Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/3e4899-aacc-4efd-93df-a61a98359c4a/1/oSc9TDaxZAgpBUL0U_QOqXe1iIQ.roa
File:                     oSc9TDaxZAgpBUL0U_QOqXe1iIQ.roa (raw, json)
Hash identifier:          eRGT3we8piuEWhQIjqoI4A2ShRxv7LWNOl9KqCnYlOg=
Subject key identifier:   A1:27:3D:4C:36:B1:64:08:29:05:42:F4:53:F4:0E:A9:77:B5:88:84
Certificate issuer:       /CN=0533048d6ff424bf19215771cf257bc15b67ee15
Certificate serial:       0194228D8F6700E7F84DF0CEB6FD6B00AAEB
Authority key identifier: 05:33:04:8D:6F:F4:24:BF:19:21:57:71:CF:25:7B:C1:5B:67:EE:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTMEjW_0JL8ZIVdxzyV7wVtn7hU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/3e4899-aacc-4efd-93df-a61a98359c4a/1/oSc9TDaxZAgpBUL0U_QOqXe1iIQ.roa
Signing time:             Wed 01 Jan 2025 15:48:10 +0000
ROA not before:           Wed 01 Jan 2025 15:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12611
IP address blocks:        194.169.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/3e4899-aacc-4efd-93df-a61a98359c4a/1/BTMEjW_0JL8ZIVdxzyV7wVtn7hU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/3e4899-aacc-4efd-93df-a61a98359c4a/1/BTMEjW_0JL8ZIVdxzyV7wVtn7hU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTMEjW_0JL8ZIVdxzyV7wVtn7hU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:8f:67:00:e7:f8:4d:f0:ce:b6:fd:6b:00:aa:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0533048d6ff424bf19215771cf257bc15b67ee15
        Validity
            Not Before: Jan  1 15:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1273d4c36b16408290542f453f40ea977b58884
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:ec:89:96:53:0c:4a:6d:d3:9c:d7:bc:d7:09:
                    6f:53:66:2e:e0:c3:ee:9f:c3:91:73:e2:55:d2:59:
                    b3:ca:ae:68:50:14:a6:1d:0c:34:aa:10:3b:e2:58:
                    54:88:b2:43:40:95:1b:86:12:82:76:a5:08:18:c5:
                    37:d7:30:d9:66:11:56:b7:6e:43:5c:7c:34:18:0d:
                    f2:35:e2:8c:c1:97:b3:44:17:e0:4d:a0:0a:42:a5:
                    b0:0a:e3:90:7a:34:d1:0a:61:3d:07:3c:06:38:7d:
                    49:c9:90:90:6a:01:6f:7e:57:9f:66:93:df:ef:d9:
                    d5:14:73:ea:d9:56:d9:f5:fd:e4:36:c5:a6:ed:1b:
                    f9:54:d9:31:08:d7:04:cf:fd:b4:38:0e:8e:88:5e:
                    0b:f9:0f:79:bb:43:8f:e0:3f:52:a6:fa:e7:6b:9d:
                    3b:c7:7f:a3:fe:d4:f1:cd:5f:12:c1:a0:20:c2:e8:
                    4d:30:44:f8:a2:95:45:98:df:13:09:99:ed:05:43:
                    85:ef:28:33:d4:82:9b:27:0d:b9:6f:a7:40:bb:2d:
                    4b:1a:14:8e:15:bb:1f:fc:19:64:0d:db:30:b6:b0:
                    a3:f6:e0:1d:6b:91:41:51:75:18:de:1a:3f:ad:f1:
                    aa:18:7b:e6:60:a3:ca:05:57:e2:93:8e:81:f8:b2:
                    16:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:27:3D:4C:36:B1:64:08:29:05:42:F4:53:F4:0E:A9:77:B5:88:84
            X509v3 Authority Key Identifier:
                keyid:05:33:04:8D:6F:F4:24:BF:19:21:57:71:CF:25:7B:C1:5B:67:EE:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTMEjW_0JL8ZIVdxzyV7wVtn7hU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/3e4899-aacc-4efd-93df-a61a98359c4a/1/oSc9TDaxZAgpBUL0U_QOqXe1iIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/3e4899-aacc-4efd-93df-a61a98359c4a/1/BTMEjW_0JL8ZIVdxzyV7wVtn7hU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:ee:06:1b:ce:eb:f1:82:ac:b5:4d:a3:f4:dc:dd:b1:80:48:
         75:25:91:4f:11:30:8b:cd:e9:46:d6:e8:24:63:7a:f0:11:c6:
         26:d0:a5:93:88:21:5f:83:fd:e7:61:4b:09:10:97:f6:35:04:
         58:7c:b6:1a:91:89:1a:fc:41:9b:c9:6c:63:5c:b8:be:69:e0:
         c9:fb:34:3e:1a:b2:2c:bb:fb:17:1a:61:d2:91:35:84:a9:3f:
         79:80:36:a4:b8:1b:a2:72:5d:95:5d:bb:b0:b4:44:76:22:f5:
         8e:d7:76:05:a6:cd:f8:d3:85:39:4a:c0:2e:ab:a3:cc:19:2a:
         98:96:d7:49:97:18:f6:20:dc:4a:e6:f5:90:50:98:49:e6:ef:
         b8:b7:76:6a:d2:0b:25:49:1c:ce:fb:49:a3:25:36:e7:35:fb:
         1a:a9:78:87:5c:2f:69:ea:05:bc:40:18:15:a5:7f:d1:cd:93:
         42:b9:07:a3:4d:4b:a2:e5:8c:5a:13:d8:6b:fd:92:72:f6:dd:
         9b:9e:9c:b4:9a:44:40:cb:dc:07:c5:1e:dc:13:a8:e0:c1:3a:
         1f:4f:fd:54:90:11:2e:ee:2b:3f:5b:4e:95:8a:67:5b:07:22:
         31:a1:a3:00:61:21:36:6a:4a:f4:1d:bb:fa:86:e0:3a:ef:3c:
         87:ac:bd:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijY9nAOf4TfDOtv1rAKrrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzMwNDhkNmZmNDI0YmYxOTIxNTc3MWNmMjU3YmMxNWI2
N2VlMTUwHhcNMjUwMTAxMTU0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTI3M2Q0YzM2YjE2NDA4MjkwNTQyZjQ1M2Y0MGVhOTc3YjU4ODg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuyJllMMSm3TnNe81wlvU2Yu4MPu
n8ORc+JV0lmzyq5oUBSmHQw0qhA74lhUiLJDQJUbhhKCdqUIGMU31zDZZhFWt25D
XHw0GA3yNeKMwZezRBfgTaAKQqWwCuOQejTRCmE9BzwGOH1JyZCQagFvflefZpPf
79nVFHPq2VbZ9f3kNsWm7Rv5VNkxCNcEz/20OA6OiF4L+Q95u0OP4D9Spvrna507
x3+j/tTxzV8SwaAgwuhNMET4opVFmN8TCZntBUOF7ygz1IKbJw25b6dAuy1LGhSO
Fbsf/BlkDdswtrCj9uAda5FBUXUY3ho/rfGqGHvmYKPKBVfik46B+LIWZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKEnPUw2sWQIKQVC9FP0Dql3tYiEMB8GA1UdIwQY
MBaAFAUzBI1v9CS/GSFXcc8le8FbZ+4VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRNRWpXXzBKTDhaSVZkeHp5Vjd3VnRuN2hVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8zZTQ4OTktYWFjYy00ZWZkLTkzZGYt
YTYxYTk4MzU5YzRhLzEvb1NjOVREYXhaQWdwQlVMMFVfUU9xWGUxaUlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8zZTQ4OTktYWFjYy00ZWZkLTkzZGYtYTYxYTk4MzU5YzRh
LzEvQlRNRWpXXzBKTDhaSVZkeHp5Vjd3VnRuN2hVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqn7MA0G
CSqGSIb3DQEBCwUAA4IBAQB/7gYbzuvxgqy1TaP03N2xgEh1JZFPETCLzelG1ugk
Y3rwEcYm0KWTiCFfg/3nYUsJEJf2NQRYfLYakYka/EGbyWxjXLi+aeDJ+zQ+GrIs
u/sXGmHSkTWEqT95gDakuBuicl2VXbuwtER2IvWO13YFps3404U5SsAuq6PMGSqY
ltdJlxj2INxK5vWQUJhJ5u+4t3Zq0gslSRzO+0mjJTbnNfsaqXiHXC9p6gW8QBgV
pX/RzZNCuQejTUui5YxaE9hr/ZJy9t2bnpy0mkRAy9wHxR7cE6jgwTofT/1UkBEu
7is/W06VimdbByIxoaMAYSE2akr0Hbv6huA67zyHrL1v
-----END CERTIFICATE-----