Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/3cc9b4-1eff-48c9-b2f6-a01e9e6dcbf2/1/ojWxc2TzI-h3TIYvKtx_PWX6d0c.roa
File:                     ojWxc2TzI-h3TIYvKtx_PWX6d0c.roa (raw, json)
Hash identifier:          SsT/N9GUX/6L4Mk+Xa88PVIrMr8IoUKh8+VOw3Xptus=
Subject key identifier:   A2:35:B1:73:64:F3:23:E8:77:4C:86:2F:2A:DC:7F:3D:65:FA:77:47
Certificate issuer:       /CN=050b1e38c704bd08e3b9d17f590367b1d1f03c4a
Certificate serial:       01942143AAF98CDF387ADC081282786B6ED2
Authority key identifier: 05:0B:1E:38:C7:04:BD:08:E3:B9:D1:7F:59:03:67:B1:D1:F0:3C:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BQseOMcEvQjjudF_WQNnsdHwPEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/3cc9b4-1eff-48c9-b2f6-a01e9e6dcbf2/1/ojWxc2TzI-h3TIYvKtx_PWX6d0c.roa
Signing time:             Wed 01 Jan 2025 09:47:50 +0000
ROA not before:           Wed 01 Jan 2025 09:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15924
IP address blocks:        128.127.169.0/24 maxlen: 24
                          128.127.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/3cc9b4-1eff-48c9-b2f6-a01e9e6dcbf2/1/BQseOMcEvQjjudF_WQNnsdHwPEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/3cc9b4-1eff-48c9-b2f6-a01e9e6dcbf2/1/BQseOMcEvQjjudF_WQNnsdHwPEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BQseOMcEvQjjudF_WQNnsdHwPEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 09:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:aa:f9:8c:df:38:7a:dc:08:12:82:78:6b:6e:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=050b1e38c704bd08e3b9d17f590367b1d1f03c4a
        Validity
            Not Before: Jan  1 09:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a235b17364f323e8774c862f2adc7f3d65fa7747
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:e3:95:7d:9c:9e:33:e7:cd:32:c0:5b:26:bc:
                    1e:3f:9b:83:81:25:92:d5:61:d9:b0:95:9a:7d:62:
                    4a:5e:94:1f:2f:32:0b:d6:07:8c:65:d3:4e:0c:a6:
                    4d:c3:9e:72:f5:b6:5b:e6:93:5a:80:7c:a0:2f:d7:
                    ec:54:76:d8:4e:87:bc:66:60:f2:4c:59:d7:23:26:
                    cc:d1:1d:71:86:58:d8:c9:6c:ed:30:11:34:75:ad:
                    3a:bb:18:db:b8:6c:91:1e:1e:44:ae:cf:61:3f:e0:
                    14:01:7e:a6:b2:1e:72:73:a8:60:83:aa:96:ce:69:
                    b5:26:58:f5:36:a2:52:25:44:13:4d:e4:34:3e:00:
                    4a:74:0a:a0:a9:c2:c0:a0:c8:cc:d9:52:f9:aa:58:
                    a6:54:f3:ce:fa:29:43:a4:51:3c:80:df:ff:a6:94:
                    a6:73:f7:99:c3:bb:19:62:2d:46:37:8f:1c:d6:aa:
                    5b:7b:df:03:1a:35:48:3a:3a:2b:c9:3e:7e:bb:65:
                    b8:49:0a:06:41:55:ea:ab:08:88:fa:83:8e:2b:28:
                    c4:0f:2c:87:d8:fd:d3:33:ad:02:0c:e4:31:bc:d2:
                    4d:b9:95:6d:c4:66:8f:81:60:c8:da:3e:53:6a:da:
                    d7:e3:33:de:09:14:76:98:06:73:0b:c9:b4:6d:45:
                    a9:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:35:B1:73:64:F3:23:E8:77:4C:86:2F:2A:DC:7F:3D:65:FA:77:47
            X509v3 Authority Key Identifier:
