Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/625a92-c2d1-4ea8-9ce8-e9c92b71f50c/1/OI99xasONPPF-hb_rfYbSQdFoLY.roa
File:                     OI99xasONPPF-hb_rfYbSQdFoLY.roa (raw, json)
Hash identifier:          UeUlGFKe3vD+30DqhoTEBeaxMmrZwFQuEXKIyXR/8V4=
Subject key identifier:   38:8F:7D:C5:AB:0E:34:F3:C5:FA:16:FF:AD:F6:1B:49:07:45:A0:B6
Certificate issuer:       /CN=93f01e9086d40d508f5842e982f253689f7fe4c9
Certificate serial:       019420684217A56C1F31710CF8085197A217
Authority key identifier: 93:F0:1E:90:86:D4:0D:50:8F:58:42:E9:82:F2:53:68:9F:7F:E4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k_AekIbUDVCPWELpgvJTaJ9_5Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/625a92-c2d1-4ea8-9ce8-e9c92b71f50c/1/OI99xasONPPF-hb_rfYbSQdFoLY.roa
Signing time:             Wed 01 Jan 2025 05:48:11 +0000
ROA not before:           Wed 01 Jan 2025 05:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56640
IP address blocks:        195.22.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/625a92-c2d1-4ea8-9ce8-e9c92b71f50c/1/k_AekIbUDVCPWELpgvJTaJ9_5Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/625a92-c2d1-4ea8-9ce8-e9c92b71f50c/1/k_AekIbUDVCPWELpgvJTaJ9_5Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k_AekIbUDVCPWELpgvJTaJ9_5Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:42:17:a5:6c:1f:31:71:0c:f8:08:51:97:a2:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93f01e9086d40d508f5842e982f253689f7fe4c9
        Validity
            Not Before: Jan  1 05:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=388f7dc5ab0e34f3c5fa16ffadf61b490745a0b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:76:9b:0b:42:f6:68:66:77:1f:c3:d1:8b:d3:
                    93:05:85:5b:bf:6e:a5:32:c8:6d:53:4a:8d:02:90:
                    09:cf:2f:d8:e2:d6:d0:ed:87:4b:d9:0a:d1:f3:ad:
                    da:82:92:50:10:d7:af:ca:87:8a:69:b5:64:16:ee:
                    9a:5c:78:eb:d2:0f:ce:d1:82:a7:64:fd:0f:41:1d:
                    4e:bb:5e:59:2d:9c:13:54:60:1c:96:0f:73:11:e0:
                    e6:4e:fe:2d:0d:15:99:f1:4b:9e:5d:ff:9b:a3:94:
                    62:37:3b:e1:37:fc:8d:d8:d5:2f:e9:ea:41:8a:25:
                    ae:32:28:f5:7a:79:54:93:24:b8:b8:75:2e:2d:a2:
                    29:4c:a3:33:70:0b:48:7b:c1:7b:04:98:d8:cc:74:
                    08:66:e7:22:fa:41:1a:d8:fa:d3:7c:c0:41:0a:2d:
                    e6:cf:cb:95:02:c9:6c:59:c7:6a:a6:b3:bf:9e:86:
                    c0:fc:74:4a:6f:82:49:c1:5f:91:f7:2c:42:71:9a:
                    4f:f2:b6:f6:72:e3:c2:83:4f:14:a1:97:63:23:11:
                    0f:e0:65:88:49:7f:60:48:61:17:04:97:a4:9b:c6:
                    e6:9d:56:96:f4:99:c9:af:96:8f:fe:68:e8:78:70:
                    ed:f8:1f:05:0c:84:37:d1:33:32:dc:00:9a:a0:33:
                    49:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:8F:7D:C5:AB:0E:34:F3:C5:FA:16:FF:AD:F6:1B:49:07:45:A0:B6
            X509v3 Authority Key Identifier:
