Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/aOgL8M0VDCoJFBbKjHHipw7CgK0.roa
File:                     aOgL8M0VDCoJFBbKjHHipw7CgK0.roa (raw, json)
Hash identifier:          JxHs1uM5GfGFdmpY3+A1A8dI63STuU0UQ0HROiRxjIM=
Subject key identifier:   68:E8:0B:F0:CD:15:0C:2A:09:14:16:CA:8C:71:E2:A7:0E:C2:80:AD
Certificate issuer:       /CN=ef7fd5d33061a9de920af1c2a13513d46dd24612
Certificate serial:       019426D8D65D88C2FD34CCAE432E048507DE
Authority key identifier: EF:7F:D5:D3:30:61:A9:DE:92:0A:F1:C2:A1:35:13:D4:6D:D2:46:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/73_V0zBhqd6SCvHCoTUT1G3SRhI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/aOgL8M0VDCoJFBbKjHHipw7CgK0.roa
Signing time:             Thu 02 Jan 2025 11:48:52 +0000
ROA not before:           Thu 02 Jan 2025 11:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4755
IP address blocks:        193.32.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/73_V0zBhqd6SCvHCoTUT1G3SRhI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/73_V0zBhqd6SCvHCoTUT1G3SRhI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/73_V0zBhqd6SCvHCoTUT1G3SRhI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 20:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:d6:5d:88:c2:fd:34:cc:ae:43:2e:04:85:07:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef7fd5d33061a9de920af1c2a13513d46dd24612
        Validity
            Not Before: Jan  2 11:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68e80bf0cd150c2a091416ca8c71e2a70ec280ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:88:30:40:ad:6c:95:d0:88:bd:87:d5:17:24:
                    69:52:f5:6b:64:b2:e8:3f:6d:28:70:d3:94:af:43:
                    b1:4b:0c:97:60:22:53:e6:10:ef:06:49:12:0b:18:
                    c8:ea:25:27:3e:79:95:23:3a:84:59:db:94:31:ea:
                    d0:ad:18:76:57:7e:ce:b4:ab:a2:f7:a5:56:4c:a5:
                    70:c8:42:3c:7e:59:04:05:67:35:17:6f:fb:37:33:
                    87:4e:d6:25:bc:dd:85:3f:2f:85:af:03:3d:15:cb:
                    53:74:48:99:4a:d6:29:57:31:be:55:26:7b:31:c8:
                    15:e8:8b:e2:e9:0d:ee:1e:c2:7e:1d:eb:90:f7:8e:
                    66:90:bd:49:cd:f8:35:74:5a:79:7b:3c:2e:df:9c:
                    44:f9:26:c9:ce:ee:3d:fa:80:07:bb:75:39:17:39:
                    cb:2f:f1:16:f1:02:df:e8:d9:10:1d:50:1f:c8:20:
                    45:10:c8:9f:da:81:07:99:26:a2:59:c3:96:2c:9a:
                    29:32:70:b3:44:e1:bf:82:bd:ca:f6:28:7f:0b:c9:
                    4c:f8:b2:68:0b:ee:cf:30:c7:c1:5b:db:94:ca:16:
                    c9:a5:5f:22:22:08:60:87:8a:5d:7f:2c:73:ef:4a:
                    e2:93:f8:2f:89:32:3e:1c:fa:49:7d:b8:b2:8f:5d:
                    5c:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:E8:0B:F0:CD:15:0C:2A:09:14:16:CA:8C:71:E2:A7:0E:C2:80:AD
            X509v3 Authority Key Identifier:
                keyid:EF:7F:D5:D3:30:61:A9:DE:92:0A:F1:C2:A1:35:13:D4:6D:D2:46:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/73_V0zBhqd6SCvHCoTUT1G3SRhI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/aOgL8M0VDCoJFBbKjHHipw7CgK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/73_V0zBhqd6SCvHCoTUT1G3SRhI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:ae:2c:e9:d5:50:ab:34:27:4b:be:e7:82:2b:e0:61:e9:09:
         13:e3:ba:a9:ea:fa:df:37:f4:2a:f2:2c:59:cd:53:c8:fc:8d:
         2c:04:c4:9b:d6:6d:b0:21:15:a3:70:77:46:48:a2:f8:c1:70:
         01:65:02:f0:b8:35:28:df:10:fe:5d:0f:b8:5d:7d:25:d3:2b:
         88:49:a5:6d:69:fc:99:d6:9f:b7:ba:56:a3:96:43:74:45:7e:
         b1:64:1f:77:73:10:b8:9b:92:a0:03:d2:4a:61:f8:93:61:15:
         d9:91:5f:43:f8:bc:79:7e:ab:04:bb:fc:a8:b1:eb:50:1a:a4:
         63:79:3a:5c:2f:a8:57:9e:df:fd:65:cd:8e:6a:d9:43:fd:7c:
         e6:7b:22:c4:f2:84:99:c7:c9:f4:0f:ec:ae:98:09:58:c0:06:
         44:cb:8e:4c:86:d1:2a:03:1c:69:3a:dd:2d:9b:d2:fc:7e:3d:
         54:13:c3:16:c4:56:98:83:03:88:45:24:94:76:7e:d6:9b:ee:
         9a:8e:10:f5:84:48:b1:bb:a9:7a:3d:4e:8d:da:ee:29:d8:76:
         ec:2a:85:e6:50:c2:1d:00:86:d0:e2:41:0c:cd:da:b2:79:c6:
         fc:01:c0:a5:d4:f6:80:71:2a:b8:35:bb:07:e8:2b:52:b5:98:
         b8:0a:b5:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2NZdiML9NMyuQy4EhQfeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmN2ZkNWQzMzA2MWE5ZGU5MjBhZjFjMmExMzUxM2Q0NmRk
MjQ2MTIwHhcNMjUwMTAyMTE0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGU4MGJmMGNkMTUwYzJhMDkxNDE2Y2E4YzcxZTJhNzBlYzI4MGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArogwQK1sldCIvYfVFyRpUvVrZLLo
P20ocNOUr0OxSwyXYCJT5hDvBkkSCxjI6iUnPnmVIzqEWduUMerQrRh2V37OtKui
96VWTKVwyEI8flkEBWc1F2/7NzOHTtYlvN2FPy+FrwM9FctTdEiZStYpVzG+VSZ7
McgV6Ivi6Q3uHsJ+HeuQ945mkL1Jzfg1dFp5ezwu35xE+SbJzu49+oAHu3U5FznL
L/EW8QLf6NkQHVAfyCBFEMif2oEHmSaiWcOWLJopMnCzROG/gr3K9ih/C8lM+LJo
C+7PMMfBW9uUyhbJpV8iIghgh4pdfyxz70rik/gviTI+HPpJfbiyj11ccwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjoC/DNFQwqCRQWyoxx4qcOwoCtMB8GA1UdIwQY
MBaAFO9/1dMwYanekgrxwqE1E9Rt0kYSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzNfVjB6QmhxZDZTQ3ZIQ29UVVQxRzNTUmhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yMzE5MGMtZTFhMC00YmE0LWIxZDgt
YTEwMmJlMzgyZTUxLzEvYU9nTDhNMFZEQ29KRkJiS2pISGlwdzdDZ0swLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yMzE5MGMtZTFhMC00YmE0LWIxZDgtYTEwMmJlMzgyZTUx
LzEvNzNfVjB6QmhxZDZTQ3ZIQ29UVVQxRzNTUmhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSD3MA0G
CSqGSIb3DQEBCwUAA4IBAQCrrizp1VCrNCdLvueCK+Bh6QkT47qp6vrfN/Qq8ixZ
zVPI/I0sBMSb1m2wIRWjcHdGSKL4wXABZQLwuDUo3xD+XQ+4XX0l0yuISaVtafyZ
1p+3ulajlkN0RX6xZB93cxC4m5KgA9JKYfiTYRXZkV9D+Lx5fqsEu/yosetQGqRj
eTpcL6hXnt/9Zc2OatlD/XzmeyLE8oSZx8n0D+yumAlYwAZEy45MhtEqAxxpOt0t
m9L8fj1UE8MWxFaYgwOIRSSUdn7Wm+6ajhD1hEixu6l6PU6N2u4p2HbsKoXmUMId
AIbQ4kEMzdqyecb8AcCl1PaAcSq4NbsH6CtStZi4CrUx
-----END CERTIFICATE-----