Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/ONWmRTsmlikzKiXcELK659zioOs.roa
File:                     ONWmRTsmlikzKiXcELK659zioOs.roa (raw, json)
Hash identifier:          ABPDFu/1+8TwhkhsWhlX5FTnbqU4jC75LMFCpdQ4s4o=
Subject key identifier:   38:D5:A6:45:3B:26:96:29:33:2A:25:DC:10:B2:BA:E7:DC:E2:A0:EB
Certificate issuer:       /CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
Certificate serial:       0192E7B7E5191D03D43923CD3B182F76FF50
Authority key identifier: 4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/ONWmRTsmlikzKiXcELK659zioOs.roa
Signing time:             Fri 01 Nov 2024 12:34:01 +0000
ROA not before:           Fri 01 Nov 2024 12:34:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7029
IP address blocks:        159.197.224.0/19 maxlen: 24
                          161.8.160.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e7:b7:e5:19:1d:03:d4:39:23:cd:3b:18:2f:76:ff:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
        Validity
            Not Before: Nov  1 12:34:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38d5a6453b269629332a25dc10b2bae7dce2a0eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:4d:d8:e1:1e:b7:8f:df:e4:83:c8:5d:78:48:
                    62:58:ca:a7:b8:d8:ea:3f:6f:a4:69:f7:21:d2:c6:
                    c6:5b:aa:49:53:d7:e5:13:d2:a6:4b:dd:4e:25:48:
                    e3:da:00:da:c1:d9:b1:70:aa:78:08:fe:b9:6c:b8:
                    74:8c:bf:f3:b4:1c:a3:6d:90:e0:c3:fe:17:0a:0d:
                    44:e8:10:9a:1f:10:ee:7f:e5:f7:3a:2b:38:c7:99:
                    8c:a6:fe:15:1f:ab:76:21:73:0c:89:bd:d0:b7:04:
                    4a:bb:d3:74:77:e0:d8:af:82:f2:f2:d1:0e:a7:02:
                    c3:32:d5:60:ec:9a:30:a8:d1:7c:ce:99:6c:7c:9d:
                    4e:46:43:2e:aa:48:5f:6c:de:64:0c:5a:2a:43:4e:
                    7a:59:a4:1c:49:95:3d:c4:1e:1e:9b:8f:4c:e6:9d:
                    ba:15:82:3a:16:28:01:51:84:6e:9f:03:c5:a1:72:
                    ab:21:26:69:42:91:ac:ba:65:2f:ab:65:f1:13:4c:
                    a7:ee:d1:bb:47:01:7d:e5:17:cf:3c:52:a0:2e:9d:
                    3f:8a:98:70:4e:17:77:14:b4:e6:a0:8f:f2:8a:b6:
                    bb:35:39:4e:f7:fa:9e:4b:fb:69:c7:cc:b4:54:ef:
                    8c:87:d1:9a:ae:c5:d1:18:ff:73:c6:dc:c4:93:2a:
                    25:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:D5:A6:45:3B:26:96:29:33:2A:25:DC:10:B2:BA:E7:DC:E2:A0:EB
            X509v3 Authority Key Identifier:
                keyid:4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/ONWmRTsmlikzKiXcELK659zioOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.197.224.0/19
                  161.8.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         31:2a:c3:98:30:1b:84:6b:f5:90:41:d8:c6:ce:af:2c:e6:1a:
         f7:20:f4:50:7b:55:6c:8b:f6:30:25:c9:c8:06:d3:9c:48:aa:
         dc:7e:54:51:8e:86:1b:8c:82:57:d8:e5:ee:a8:3c:f5:1b:b4:
         5e:38:e6:dd:f6:7c:47:9e:21:2a:a9:d7:a0:5e:40:c1:75:76:
         48:7e:5c:0d:18:ec:58:cb:ce:ca:9b:4e:f4:9c:0a:90:90:a7:
         48:38:04:f0:ab:f0:1c:5c:52:ce:56:1d:6d:28:94:01:22:88:
         1d:04:e9:03:0f:b8:55:05:ff:d7:71:e3:87:7a:17:11:a5:ff:
         75:a5:2b:06:7f:3b:33:d7:e6:d7:19:bf:58:44:5a:63:f8:dc:
         6e:74:10:0e:de:b2:cc:67:a2:7c:69:ba:ae:dc:cf:0d:3b:4b:
         b8:94:80:13:c8:1b:11:a1:04:79:c4:07:14:52:21:d0:93:da:
         36:bf:e8:05:74:c6:30:de:27:55:0f:60:91:49:5d:d5:4f:5b:
         71:f2:86:32:7b:46:ff:16:1f:1b:35:47:3c:cc:dd:2f:24:76:
         64:c4:81:ef:38:c4:36:b8:63:0e:1f:11:6c:4c:43:dd:e4:84:
         ca:37:ba:e4:00:3d:8f:73:b1:1f:23:41:82:80:fd:d6:07:6f:
         85:2c:2f:70
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLnt+UZHQPUOSPNOxgvdv9QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDk1NGQzYzc3YzljNGUzN2VlYmY3NTNkODZmM2RjZjA5
MWQ0YTkwHhcNMjQxMTAxMTIzNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGQ1YTY0NTNiMjY5NjI5MzMyYTI1ZGMxMGIyYmFlN2RjZTJhMGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsE3Y4R63j9/kg8hdeEhiWMqnuNjq
P2+kafch0sbGW6pJU9flE9KmS91OJUjj2gDawdmxcKp4CP65bLh0jL/ztByjbZDg
w/4XCg1E6BCaHxDuf+X3Ois4x5mMpv4VH6t2IXMMib3QtwRKu9N0d+DYr4Ly8tEO
pwLDMtVg7JowqNF8zplsfJ1ORkMuqkhfbN5kDFoqQ056WaQcSZU9xB4em49M5p26
FYI6FigBUYRunwPFoXKrISZpQpGsumUvq2XxE0yn7tG7RwF95RfPPFKgLp0/iphw
Thd3FLTmoI/yira7NTlO9/qeS/tpx8y0VO+Mh9GarsXRGP9zxtzEkyolaQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDjVpkU7JpYpMyol3BCyuufc4qDrMB8GA1UdIwQY
MBaAFE3ZVNPHfJxON+6/dT2G89zwkdSpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDIt
ZWI3YWFhNjgyOGJlLzEvT05XbVJUc21saWt6S2lYY0VMSzY1OXppb09zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDItZWI3YWFhNjgyOGJl
LzEvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFn8XgAwQF
oQigMA0GCSqGSIb3DQEBCwUAA4IBAQAxKsOYMBuEa/WQQdjGzq8s5hr3IPRQe1Vs
i/YwJcnIBtOcSKrcflRRjoYbjIJX2OXuqDz1G7ReOObd9nxHniEqqdegXkDBdXZI
flwNGOxYy87Km070nAqQkKdIOATwq/AcXFLOVh1tKJQBIogdBOkDD7hVBf/XceOH
ehcRpf91pSsGfzsz1+bXGb9YRFpj+NxudBAO3rLMZ6J8abqu3M8NO0u4lIATyBsR
oQR5xAcUUiHQk9o2v+gFdMYw3idVD2CRSV3VT1tx8oYye0b/Fh8bNUc8zN0vJHZk
xIHvOMQ2uGMOHxFsTEPd5ITKN7rkAD2Pc7EfI0GCgP3WB2+FLC9w
-----END CERTIFICATE-----