                keyid:05:0B:1E:38:C7:04:BD:08:E3:B9:D1:7F:59:03:67:B1:D1:F0:3C:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BQseOMcEvQjjudF_WQNnsdHwPEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/3cc9b4-1eff-48c9-b2f6-a01e9e6dcbf2/1/ojWxc2TzI-h3TIYvKtx_PWX6d0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/3cc9b4-1eff-48c9-b2f6-a01e9e6dcbf2/1/BQseOMcEvQjjudF_WQNnsdHwPEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.127.169.0-128.127.170.255

    Signature Algorithm: sha256WithRSAEncryption
         4a:bc:f2:b4:7b:a1:0d:70:b3:c4:46:b0:89:ec:9c:6f:ab:2a:
         cc:c7:95:69:a9:12:21:1b:8a:4f:12:ba:5b:e5:53:9f:d7:23:
         b9:53:f3:05:39:de:10:86:fe:71:c5:84:9b:b9:18:59:e5:fc:
         37:09:e1:db:17:03:72:fa:f6:c2:5e:64:17:c9:9a:8d:dd:b3:
         e6:86:8f:86:35:59:e8:72:62:49:51:7f:ac:87:98:8e:09:d7:
         31:ef:b7:ee:ef:d3:a6:da:cc:8e:97:3d:13:19:12:06:f2:c0:
         2f:8f:bb:c5:51:61:21:ac:4c:9e:57:08:c7:7b:be:2c:06:11:
         9b:b8:34:81:55:9f:3e:d7:28:57:3b:07:2a:00:b5:c8:d6:e2:
         80:60:fe:76:97:72:97:8e:fb:f6:ef:19:09:8a:a0:d6:ac:fd:
         dd:19:e9:db:11:0a:a7:58:d4:ff:1b:72:79:03:6e:40:b4:a8:
         c1:05:fe:44:9c:25:10:7f:65:b8:30:5d:a6:43:3d:5b:a4:8f:
         74:91:a7:fb:53:01:25:7c:33:cf:b7:e0:7d:4b:95:3f:42:52:
         51:9c:dc:57:8f:4f:dd:5a:37:b6:da:7b:6b:30:48:9b:7b:c0:
         fe:62:9e:48:78:c8:67:14:42:61:99:ef:4e:61:8e:23:74:0f:
         0f:bc:fa:48
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQhQ6r5jN84etwIEoJ4a27SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MGIxZTM4YzcwNGJkMDhlM2I5ZDE3ZjU5MDM2N2IxZDFm
MDNjNGEwHhcNMjUwMTAxMDk0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjM1YjE3MzY0ZjMyM2U4Nzc0Yzg2MmYyYWRjN2YzZDY1ZmE3NzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0+OVfZyeM+fNMsBbJrweP5uDgSWS
1WHZsJWafWJKXpQfLzIL1geMZdNODKZNw55y9bZb5pNagHygL9fsVHbYToe8ZmDy
TFnXIybM0R1xhljYyWztMBE0da06uxjbuGyRHh5Ers9hP+AUAX6msh5yc6hgg6qW
zmm1Jlj1NqJSJUQTTeQ0PgBKdAqgqcLAoMjM2VL5qlimVPPO+ilDpFE8gN//ppSm
c/eZw7sZYi1GN48c1qpbe98DGjVIOjoryT5+u2W4SQoGQVXqqwiI+oOOKyjEDyyH
2P3TM60CDOQxvNJNuZVtxGaPgWDI2j5TatrX4zPeCRR2mAZzC8m0bUWphwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKI1sXNk8yPod0yGLyrcfz1l+ndHMB8GA1UdIwQY
MBaAFAULHjjHBL0I47nRf1kDZ7HR8DxKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlFzZU9NY0V2UWpqdWRGX1dRTm5zZEh3UEVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8zY2M5YjQtMWVmZi00OGM5LWIyZjYt
YTAxZTllNmRjYmYyLzEvb2pXeGMyVHpJLWgzVElZdkt0eF9QV1g2ZDBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8zY2M5YjQtMWVmZi00OGM5LWIyZjYtYTAxZTllNmRjYmYy
LzEvQlFzZU9NY0V2UWpqdWRGX1dRTm5zZEh3UEVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACAf6kD
BACAf6owDQYJKoZIhvcNAQELBQADggEBAEq88rR7oQ1ws8RGsInsnG+rKszHlWmp
EiEbik8SulvlU5/XI7lT8wU53hCG/nHFhJu5GFnl/DcJ4dsXA3L69sJeZBfJmo3d
s+aGj4Y1WehyYklRf6yHmI4J1zHvt+7v06bazI6XPRMZEgbywC+Pu8VRYSGsTJ5X
CMd7viwGEZu4NIFVnz7XKFc7ByoAtcjW4oBg/naXcpeO+/bvGQmKoNas/d0Z6dsR
CqdY1P8bcnkDbkC0qMEF/kScJRB/ZbgwXaZDPVukj3SRp/tTASV8M8+34H1LlT9C
UlGc3FePT91aN7bae2swSJt7wP5inkh4yGcUQmGZ705hjiN0Dw+8+kg=
-----END CERTIFICATE-----