Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/ocuE4fXKrDYrpQocYLXuAkcw4qs.roa
File:                     ocuE4fXKrDYrpQocYLXuAkcw4qs.roa (raw, json)
Hash identifier:          Nydk7rHdYX2vee746eKrRwtJaLs0LWeYf6W299bGydA=
Subject key identifier:   A1:CB:84:E1:F5:CA:AC:36:2B:A5:0A:1C:60:B5:EE:02:47:30:E2:AB
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       0194228DBC2B6C267BD13282CCCEACF9C8BB
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/ocuE4fXKrDYrpQocYLXuAkcw4qs.roa
Signing time:             Wed 01 Jan 2025 15:48:21 +0000
ROA not before:           Wed 01 Jan 2025 15:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        193.32.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:bc:2b:6c:26:7b:d1:32:82:cc:ce:ac:f9:c8:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Jan  1 15:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1cb84e1f5caac362ba50a1c60b5ee024730e2ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:7f:80:bc:04:2d:78:98:71:84:3d:0a:41:82:
                    13:ce:9a:c8:d5:52:63:61:82:2a:59:ba:92:a1:d4:
                    ef:e1:02:19:32:78:de:63:e3:73:6e:e8:b0:70:12:
                    4b:32:e0:03:c1:a7:da:fa:36:11:bf:e8:e3:f7:18:
                    2f:6e:96:9e:7e:9c:8f:04:f2:4d:28:25:3e:ce:44:
                    22:4e:40:2e:27:35:8c:81:fc:f1:db:84:a5:75:90:
                    7d:11:36:43:a0:38:e3:8a:de:da:dd:ac:87:9d:f8:
                    49:74:3a:2a:fe:f5:58:46:37:90:ae:5e:74:2a:b0:
                    5c:f5:9c:82:4e:c0:98:61:03:57:e8:d9:33:3e:fb:
                    9d:b0:2c:65:2f:bd:bb:7c:58:bd:19:e4:23:8f:e3:
                    92:f3:b2:d5:e6:65:bd:8f:8e:b1:3c:5a:ac:f2:fa:
                    33:16:f0:60:d1:eb:b2:ee:ce:6e:e8:3b:33:22:9b:
                    e0:84:32:46:eb:da:05:fe:c9:46:69:c8:c8:cf:68:
                    45:7e:4b:c3:6a:46:db:96:45:42:fe:dd:55:47:17:
                    0f:96:ce:12:58:0d:54:81:dc:63:9c:c4:be:a3:5e:
                    5d:1e:7d:10:da:ea:e7:e8:3b:5b:ff:f2:8f:89:9d:
                    79:2e:d4:d3:4a:00:c2:c9:f9:96:5b:bb:08:cd:a3:
                    9c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:CB:84:E1:F5:CA:AC:36:2B:A5:0A:1C:60:B5:EE:02:47:30:E2:AB
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/ocuE4fXKrDYrpQocYLXuAkcw4qs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:6b:fd:68:65:8a:24:5f:24:67:33:46:2d:a0:ea:a1:d0:0d:
         c2:ce:97:81:ae:20:4c:42:f8:59:bf:ea:53:af:18:39:91:85:
         1d:f2:53:3f:4c:05:69:4e:a1:89:21:b5:56:fe:65:ec:11:61:
         81:28:0d:5f:c1:b3:74:36:14:bf:b4:58:e6:15:88:8a:09:19:
         9c:be:5d:b0:5e:6d:02:87:e6:38:1a:68:b0:cd:60:28:63:c5:
         e0:16:57:30:b6:c4:bf:ee:fa:3a:fb:55:26:a8:f8:36:b1:dd:
         3f:98:51:ce:91:e7:d1:a1:cb:0b:08:da:ac:18:cb:a5:a1:ab:
         ad:66:ea:2e:d1:ff:b3:42:56:cd:49:bf:47:b6:c5:d5:b0:73:
         14:58:d0:64:17:b7:97:f2:c3:8c:00:8f:f2:21:02:ff:e0:d6:
         ed:b6:b1:1a:cc:4b:0d:fe:03:c1:52:85:69:34:2a:ee:99:c3:
         31:7f:08:86:2e:87:c1:60:a9:3e:26:14:a5:06:0d:1d:d7:98:
         a9:d5:96:43:5c:63:f6:30:09:42:5d:9e:7c:81:68:c8:df:7a:
         46:60:4c:d9:79:00:58:fa:8b:11:0e:ff:f8:76:dd:70:33:67:
         e5:e2:00:bc:93:7e:ee:09:94:ae:e6:84:07:9d:23:55:18:68:
         01:64:c4:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijbwrbCZ70TKCzM6s+ci7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjUwMTAxMTU0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWNiODRlMWY1Y2FhYzM2MmJhNTBhMWM2MGI1ZWUwMjQ3MzBlMmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmH+AvAQteJhxhD0KQYITzprI1VJj
YYIqWbqSodTv4QIZMnjeY+NzbuiwcBJLMuADwafa+jYRv+jj9xgvbpaefpyPBPJN
KCU+zkQiTkAuJzWMgfzx24SldZB9ETZDoDjjit7a3ayHnfhJdDoq/vVYRjeQrl50
KrBc9ZyCTsCYYQNX6NkzPvudsCxlL727fFi9GeQjj+OS87LV5mW9j46xPFqs8voz
FvBg0euy7s5u6DszIpvghDJG69oF/slGacjIz2hFfkvDakbblkVC/t1VRxcPls4S
WA1UgdxjnMS+o15dHn0Q2urn6Dtb//KPiZ15LtTTSgDCyfmWW7sIzaOcNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKHLhOH1yqw2K6UKHGC17gJHMOKrMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvb2N1RTRmWEtyRFlycFFvY1lMWHVBa2N3NHFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSBVMA0G
CSqGSIb3DQEBCwUAA4IBAQAka/1oZYokXyRnM0YtoOqh0A3CzpeBriBMQvhZv+pT
rxg5kYUd8lM/TAVpTqGJIbVW/mXsEWGBKA1fwbN0NhS/tFjmFYiKCRmcvl2wXm0C
h+Y4GmiwzWAoY8XgFlcwtsS/7vo6+1UmqPg2sd0/mFHOkefRocsLCNqsGMuloaut
Zuou0f+zQlbNSb9HtsXVsHMUWNBkF7eX8sOMAI/yIQL/4NbttrEazEsN/gPBUoVp
NCrumcMxfwiGLofBYKk+JhSlBg0d15ip1ZZDXGP2MAlCXZ58gWjI33pGYEzZeQBY
+osRDv/4dt1wM2fl4gC8k37uCZSu5oQHnSNVGGgBZMSl
-----END CERTIFICATE-----