Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/oa49XCli4BnhzjMFZt__xzBFHcY.roa
File:                     oa49XCli4BnhzjMFZt__xzBFHcY.roa (raw, json)
Hash identifier:          tJwIQtT+Kk475hshkks2qpfV9lu0TNlB3mE3lLaKnow=
Subject key identifier:   A1:AE:3D:5C:29:62:E0:19:E1:CE:33:05:66:DF:FF:C7:30:45:1D:C6
Certificate issuer:       /CN=4bdd42ccd13d7f8a7c3eda5b5502d8d6dcbbbe11
Certificate serial:       019421442FB0230D24F81B52A8D12F93D2F1
Authority key identifier: 4B:DD:42:CC:D1:3D:7F:8A:7C:3E:DA:5B:55:02:D8:D6:DC:BB:BE:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S91CzNE9f4p8PtpbVQLY1ty7vhE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/oa49XCli4BnhzjMFZt__xzBFHcY.roa
Signing time:             Wed 01 Jan 2025 09:48:24 +0000
ROA not before:           Wed 01 Jan 2025 09:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16019
IP address blocks:        185.168.149.0/24 maxlen: 24
                          2a12:b7c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/S91CzNE9f4p8PtpbVQLY1ty7vhE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/S91CzNE9f4p8PtpbVQLY1ty7vhE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S91CzNE9f4p8PtpbVQLY1ty7vhE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 18:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:2f:b0:23:0d:24:f8:1b:52:a8:d1:2f:93:d2:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4bdd42ccd13d7f8a7c3eda5b5502d8d6dcbbbe11
        Validity
            Not Before: Jan  1 09:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1ae3d5c2962e019e1ce330566dfffc730451dc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f7:25:47:43:1f:d7:44:ef:ac:a0:b1:d4:5b:
                    5a:35:99:31:cb:69:ed:8e:9f:90:e5:13:42:7c:38:
                    c0:ef:4a:78:b7:df:59:72:26:6d:e8:7c:4b:64:7b:
                    ac:74:76:72:ab:59:4b:6b:24:6b:4a:5e:11:83:52:
                    af:c0:18:3a:51:3c:5f:83:c5:66:88:7f:4c:50:bc:
                    5a:ef:13:9c:cf:57:e1:04:e5:81:64:e0:75:37:db:
                    49:22:4b:6b:92:bb:57:83:6b:78:00:6f:3f:4b:5a:
                    0c:3f:bb:08:13:6d:6c:89:a4:64:1a:8e:ec:5a:cb:
                    68:c2:68:45:82:61:b9:f0:40:a6:a5:ba:c9:86:f0:
                    b3:17:71:6e:bd:80:ae:ab:6e:31:8a:1f:85:b3:4a:
                    fe:b6:41:88:4e:1c:68:16:d9:09:78:af:79:af:eb:
                    65:7e:ba:a6:56:37:7b:a9:85:fa:5a:a8:fd:90:b2:
                    74:6c:98:46:07:31:a1:fe:6b:a9:0b:49:e3:ca:c6:
                    41:63:76:75:41:a5:ac:55:57:ee:1a:1d:fd:01:01:
                    16:dc:5a:8d:aa:6a:d1:c8:e2:ca:11:73:a3:2d:98:
                    1c:2b:66:a5:34:a4:73:8e:fd:04:1d:0b:bf:dd:fa:
                    f8:32:5a:9a:2e:5c:9f:db:17:0b:98:8f:2e:91:5e:
                    eb:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:AE:3D:5C:29:62:E0:19:E1:CE:33:05:66:DF:FF:C7:30:45:1D:C6
            X509v3 Authority Key Identifier:
                keyid:4B:DD:42:CC:D1:3D:7F:8A:7C:3E:DA:5B:55:02:D8:D6:DC:BB:BE:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S91CzNE9f4p8PtpbVQLY1ty7vhE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/oa49XCli4BnhzjMFZt__xzBFHcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/fc8e22-9a3b-4646-babe-1ca2120ee436/1/S91CzNE9f4p8PtpbVQLY1ty7vhE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.149.0/24
                IPv6:
                  2a12:b7c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         51:de:72:97:1d:b6:4f:94:20:a4:5a:32:1f:a6:57:d5:89:0c:
         96:0c:ae:02:89:39:42:9c:f0:4f:6c:a2:35:39:9a:61:6a:84:
         dd:06:7c:ef:15:a2:f2:26:c3:f4:13:19:aa:d6:3c:b7:c2:0e:
         ed:01:60:f2:65:1f:fb:fd:f6:c4:84:51:65:08:7f:64:19:2b:
         26:68:0c:a4:7f:4e:29:0b:ea:40:6b:65:e1:56:ef:f5:be:02:
         a8:df:00:be:a0:f9:22:4b:fb:fc:2f:70:36:07:2e:2d:b8:28:
         9c:db:2c:fb:28:ae:83:9e:31:a8:5d:b3:54:89:2a:6a:49:c4:
         2b:a7:42:0a:5c:0d:a9:90:39:f8:f8:a5:83:da:96:d0:80:8b:
         89:b1:f9:35:ab:cf:2f:6f:ba:15:2a:5c:02:5c:a2:b9:f5:c1:
         41:61:45:a9:06:88:80:2d:2d:39:a4:ac:2b:b5:cc:20:ef:a6:
         5a:70:a8:ac:4a:7d:f5:b5:5f:09:c7:0c:d5:f3:95:79:28:33:
         c7:dd:3f:34:06:4e:36:78:9d:e4:22:a5:21:00:70:1f:44:c2:
         f3:90:0d:8b:a3:3d:e8:e8:39:10:40:64:8a:bc:b1:c8:cd:4b:
         f3:09:ef:e4:53:f1:e6:09:28:70:dd:dc:9a:2f:44:f1:ce:0f:
         e1:79:34:6d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhRC+wIw0k+BtSqNEvk9LxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZGQ0MmNjZDEzZDdmOGE3YzNlZGE1YjU1MDJkOGQ2ZGNi
YmJlMTEwHhcNMjUwMTAxMDk0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWFlM2Q1YzI5NjJlMDE5ZTFjZTMzMDU2NmRmZmZjNzMwNDUxZGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/clR0Mf10TvrKCx1FtaNZkxy2nt
jp+Q5RNCfDjA70p4t99ZciZt6HxLZHusdHZyq1lLayRrSl4Rg1KvwBg6UTxfg8Vm
iH9MULxa7xOcz1fhBOWBZOB1N9tJIktrkrtXg2t4AG8/S1oMP7sIE21siaRkGo7s
WstowmhFgmG58ECmpbrJhvCzF3FuvYCuq24xih+Fs0r+tkGIThxoFtkJeK95r+tl
frqmVjd7qYX6Wqj9kLJ0bJhGBzGh/mupC0njysZBY3Z1QaWsVVfuGh39AQEW3FqN
qmrRyOLKEXOjLZgcK2alNKRzjv0EHQu/3fr4MlqaLlyf2xcLmI8ukV7rgQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKGuPVwpYuAZ4c4zBWbf/8cwRR3GMB8GA1UdIwQY
MBaAFEvdQszRPX+KfD7aW1UC2Nbcu74RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzkxQ3pORTlmNHA4UHRwYlZRTFkxdHk3dmhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mYzhlMjItOWEzYi00NjQ2LWJhYmUt
MWNhMjEyMGVlNDM2LzEvb2E0OVhDbGk0Qm5oempNRlp0X194ekJGSGNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mYzhlMjItOWEzYi00NjQ2LWJhYmUtMWNhMjEyMGVlNDM2
LzEvUzkxQ3pORTlmNHA4UHRwYlZRTFkxdHk3dmhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuaiVMA0E
AgACMAcDBQMqErfAMA0GCSqGSIb3DQEBCwUAA4IBAQBR3nKXHbZPlCCkWjIfplfV
iQyWDK4CiTlCnPBPbKI1OZphaoTdBnzvFaLyJsP0Exmq1jy3wg7tAWDyZR/7/fbE
hFFlCH9kGSsmaAykf04pC+pAa2XhVu/1vgKo3wC+oPkiS/v8L3A2By4tuCic2yz7
KK6DnjGoXbNUiSpqScQrp0IKXA2pkDn4+KWD2pbQgIuJsfk1q88vb7oVKlwCXKK5
9cFBYUWpBoiALS05pKwrtcwg76ZacKisSn31tV8JxwzV85V5KDPH3T80Bk42eJ3k
IqUhAHAfRMLzkA2Loz3o6DkQQGSKvLHIzUvzCe/kU/HmCShw3dyaL0Txzg/heTRt
-----END CERTIFICATE-----