72:d4:a8:dd:3a:f2:5c:6c:ef:a0:
                    03:bd:c5:9f:a0:7f:8e:0a:ef:9e:bb:25:c3:9e:20:
                    34:a5:56:43:60:ce:03:df:94:46:fe:38:7a:91:17:
                    85:6a:49:9c:5f:d1:58:61:09:50:a6:1c:34:eb:e2:
                    d8:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:F9:5A:E4:42:54:83:2F:46:65:1A:2F:84:42:C0:AD:F9:07:6C:B7
            X509v3 Authority Key Identifier:
                keyid:2D:DF:DC:A7:3C:D6:4D:75:E6:56:DD:0A:3A:44:27:ED:61:98:2A:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ld_cpzzWTXXmVt0KOkQn7WGYKj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/d41c4a-9bef-4737-95a1-08f17c410765/1/Ovla5EJUgy9GZRovhELArfkHbLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/d41c4a-9bef-4737-95a1-08f17c410765/1/Ld_cpzzWTXXmVt0KOkQn7WGYKj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b5:86:e6:a5:b2:bc:2b:4a:57:a2:13:56:e3:cb:2d:16:a9:41:
         19:d9:b6:46:27:4a:cb:29:39:3a:35:86:b4:2c:c5:a7:13:9e:
         c9:57:82:35:ed:e4:03:32:d9:d8:6c:76:f2:b8:9b:2e:3d:1f:
         d8:e9:0c:d8:e1:76:fd:3c:64:2c:35:43:17:ac:d5:f8:2f:2a:
         b8:99:34:76:31:ca:ec:49:50:cb:94:68:bb:6c:27:b7:69:cb:
         e3:f0:0b:89:49:5c:ca:b1:94:b8:2b:ed:96:4d:51:d3:2f:7f:
         63:bf:95:ad:08:38:f1:0e:cd:b9:fb:48:88:23:2f:be:61:1a:
         ea:9f:4f:d5:71:a9:4f:fd:2c:16:81:5a:d6:f7:76:a2:2c:c1:
         c4:25:ff:56:bf:1d:d0:38:5b:4b:0b:66:8a:2b:da:30:11:d3:
         3d:a9:0b:24:e3:97:8c:15:ca:ba:a4:4a:e2:3e:7e:e6:36:1e:
         c0:ae:92:ac:04:2a:a7:e6:db:0a:88:ba:1d:2c:5f:d2:2f:7b:
         1c:80:38:29:3b:41:fd:51:69:3d:32:e8:bf:cd:f4:c9:d8:e4:
         f2:64:4b:a3:f1:8c:eb:7b:8a:bd:ff:ff:23:dc:8f:62:15:bd:
         05:ef:b9:1b:0e:1c:96:f9:86:a8:7b:ac:10:60:82:ce:6f:25:
         c7:c1:04:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY9UcG1PXYysfFnaCEovT+rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkZGZkY2E3M2NkNjRkNzVlNjU2ZGQwYTNhNDQyN2VkNjE5
ODJhM2QwHhcNMjUwNDE2MDYzODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWY5NWFlNDQyNTQ4MzJmNDY2NTFhMmY4NDQyYzBhZGY5MDc2Y2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NEVnnGV37NMIocmOB5uEu95XChP
tEb/sQfrkwiwj5XuQEU0LI6cnAQoMIGepKmOMI11tQzj2l5HsW3B5BLAd37MEVoU
Yry4UYIvQkl7ToTdKtqOE8VYbON1bN7bArm8tmQLFBS9zmVcLYx1bO+i+kNgwVQa
tQa+H9oSnpLBhKj4ruRdnmuH37Og7stnAD8tGDROCGL9+vuqCk6x535GzV+L9FbH
ZYktU/+sUCjRUlidcYfZ/ccL5ldmI6XeLlTW5EzzeRwhO3LUqN068lxs76ADvcWf
oH+OCu+euyXDniA0pVZDYM4D35RG/jh6kReFakmcX9FYYQlQphw06+LY4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDr5WuRCVIMvRmUaL4RCwK35B2y3MB8GA1UdIwQY
MBaAFC3f3Kc81k115lbdCjpEJ+1hmCo9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGRfY3B6eldUWFhtVnQwS09rUW43V0dZS2owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9kNDFjNGEtOWJlZi00NzM3LTk1YTEt
MDhmMTdjNDEwNzY1LzEvT3ZsYTVFSlVneTlHWlJvdmhFTEFyZmtIYkxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9kNDFjNGEtOWJlZi00NzM3LTk1YTEtMDhmMTdjNDEwNzY1
LzEvTGRfY3B6eldUWFhtVnQwS09rUW43V0dZS2owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuc1sMA0G
CSqGSIb3DQEBCwUAA4IBAQC1hualsrwrSleiE1bjyy0WqUEZ2bZGJ0rLKTk6NYa0
LMWnE57JV4I17eQDMtnYbHbyuJsuPR/Y6QzY4Xb9PGQsNUMXrNX4Lyq4mTR2Mcrs
SVDLlGi7bCe3acvj8AuJSVzKsZS4K+2WTVHTL39jv5WtCDjxDs25+0iIIy++YRrq
n0/VcalP/SwWgVrW93aiLMHEJf9Wvx3QOFtLC2aKK9owEdM9qQsk45eMFcq6pEri
Pn7mNh7ArpKsBCqn5tsKiLodLF/SL3scgDgpO0H9UWk9Mui/zfTJ2OTyZEuj8Yzr
e4q9//8j3I9iFb0F77kbDhyW+Yaoe6wQYILObyXHwQTi
-----END CERTIFICATE-----