Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/OpfK6BwHYKsc2lzrkWW3lXHfakY.roa
File:                     OpfK6BwHYKsc2lzrkWW3lXHfakY.roa (raw, json)
Hash identifier:          vWFnMTow/1EvHrXUzWAAGA4XDrMlKK/6OdS3huN2Is8=
Subject key identifier:   3A:97:CA:E8:1C:07:60:AB:1C:DA:5C:EB:91:65:B7:95:71:DF:6A:46
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       0196C68F1EB73ED0F87BF4CFC8922CD22885
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/OpfK6BwHYKsc2lzrkWW3lXHfakY.roa
Signing time:             Mon 12 May 2025 22:13:10 +0000
ROA not before:           Mon 12 May 2025 22:13:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21840
IP address blocks:        188.209.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c6:8f:1e:b7:3e:d0:f8:7b:f4:cf:c8:92:2c:d2:28:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: May 12 22:13:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a97cae81c0760ab1cda5ceb9165b79571df6a46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:fc:41:0e:07:c7:55:16:0f:f3:41:43:11:cf:
                    67:ad:83:de:4c:14:74:e9:3c:91:e8:8f:c1:79:35:
                    e7:20:0b:c6:80:f5:94:ba:c0:a6:4b:9f:43:2f:b9:
                    45:4b:29:f6:e6:98:8f:46:3b:07:69:7e:1c:0c:a8:
                    d4:fa:fd:62:10:b2:d6:38:4a:c1:60:c8:9e:e5:fc:
                    0e:65:37:57:4d:08:de:f4:9a:2b:86:2b:6d:aa:c8:
                    75:48:6e:5e:01:56:25:06:fc:71:7a:fd:4c:84:af:
                    cc:cd:ed:59:f1:4f:2d:6c:5f:bd:4c:9e:fb:9b:47:
                    f6:f0:8c:85:73:7b:3f:00:a6:6e:a9:c1:0e:4e:4e:
                    b1:b7:e7:0a:6c:60:8f:af:04:07:82:f8:47:2f:37:
                    1a:fa:ae:03:dd:a1:a9:90:92:a0:70:46:d2:88:50:
                    cf:4e:d4:01:ce:d9:b5:48:d8:97:cd:78:8c:11:fe:
                    16:4a:0d:8d:a8:d3:a5:fc:c3:2b:38:60:9b:17:e9:
                    47:73:28:2f:f3:be:fe:51:e0:5e:7a:e0:32:c2:cd:
                    01:8c:d0:d8:05:09:a2:ea:99:d7:e9:07:ec:48:09:
                    0e:99:df:c4:4b:ae:5c:6a:7d:2f:e1:96:b9:13:ac:
                    ab:8d:8b:9a:fe:4a:ca:c9:51:1d:37:98:29:8d:7d:
                    5d:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:97:CA:E8:1C:07:60:AB:1C:DA:5C:EB:91:65:B7:95:71:DF:6A:46
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/OpfK6BwHYKsc2lzrkWW3lXHfakY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:f2:ba:79:83:fa:7d:c2:f5:f0:38:8b:ff:24:fd:98:cb:cd:
         24:54:fa:0a:77:9d:d5:8e:bd:2d:7b:d1:f7:3d:90:52:67:a5:
         98:9f:8f:d9:ae:a2:5a:86:2f:bb:72:89:b3:0f:b0:bc:49:47:
         6a:2e:98:cc:ba:4c:a6:71:5f:4e:47:bc:8e:d8:e0:a9:c1:7a:
         f5:84:78:7d:f7:a3:e2:50:53:4c:d7:b1:56:51:2e:27:e8:6d:
         f3:21:0d:52:6a:59:5a:1f:63:cd:4e:d6:df:28:25:41:84:db:
         f5:cd:47:88:4b:1f:2e:3d:61:c9:31:59:e2:cc:65:c3:8f:45:
         41:78:c6:99:22:78:2e:dc:5d:f4:27:73:d4:9b:77:f6:5b:54:
         3c:1d:e9:d2:ae:be:ae:dd:01:45:01:c7:d2:ed:e2:6a:56:41:
         d2:9a:db:46:3a:65:ac:7b:96:ea:02:dd:38:c2:05:4e:35:da:
         95:d1:40:90:61:a9:3b:75:98:62:ff:e2:53:3e:59:1c:8c:b7:
         37:8c:60:78:9c:53:f1:99:2b:8e:bc:26:f1:f1:e5:d8:dd:4d:
         8a:cf:46:d6:93:d8:ef:94:93:5e:64:42:f6:1d:b6:40:84:8e:
         f6:a3:ac:b5:98:3f:ae:7d:88:da:93:f6:d4:89:c0:4f:58:86:
         79:15:1c:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbGjx63PtD4e/TPyJIs0iiFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUwNTEyMjIxMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTk3Y2FlODFjMDc2MGFiMWNkYTVjZWI5MTY1Yjc5NTcxZGY2YTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/xBDgfHVRYP80FDEc9nrYPeTBR0
6TyR6I/BeTXnIAvGgPWUusCmS59DL7lFSyn25piPRjsHaX4cDKjU+v1iELLWOErB
YMie5fwOZTdXTQje9Jorhittqsh1SG5eAVYlBvxxev1MhK/Mze1Z8U8tbF+9TJ77
m0f28IyFc3s/AKZuqcEOTk6xt+cKbGCPrwQHgvhHLzca+q4D3aGpkJKgcEbSiFDP
TtQBztm1SNiXzXiMEf4WSg2NqNOl/MMrOGCbF+lHcygv877+UeBeeuAyws0BjNDY
BQmi6pnX6QfsSAkOmd/ES65can0v4Za5E6yrjYua/krKyVEdN5gpjX1dlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDqXyugcB2CrHNpc65Flt5Vx32pGMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvT3BmSzZCd0hZS3NjMmx6cmtXVzNsWEhmYWtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNGBMA0G
CSqGSIb3DQEBCwUAA4IBAQCE8rp5g/p9wvXwOIv/JP2Yy80kVPoKd53Vjr0te9H3
PZBSZ6WYn4/ZrqJahi+7comzD7C8SUdqLpjMukymcV9OR7yO2OCpwXr1hHh996Pi
UFNM17FWUS4n6G3zIQ1SallaH2PNTtbfKCVBhNv1zUeISx8uPWHJMVnizGXDj0VB
eMaZIngu3F30J3PUm3f2W1Q8HenSrr6u3QFFAcfS7eJqVkHSmttGOmWse5bqAt04
wgVONdqV0UCQYak7dZhi/+JTPlkcjLc3jGB4nFPxmSuOvCbx8eXY3U2Kz0bWk9jv
lJNeZEL2HbZAhI72o6y1mD+ufYjak/bUicBPWIZ5FRzQ
-----END CERTIFICATE-----