Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/df56ee-dd71-4ca7-98ed-327f831945fd/1/OkXBNJnUgokPx0Xxs8AUPN40aT4.roa
File:                     OkXBNJnUgokPx0Xxs8AUPN40aT4.roa (raw, json)
Hash identifier:          E/UomHj5ST+3/lio4VV13yWumaIvNp+hYEYFZLaJR7Q=
Subject key identifier:   3A:45:C1:34:99:D4:82:89:0F:C7:45:F1:B3:C0:14:3C:DE:34:69:3E
Certificate issuer:       /CN=f0d03098b8356fffc5a597e9c45b84edf87cf994
Certificate serial:       0194266BD550CB873C0276B24588CC79E661
Authority key identifier: F0:D0:30:98:B8:35:6F:FF:C5:A5:97:E9:C4:5B:84:ED:F8:7C:F9:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8NAwmLg1b__FpZfpxFuE7fh8-ZQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/df56ee-dd71-4ca7-98ed-327f831945fd/1/OkXBNJnUgokPx0Xxs8AUPN40aT4.roa
Signing time:             Thu 02 Jan 2025 09:49:48 +0000
ROA not before:           Thu 02 Jan 2025 09:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8758
IP address blocks:        193.221.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/df56ee-dd71-4ca7-98ed-327f831945fd/1/8NAwmLg1b__FpZfpxFuE7fh8-ZQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/df56ee-dd71-4ca7-98ed-327f831945fd/1/8NAwmLg1b__FpZfpxFuE7fh8-ZQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8NAwmLg1b__FpZfpxFuE7fh8-ZQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:d5:50:cb:87:3c:02:76:b2:45:88:cc:79:e6:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0d03098b8356fffc5a597e9c45b84edf87cf994
        Validity
            Not Before: Jan  2 09:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a45c13499d482890fc745f1b3c0143cde34693e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:05:68:fa:1c:04:af:d7:54:36:c4:e9:b2:39:
                    b0:30:ce:b5:83:a2:1f:41:bb:c1:b0:0e:06:46:6d:
                    03:28:1e:06:45:5d:c7:28:46:01:f8:86:f2:53:31:
                    94:0f:61:8b:0e:14:d0:64:76:ab:14:b7:a6:5c:ad:
                    7e:55:9f:82:a1:12:6f:03:90:a5:e0:f2:80:a0:6d:
                    8f:50:a8:1c:d8:2d:a2:76:04:96:d9:8d:9a:a3:51:
                    c9:a9:0e:00:de:90:9f:33:9e:99:d7:1e:e8:1f:ac:
                    90:25:ad:b1:1b:fd:7d:e7:4c:8e:2f:d7:2d:13:de:
                    e9:78:a8:35:92:49:51:1c:86:db:4b:62:6c:73:f6:
                    08:4a:34:df:34:f0:85:40:40:6e:85:f9:cd:d5:45:
                    29:99:da:54:e6:f9:8d:be:14:7b:ad:07:7f:04:10:
                    04:0d:b2:00:dd:de:0b:7d:9b:be:d9:18:b0:0b:bc:
                    a6:00:48:da:4c:96:07:46:af:a0:52:73:b8:0d:3e:
                    25:d3:3f:7d:3c:d1:22:e6:71:91:e6:df:c2:49:2a:
                    e6:bd:2e:27:83:71:77:d6:e7:dc:9d:9b:3c:96:8c:
                    f9:72:de:b7:d9:3f:f1:55:91:c0:b7:6d:1e:91:26:
                    3b:19:f3:f0:5a:01:54:16:7c:52:5a:d2:42:5f:7d:
                    73:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:45:C1:34:99:D4:82:89:0F:C7:45:F1:B3:C0:14:3C:DE:34:69:3E
            X509v3 Authority Key Identifier:
                keyid:F0:D0:30:98:B8:35:6F:FF:C5:A5:97:E9:C4:5B:84:ED:F8:7C:F9:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8NAwmLg1b__FpZfpxFuE7fh8-ZQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/df56ee-dd71-4ca7-98ed-327f831945fd/1/OkXBNJnUgokPx0Xxs8AUPN40aT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/df56ee-dd71-4ca7-98ed-327f831945fd/1/8NAwmLg1b__FpZfpxFuE7fh8-ZQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.221.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:07:41:26:75:6b:53:27:8d:e1:a8:46:66:8d:14:56:51:9f:
         8a:6a:38:61:83:79:4d:ef:61:08:dd:3b:20:bf:a0:43:31:67:
         49:ac:d7:ea:d9:c6:4b:67:87:fa:db:a3:74:4a:45:ac:6b:91:
         40:cc:7a:65:be:44:f2:78:23:77:78:81:c7:9f:f4:f8:77:db:
         40:e9:ad:ca:78:19:67:09:50:ad:20:f8:9e:6e:01:9a:9a:ee:
         2f:e4:e9:b2:1c:22:f9:27:b1:e5:b6:54:18:c1:b1:d9:53:5b:
         f6:14:f8:c6:7a:49:b7:3e:e1:f5:8b:fb:ba:fd:bd:e4:49:d4:
         dc:ee:9e:8f:75:25:ad:42:e3:f4:c3:87:85:28:22:b0:3d:6a:
         f4:7b:ef:ac:64:58:86:5a:cc:10:05:8b:8a:55:90:40:98:a8:
         91:07:b5:bf:be:6b:59:6f:05:1f:5b:e4:c0:c6:06:f1:94:cb:
         ff:e5:df:87:c9:47:6d:ee:bb:d4:2e:a1:46:07:87:06:06:16:
         a5:2b:d9:4f:62:6d:6d:fe:c9:ac:6c:20:fe:5d:cb:2b:37:c1:
         10:82:c7:a6:ad:71:5e:86:83:5f:72:66:19:39:dc:bc:57:1b:
         22:5d:c3:93:ca:cc:7b:ac:c3:35:f8:94:f7:38:12:1b:9c:d4:
         2e:69:75:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma9VQy4c8AnayRYjMeeZhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZDAzMDk4YjgzNTZmZmZjNWE1OTdlOWM0NWI4NGVkZjg3
Y2Y5OTQwHhcNMjUwMTAyMDk0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTQ1YzEzNDk5ZDQ4Mjg5MGZjNzQ1ZjFiM2MwMTQzY2RlMzQ2OTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAVo+hwEr9dUNsTpsjmwMM61g6If
QbvBsA4GRm0DKB4GRV3HKEYB+IbyUzGUD2GLDhTQZHarFLemXK1+VZ+CoRJvA5Cl
4PKAoG2PUKgc2C2idgSW2Y2ao1HJqQ4A3pCfM56Z1x7oH6yQJa2xG/1950yOL9ct
E97peKg1kklRHIbbS2Jsc/YISjTfNPCFQEBuhfnN1UUpmdpU5vmNvhR7rQd/BBAE
DbIA3d4LfZu+2RiwC7ymAEjaTJYHRq+gUnO4DT4l0z99PNEi5nGR5t/CSSrmvS4n
g3F31ufcnZs8loz5ct632T/xVZHAt20ekSY7GfPwWgFUFnxSWtJCX31zZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDpFwTSZ1IKJD8dF8bPAFDzeNGk+MB8GA1UdIwQY
MBaAFPDQMJi4NW//xaWX6cRbhO34fPmUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE5Bd21MZzFiX19GcFpmcHhGdUU3Zmg4LVpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kZjU2ZWUtZGQ3MS00Y2E3LTk4ZWQt
MzI3ZjgzMTk0NWZkLzEvT2tYQk5KblVnb2tQeDBYeHM4QVVQTjQwYVQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kZjU2ZWUtZGQ3MS00Y2E3LTk4ZWQtMzI3ZjgzMTk0NWZk
LzEvOE5Bd21MZzFiX19GcFpmcHhGdUU3Zmg4LVpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwd10MA0G
CSqGSIb3DQEBCwUAA4IBAQBkB0EmdWtTJ43hqEZmjRRWUZ+Kajhhg3lN72EI3Tsg
v6BDMWdJrNfq2cZLZ4f626N0SkWsa5FAzHplvkTyeCN3eIHHn/T4d9tA6a3KeBln
CVCtIPiebgGamu4v5OmyHCL5J7HltlQYwbHZU1v2FPjGekm3PuH1i/u6/b3kSdTc
7p6PdSWtQuP0w4eFKCKwPWr0e++sZFiGWswQBYuKVZBAmKiRB7W/vmtZbwUfW+TA
xgbxlMv/5d+HyUdt7rvULqFGB4cGBhalK9lPYm1t/smsbCD+XcsrN8EQgsemrXFe
hoNfcmYZOdy8VxsiXcOTysx7rMM1+JT3OBIbnNQuaXW8
-----END CERTIFICATE-----