                keyid:93:F0:1E:90:86:D4:0D:50:8F:58:42:E9:82:F2:53:68:9F:7F:E4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k_AekIbUDVCPWELpgvJTaJ9_5Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/625a92-c2d1-4ea8-9ce8-e9c92b71f50c/1/OI99xasONPPF-hb_rfYbSQdFoLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/625a92-c2d1-4ea8-9ce8-e9c92b71f50c/1/k_AekIbUDVCPWELpgvJTaJ9_5Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.22.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:39:88:f7:d0:f0:22:7f:e7:7c:cd:93:ff:5d:65:c1:61:ce:
         43:f7:47:eb:74:d9:b8:65:36:54:af:05:00:4a:aa:26:45:f7:
         6f:d4:b5:0e:7c:0c:8d:a4:52:8d:7a:39:83:d7:20:f3:95:91:
         e0:3a:f5:60:d0:43:00:14:ac:e4:74:25:d3:87:3b:b0:a0:1c:
         16:ba:c9:9e:b4:73:ba:85:b8:e6:40:4e:85:90:33:e5:7f:02:
         f4:6d:94:09:f5:34:c6:5e:b4:e5:13:0e:44:90:40:9b:56:57:
         c8:6b:4a:70:b2:8b:97:68:0a:3a:70:1d:46:12:6c:17:3d:7d:
         c2:ef:b4:89:d5:74:93:19:9d:9d:32:01:20:65:bd:98:d4:25:
         86:73:c4:66:a1:2c:ac:e4:11:35:0d:5b:cc:0f:8f:81:c7:a7:
         5b:71:2f:38:8e:ba:c2:6d:c2:18:47:5f:38:fd:7d:bd:7c:c1:
         54:e0:16:0f:f7:fc:50:3c:81:f1:0c:63:e0:56:fc:f2:64:89:
         b7:69:ad:14:6c:cf:a1:0f:ce:ae:35:0a:3f:7c:b4:5d:13:71:
         09:65:6a:fb:d2:fa:59:3d:02:09:85:fc:9e:92:c8:67:f4:cc:
         25:6c:0a:13:77:25:b5:2c:5b:b3:a7:df:63:0b:af:51:04:a3:
         78:53:fa:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaEIXpWwfMXEM+AhRl6IXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZjAxZTkwODZkNDBkNTA4ZjU4NDJlOTgyZjI1MzY4OWY3
ZmU0YzkwHhcNMjUwMTAxMDU0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODhmN2RjNWFiMGUzNGYzYzVmYTE2ZmZhZGY2MWI0OTA3NDVhMGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXabC0L2aGZ3H8PRi9OTBYVbv26l
MshtU0qNApAJzy/Y4tbQ7YdL2QrR863agpJQENevyoeKabVkFu6aXHjr0g/O0YKn
ZP0PQR1Ou15ZLZwTVGAclg9zEeDmTv4tDRWZ8UueXf+bo5RiNzvhN/yN2NUv6epB
iiWuMij1enlUkyS4uHUuLaIpTKMzcAtIe8F7BJjYzHQIZuci+kEa2PrTfMBBCi3m
z8uVAslsWcdqprO/nobA/HRKb4JJwV+R9yxCcZpP8rb2cuPCg08UoZdjIxEP4GWI
SX9gSGEXBJekm8bmnVaW9JnJr5aP/mjoeHDt+B8FDIQ30TMy3ACaoDNJSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDiPfcWrDjTzxfoW/632G0kHRaC2MB8GA1UdIwQY
MBaAFJPwHpCG1A1Qj1hC6YLyU2iff+TJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva19BZWtJYlVEVkNQV0VMcGd2SlRhSjlfNU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC82MjVhOTItYzJkMS00ZWE4LTljZTgt
ZTljOTJiNzFmNTBjLzEvT0k5OXhhc09OUFBGLWhiX3JmWWJTUWRGb0xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC82MjVhOTItYzJkMS00ZWE4LTljZTgtZTljOTJiNzFmNTBj
LzEva19BZWtJYlVEVkNQV0VMcGd2SlRhSjlfNU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxZ5MA0G
CSqGSIb3DQEBCwUAA4IBAQCPOYj30PAif+d8zZP/XWXBYc5D90frdNm4ZTZUrwUA
SqomRfdv1LUOfAyNpFKNejmD1yDzlZHgOvVg0EMAFKzkdCXThzuwoBwWusmetHO6
hbjmQE6FkDPlfwL0bZQJ9TTGXrTlEw5EkECbVlfIa0pwsouXaAo6cB1GEmwXPX3C
77SJ1XSTGZ2dMgEgZb2Y1CWGc8RmoSys5BE1DVvMD4+Bx6dbcS84jrrCbcIYR184
/X29fMFU4BYP9/xQPIHxDGPgVvzyZIm3aa0UbM+hD86uNQo/fLRdE3EJZWr70vpZ
PQIJhfyekshn9MwlbAoTdyW1LFuzp99jC69RBKN4U/ra
-----END CERTIFICATE-----