Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/3ea478-a503-47d3-88f5-49be8d90f59e/1/OjPZ4w3uav1AVJBNGLzE1iWEjns.roa
File:                     OjPZ4w3uav1AVJBNGLzE1iWEjns.roa (raw, json)
Hash identifier:          RZ3Fh/xDlYW1Zzf/BAcP7d2zU9c7pD1bl+u8+XwewFo=
Subject key identifier:   3A:33:D9:E3:0D:EE:6A:FD:40:54:90:4D:18:BC:C4:D6:25:84:8E:7B
Certificate issuer:       /CN=0dd6efbe54671d71a59051e29a2448cd6af8d467
Certificate serial:       019420D5A76431A458EB0A1A55BF66711B9D
Authority key identifier: 0D:D6:EF:BE:54:67:1D:71:A5:90:51:E2:9A:24:48:CD:6A:F8:D4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DdbvvlRnHXGlkFHimiRIzWr41Gc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/3ea478-a503-47d3-88f5-49be8d90f59e/1/OjPZ4w3uav1AVJBNGLzE1iWEjns.roa
Signing time:             Wed 01 Jan 2025 07:47:40 +0000
ROA not before:           Wed 01 Jan 2025 07:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42888
IP address blocks:        195.130.193.0/24 maxlen: 24
                          2001:67c:2144::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/3ea478-a503-47d3-88f5-49be8d90f59e/1/DdbvvlRnHXGlkFHimiRIzWr41Gc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/3ea478-a503-47d3-88f5-49be8d90f59e/1/DdbvvlRnHXGlkFHimiRIzWr41Gc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DdbvvlRnHXGlkFHimiRIzWr41Gc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:a7:64:31:a4:58:eb:0a:1a:55:bf:66:71:1b:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0dd6efbe54671d71a59051e29a2448cd6af8d467
        Validity
            Not Before: Jan  1 07:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a33d9e30dee6afd4054904d18bcc4d625848e7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ab:ea:a1:15:92:44:44:64:20:0c:5d:80:5d:
                    bf:87:95:84:c0:9b:dd:7c:62:cf:7f:6e:40:da:55:
                    93:89:24:2e:f5:24:a0:d6:c5:c1:a3:61:81:3f:49:
                    0b:64:30:f1:99:7d:52:2e:09:38:2f:ce:9b:fe:b7:
                    e2:ab:63:8d:f5:ce:57:32:9f:d0:1c:26:e8:52:ea:
                    6f:b7:30:07:e5:cc:bd:96:5f:f7:ae:27:7c:ea:f4:
                    9b:42:4e:b5:ea:d1:49:7e:d4:f8:19:79:39:2a:0b:
                    c6:88:34:f1:77:a6:f4:be:ce:9b:ab:d2:70:4f:27:
                    11:3f:c0:8a:1e:92:8c:4a:96:43:f6:d8:47:6a:78:
                    e2:c4:04:f7:81:27:ef:fe:a8:f7:b5:dd:a5:dc:a5:
                    68:c3:43:74:76:ba:b1:e2:51:88:be:da:4d:9b:bd:
                    a4:e4:9d:3e:f8:b9:06:e7:21:7f:7f:5a:96:61:52:
                    2f:fe:10:4a:70:72:5e:37:fb:04:65:29:e4:df:27:
                    ba:9a:cf:1d:80:93:f7:4d:e1:ed:e0:e8:b2:25:0d:
                    38:8b:42:d1:86:0d:12:7b:69:0f:e9:86:83:f9:24:
                    ee:da:f7:4f:a1:b5:81:c2:68:42:71:3b:10:56:06:
                    28:57:60:86:02:0a:02:65:7c:65:8f:3e:08:a9:2b:
                    d5:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:33:D9:E3:0D:EE:6A:FD:40:54:90:4D:18:BC:C4:D6:25:84:8E:7B
            X509v3 Authority Key Identifier:
