Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/38b511-7547-4a48-8baf-7764584670fd/1/O4itYS8sI_ap1aiE_UeLniEPcvk.roa
File:                     O4itYS8sI_ap1aiE_UeLniEPcvk.roa (raw, json)
Hash identifier:          yXxFYAIoEwoD51Grvt0xf+Jd5ULkmINTn0EV/SJ5fbw=
Subject key identifier:   3B:88:AD:61:2F:2C:23:F6:A9:D5:A8:84:FD:47:8B:9E:21:0F:72:F9
Certificate issuer:       /CN=c2bf81ab950a18034630c25830749e650eb4e634
Certificate serial:       0194221F934C6E5EA4ACEFDDAEABA570CC76
Authority key identifier: C2:BF:81:AB:95:0A:18:03:46:30:C2:58:30:74:9E:65:0E:B4:E6:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wr-Bq5UKGANGMMJYMHSeZQ605jQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/38b511-7547-4a48-8baf-7764584670fd/1/O4itYS8sI_ap1aiE_UeLniEPcvk.roa
Signing time:             Wed 01 Jan 2025 13:48:02 +0000
ROA not before:           Wed 01 Jan 2025 13:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50623
IP address blocks:        195.191.154.0/24 maxlen: 24
                          195.191.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/38b511-7547-4a48-8baf-7764584670fd/1/wr-Bq5UKGANGMMJYMHSeZQ605jQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/38b511-7547-4a48-8baf-7764584670fd/1/wr-Bq5UKGANGMMJYMHSeZQ605jQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wr-Bq5UKGANGMMJYMHSeZQ605jQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:93:4c:6e:5e:a4:ac:ef:dd:ae:ab:a5:70:cc:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2bf81ab950a18034630c25830749e650eb4e634
        Validity
            Not Before: Jan  1 13:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b88ad612f2c23f6a9d5a884fd478b9e210f72f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:1d:2f:eb:ee:d9:22:6e:59:50:86:a7:57:59:
                    58:05:b5:ad:3a:a5:3b:6c:71:d3:79:18:9e:2a:51:
                    22:91:33:f4:4a:5e:ff:53:dc:d6:51:50:98:d5:85:
                    d8:2f:a7:66:20:cc:77:94:2f:65:f1:5d:ab:2a:1b:
                    5a:5f:f0:9d:7a:ea:02:e5:07:f6:13:07:b3:6d:b5:
                    3f:1a:c8:8a:2c:a3:67:70:a3:32:aa:bb:64:da:d1:
                    a5:d4:dd:7a:60:26:d7:3c:c7:41:28:38:fa:66:f0:
                    7a:3e:53:07:39:10:a5:fe:c2:08:4a:28:15:3e:a9:
                    aa:f9:2e:79:a2:b5:fc:d3:74:80:a5:7f:e6:da:d2:
                    6b:a2:4e:f6:f4:23:c1:a4:8e:12:67:ae:ad:fc:34:
                    52:92:e1:cd:c3:9e:61:81:fd:ee:da:39:77:7f:c7:
                    f4:cb:1d:fb:09:dd:be:5a:6a:f1:d2:53:1c:38:a0:
                    33:dc:03:0b:b7:e3:58:ad:90:a3:16:59:76:aa:1b:
                    57:70:f4:a8:f3:fd:83:55:cd:f4:79:15:68:41:35:
                    dc:2e:89:67:23:04:c7:08:be:74:b3:68:ef:c0:d7:
                    0a:98:24:cb:b4:67:99:24:75:c7:1f:b7:12:e3:e9:
                    ba:fd:fc:c8:53:b2:39:88:a0:1a:6b:19:cd:d0:92:
                    94:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:88:AD:61:2F:2C:23:F6:A9:D5:A8:84:FD:47:8B:9E:21:0F:72:F9
            X509v3 Authority Key Identifier:
