Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/5dd7b1-e337-404d-b764-ddb0b148e46b/1/oR-FUhbEvQx9rEQNZ_WugrEWdnk.roa
File:                     oR-FUhbEvQx9rEQNZ_WugrEWdnk.roa (raw, json)
Hash identifier:          BD8t2aBzJsutTWI6CA4SIZqGlJUGz2L2fZecOB/8228=
Subject key identifier:   A1:1F:85:52:16:C4:BD:0C:7D:AC:44:0D:67:F5:AE:82:B1:16:76:79
Certificate issuer:       /CN=9cb96ce59c59557530f0eaa44c664503d9c401ed
Certificate serial:       019423D6F830DAB87F34F056BE869327738C
Authority key identifier: 9C:B9:6C:E5:9C:59:55:75:30:F0:EA:A4:4C:66:45:03:D9:C4:01:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nLls5ZxZVXUw8OqkTGZFA9nEAe0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/5dd7b1-e337-404d-b764-ddb0b148e46b/1/oR-FUhbEvQx9rEQNZ_WugrEWdnk.roa
Signing time:             Wed 01 Jan 2025 21:47:58 +0000
ROA not before:           Wed 01 Jan 2025 21:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15404
IP address blocks:        193.29.144.0/20 maxlen: 20
                          194.99.120.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/5dd7b1-e337-404d-b764-ddb0b148e46b/1/nLls5ZxZVXUw8OqkTGZFA9nEAe0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/5dd7b1-e337-404d-b764-ddb0b148e46b/1/nLls5ZxZVXUw8OqkTGZFA9nEAe0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nLls5ZxZVXUw8OqkTGZFA9nEAe0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:f8:30:da:b8:7f:34:f0:56:be:86:93:27:73:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cb96ce59c59557530f0eaa44c664503d9c401ed
        Validity
            Not Before: Jan  1 21:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a11f855216c4bd0c7dac440d67f5ae82b1167679
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:4b:76:8c:37:c5:c7:cd:f1:07:15:a7:d6:0d:
                    7a:eb:c9:3b:c7:5a:37:19:f1:e5:d9:1b:01:de:2c:
                    64:6f:d0:79:7a:76:95:d6:09:81:75:66:7d:14:8d:
                    55:92:56:fe:f8:57:b0:13:13:85:85:93:a2:bd:f5:
                    90:22:32:10:af:c8:55:80:f9:6c:d2:26:21:b4:61:
                    9d:92:dc:3d:8a:70:3e:0b:19:c4:a2:36:e0:4e:50:
                    7c:36:c9:9e:1a:27:6e:d5:a9:81:6c:50:c1:19:71:
                    d7:d0:92:7b:3c:ff:20:33:9a:80:fd:51:0c:9a:77:
                    77:82:32:84:c1:67:ac:13:2e:d0:28:be:36:61:5c:
                    cb:1b:2b:56:ef:c2:c2:2d:17:72:51:e5:9a:8e:db:
                    44:63:c0:82:23:8a:46:98:4c:2c:95:87:22:72:07:
                    15:35:ba:9e:f6:e9:c3:13:c3:bb:0f:bb:45:b6:70:
                    ad:22:50:0b:8f:a6:99:3a:5b:7e:26:79:5c:b6:6f:
                    e3:a8:03:6b:22:69:31:9d:f0:4f:d9:4b:ea:43:57:
                    90:f2:e0:65:36:ef:d4:ee:38:0f:0b:3f:28:1b:86:
                    31:48:ee:7a:ef:e1:6c:76:c1:4d:cc:07:e8:a9:03:
                    d4:4a:26:7b:b6:6b:d8:24:ca:f0:b5:48:a6:3c:cc:
                    56:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:1F:85:52:16:C4:BD:0C:7D:AC:44:0D:67:F5:AE:82:B1:16:76:79
            X509v3 Authority Key Identifier:
                keyid:9C:B9:6C:E5:9C:59:55:75:30:F0:EA:A4:4C:66:45:03:D9:C4:01:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nLls5ZxZVXUw8OqkTGZFA9nEAe0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/5dd7b1-e337-404d-b764-ddb0b148e46b/1/oR-FUhbEvQx9rEQNZ_WugrEWdnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/5dd7b1-e337-404d-b764-ddb0b148e46b/1/nLls5ZxZVXUw8OqkTGZFA9nEAe0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.29.144.0/20
                  194.99.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         15:71:0d:8c:27:17:0f:fa:2c:4d:70:88:65:d4:b3:3a:77:89:
         df:52:8e:cb:02:56:e2:70:31:ae:1a:3f:88:b8:f8:aa:ce:25:
         a0:62:ac:fb:de:5e:c2:11:2e:8c:5c:ef:83:1a:92:a4:cb:9b:
         ad:71:70:17:50:b1:ee:1c:c3:7f:c7:0f:62:81:95:87:28:ec:
         a1:3b:77:f9:a0:59:c1:59:b0:5e:43:c7:9f:12:9f:98:ae:ff:
         2c:a6:c8:9a:43:eb:3c:9e:11:12:51:bc:65:7b:7a:27:a2:f1:
         67:81:73:18:69:81:94:fe:1e:b2:8f:19:f5:99:09:02:84:87:
         9f:f3:87:16:91:e5:97:13:57:3a:45:ac:87:58:ed:02:9a:8a:
         b5:39:93:71:01:c3:b1:d3:55:bd:d6:7f:16:f3:33:2c:26:21:
         81:4d:17:d5:0c:2c:37:a5:9d:66:89:3f:4e:ce:4f:7f:28:d5:
         1d:5d:0e:d4:97:8f:8b:bb:f8:f7:e3:ee:ea:38:a6:e1:93:7b:
         53:e7:bb:ab:a6:80:66:88:bd:3a:ac:c9:f8:ba:ee:84:df:aa:
         8f:5b:c0:44:d1:68:98:47:21:af:8c:ec:51:bf:f4:38:67:60:
         c3:98:55:f3:25:9e:f4:8e:87:9e:61:13:34:c4:a3:d9:22:53:
         60:16:f2:8c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj1vgw2rh/NPBWvoaTJ3OMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYjk2Y2U1OWM1OTU1NzUzMGYwZWFhNDRjNjY0NTAzZDlj
NDAxZWQwHhcNMjUwMTAxMjE0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTFmODU1MjE2YzRiZDBjN2RhYzQ0MGQ2N2Y1YWU4MmIxMTY3Njc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUt2jDfFx83xBxWn1g1668k7x1o3
GfHl2RsB3ixkb9B5enaV1gmBdWZ9FI1Vklb++FewExOFhZOivfWQIjIQr8hVgPls
0iYhtGGdktw9inA+CxnEojbgTlB8NsmeGidu1amBbFDBGXHX0JJ7PP8gM5qA/VEM
mnd3gjKEwWesEy7QKL42YVzLGytW78LCLRdyUeWajttEY8CCI4pGmEwslYcicgcV
Nbqe9unDE8O7D7tFtnCtIlALj6aZOlt+Jnlctm/jqANrImkxnfBP2UvqQ1eQ8uBl
Nu/U7jgPCz8oG4YxSO567+FsdsFNzAfoqQPUSiZ7tmvYJMrwtUimPMxWWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKEfhVIWxL0MfaxEDWf1roKxFnZ5MB8GA1UdIwQY
MBaAFJy5bOWcWVV1MPDqpExmRQPZxAHtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkxsczVaeFpWWFV3OE9xa1RHWkZBOW5FQWUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS81ZGQ3YjEtZTMzNy00MDRkLWI3NjQt
ZGRiMGIxNDhlNDZiLzEvb1ItRlVoYkV2UXg5ckVRTlpfV3VnckVXZG5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS81ZGQ3YjEtZTMzNy00MDRkLWI3NjQtZGRiMGIxNDhlNDZi
LzEvbkxsczVaeFpWWFV3OE9xa1RHWkZBOW5FQWUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEwR2QAwQD
wmN4MA0GCSqGSIb3DQEBCwUAA4IBAQAVcQ2MJxcP+ixNcIhl1LM6d4nfUo7LAlbi
cDGuGj+IuPiqziWgYqz73l7CES6MXO+DGpKky5utcXAXULHuHMN/xw9igZWHKOyh
O3f5oFnBWbBeQ8efEp+Yrv8spsiaQ+s8nhESUbxle3onovFngXMYaYGU/h6yjxn1
mQkChIef84cWkeWXE1c6RayHWO0Cmoq1OZNxAcOx01W91n8W8zMsJiGBTRfVDCw3
pZ1miT9Ozk9/KNUdXQ7Ul4+Lu/j34+7qOKbhk3tT57urpoBmiL06rMn4uu6E36qP
W8BE0WiYRyGvjOxRv/Q4Z2DDmFXzJZ70joeeYRM0xKPZIlNgFvKM
-----END CERTIFICATE-----