                keyid:0D:D6:EF:BE:54:67:1D:71:A5:90:51:E2:9A:24:48:CD:6A:F8:D4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DdbvvlRnHXGlkFHimiRIzWr41Gc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/3ea478-a503-47d3-88f5-49be8d90f59e/1/OjPZ4w3uav1AVJBNGLzE1iWEjns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/3ea478-a503-47d3-88f5-49be8d90f59e/1/DdbvvlRnHXGlkFHimiRIzWr41Gc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.130.193.0/24
                IPv6:
                  2001:67c:2144::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:5d:af:31:d7:7f:f8:b3:e1:68:c4:a7:e3:77:c1:cd:b6:04:
         70:d5:bf:ab:70:d7:d1:67:43:c2:5e:4a:2b:e6:f3:5d:a9:79:
         71:49:24:33:78:e3:77:d6:32:50:31:bc:b9:36:2a:25:78:46:
         60:ab:5b:37:98:29:b1:3f:18:a2:9f:7e:5f:08:28:5b:73:af:
         67:26:f3:b7:d5:05:c8:c9:5f:66:17:f0:4e:7d:5b:e9:4c:6c:
         f5:c7:23:4a:8b:0f:32:84:13:99:8c:15:74:a8:d9:d3:9c:81:
         89:5f:2f:9a:e3:0e:32:cd:ee:e1:f6:22:76:c4:b8:a1:73:7f:
         43:0f:e9:87:0e:3d:e5:40:18:16:1a:cc:31:b2:3d:10:66:54:
         89:75:80:75:a2:63:e2:41:a7:b8:9d:38:0c:6a:00:66:5f:8a:
         6f:74:5e:bb:eb:b3:c4:9d:3c:5d:77:3c:35:c8:97:95:e8:de:
         b2:2f:e1:a0:77:0c:44:b4:a5:a7:e3:76:91:b2:4e:6e:1c:d7:
         d6:d5:30:c5:f4:a7:05:10:c0:19:72:91:79:d5:db:bf:ba:c6:
         cd:4a:66:fd:bf:93:6c:c8:60:f9:0b:cd:7a:6f:01:a7:93:8d:
         d4:b8:fc:b1:14:05:8c:1b:ea:8b:66:1a:f8:28:e4:a1:91:92:
         3f:cb:5b:cc
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQg1adkMaRY6woaVb9mcRudMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkZDZlZmJlNTQ2NzFkNzFhNTkwNTFlMjlhMjQ0OGNkNmFm
OGQ0NjcwHhcNMjUwMTAxMDc0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTMzZDllMzBkZWU2YWZkNDA1NDkwNGQxOGJjYzRkNjI1ODQ4ZTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6vqoRWSRERkIAxdgF2/h5WEwJvd
fGLPf25A2lWTiSQu9SSg1sXBo2GBP0kLZDDxmX1SLgk4L86b/rfiq2ON9c5XMp/Q
HCboUupvtzAH5cy9ll/3rid86vSbQk616tFJftT4GXk5KgvGiDTxd6b0vs6bq9Jw
TycRP8CKHpKMSpZD9thHanjixAT3gSfv/qj3td2l3KVow0N0drqx4lGIvtpNm72k
5J0++LkG5yF/f1qWYVIv/hBKcHJeN/sEZSnk3ye6ms8dgJP3TeHt4OiyJQ04i0LR
hg0Se2kP6YaD+STu2vdPobWBwmhCcTsQVgYoV2CGAgoCZXxljz4IqSvVZwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDoz2eMN7mr9QFSQTRi8xNYlhI57MB8GA1UdIwQY
MBaAFA3W775UZx1xpZBR4pokSM1q+NRnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGRidnZsUm5IWEdsa0ZIaW1pUkl6V3I0MUdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8zZWE0NzgtYTUwMy00N2QzLTg4ZjUt
NDliZThkOTBmNTllLzEvT2pQWjR3M3VhdjFBVkpCTkdMekUxaVdFam5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8zZWE0NzgtYTUwMy00N2QzLTg4ZjUtNDliZThkOTBmNTll
LzEvRGRidnZsUm5IWEdsa0ZIaW1pUkl6V3I0MUdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw4LBMA8E
AgACMAkDBwAgAQZ8IUQwDQYJKoZIhvcNAQELBQADggEBAHxdrzHXf/iz4WjEp+N3
wc22BHDVv6tw19FnQ8JeSivm812peXFJJDN443fWMlAxvLk2KiV4RmCrWzeYKbE/
GKKffl8IKFtzr2cm87fVBcjJX2YX8E59W+lMbPXHI0qLDzKEE5mMFXSo2dOcgYlf
L5rjDjLN7uH2InbEuKFzf0MP6YcOPeVAGBYazDGyPRBmVIl1gHWiY+JBp7idOAxq
AGZfim90Xrvrs8SdPF13PDXIl5Xo3rIv4aB3DES0pafjdpGyTm4c19bVMMX0pwUQ
wBlykXnV27+6xs1KZv2/k2zIYPkLzXpvAaeTjdS4/LEUBYwb6otmGvgo5KGRkj/L
W8w=
-----END CERTIFICATE-----