Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/OelyGdV-bmqdPAQxs2ZV09Kdfyo.roa
File:                     OelyGdV-bmqdPAQxs2ZV09Kdfyo.roa (raw, json)
Hash identifier:          RSX6PKmxZ7PtZYpQVpAMnqycuU/1ZdOdtgYTkMD5u1k=
Subject key identifier:   39:E9:72:19:D5:7E:6E:6A:9D:3C:04:31:B3:66:55:D3:D2:9D:7F:2A
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       018EA9A6093D864108F42CF054C4879AABC7
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/OelyGdV-bmqdPAQxs2ZV09Kdfyo.roa
Signing time:             Thu 04 Apr 2024 15:06:54 +0000
ROA not before:           Thu 04 Apr 2024 15:06:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200525
IP address blocks:        104.250.200.0/22 maxlen: 22
                          104.250.204.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a9:a6:09:3d:86:41:08:f4:2c:f0:54:c4:87:9a:ab:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Apr  4 15:06:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39e97219d57e6e6a9d3c0431b36655d3d29d7f2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d8:c3:7e:21:6d:be:8b:69:0b:a6:17:fd:1a:
                    45:e4:1d:f0:0a:3b:0a:15:ab:97:f9:51:4c:e1:9f:
                    70:0d:73:6a:31:16:37:31:f4:2a:67:a0:14:7a:ea:
                    2b:c4:3c:21:fe:86:1b:7a:0d:08:4d:d6:63:c3:3b:
                    b2:7f:91:78:72:90:e2:7c:ba:5a:45:98:52:17:3a:
                    9c:8b:e1:9c:43:bd:cc:8b:d9:8a:24:19:c5:47:39:
                    0f:42:d8:5e:ab:50:d0:a4:b5:bf:0d:81:52:2d:f5:
                    c0:10:c7:bc:34:92:bb:2a:c3:d1:8c:8e:ca:bd:e4:
                    10:e9:02:34:a2:84:f2:a4:c9:f4:b5:1a:33:ef:d9:
                    b1:90:c0:0b:bd:e4:3a:47:0f:b6:2d:c5:35:33:f9:
                    5e:0f:ce:37:c4:60:b9:83:dc:f4:f7:f6:86:22:b7:
                    0c:b3:aa:10:cf:d9:db:d8:64:fb:3a:4b:f8:e5:81:
                    7b:73:6d:c4:8d:bb:1f:02:13:34:ac:62:2a:66:64:
                    88:40:61:cb:aa:80:80:ce:ca:fd:02:03:93:bc:59:
                    31:61:19:b5:c7:67:b2:ad:35:89:bf:24:7f:75:af:
                    bd:5b:d4:47:02:60:c7:c6:5e:e4:5d:35:bc:f6:6a:
                    76:53:f6:20:ad:d3:fe:e9:42:76:f5:7e:eb:85:e1:
                    e3:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:E9:72:19:D5:7E:6E:6A:9D:3C:04:31:B3:66:55:D3:D2:9D:7F:2A
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/OelyGdV-bmqdPAQxs2ZV09Kdfyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.250.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         85:f9:75:c9:ee:de:b1:3f:82:17:02:62:68:da:8c:8e:2c:e1:
         b3:67:4d:51:5a:c6:cd:66:60:03:de:d0:17:2a:b2:02:33:c4:
         57:a1:93:0f:ca:a4:c9:9b:85:0b:09:79:bb:27:a4:20:46:75:
         fa:74:fc:ad:9d:3d:e7:90:ff:ef:ec:cf:1e:f3:fe:78:f0:4d:
         84:f1:29:fa:ff:27:d5:77:3c:56:0a:21:65:3b:46:71:c9:87:
         51:a6:19:80:4c:55:39:fd:04:89:29:0d:42:2c:b6:92:b7:77:
         1d:8c:76:32:06:b9:1b:a2:a2:df:14:b9:42:f1:b4:86:ab:01:
         da:63:d2:1b:1a:c8:9d:e1:d6:2a:b9:28:02:38:41:e4:9e:e7:
         92:92:73:50:6b:54:81:1e:ac:e1:10:fb:3f:8f:c4:7b:23:55:
         0f:bf:dd:56:85:6a:64:ef:b9:d7:73:8c:92:7e:d7:83:d2:64:
         ea:76:0d:31:02:aa:53:b0:e0:e4:c4:6d:6d:15:30:44:02:51:
         02:54:40:11:9e:84:cb:47:a4:5a:ad:c2:56:89:a6:57:a6:8e:
         8a:6e:94:d5:19:ae:60:33:26:f2:0e:27:0e:27:23:c3:fa:75:
         3b:39:53:85:61:57:63:ba:5f:8b:c0:df:87:c4:c5:66:0b:02:
         0d:b0:70:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6ppgk9hkEI9CzwVMSHmqvHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQwNDA0MTUwNjU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWU5NzIxOWQ1N2U2ZTZhOWQzYzA0MzFiMzY2NTVkM2QyOWQ3ZjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdjDfiFtvotpC6YX/RpF5B3wCjsK
FauX+VFM4Z9wDXNqMRY3MfQqZ6AUeuorxDwh/oYbeg0ITdZjwzuyf5F4cpDifLpa
RZhSFzqci+GcQ73Mi9mKJBnFRzkPQtheq1DQpLW/DYFSLfXAEMe8NJK7KsPRjI7K
veQQ6QI0ooTypMn0tRoz79mxkMALveQ6Rw+2LcU1M/leD843xGC5g9z09/aGIrcM
s6oQz9nb2GT7Okv45YF7c23EjbsfAhM0rGIqZmSIQGHLqoCAzsr9AgOTvFkxYRm1
x2eyrTWJvyR/da+9W9RHAmDHxl7kXTW89mp2U/YgrdP+6UJ29X7rheHj+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDnpchnVfm5qnTwEMbNmVdPSnX8qMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvT2VseUdkVi1ibXFkUEFReHMyWlYwOUtkZnlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDaPrIMA0G
CSqGSIb3DQEBCwUAA4IBAQCF+XXJ7t6xP4IXAmJo2oyOLOGzZ01RWsbNZmAD3tAX
KrICM8RXoZMPyqTJm4ULCXm7J6QgRnX6dPytnT3nkP/v7M8e8/548E2E8Sn6/yfV
dzxWCiFlO0ZxyYdRphmATFU5/QSJKQ1CLLaSt3cdjHYyBrkboqLfFLlC8bSGqwHa
Y9IbGsid4dYquSgCOEHknueSknNQa1SBHqzhEPs/j8R7I1UPv91WhWpk77nXc4yS
fteD0mTqdg0xAqpTsODkxG1tFTBEAlECVEARnoTLR6RarcJWiaZXpo6KbpTVGa5g
MybyDicOJyPD+nU7OVOFYVdjul+LwN+HxMVmCwINsHBv
-----END CERTIFICATE-----