Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/omuf2rqv4Sp9P-8ZJZ916fSowyA.roa
File:                     omuf2rqv4Sp9P-8ZJZ916fSowyA.roa (raw, json)
Hash identifier:          UlQgwX4zh3WqyryliD1lENPsPKINDm9DlFR8/vawBBY=
Subject key identifier:   A2:6B:9F:DA:BA:AF:E1:2A:7D:3F:EF:19:25:9F:75:E9:F4:A8:C3:20
Certificate issuer:       /CN=f19918ed219e7d3d922737ecdc731f0ca60a68b8
Certificate serial:       01942144285FDCEC116168A16316A0D1D36E
Authority key identifier: F1:99:18:ED:21:9E:7D:3D:92:27:37:EC:DC:73:1F:0C:A6:0A:68:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/omuf2rqv4Sp9P-8ZJZ916fSowyA.roa
Signing time:             Wed 01 Jan 2025 09:48:22 +0000
ROA not before:           Wed 01 Jan 2025 09:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3356
IP address blocks:        195.66.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 14:35:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:28:5f:dc:ec:11:61:68:a1:63:16:a0:d1:d3:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f19918ed219e7d3d922737ecdc731f0ca60a68b8
        Validity
            Not Before: Jan  1 09:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a26b9fdabaafe12a7d3fef19259f75e9f4a8c320
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:ef:42:c8:46:b0:24:89:d5:fe:c9:d2:3f:8d:
                    ca:f5:db:07:88:91:e3:f7:09:ae:4b:bf:2d:b4:30:
                    8e:d5:55:b0:b0:21:d2:4c:55:a7:d1:31:5f:04:0f:
                    51:7c:07:7b:85:9d:0c:6e:57:c1:a3:a4:39:94:3e:
                    9f:11:19:a5:68:31:88:1f:3f:20:4c:53:4e:17:fd:
                    55:9f:ae:76:37:e9:d5:b5:00:74:af:24:d3:5f:aa:
                    0b:43:5e:b5:b7:85:29:1d:bb:f7:94:7f:ae:54:5e:
                    f3:b4:41:dd:63:76:c8:83:c5:40:dc:74:eb:33:6d:
                    b8:de:93:6b:86:75:a6:6c:98:1b:d0:5e:ae:95:3a:
                    d8:3b:e3:7e:57:78:28:15:7c:06:02:b3:3e:ec:60:
                    92:3f:2f:d8:ad:a3:01:31:23:b3:20:0b:5d:a6:22:
                    18:a9:02:67:6a:df:05:f2:dd:83:b7:be:f3:65:e6:
                    21:1f:de:74:66:40:86:2a:47:a2:a6:fa:82:b8:04:
                    6c:81:78:1e:59:d4:d3:ea:8e:9e:74:77:90:e8:f8:
                    54:5f:dd:e4:44:aa:f5:11:43:80:fb:af:e3:8f:2d:
                    20:96:27:c8:5f:c6:f9:dc:a6:09:2b:35:5e:be:13:
                    28:59:22:9f:6f:21:77:6d:0c:c3:6a:7f:cf:f4:3b:
                    09:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:6B:9F:DA:BA:AF:E1:2A:7D:3F:EF:19:25:9F:75:E9:F4:A8:C3:20
            X509v3 Authority Key Identifier:
                keyid:F1:99:18:ED:21:9E:7D:3D:92:27:37:EC:DC:73:1F:0C:A6:0A:68:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/omuf2rqv4Sp9P-8ZJZ916fSowyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:34:9f:1f:85:5f:f2:6d:3f:4c:1c:a2:9e:93:4d:cb:8d:71:
         e4:ea:be:07:7c:6d:97:88:6b:f6:91:1a:49:98:82:4e:02:34:
         04:5f:80:07:1b:2c:02:32:39:14:d1:a0:d6:0b:23:45:dd:8b:
         c3:86:ac:e1:12:93:32:19:22:f7:7f:7d:73:07:7e:01:72:80:
         ec:64:ba:5b:12:b0:2b:29:cc:92:c1:05:20:36:a5:97:57:39:
         44:33:2f:f3:ca:75:de:c9:d0:c2:33:c7:3d:f4:58:3f:0c:3c:
         ba:93:ee:e9:ab:86:d9:12:35:e0:b5:0c:a8:11:d8:e8:d0:27:
         fc:4c:d0:9f:7c:df:86:ef:00:85:58:0f:74:c0:67:49:aa:2b:
         66:40:29:38:ad:ec:cc:d0:b6:87:f1:0b:77:0b:cf:7a:32:3a:
         6c:b9:80:88:80:40:44:90:70:67:8c:87:6c:6a:47:c5:f7:59:
         f3:63:e1:41:7b:ca:f0:74:f3:15:77:49:61:1e:83:b9:6d:39:
         7d:5e:12:9f:07:df:43:33:c4:79:30:e1:7c:bc:3a:64:75:10:
         ac:0b:a6:f1:80:6c:f2:76:ad:d2:0a:71:45:16:03:29:e8:3f:
         f6:cf:4b:86:17:a0:83:4d:f1:36:54:ce:fb:84:d9:1c:6b:32:
         e1:ce:38:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRChf3OwRYWihYxag0dNuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxOTkxOGVkMjE5ZTdkM2Q5MjI3MzdlY2RjNzMxZjBjYTYw
YTY4YjgwHhcNMjUwMTAxMDk0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjZiOWZkYWJhYWZlMTJhN2QzZmVmMTkyNTlmNzVlOWY0YThjMzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAie9CyEawJInV/snSP43K9dsHiJHj
9wmuS78ttDCO1VWwsCHSTFWn0TFfBA9RfAd7hZ0MblfBo6Q5lD6fERmlaDGIHz8g
TFNOF/1Vn652N+nVtQB0ryTTX6oLQ161t4UpHbv3lH+uVF7ztEHdY3bIg8VA3HTr
M2243pNrhnWmbJgb0F6ulTrYO+N+V3goFXwGArM+7GCSPy/YraMBMSOzIAtdpiIY
qQJnat8F8t2Dt77zZeYhH950ZkCGKkeipvqCuARsgXgeWdTT6o6edHeQ6PhUX93k
RKr1EUOA+6/jjy0glifIX8b53KYJKzVevhMoWSKfbyF3bQzDan/P9DsJZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJrn9q6r+EqfT/vGSWfden0qMMgMB8GA1UdIwQY
MBaAFPGZGO0hnn09kic37NxzHwymCmi4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFprWTdTR2VmVDJTSnpmczNITWZES1lLYUxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS82MmIwOTgtNTY4ZC00ODcyLWEwMzIt
MzEzZWZlYjBiMTlkLzEvb211ZjJycXY0U3A5UC04WkpaOTE2ZlNvd3lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS82MmIwOTgtNTY4ZC00ODcyLWEwMzItMzEzZWZlYjBiMTlk
LzEvOFprWTdTR2VmVDJTSnpmczNITWZES1lLYUxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0JrMA0G
CSqGSIb3DQEBCwUAA4IBAQBVNJ8fhV/ybT9MHKKek03LjXHk6r4HfG2XiGv2kRpJ
mIJOAjQEX4AHGywCMjkU0aDWCyNF3YvDhqzhEpMyGSL3f31zB34BcoDsZLpbErAr
KcySwQUgNqWXVzlEMy/zynXeydDCM8c99Fg/DDy6k+7pq4bZEjXgtQyoEdjo0Cf8
TNCffN+G7wCFWA90wGdJqitmQCk4rezM0LaH8Qt3C896MjpsuYCIgEBEkHBnjIds
akfF91nzY+FBe8rwdPMVd0lhHoO5bTl9XhKfB99DM8R5MOF8vDpkdRCsC6bxgGzy
dq3SCnFFFgMp6D/2z0uGF6CDTfE2VM77hNkcazLhzjgP
-----END CERTIFICATE-----