Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/oNyW2ic8ZfGjgqUZpqaqhr1Hqx8.roa
File:                     oNyW2ic8ZfGjgqUZpqaqhr1Hqx8.roa (raw, json)
Hash identifier:          rEHkZ7mu35IyiHF23TJPHjmydrQYLuUysCYqOgiLHiA=
Subject key identifier:   A0:DC:96:DA:27:3C:65:F1:A3:82:A5:19:A6:A6:AA:86:BD:47:AB:1F
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0194236A4C114526B0052C0189AC0496D917
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/oNyW2ic8ZfGjgqUZpqaqhr1Hqx8.roa
Signing time:             Wed 01 Jan 2025 19:49:16 +0000
ROA not before:           Wed 01 Jan 2025 19:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215607
IP address blocks:        185.253.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:4c:11:45:26:b0:05:2c:01:89:ac:04:96:d9:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  1 19:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a0dc96da273c65f1a382a519a6a6aa86bd47ab1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:5e:a1:33:fd:17:e0:fa:55:32:a4:7b:7f:a3:
                    23:34:75:05:55:1c:e1:bc:6d:a2:fc:f0:cf:1d:3d:
                    55:51:c2:cc:09:7f:64:b9:bc:ea:24:67:3c:25:43:
                    7d:a3:e9:19:2b:2d:5c:8b:56:96:c9:65:c9:1e:d7:
                    57:4a:42:e2:f4:9f:1d:c2:23:f3:70:d6:06:71:a9:
                    c6:60:d1:0e:03:33:5a:a2:50:86:ff:7b:c0:10:51:
                    87:d6:db:57:b9:16:ef:21:df:42:28:51:3f:ee:fb:
                    01:42:cb:84:ea:a2:eb:ef:ff:18:95:e2:b0:3c:ef:
                    1a:eb:64:70:b7:6f:55:d8:36:a0:18:4d:3b:b7:07:
                    39:18:c7:71:26:b0:8d:b1:1b:d1:aa:a3:57:b0:92:
                    95:06:29:09:28:ef:4c:48:72:53:bd:21:82:e8:54:
                    03:9a:3a:e4:7d:a0:ab:9a:bb:6d:31:c0:f3:99:2f:
                    3e:e4:f3:87:83:f6:fe:b0:4d:3d:78:53:59:8d:8e:
                    54:36:06:0b:1e:04:b0:58:4b:24:1a:09:cd:6c:6a:
                    f7:de:00:ac:d6:0c:20:34:bb:46:b1:bb:d1:fa:ff:
                    5c:a2:bf:67:6e:ab:b6:0f:86:bf:e0:2b:77:bc:9a:
                    af:72:29:cb:36:47:50:e3:f6:78:79:47:89:8c:bf:
                    b1:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:DC:96:DA:27:3C:65:F1:A3:82:A5:19:A6:A6:AA:86:BD:47:AB:1F
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/oNyW2ic8ZfGjgqUZpqaqhr1Hqx8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:2a:bb:b6:df:d8:47:4c:5e:1b:7c:17:14:28:89:13:f7:7b:
         1f:b3:f8:04:da:73:bc:f4:55:92:d5:02:12:1d:2b:2c:0d:38:
         22:2d:87:38:c8:dc:e3:6d:2e:9f:a6:03:33:aa:84:e7:53:e0:
         2c:f7:2b:02:1d:9f:30:cb:5d:ec:3f:b0:12:54:7a:63:6b:d3:
         3f:49:81:c7:28:35:e6:49:f4:59:cc:8d:d4:68:86:66:08:0b:
         6e:fc:cd:c3:45:de:a1:5d:13:38:05:24:e0:56:d5:ea:94:99:
         34:c4:62:90:97:75:5c:47:8f:c1:7f:ed:90:99:72:43:f4:47:
         2f:b7:29:91:eb:02:c6:f6:5c:b2:61:91:4c:50:8e:21:9c:3f:
         61:43:aa:25:29:ca:7d:7e:a7:64:98:14:3b:89:a8:e8:53:e7:
         a4:6f:f8:61:a8:ea:8e:d6:ce:56:8a:47:3e:aa:f2:0f:41:a8:
         88:ed:c5:6d:01:91:2d:05:6c:81:8b:f3:24:fb:42:e4:82:cd:
         b9:fc:47:7c:fc:d0:87:f0:3a:39:9d:9c:73:15:96:76:10:15:
         e9:16:93:02:88:93:6a:91:63:7e:71:04:d7:ff:5c:cf:62:66:
         49:00:23:51:18:d2:12:0b:6c:48:0f:7c:de:3c:71:82:8f:a5:
         80:60:f5:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjakwRRSawBSwBiawEltkXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGRjOTZkYTI3M2M2NWYxYTM4MmE1MTlhNmE2YWE4NmJkNDdhYjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnl6hM/0X4PpVMqR7f6MjNHUFVRzh
vG2i/PDPHT1VUcLMCX9kubzqJGc8JUN9o+kZKy1ci1aWyWXJHtdXSkLi9J8dwiPz
cNYGcanGYNEOAzNaolCG/3vAEFGH1ttXuRbvId9CKFE/7vsBQsuE6qLr7/8YleKw
PO8a62Rwt29V2DagGE07twc5GMdxJrCNsRvRqqNXsJKVBikJKO9MSHJTvSGC6FQD
mjrkfaCrmrttMcDzmS8+5POHg/b+sE09eFNZjY5UNgYLHgSwWEskGgnNbGr33gCs
1gwgNLtGsbvR+v9cor9nbqu2D4a/4Ct3vJqvcinLNkdQ4/Z4eUeJjL+xZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKDcltonPGXxo4KlGaamqoa9R6sfMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvb055VzJpYzhaZkdqZ3FVWnBxYXFocjFIcXg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf02MA0G
CSqGSIb3DQEBCwUAA4IBAQBuKru239hHTF4bfBcUKIkT93sfs/gE2nO89FWS1QIS
HSssDTgiLYc4yNzjbS6fpgMzqoTnU+As9ysCHZ8wy13sP7ASVHpja9M/SYHHKDXm
SfRZzI3UaIZmCAtu/M3DRd6hXRM4BSTgVtXqlJk0xGKQl3VcR4/Bf+2QmXJD9Ecv
tymR6wLG9lyyYZFMUI4hnD9hQ6olKcp9fqdkmBQ7iajoU+ekb/hhqOqO1s5Wikc+
qvIPQaiI7cVtAZEtBWyBi/Mk+0Lkgs25/Ed8/NCH8Do5nZxzFZZ2EBXpFpMCiJNq
kWN+cQTX/1zPYmZJACNRGNISC2xID3zePHGCj6WAYPVx
-----END CERTIFICATE-----