Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/880c47-fa92-4eef-b276-a8a0e55f5e31/1/OgdXmhiZAA16NPeY0dxWgqJiBfs.roa
File:                     OgdXmhiZAA16NPeY0dxWgqJiBfs.roa (raw, json)
Hash identifier:          ofdWvYQef3gdE7jZxwhWetwjgExiGS5YIXHFq//LRXM=
Subject key identifier:   3A:07:57:9A:18:99:00:0D:7A:34:F7:98:D1:DC:56:82:A2:62:05:FB
Certificate issuer:       /CN=4913b261adbf79ee36a6a3adfa687a7ec658210b
Certificate serial:       018EC2B875CE3AB086BAA30C0C288EA81C8A
Authority key identifier: 49:13:B2:61:AD:BF:79:EE:36:A6:A3:AD:FA:68:7A:7E:C6:58:21:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SROyYa2_ee42pqOt-mh6fsZYIQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/880c47-fa92-4eef-b276-a8a0e55f5e31/1/OgdXmhiZAA16NPeY0dxWgqJiBfs.roa
Signing time:             Tue 09 Apr 2024 11:57:32 +0000
ROA not before:           Tue 09 Apr 2024 11:57:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209243
IP address blocks:        195.144.22.0/24 maxlen: 24
                          2a09:7cc7::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/880c47-fa92-4eef-b276-a8a0e55f5e31/1/SROyYa2_ee42pqOt-mh6fsZYIQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/880c47-fa92-4eef-b276-a8a0e55f5e31/1/SROyYa2_ee42pqOt-mh6fsZYIQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SROyYa2_ee42pqOt-mh6fsZYIQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c2:b8:75:ce:3a:b0:86:ba:a3:0c:0c:28:8e:a8:1c:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4913b261adbf79ee36a6a3adfa687a7ec658210b
        Validity
            Not Before: Apr  9 11:57:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a07579a1899000d7a34f798d1dc5682a26205fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:c3:ff:8b:a7:e9:79:74:00:e2:2c:e1:14:36:
                    f4:0a:87:a1:22:c2:d8:26:84:eb:ee:90:1f:3c:98:
                    34:3a:d3:e7:db:42:1c:8c:fa:a1:1d:74:ff:6f:f6:
                    6c:95:71:cb:20:b8:29:99:07:29:f8:f6:65:2a:3d:
                    f2:36:2e:9f:9d:c8:c3:c8:a4:96:0c:e6:0e:41:01:
                    f4:6e:b8:81:97:87:c0:78:64:28:bf:7a:fb:36:92:
                    04:6c:ee:55:20:93:20:a3:e5:93:e1:24:37:c8:26:
                    12:d6:97:7a:ac:7f:84:1c:40:12:b0:1b:90:23:e3:
                    9d:42:8b:fa:75:9c:a6:be:5b:43:a9:e9:13:8f:ea:
                    fb:7a:65:bd:64:a7:2b:3c:02:fb:d4:a7:e2:0a:d2:
                    b1:12:7a:75:8b:f8:53:0c:e8:55:de:8c:59:e1:03:
                    03:62:ec:13:16:d1:cd:d7:c7:9d:6c:ee:85:b6:94:
                    aa:9b:8b:be:aa:19:7f:ca:bf:58:42:ac:bb:97:95:
                    fd:49:17:53:ba:2a:de:c9:d1:41:22:f2:47:2d:ac:
                    61:ca:b7:80:99:92:3b:f2:f0:ba:98:8a:37:35:07:
                    39:e1:c3:7e:54:a8:c9:2d:70:86:88:fd:c2:d5:23:
                    05:bd:b7:86:f6:6e:9a:3a:2a:02:77:6c:1d:6d:69:
                    98:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:07:57:9A:18:99:00:0D:7A:34:F7:98:D1:DC:56:82:A2:62:05:FB
            X509v3 Authority Key Identifier:
                keyid:49:13:B2:61:AD:BF:79:EE:36:A6:A3:AD:FA:68:7A:7E:C6:58:21:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SROyYa2_ee42pqOt-mh6fsZYIQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/880c47-fa92-4eef-b276-a8a0e55f5e31/1/OgdXmhiZAA16NPeY0dxWgqJiBfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/880c47-fa92-4eef-b276-a8a0e55f5e31/1/SROyYa2_ee42pqOt-mh6fsZYIQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.144.22.0/24
                IPv6:
                  2a09:7cc7::/32

    Signature Algorithm: sha256WithRSAEncryption
         a2:4a:ee:c8:63:55:dd:0e:90:c2:e8:16:7d:dd:a6:d6:3b:d9:
         c2:1b:2d:61:30:a5:9d:2a:b6:20:7a:bd:f9:ca:a0:6d:ae:ba:
         43:9c:78:8e:9a:f6:a2:52:3f:d0:06:fb:cb:5f:b2:13:ec:99:
         2e:62:45:58:37:e0:46:f0:f9:2f:4b:30:61:5a:b1:6f:35:32:
         23:dd:63:53:8e:e1:89:19:3c:b9:66:d5:f5:7a:79:d0:fb:39:
         2c:7a:45:59:9c:d9:b5:2f:78:7a:45:13:0f:4a:9e:88:c4:52:
         ec:13:22:20:03:2b:63:92:61:fd:1a:48:61:ba:6c:33:64:d3:
         f9:31:b5:96:61:f0:43:49:e9:13:b4:e2:a7:3e:ef:8e:64:56:
         c9:7d:1d:71:81:80:8e:2e:e6:89:0e:db:99:27:b8:11:07:87:
         c2:0e:45:fd:d6:31:9d:95:39:db:f7:df:d7:ee:64:4c:60:e0:
         07:4b:28:b6:b6:77:80:b8:72:1c:54:9c:43:5e:45:90:1b:63:
         62:9f:dc:0c:ce:21:9f:d7:23:52:d9:9c:9d:01:e7:16:ab:38:
         0d:8a:6c:30:42:4b:09:72:f7:9e:59:64:d6:58:31:0f:93:a4:
         3b:7e:1c:a8:83:43:fc:eb:ff:8a:43:dd:0b:eb:0a:4c:a6:ef:
         42:69:ae:7e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY7CuHXOOrCGuqMMDCiOqByKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5MTNiMjYxYWRiZjc5ZWUzNmE2YTNhZGZhNjg3YTdlYzY1
ODIxMGIwHhcNMjQwNDA5MTE1NzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTA3NTc5YTE4OTkwMDBkN2EzNGY3OThkMWRjNTY4MmEyNjIwNWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8P/i6fpeXQA4izhFDb0CoehIsLY
JoTr7pAfPJg0OtPn20IcjPqhHXT/b/ZslXHLILgpmQcp+PZlKj3yNi6fncjDyKSW
DOYOQQH0briBl4fAeGQov3r7NpIEbO5VIJMgo+WT4SQ3yCYS1pd6rH+EHEASsBuQ
I+OdQov6dZymvltDqekTj+r7emW9ZKcrPAL71KfiCtKxEnp1i/hTDOhV3oxZ4QMD
YuwTFtHN18edbO6FtpSqm4u+qhl/yr9YQqy7l5X9SRdTuireydFBIvJHLaxhyreA
mZI78vC6mIo3NQc54cN+VKjJLXCGiP3C1SMFvbeG9m6aOioCd2wdbWmYKQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDoHV5oYmQANejT3mNHcVoKiYgX7MB8GA1UdIwQY
MBaAFEkTsmGtv3nuNqajrfpoen7GWCELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1JPeVlhMl9lZTQycHFPdC1taDZmc1pZSVFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC84ODBjNDctZmE5Mi00ZWVmLWIyNzYt
YThhMGU1NWY1ZTMxLzEvT2dkWG1oaVpBQTE2TlBlWTBkeFdncUppQmZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC84ODBjNDctZmE5Mi00ZWVmLWIyNzYtYThhMGU1NWY1ZTMx
LzEvU1JPeVlhMl9lZTQycHFPdC1taDZmc1pZSVFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAw5AWMA0E
AgACMAcDBQAqCXzHMA0GCSqGSIb3DQEBCwUAA4IBAQCiSu7IY1XdDpDC6BZ93abW
O9nCGy1hMKWdKrYger35yqBtrrpDnHiOmvaiUj/QBvvLX7IT7JkuYkVYN+BG8Pkv
SzBhWrFvNTIj3WNTjuGJGTy5ZtX1ennQ+zksekVZnNm1L3h6RRMPSp6IxFLsEyIg
AytjkmH9GkhhumwzZNP5MbWWYfBDSekTtOKnPu+OZFbJfR1xgYCOLuaJDtuZJ7gR
B4fCDkX91jGdlTnb99/X7mRMYOAHSyi2tneAuHIcVJxDXkWQG2Nin9wMziGf1yNS
2ZydAecWqzgNimwwQksJcveeWWTWWDEPk6Q7fhyog0P86/+KQ90L6wpMpu9Caa5+
-----END CERTIFICATE-----