Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/b9cf57-6c25-4a43-a0b1-059b006f39d9/1/rtEx3Op6iiS7UiDW09qCJKnWeDg.roa
File:                     rtEx3Op6iiS7UiDW09qCJKnWeDg.roa (raw, json)
Hash identifier:          2wI3hDpLjlRGiKeHXtROGiZLVSVg2X+p2EcwYyyykiE=
Subject key identifier:   AE:D1:31:DC:EA:7A:8A:24:BB:52:20:D6:D3:DA:82:24:A9:D6:78:38
Certificate issuer:       /CN=0e0019ed2cb62197b0ca96e1e7161c98649086af
Certificate serial:       01941F8C07E2A045C2FBD98AD89665B8626A
Authority key identifier: 0E:00:19:ED:2C:B6:21:97:B0:CA:96:E1:E7:16:1C:98:64:90:86:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DgAZ7Sy2IZewypbh5xYcmGSQhq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/b9cf57-6c25-4a43-a0b1-059b006f39d9/1/rtEx3Op6iiS7UiDW09qCJKnWeDg.roa
Signing time:             Wed 01 Jan 2025 01:47:38 +0000
ROA not before:           Wed 01 Jan 2025 01:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202220
IP address blocks:        195.149.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/b9cf57-6c25-4a43-a0b1-059b006f39d9/1/DgAZ7Sy2IZewypbh5xYcmGSQhq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/b9cf57-6c25-4a43-a0b1-059b006f39d9/1/DgAZ7Sy2IZewypbh5xYcmGSQhq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DgAZ7Sy2IZewypbh5xYcmGSQhq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 13:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:07:e2:a0:45:c2:fb:d9:8a:d8:96:65:b8:62:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e0019ed2cb62197b0ca96e1e7161c98649086af
        Validity
            Not Before: Jan  1 01:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aed131dcea7a8a24bb5220d6d3da8224a9d67838
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:39:a8:23:82:2f:2d:8d:d4:c9:0d:d3:49:2f:
                    6a:ce:fc:83:17:80:47:c7:c5:17:75:3c:ed:a1:98:
                    cb:0e:4f:a9:3f:39:55:88:77:ca:2c:8c:23:d8:04:
                    cd:d6:6c:84:4d:10:9d:c4:e7:b4:b1:44:44:01:fb:
                    95:58:e8:69:92:04:e7:ae:c4:f9:35:70:97:2a:6c:
                    4d:d7:d9:55:ac:26:62:cd:93:10:67:e6:35:03:64:
                    64:fd:73:ca:37:c2:ab:01:29:7b:13:8d:4b:ae:bb:
                    4b:c9:9e:9c:0f:4a:1f:eb:f2:c9:95:88:d0:7f:05:
                    be:38:81:c4:42:9e:de:59:4f:30:88:60:13:73:86:
                    38:c7:76:75:d2:89:3e:4c:67:77:71:3c:57:81:bf:
                    45:d5:ac:65:44:f0:17:25:56:73:d2:11:35:bb:4e:
                    55:8a:2b:98:a6:b2:9e:f9:95:72:45:93:45:67:0c:
                    6f:67:f7:01:ca:c9:0f:ce:64:15:a4:50:0a:c5:ef:
                    15:3c:21:96:d7:2c:0b:36:cd:7d:a1:44:18:72:00:
                    79:09:c0:b4:7b:c4:c4:94:6c:f3:a5:68:51:c6:17:
                    c1:61:c4:2d:aa:75:84:8d:5b:4b:a7:49:61:87:38:
                    7a:6b:62:71:46:00:f6:c4:c9:3c:58:8b:cc:62:6e:
                    8b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:D1:31:DC:EA:7A:8A:24:BB:52:20:D6:D3:DA:82:24:A9:D6:78:38
            X509v3 Authority Key Identifier:
                keyid:0E:00:19:ED:2C:B6:21:97:B0:CA:96:E1:E7:16:1C:98:64:90:86:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DgAZ7Sy2IZewypbh5xYcmGSQhq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/b9cf57-6c25-4a43-a0b1-059b006f39d9/1/rtEx3Op6iiS7UiDW09qCJKnWeDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/b9cf57-6c25-4a43-a0b1-059b006f39d9/1/DgAZ7Sy2IZewypbh5xYcmGSQhq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.149.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:ac:34:4e:ba:70:2c:65:e8:34:1a:24:86:6b:25:e9:70:9b:
         5b:6b:1d:53:35:36:d1:65:0b:23:78:87:c8:55:40:9a:79:c6:
         e5:ab:d7:bb:0f:09:89:e4:88:a3:06:46:c2:77:c7:17:ed:00:
         7f:fa:d0:32:a0:23:30:01:f9:82:e9:b1:98:41:17:e7:d4:22:
         cc:e6:0d:5f:1d:78:3a:94:1b:34:fb:33:d7:1d:de:d9:b2:69:
         46:59:22:e8:db:79:83:c3:ef:3f:f4:c5:3f:af:c1:b2:91:cd:
         45:7c:d2:57:b8:c4:a6:11:d9:09:eb:71:9a:7b:d4:a1:df:21:
         eb:67:a9:21:e3:6a:73:af:2e:25:c9:a1:a0:d0:2c:a4:1c:a6:
         d2:3e:c6:af:8f:3c:b3:39:39:b2:95:75:75:36:be:c6:67:25:
         3e:a8:46:45:d5:1c:f0:ba:bb:7b:0c:fc:3c:15:22:15:27:90:
         67:91:de:0a:05:c7:d3:c1:60:be:47:4d:02:fe:2b:a6:b4:da:
         25:b6:c9:e9:9b:cc:cc:ea:8a:14:09:ae:fe:a8:1a:d5:3e:ca:
         6c:65:4c:5e:4a:1b:d3:28:84:9e:36:79:2b:aa:e2:08:18:bc:
         40:f8:b5:b7:cf:4b:00:5e:50:cc:ee:15:c8:7b:a6:8e:03:53:
         72:6c:41:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjAfioEXC+9mK2JZluGJqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMDAxOWVkMmNiNjIxOTdiMGNhOTZlMWU3MTYxYzk4NjQ5
MDg2YWYwHhcNMjUwMTAxMDE0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWQxMzFkY2VhN2E4YTI0YmI1MjIwZDZkM2RhODIyNGE5ZDY3ODM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDmoI4IvLY3UyQ3TSS9qzvyDF4BH
x8UXdTztoZjLDk+pPzlViHfKLIwj2ATN1myETRCdxOe0sUREAfuVWOhpkgTnrsT5
NXCXKmxN19lVrCZizZMQZ+Y1A2Rk/XPKN8KrASl7E41LrrtLyZ6cD0of6/LJlYjQ
fwW+OIHEQp7eWU8wiGATc4Y4x3Z10ok+TGd3cTxXgb9F1axlRPAXJVZz0hE1u05V
iiuYprKe+ZVyRZNFZwxvZ/cByskPzmQVpFAKxe8VPCGW1ywLNs19oUQYcgB5CcC0
e8TElGzzpWhRxhfBYcQtqnWEjVtLp0lhhzh6a2JxRgD2xMk8WIvMYm6LEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK7RMdzqeooku1Ig1tPagiSp1ng4MB8GA1UdIwQY
MBaAFA4AGe0stiGXsMqW4ecWHJhkkIavMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGdBWjdTeTJJWmV3eXBiaDV4WWNtR1NRaHE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9iOWNmNTctNmMyNS00YTQzLWEwYjEt
MDU5YjAwNmYzOWQ5LzEvcnRFeDNPcDZpaVM3VWlEVzA5cUNKS25XZURnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9iOWNmNTctNmMyNS00YTQzLWEwYjEtMDU5YjAwNmYzOWQ5
LzEvRGdBWjdTeTJJWmV3eXBiaDV4WWNtR1NRaHE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5ViMA0G
CSqGSIb3DQEBCwUAA4IBAQBYrDROunAsZeg0GiSGayXpcJtbax1TNTbRZQsjeIfI
VUCaecblq9e7DwmJ5IijBkbCd8cX7QB/+tAyoCMwAfmC6bGYQRfn1CLM5g1fHXg6
lBs0+zPXHd7ZsmlGWSLo23mDw+8/9MU/r8Gykc1FfNJXuMSmEdkJ63Gae9Sh3yHr
Z6kh42pzry4lyaGg0CykHKbSPsavjzyzOTmylXV1Nr7GZyU+qEZF1Rzwurt7DPw8
FSIVJ5Bnkd4KBcfTwWC+R00C/iumtNoltsnpm8zM6ooUCa7+qBrVPspsZUxeShvT
KISeNnkrquIIGLxA+LW3z0sAXlDM7hXIe6aOA1NybEEF
-----END CERTIFICATE-----