                keyid:C2:BF:81:AB:95:0A:18:03:46:30:C2:58:30:74:9E:65:0E:B4:E6:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wr-Bq5UKGANGMMJYMHSeZQ605jQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/38b511-7547-4a48-8baf-7764584670fd/1/O4itYS8sI_ap1aiE_UeLniEPcvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/38b511-7547-4a48-8baf-7764584670fd/1/wr-Bq5UKGANGMMJYMHSeZQ605jQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.154.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7c:d4:f5:46:46:6c:f7:af:53:e4:48:6b:8b:e2:66:b0:7a:fe:
         30:14:a7:7b:e0:35:77:18:31:99:dd:7d:31:64:49:2d:87:d8:
         04:af:a1:8e:0e:94:5e:6b:49:e4:c9:f6:21:0f:e2:be:0f:44:
         88:53:b6:37:c9:a3:0c:53:27:f9:ed:7b:39:99:2f:7f:3e:f9:
         88:e9:fe:e7:ef:ab:0d:9b:9a:7c:b3:14:7f:98:52:6a:7d:60:
         fc:26:43:2b:af:c7:aa:24:9b:bd:59:45:18:6d:c0:8d:1d:50:
         47:4c:da:f9:9f:45:fe:9a:32:e8:2b:2d:0d:cf:b7:3c:d5:3b:
         9f:4f:5d:81:57:27:73:6e:64:7e:0f:72:7f:76:8a:88:8c:ae:
         97:75:20:73:0a:c7:c4:cd:e3:26:43:70:13:ca:b5:62:e1:77:
         e9:8e:f5:12:92:14:1f:7a:1a:8d:96:88:95:4a:e5:d1:2a:0b:
         ba:ee:84:66:92:f3:96:bd:af:f0:3e:16:5f:1f:8b:d9:6c:ae:
         d2:19:bf:06:3f:06:eb:42:03:2c:34:61:2c:72:4e:38:54:db:
         8e:3f:31:9d:22:d1:2e:1b:15:8d:85:9a:58:73:ea:57:a8:78:
         02:2d:58:c9:30:cb:ac:a1:cf:bb:57:95:9e:20:d2:88:17:f2:
         cb:8a:33:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH5NMbl6krO/drqulcMx2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyYmY4MWFiOTUwYTE4MDM0NjMwYzI1ODMwNzQ5ZTY1MGVi
NGU2MzQwHhcNMjUwMTAxMTM0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjg4YWQ2MTJmMmMyM2Y2YTlkNWE4ODRmZDQ3OGI5ZTIxMGY3MmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmR0v6+7ZIm5ZUIanV1lYBbWtOqU7
bHHTeRieKlEikTP0Sl7/U9zWUVCY1YXYL6dmIMx3lC9l8V2rKhtaX/CdeuoC5Qf2
EwezbbU/GsiKLKNncKMyqrtk2tGl1N16YCbXPMdBKDj6ZvB6PlMHORCl/sIISigV
Pqmq+S55orX803SApX/m2tJrok729CPBpI4SZ66t/DRSkuHNw55hgf3u2jl3f8f0
yx37Cd2+Wmrx0lMcOKAz3AMLt+NYrZCjFll2qhtXcPSo8/2DVc30eRVoQTXcLoln
IwTHCL50s2jvwNcKmCTLtGeZJHXHH7cS4+m6/fzIU7I5iKAaaxnN0JKUEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuIrWEvLCP2qdWohP1Hi54hD3L5MB8GA1UdIwQY
MBaAFMK/gauVChgDRjDCWDB0nmUOtOY0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3ItQnE1VUtHQU5HTU1KWU1IU2VaUTYwNWpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8zOGI1MTEtNzU0Ny00YTQ4LThiYWYt
Nzc2NDU4NDY3MGZkLzEvTzRpdFlTOHNJX2FwMWFpRV9VZUxuaUVQY3ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8zOGI1MTEtNzU0Ny00YTQ4LThiYWYtNzc2NDU4NDY3MGZk
LzEvd3ItQnE1VUtHQU5HTU1KWU1IU2VaUTYwNWpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw7+aMA0G
CSqGSIb3DQEBCwUAA4IBAQB81PVGRmz3r1PkSGuL4mawev4wFKd74DV3GDGZ3X0x
ZEkth9gEr6GODpRea0nkyfYhD+K+D0SIU7Y3yaMMUyf57Xs5mS9/PvmI6f7n76sN
m5p8sxR/mFJqfWD8JkMrr8eqJJu9WUUYbcCNHVBHTNr5n0X+mjLoKy0Nz7c81Tuf
T12BVydzbmR+D3J/doqIjK6XdSBzCsfEzeMmQ3ATyrVi4XfpjvUSkhQfehqNloiV
SuXRKgu67oRmkvOWva/wPhZfH4vZbK7SGb8GPwbrQgMsNGEsck44VNuOPzGdItEu
GxWNhZpYc+pXqHgCLVjJMMusoc+7V5WeINKIF/LLijPL
-----END CERTIFICATE-----