Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/e425d8-f787-4f24-ba2b-28fe66144981/1/1-oMFTx8B3lukMNBvWfS47n97CmA.roa
File:                     1-oMFTx8B3lukMNBvWfS47n97CmA.roa (raw, json)
Hash identifier:          m9rVIDnRYZoBIXBcOLquTYp9zMM2moDhJAmWdarMX5o=
Subject key identifier:   FA:83:05:4F:1F:01:DE:5B:A4:30:D0:6F:59:F4:B8:EE:7F:7B:0A:60
Certificate issuer:       /CN=c7908f53e4517dce4c74ca2e30982788910c4033
Certificate serial:       019422FB4882273418A15CAC0B242DC2108F
Authority key identifier: C7:90:8F:53:E4:51:7D:CE:4C:74:CA:2E:30:98:27:88:91:0C:40:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x5CPU-RRfc5MdMouMJgniJEMQDM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/e425d8-f787-4f24-ba2b-28fe66144981/1/1-oMFTx8B3lukMNBvWfS47n97CmA.roa
Signing time:             Wed 01 Jan 2025 17:48:00 +0000
ROA not before:           Wed 01 Jan 2025 17:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52164
IP address blocks:        193.238.86.0/24 maxlen: 24
                          2a11:280::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/e425d8-f787-4f24-ba2b-28fe66144981/1/x5CPU-RRfc5MdMouMJgniJEMQDM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/e425d8-f787-4f24-ba2b-28fe66144981/1/x5CPU-RRfc5MdMouMJgniJEMQDM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x5CPU-RRfc5MdMouMJgniJEMQDM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:48:82:27:34:18:a1:5c:ac:0b:24:2d:c2:10:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7908f53e4517dce4c74ca2e30982788910c4033
        Validity
            Not Before: Jan  1 17:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa83054f1f01de5ba430d06f59f4b8ee7f7b0a60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:de:d4:cf:98:b7:40:bc:7c:ad:b1:06:2a:93:
                    27:21:d6:b9:49:38:ec:ad:f6:80:e9:85:e2:88:e6:
                    4b:18:76:f2:ed:8f:89:2b:6f:19:d0:c2:f5:42:f9:
                    4d:68:e7:b7:38:d7:8a:9b:4e:ba:79:89:8c:03:b0:
                    3d:0b:4a:3f:57:70:8c:b7:0b:5c:60:7d:62:2a:16:
                    c5:e6:a1:01:6b:b8:ea:a4:2e:5a:30:eb:21:15:fd:
                    b8:20:2f:05:94:72:ab:c1:9d:75:db:d0:b0:7a:2c:
                    3b:b9:24:de:50:0c:24:85:2e:17:91:95:d1:a4:36:
                    6d:12:48:02:e1:ce:c7:85:d3:9c:d8:9f:d3:b8:2a:
                    bd:58:4d:51:d8:6f:93:39:0f:2d:97:e5:a2:bc:96:
                    78:13:e6:07:c8:00:8a:2e:24:97:13:ee:f7:96:3f:
                    fc:6a:10:60:7d:b7:bb:d9:5d:5d:12:aa:4c:4a:5d:
                    a2:e1:58:43:d6:f7:89:01:69:25:ac:88:38:97:ce:
                    ff:25:de:f4:e6:b0:50:27:57:e4:0f:b7:ed:fc:56:
                    96:46:9e:cd:75:85:a0:d6:e2:3c:54:92:ed:ff:c0:
                    99:de:17:47:30:ce:fa:5c:99:93:3a:f8:c6:81:59:
                    5f:f5:21:66:39:5b:7a:03:6f:ae:42:0b:ba:60:3b:
                    93:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:83:05:4F:1F:01:DE:5B:A4:30:D0:6F:59:F4:B8:EE:7F:7B:0A:60
            X509v3 Authority Key Identifier:
