Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/oX3OGzwxfpoj75NeGxUgbWj5Nag.roa
File:                     oX3OGzwxfpoj75NeGxUgbWj5Nag.roa (raw, json)
Hash identifier:          AUpPKp6STpZ3+I37dxgfx0DnwlKN78RdnPEKRCGUs1k=
Subject key identifier:   A1:7D:CE:1B:3C:31:7E:9A:23:EF:93:5E:1B:15:20:6D:68:F9:35:A8
Certificate issuer:       /CN=49216f5c165b827a7fd73d8107aebd2f63c63e24
Certificate serial:       019425FC9C7D7900CC11ACCD2F873271568E
Authority key identifier: 49:21:6F:5C:16:5B:82:7A:7F:D7:3D:81:07:AE:BD:2F:63:C6:3E:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/oX3OGzwxfpoj75NeGxUgbWj5Nag.roa
Signing time:             Thu 02 Jan 2025 07:48:19 +0000
ROA not before:           Thu 02 Jan 2025 07:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        81.90.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 03:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:9c:7d:79:00:cc:11:ac:cd:2f:87:32:71:56:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49216f5c165b827a7fd73d8107aebd2f63c63e24
        Validity
            Not Before: Jan  2 07:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a17dce1b3c317e9a23ef935e1b15206d68f935a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:12:d4:23:0d:88:d4:d4:89:61:2f:c3:d7:ae:
                    2f:ca:43:cf:80:4f:ae:59:6a:d3:1e:50:c2:c3:77:
                    f2:15:63:5c:30:7a:74:bc:7b:ef:4d:1e:5c:75:a1:
                    52:91:fe:49:38:4c:ac:53:d3:a6:1f:95:35:25:70:
                    e9:b1:a4:00:77:2b:9c:a5:79:74:c2:96:5c:99:5e:
                    81:97:e9:70:69:16:cc:d0:73:a7:2a:fe:3d:ee:ef:
                    8b:9a:aa:0a:95:21:b0:9d:51:21:15:54:5a:8a:3c:
                    e5:3f:f0:ee:68:e8:98:de:48:ba:ad:51:82:90:51:
                    14:c1:11:65:06:c7:3c:27:3e:a6:54:f0:f5:9a:d3:
                    d8:7b:50:59:7e:a9:45:fe:0b:d5:3b:f9:23:a3:bd:
                    e6:c6:37:e2:56:61:2d:0e:0f:cc:09:91:5d:b2:33:
                    a5:a4:3c:c8:0a:50:42:1d:11:9b:d8:33:3a:c2:5a:
                    39:f8:f6:c1:4f:59:5c:20:0d:af:e3:01:eb:27:ae:
                    f6:87:d0:15:4b:a5:75:f1:84:8d:4f:f3:13:98:f8:
                    41:83:23:37:d0:2a:eb:21:3e:92:b0:df:6b:ee:3e:
                    b0:17:52:50:15:61:79:9b:f2:04:1b:6b:ff:9c:af:
                    4e:ce:68:97:7a:8c:5c:87:ed:09:e2:4c:54:5e:c7:
                    82:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:7D:CE:1B:3C:31:7E:9A:23:EF:93:5E:1B:15:20:6D:68:F9:35:A8
            X509v3 Authority Key Identifier:
