Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/oQk2rT9-TmTMiTawX34MBI0QTrc.roa
File:                     oQk2rT9-TmTMiTawX34MBI0QTrc.roa (raw, json)
Hash identifier:          6J7fvMBzz5wnq8Q655iOLvmHY5jKT0LznvTL3IrQ8Xw=
Subject key identifier:   A1:09:36:AD:3F:7E:4E:64:CC:89:36:B0:5F:7E:0C:04:8D:10:4E:B7
Certificate issuer:       /CN=dc5c532f3cd5e11e19feb19655d4f19926f02020
Certificate serial:       0194221F37FABFAFB4ACBCA0C7C43B685F4A
Authority key identifier: DC:5C:53:2F:3C:D5:E1:1E:19:FE:B1:96:55:D4:F1:99:26:F0:20:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/oQk2rT9-TmTMiTawX34MBI0QTrc.roa
Signing time:             Wed 01 Jan 2025 13:47:38 +0000
ROA not before:           Wed 01 Jan 2025 13:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5391
IP address blocks:        213.202.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:37:fa:bf:af:b4:ac:bc:a0:c7:c4:3b:68:5f:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc5c532f3cd5e11e19feb19655d4f19926f02020
        Validity
            Not Before: Jan  1 13:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a10936ad3f7e4e64cc8936b05f7e0c048d104eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:7e:10:de:de:cd:56:b4:44:63:91:3f:b9:98:
                    30:97:fc:99:77:5d:af:cf:e1:d9:d5:9b:a9:06:91:
                    75:07:4a:40:18:63:d9:d7:d2:41:c8:6c:7b:62:02:
                    5e:05:38:c4:65:9f:6e:90:a4:73:6d:aa:fe:65:aa:
                    40:55:71:49:8c:7f:e4:7b:d4:e7:b9:93:fe:17:5e:
                    2f:64:eb:0f:76:c2:1c:1e:55:15:c6:19:a0:b3:1f:
                    91:44:18:4d:06:a3:86:51:0f:fc:7b:01:f3:2f:ab:
                    ed:a4:a6:ee:5c:59:34:18:1e:55:31:aa:34:11:a3:
                    76:b9:64:20:33:5f:af:ab:a7:67:78:ea:33:d1:ac:
                    64:c8:13:eb:bd:b8:df:61:17:bf:82:93:8a:76:bd:
                    92:02:d8:12:9b:70:46:12:49:ed:a5:c4:ee:e2:d8:
                    a4:cc:17:62:db:fe:a1:a6:23:15:45:f9:d7:aa:95:
                    7b:af:cd:6e:16:3e:36:76:1f:e7:0f:c4:ea:a0:0d:
                    87:f6:fa:84:dd:fc:95:e2:9a:a5:5c:88:bb:41:d2:
                    3e:5b:1c:5a:24:49:0b:55:d7:49:7f:e1:a4:fb:47:
                    90:04:51:c9:a0:d2:87:71:6e:60:73:b0:78:2e:0d:
                    6f:41:fd:d9:0c:6b:41:23:bc:f1:0d:c2:15:ce:45:
                    37:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:09:36:AD:3F:7E:4E:64:CC:89:36:B0:5F:7E:0C:04:8D:10:4E:B7
            X509v3 Authority Key Identifier:
                keyid:DC:5C:53:2F:3C:D5:E1:1E:19:FE:B1:96:55:D4:F1:99:26:F0:20:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/oQk2rT9-TmTMiTawX34MBI0QTrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.202.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:8f:0b:19:75:42:7d:e1:36:b4:83:72:b7:f6:c8:9b:5d:2a:
         76:23:73:5e:77:b8:30:67:9c:eb:41:74:08:af:d2:ae:b0:c9:
         b0:86:38:42:23:60:4b:17:1d:fb:37:75:b4:25:b7:31:cc:c0:
         77:3d:d2:bd:70:a1:eb:ca:6d:14:da:f2:eb:c7:b0:02:cd:18:
         cc:42:42:6c:d1:f2:27:ef:c2:17:0f:00:f5:6a:6f:dd:c6:fa:
         64:8f:7a:11:75:19:ad:7e:49:c2:32:49:05:28:91:18:cb:fe:
         8c:b9:14:ee:92:20:c1:6b:e7:12:8a:21:66:a5:28:76:cb:a4:
         14:88:32:d8:3b:6f:f9:01:91:ab:69:8a:3d:5e:ad:87:aa:a6:
         3f:07:be:66:10:cc:25:82:c0:a4:63:b6:8a:13:35:26:ce:ff:
         b6:e8:9d:e1:22:68:d3:90:23:f1:72:52:c1:da:2c:dc:e5:18:
         51:f5:1d:11:77:2e:16:dd:e4:d5:a3:4d:ee:6b:54:3f:6f:79:
         b0:3a:10:d3:57:bc:4f:79:87:93:24:c8:c7:fe:ec:ec:bc:0b:
         77:5c:18:65:59:35:7a:a2:11:0b:ec:5f:ff:75:56:6a:3d:33:
         7c:7c:de:ea:c3:e3:c6:b3:73:5f:ab:d9:d2:61:d2:71:92:c6:
         6a:9e:ce:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiHzf6v6+0rLygx8Q7aF9KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNWM1MzJmM2NkNWUxMWUxOWZlYjE5NjU1ZDRmMTk5MjZm
MDIwMjAwHhcNMjUwMTAxMTM0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTA5MzZhZDNmN2U0ZTY0Y2M4OTM2YjA1ZjdlMGMwNDhkMTA0ZWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnH4Q3t7NVrREY5E/uZgwl/yZd12v
z+HZ1ZupBpF1B0pAGGPZ19JByGx7YgJeBTjEZZ9ukKRzbar+ZapAVXFJjH/ke9Tn
uZP+F14vZOsPdsIcHlUVxhmgsx+RRBhNBqOGUQ/8ewHzL6vtpKbuXFk0GB5VMao0
EaN2uWQgM1+vq6dneOoz0axkyBPrvbjfYRe/gpOKdr2SAtgSm3BGEkntpcTu4tik
zBdi2/6hpiMVRfnXqpV7r81uFj42dh/nD8TqoA2H9vqE3fyV4pqlXIi7QdI+Wxxa
JEkLVddJf+Gk+0eQBFHJoNKHcW5gc7B4Lg1vQf3ZDGtBI7zxDcIVzkU33wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKEJNq0/fk5kzIk2sF9+DASNEE63MB8GA1UdIwQY
MBaAFNxcUy881eEeGf6xllXU8Zkm8CAgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0Z4VEx6elY0UjRaX3JHV1ZkVHhtU2J3SUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9kYjI2YmEtNzU0ZC00MTE4LWJlMzEt
NGI2YzFjZjlmZTRmLzEvb1FrMnJUOS1UbVRNaVRhd1gzNE1CSTBRVHJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9kYjI2YmEtNzU0ZC00MTE4LWJlMzEtNGI2YzFjZjlmZTRm
LzEvM0Z4VEx6elY0UjRaX3JHV1ZkVHhtU2J3SUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1cpHMA0G
CSqGSIb3DQEBCwUAA4IBAQA+jwsZdUJ94Ta0g3K39sibXSp2I3Ned7gwZ5zrQXQI
r9KusMmwhjhCI2BLFx37N3W0JbcxzMB3PdK9cKHrym0U2vLrx7ACzRjMQkJs0fIn
78IXDwD1am/dxvpkj3oRdRmtfknCMkkFKJEYy/6MuRTukiDBa+cSiiFmpSh2y6QU
iDLYO2/5AZGraYo9Xq2HqqY/B75mEMwlgsCkY7aKEzUmzv+26J3hImjTkCPxclLB
2izc5RhR9R0Rdy4W3eTVo03ua1Q/b3mwOhDTV7xPeYeTJMjH/uzsvAt3XBhlWTV6
ohEL7F//dVZqPTN8fN7qw+PGs3Nfq9nSYdJxksZqns5V
-----END CERTIFICATE-----