                keyid:C7:90:8F:53:E4:51:7D:CE:4C:74:CA:2E:30:98:27:88:91:0C:40:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x5CPU-RRfc5MdMouMJgniJEMQDM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/e425d8-f787-4f24-ba2b-28fe66144981/1/1-oMFTx8B3lukMNBvWfS47n97CmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/e425d8-f787-4f24-ba2b-28fe66144981/1/x5CPU-RRfc5MdMouMJgniJEMQDM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.238.86.0/24
                IPv6:
                  2a11:280::/29

    Signature Algorithm: sha256WithRSAEncryption
         af:6d:59:c2:87:ce:17:fd:81:1b:66:01:29:84:dc:09:9f:67:
         c7:e4:c1:a2:ae:60:7c:38:88:a4:28:c6:bc:27:43:88:76:5b:
         bd:79:65:f8:99:79:cc:f3:eb:46:53:d5:f3:04:47:fa:a4:6e:
         98:ac:f9:4d:21:90:e0:09:09:04:56:7f:07:98:b2:dc:10:78:
         27:18:ee:4a:6c:ea:52:fa:20:a3:3c:2b:41:93:1c:d4:1f:2b:
         2d:88:da:bb:e7:65:dc:e3:f3:81:20:a7:04:be:70:1f:16:0d:
         68:47:f6:d8:de:33:62:a1:8e:30:52:6b:3a:5d:ff:7a:3f:e6:
         f5:a6:b9:19:63:a0:9d:17:a3:f4:98:80:7f:3b:f6:0e:1f:7b:
         5c:e8:98:48:c9:4d:ba:f5:ed:33:13:76:24:29:2d:91:81:6f:
         f5:8a:5d:88:49:5f:00:8f:63:42:13:34:da:c1:62:ac:cb:57:
         20:0d:4e:5a:9b:05:9d:b3:26:76:cc:33:c0:22:27:49:6c:1f:
         fd:2b:30:5f:35:e4:a1:fb:39:fb:b8:f5:18:c8:fc:f8:55:36:
         82:7f:21:2e:28:2f:45:7e:43:62:db:2f:48:cf:6e:81:74:d1:
         cd:0b:69:c3:05:9a:9c:27:17:68:22:78:a4:de:f5:d7:27:74:
         9c:c0:27:0c
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQi+0iCJzQYoVysCyQtwhCPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3OTA4ZjUzZTQ1MTdkY2U0Yzc0Y2EyZTMwOTgyNzg4OTEw
YzQwMzMwHhcNMjUwMTAxMTc0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTgzMDU0ZjFmMDFkZTViYTQzMGQwNmY1OWY0YjhlZTdmN2IwYTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv97Uz5i3QLx8rbEGKpMnIda5STjs
rfaA6YXiiOZLGHby7Y+JK28Z0ML1QvlNaOe3ONeKm066eYmMA7A9C0o/V3CMtwtc
YH1iKhbF5qEBa7jqpC5aMOshFf24IC8FlHKrwZ1129Cweiw7uSTeUAwkhS4XkZXR
pDZtEkgC4c7HhdOc2J/TuCq9WE1R2G+TOQ8tl+WivJZ4E+YHyACKLiSXE+73lj/8
ahBgfbe72V1dEqpMSl2i4VhD1veJAWklrIg4l87/Jd705rBQJ1fkD7ft/FaWRp7N
dYWg1uI8VJLt/8CZ3hdHMM76XJmTOvjGgVlf9SFmOVt6A2+uQgu6YDuT5wIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPqDBU8fAd5bpDDQb1n0uO5/ewpgMB8GA1UdIwQY
MBaAFMeQj1PkUX3OTHTKLjCYJ4iRDEAzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDVDUFUtUlJmYzVNZE1vdU1KZ25pSkVNUURNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9lNDI1ZDgtZjc4Ny00ZjI0LWJhMmIt
MjhmZTY2MTQ0OTgxLzEvMS1vTUZUeDhCM2x1a01OQnZXZlM0N245N0NtQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDIvZTQyNWQ4LWY3ODctNGYyNC1iYTJiLTI4ZmU2NjE0NDk4
MS8xL3g1Q1BVLVJSZmM1TWRNb3VNSmduaUpFTVFETS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAMHuVjAN
BAIAAjAHAwUDKhECgDANBgkqhkiG9w0BAQsFAAOCAQEAr21ZwofOF/2BG2YBKYTc
CZ9nx+TBoq5gfDiIpCjGvCdDiHZbvXll+Jl5zPPrRlPV8wRH+qRumKz5TSGQ4AkJ
BFZ/B5iy3BB4JxjuSmzqUvogozwrQZMc1B8rLYjau+dl3OPzgSCnBL5wHxYNaEf2
2N4zYqGOMFJrOl3/ej/m9aa5GWOgnRej9JiAfzv2Dh97XOiYSMlNuvXtMxN2JCkt
kYFv9YpdiElfAI9jQhM02sFirMtXIA1OWpsFnbMmdswzwCInSWwf/SswXzXkofs5
+7j1GMj8+FU2gn8hLigvRX5DYtsvSM9ugXTRzQtpwwWanCcXaCJ4pN711yd0nMAn
DA==
-----END CERTIFICATE-----