                keyid:49:21:6F:5C:16:5B:82:7A:7F:D7:3D:81:07:AE:BD:2F:63:C6:3E:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/oX3OGzwxfpoj75NeGxUgbWj5Nag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.90.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:fb:5b:64:c7:05:0e:86:f1:f5:0e:31:58:22:1c:fc:f8:7f:
         63:03:2e:ee:63:13:da:19:a9:fd:a7:9b:78:b5:b2:f0:56:b4:
         e2:a1:1d:bf:37:14:a8:6d:b6:4e:b0:58:24:58:3a:2c:17:71:
         35:22:da:a4:82:1d:80:7a:3b:cd:30:e7:03:6e:37:3a:74:47:
         06:fa:2b:0d:35:67:80:c4:21:77:dc:86:d1:fc:14:3f:23:7e:
         2b:87:42:c2:da:32:26:01:12:87:6e:18:de:4d:4e:6f:05:34:
         df:93:64:68:1c:fb:07:82:63:86:de:8c:e0:a4:a8:5e:c8:57:
         c2:07:e0:13:ac:e4:64:54:5d:d5:17:b9:d0:c0:c5:e9:0a:de:
         1e:66:c6:6e:b9:54:6b:50:fb:d3:6b:0a:4f:9f:97:4c:4e:0f:
         53:06:b3:c0:9d:00:cb:a1:9a:7f:87:9e:02:ca:7d:f9:72:7c:
         19:45:69:da:f2:cd:d0:f4:39:d4:72:13:d3:8f:de:8c:1c:91:
         6d:a8:91:1a:1e:21:4c:51:01:bb:90:b8:08:5c:32:12:a6:4e:
         9b:a7:55:63:0a:7d:09:76:d5:81:31:58:99:b0:5b:18:54:73:
         d7:ca:dd:45:b8:46:87:91:56:f6:6f:3c:95:97:a7:be:53:ff:
         e3:da:6d:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/Jx9eQDMEazNL4cycVaOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5MjE2ZjVjMTY1YjgyN2E3ZmQ3M2Q4MTA3YWViZDJmNjNj
NjNlMjQwHhcNMjUwMTAyMDc0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTdkY2UxYjNjMzE3ZTlhMjNlZjkzNWUxYjE1MjA2ZDY4ZjkzNWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshLUIw2I1NSJYS/D164vykPPgE+u
WWrTHlDCw3fyFWNcMHp0vHvvTR5cdaFSkf5JOEysU9OmH5U1JXDpsaQAdyucpXl0
wpZcmV6Bl+lwaRbM0HOnKv497u+LmqoKlSGwnVEhFVRaijzlP/DuaOiY3ki6rVGC
kFEUwRFlBsc8Jz6mVPD1mtPYe1BZfqlF/gvVO/kjo73mxjfiVmEtDg/MCZFdsjOl
pDzIClBCHRGb2DM6wlo5+PbBT1lcIA2v4wHrJ672h9AVS6V18YSNT/MTmPhBgyM3
0CrrIT6SsN9r7j6wF1JQFWF5m/IEG2v/nK9OzmiXeoxch+0J4kxUXseCWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKF9zhs8MX6aI++TXhsVIG1o+TWoMB8GA1UdIwQY
MBaAFEkhb1wWW4J6f9c9gQeuvS9jxj4kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1NGdlhCWmJnbnBfMXoyQkI2NjlMMlBHUGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi80ODQyYTktOWZjZC00YmI2LWJiMDQt
MGRiYmMyNDllNjU3LzEvb1gzT0d6d3hmcG9qNzVOZUd4VWdiV2o1TmFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi80ODQyYTktOWZjZC00YmI2LWJiMDQtMGRiYmMyNDllNjU3
LzEvU1NGdlhCWmJnbnBfMXoyQkI2NjlMMlBHUGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUVoZMA0G
CSqGSIb3DQEBCwUAA4IBAQB0+1tkxwUOhvH1DjFYIhz8+H9jAy7uYxPaGan9p5t4
tbLwVrTioR2/NxSobbZOsFgkWDosF3E1Itqkgh2AejvNMOcDbjc6dEcG+isNNWeA
xCF33IbR/BQ/I34rh0LC2jImARKHbhjeTU5vBTTfk2RoHPsHgmOG3ozgpKheyFfC
B+ATrORkVF3VF7nQwMXpCt4eZsZuuVRrUPvTawpPn5dMTg9TBrPAnQDLoZp/h54C
yn35cnwZRWna8s3Q9DnUchPTj96MHJFtqJEaHiFMUQG7kLgIXDISpk6bp1VjCn0J
dtWBMViZsFsYVHPXyt1FuEaHkVb2bzyVl6e+U//j2m1U
-----END CERTIFICATE-----