Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/OeEwR2KjHiMhtmsCYndJ8-HTnmE.roa
File:                     OeEwR2KjHiMhtmsCYndJ8-HTnmE.roa (raw, json)
Hash identifier:          ZCQD20kNIgUEFFKDzf7HxGrXyHaL4uowsN2/xg1DAu0=
Subject key identifier:   39:E1:30:47:62:A3:1E:23:21:B6:6B:02:62:77:49:F3:E1:D3:9E:61
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       01942068543501D2316993E27BBCF29084CE
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/OeEwR2KjHiMhtmsCYndJ8-HTnmE.roa
Signing time:             Wed 01 Jan 2025 05:48:15 +0000
ROA not before:           Wed 01 Jan 2025 05:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209132
IP address blocks:        147.45.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:54:35:01:d2:31:69:93:e2:7b:bc:f2:90:84:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  1 05:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39e1304762a31e2321b66b02627749f3e1d39e61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:05:05:72:38:4c:f4:c9:31:79:83:a0:dd:e6:
                    9b:fb:b6:76:e8:3a:4a:74:3f:cf:6f:95:1e:11:cb:
                    0b:44:e3:ac:23:02:d7:f4:ba:52:7a:c7:da:74:55:
                    25:d1:04:01:09:95:8d:76:8a:a7:c1:82:86:1b:3e:
                    b8:46:83:5b:af:9c:1b:55:0d:30:fa:24:d6:d3:2e:
                    6d:90:be:ce:3e:aa:43:66:1f:36:c3:38:db:07:2a:
                    e3:da:4b:2a:0c:60:eb:bd:48:16:ee:7f:54:ac:8e:
                    75:5b:b7:d0:3e:01:a5:a0:48:19:f2:f5:e0:a3:dc:
                    f8:29:8b:cd:c4:46:f1:3b:f6:9c:04:f5:76:7b:0e:
                    4e:a9:47:61:a9:65:a4:a3:93:9c:32:c8:29:e9:6b:
                    3e:ab:bd:42:7c:69:e8:c3:4a:bd:5f:98:fd:09:f2:
                    10:9c:b7:80:23:39:6b:79:ff:31:24:e9:9e:57:d9:
                    70:ef:4e:57:ec:5d:b3:af:c8:02:9d:aa:12:d9:0f:
                    d1:c4:cf:71:e3:0e:a0:4e:3c:d7:7f:02:10:00:bc:
                    3c:24:90:64:f0:8e:18:6d:e8:d4:bb:70:b4:43:b4:
                    92:8d:e5:25:e6:ab:16:7c:7a:70:9b:8d:91:9b:9e:
                    82:75:1e:51:f8:80:26:94:ad:06:57:c7:4c:a3:01:
                    e4:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:E1:30:47:62:A3:1E:23:21:B6:6B:02:62:77:49:F3:E1:D3:9E:61
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/OeEwR2KjHiMhtmsCYndJ8-HTnmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:b9:58:ee:df:75:aa:08:35:46:c5:5c:6f:f1:f5:c4:ea:da:
         59:21:92:55:9d:7b:ea:d8:62:18:53:57:31:29:52:1b:a7:05:
         53:92:2d:3b:85:aa:84:10:80:5f:54:f5:f3:06:7a:56:c0:bf:
         13:fb:1b:4a:39:51:5c:7f:ae:73:91:dc:3b:ab:c1:d3:56:18:
         3c:ef:30:ab:e0:05:b8:ae:7b:8c:5d:d1:c3:86:85:aa:5b:3e:
         71:dd:fd:52:be:d0:97:7f:72:68:77:dc:d8:23:0c:bd:7d:21:
         39:29:bf:1c:70:e8:7a:30:cc:13:fc:b1:74:75:4f:88:cc:7f:
         66:f8:d2:4b:39:ed:94:80:38:db:d6:2d:9e:ea:74:40:32:4a:
         10:c9:a9:82:8d:8b:8e:8c:b3:6c:dd:f4:9e:b5:be:c4:4f:98:
         5a:53:9f:06:b1:0d:1d:fb:6f:8d:f7:a6:81:2b:52:60:44:ae:
         8c:bc:19:49:11:a0:90:02:a7:23:c4:d5:85:b3:42:4c:73:2d:
         99:88:32:ad:3e:e1:93:3f:82:1d:d8:77:5c:1a:aa:6c:18:76:
         fb:73:c6:a6:bd:29:a3:b6:30:1d:e8:f8:0e:9c:0d:ca:24:77:
         d7:ad:00:2d:77:76:ba:ea:39:c3:3f:e9:de:b9:01:85:c8:8e:
         4e:ea:d0:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaFQ1AdIxaZPie7zykITOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwMTAxMDU0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWUxMzA0NzYyYTMxZTIzMjFiNjZiMDI2Mjc3NDlmM2UxZDM5ZTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigUFcjhM9MkxeYOg3eab+7Z26DpK
dD/Pb5UeEcsLROOsIwLX9LpSesfadFUl0QQBCZWNdoqnwYKGGz64RoNbr5wbVQ0w
+iTW0y5tkL7OPqpDZh82wzjbByrj2ksqDGDrvUgW7n9UrI51W7fQPgGloEgZ8vXg
o9z4KYvNxEbxO/acBPV2ew5OqUdhqWWko5OcMsgp6Ws+q71CfGnow0q9X5j9CfIQ
nLeAIzlref8xJOmeV9lw705X7F2zr8gCnaoS2Q/RxM9x4w6gTjzXfwIQALw8JJBk
8I4YbejUu3C0Q7SSjeUl5qsWfHpwm42Rm56CdR5R+IAmlK0GV8dMowHkrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDnhMEdiox4jIbZrAmJ3SfPh055hMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvT2VFd1IyS2pIaU1odG1zQ1luZEo4LUhUbm1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAky1wMA0G
CSqGSIb3DQEBCwUAA4IBAQBfuVju33WqCDVGxVxv8fXE6tpZIZJVnXvq2GIYU1cx
KVIbpwVTki07haqEEIBfVPXzBnpWwL8T+xtKOVFcf65zkdw7q8HTVhg87zCr4AW4
rnuMXdHDhoWqWz5x3f1SvtCXf3Jod9zYIwy9fSE5Kb8ccOh6MMwT/LF0dU+IzH9m
+NJLOe2UgDjb1i2e6nRAMkoQyamCjYuOjLNs3fSetb7ET5haU58GsQ0d+2+N96aB
K1JgRK6MvBlJEaCQAqcjxNWFs0JMcy2ZiDKtPuGTP4Id2HdcGqpsGHb7c8amvSmj
tjAd6PgOnA3KJHfXrQAtd3a66jnDP+neuQGFyI5O6tD8
-----END CERTIFICATE-----