Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/f37027-afc4-444f-8008-95ce2c755d47/1/o05sdzj6m4fQO6_WrgnQWVEGn8s.roa
File:                     o05sdzj6m4fQO6_WrgnQWVEGn8s.roa (raw, json)
Hash identifier:          4PZyqJElCUrsee8Vele9Jxa/SXWOHXm1LP7RgEQB9SY=
Subject key identifier:   A3:4E:6C:77:38:FA:9B:87:D0:3B:AF:D6:AE:09:D0:59:51:06:9F:CB
Certificate issuer:       /CN=28954e28f6e01ca5c7353bc372f369a5f51d9bb4
Certificate serial:       0194222028295D2497ED709999DA8CA985CD
Authority key identifier: 28:95:4E:28:F6:E0:1C:A5:C7:35:3B:C3:72:F3:69:A5:F5:1D:9B:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KJVOKPbgHKXHNTvDcvNppfUdm7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/f37027-afc4-444f-8008-95ce2c755d47/1/o05sdzj6m4fQO6_WrgnQWVEGn8s.roa
Signing time:             Wed 01 Jan 2025 13:48:40 +0000
ROA not before:           Wed 01 Jan 2025 13:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3257
IP address blocks:        193.138.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/f37027-afc4-444f-8008-95ce2c755d47/1/KJVOKPbgHKXHNTvDcvNppfUdm7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/f37027-afc4-444f-8008-95ce2c755d47/1/KJVOKPbgHKXHNTvDcvNppfUdm7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KJVOKPbgHKXHNTvDcvNppfUdm7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:28:29:5d:24:97:ed:70:99:99:da:8c:a9:85:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28954e28f6e01ca5c7353bc372f369a5f51d9bb4
        Validity
            Not Before: Jan  1 13:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a34e6c7738fa9b87d03bafd6ae09d05951069fcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:5a:16:9c:ca:52:52:03:f9:5b:e2:af:49:19:
                    0c:65:d7:ab:a2:fe:65:bf:55:62:bf:b1:37:9a:05:
                    01:9a:64:4a:25:e4:03:13:e0:f3:88:d5:4c:d9:6a:
                    10:c1:0d:00:95:84:b7:7c:4a:b7:69:74:56:8c:54:
                    6d:b9:60:4b:46:ef:d4:ca:8b:43:e7:06:5c:04:7b:
                    9e:a2:e6:c1:43:07:64:f7:b8:1e:67:b8:15:9a:26:
                    35:d7:47:5a:33:9a:57:fe:f6:83:cd:c7:04:b5:86:
                    47:be:60:33:db:c9:9c:c1:87:c9:56:60:bc:cb:b9:
                    75:7b:a4:f4:1b:a3:8a:23:3f:44:d9:1c:b9:ac:7c:
                    51:19:32:48:92:e5:7d:21:d5:f2:73:18:f8:d9:f1:
                    95:ef:f5:9b:ab:01:aa:f3:05:89:b5:69:b3:9e:66:
                    25:9e:24:e3:3c:d3:39:83:6d:53:de:c2:c3:76:41:
                    d6:2a:a6:52:ae:c4:a4:e1:66:ec:79:29:f2:f5:14:
                    67:3e:42:f6:f9:f4:87:8c:32:11:44:d3:63:2a:52:
                    25:bf:d5:dc:5d:bf:b7:6a:88:01:a3:02:00:a3:c5:
                    8f:55:5f:eb:dc:5b:e9:74:34:df:b3:58:dc:6e:bc:
                    b0:be:42:94:40:6e:87:c6:09:91:71:76:fd:1b:0c:
                    d5:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:4E:6C:77:38:FA:9B:87:D0:3B:AF:D6:AE:09:D0:59:51:06:9F:CB
            X509v3 Authority Key Identifier:
                keyid:28:95:4E:28:F6:E0:1C:A5:C7:35:3B:C3:72:F3:69:A5:F5:1D:9B:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KJVOKPbgHKXHNTvDcvNppfUdm7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f37027-afc4-444f-8008-95ce2c755d47/1/o05sdzj6m4fQO6_WrgnQWVEGn8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f37027-afc4-444f-8008-95ce2c755d47/1/KJVOKPbgHKXHNTvDcvNppfUdm7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.138.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:c1:77:48:21:cf:a5:45:e9:a4:d2:cd:7c:30:4d:2c:77:6c:
         dc:a6:ec:67:77:62:28:51:04:e2:54:0b:d2:85:34:ce:79:24:
         a7:cc:5f:58:65:ea:3c:01:61:f2:a2:5e:7f:d7:c5:55:c1:03:
         9d:22:fe:7f:54:05:90:4f:3d:90:1d:52:ef:a6:12:ff:bc:2a:
         9c:c5:da:c0:da:8e:23:cd:2f:bd:e5:f7:98:c1:d6:ce:6e:8d:
         d4:9e:21:64:ef:5b:ff:d7:7a:be:05:d8:e7:e3:2f:cd:74:b6:
         84:be:0b:1d:fa:7d:39:81:52:64:64:40:84:8e:67:ba:e5:ed:
         bb:4f:f6:5e:cc:0e:58:c5:b8:20:37:4f:b2:e8:1e:76:65:d9:
         b2:be:ea:82:c8:c9:d7:08:be:61:99:88:c7:f2:1a:10:24:74:
         ab:db:bb:48:b4:4c:d2:b7:ce:9d:e4:e5:41:3e:27:c7:f0:74:
         10:3e:47:4f:89:e6:e5:73:aa:92:4c:4c:a7:af:cd:35:b6:55:
         13:49:75:fa:08:ba:3b:43:65:ee:8d:d9:2c:a7:80:b1:2a:88:
         d3:db:da:1a:58:74:24:30:41:53:c0:ed:d4:d3:10:e5:56:64:
         07:55:f6:7e:d4:0f:5e:b8:db:10:21:33:97:ea:25:f0:1a:56:
         e6:eb:94:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiICgpXSSX7XCZmdqMqYXNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4OTU0ZTI4ZjZlMDFjYTVjNzM1M2JjMzcyZjM2OWE1ZjUx
ZDliYjQwHhcNMjUwMTAxMTM0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzRlNmM3NzM4ZmE5Yjg3ZDAzYmFmZDZhZTA5ZDA1OTUxMDY5ZmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkloWnMpSUgP5W+KvSRkMZderov5l
v1Viv7E3mgUBmmRKJeQDE+DziNVM2WoQwQ0AlYS3fEq3aXRWjFRtuWBLRu/UyotD
5wZcBHueoubBQwdk97geZ7gVmiY110daM5pX/vaDzccEtYZHvmAz28mcwYfJVmC8
y7l1e6T0G6OKIz9E2Ry5rHxRGTJIkuV9IdXycxj42fGV7/WbqwGq8wWJtWmznmYl
niTjPNM5g21T3sLDdkHWKqZSrsSk4WbseSny9RRnPkL2+fSHjDIRRNNjKlIlv9Xc
Xb+3aogBowIAo8WPVV/r3FvpdDTfs1jcbrywvkKUQG6HxgmRcXb9GwzVhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKNObHc4+puH0Duv1q4J0FlRBp/LMB8GA1UdIwQY
MBaAFCiVTij24BylxzU7w3LzaaX1HZu0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0pWT0tQYmdIS1hITlR2RGN2TnBwZlVkbTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9mMzcwMjctYWZjNC00NDRmLTgwMDgt
OTVjZTJjNzU1ZDQ3LzEvbzA1c2R6ajZtNGZRTzZfV3JnblFXVkVHbjhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9mMzcwMjctYWZjNC00NDRmLTgwMDgtOTVjZTJjNzU1ZDQ3
LzEvS0pWT0tQYmdIS1hITlR2RGN2TnBwZlVkbTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYpQMA0G
CSqGSIb3DQEBCwUAA4IBAQBdwXdIIc+lRemk0s18ME0sd2zcpuxnd2IoUQTiVAvS
hTTOeSSnzF9YZeo8AWHyol5/18VVwQOdIv5/VAWQTz2QHVLvphL/vCqcxdrA2o4j
zS+95feYwdbObo3UniFk71v/13q+Bdjn4y/NdLaEvgsd+n05gVJkZECEjme65e27
T/ZezA5YxbggN0+y6B52ZdmyvuqCyMnXCL5hmYjH8hoQJHSr27tItEzSt86d5OVB
PifH8HQQPkdPieblc6qSTEynr801tlUTSXX6CLo7Q2Xujdksp4CxKojT29oaWHQk
MEFTwO3U0xDlVmQHVfZ+1A9euNsQITOX6iXwGlbm65Ri
-----END CERTIFICATE-----