Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/OE3tT2H2fUUZLW1vQ7BzbV1M8gU.roa
File:                     OE3tT2H2fUUZLW1vQ7BzbV1M8gU.roa (raw, json)
Hash identifier:          y5ASsgsrkdPRvKNsFBA0em5Q7FjI70gdDU/50w7KFJA=
Subject key identifier:   38:4D:ED:4F:61:F6:7D:45:19:2D:6D:6F:43:B0:73:6D:5D:4C:F2:05
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       01961E7083F97F4BDBA3DE3133A2E8B854EC
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/OE3tT2H2fUUZLW1vQ7BzbV1M8gU.roa
Signing time:             Thu 10 Apr 2025 06:43:32 +0000
ROA not before:           Thu 10 Apr 2025 06:43:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213480
IP address blocks:        93.179.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1e:70:83:f9:7f:4b:db:a3:de:31:33:a2:e8:b8:54:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Apr 10 06:43:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=384ded4f61f67d45192d6d6f43b0736d5d4cf205
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:5f:7b:64:d1:df:f3:f6:b8:5d:12:5b:ab:1f:
                    5b:63:b3:c8:17:73:4d:62:d7:c8:e9:15:ab:9f:33:
                    49:c6:17:84:1f:f2:d1:76:c2:86:b8:79:d9:3c:c0:
                    50:f4:0e:67:c0:98:72:07:52:c2:a2:95:9a:1d:12:
                    f1:be:03:f3:47:1b:38:36:e9:a5:29:58:8f:23:41:
                    5d:37:22:b4:b2:77:25:9f:a7:51:49:3e:88:23:18:
                    10:e5:b0:22:24:83:41:76:71:91:31:13:38:6d:17:
                    76:ce:f7:68:b0:18:2e:88:41:e3:ea:c0:ed:47:ac:
                    79:23:41:ea:4e:b3:5b:99:85:fa:b8:f1:2c:76:d4:
                    1d:0b:df:dc:80:d9:7d:1f:1a:03:76:a9:91:d9:92:
                    0b:55:58:13:41:98:03:d2:cb:30:cc:86:b3:10:a1:
                    0e:05:11:9e:a5:fc:dd:54:e5:43:47:06:57:50:0f:
                    7c:f8:b6:01:62:40:45:74:72:b0:c9:18:8e:dd:1f:
                    85:2a:95:f9:71:f0:3c:0d:35:d5:70:f3:25:41:ed:
                    23:50:30:ed:7e:40:da:e7:bc:68:55:81:75:29:6f:
                    ca:03:77:39:bb:8c:32:49:a4:63:8f:50:71:be:6c:
                    82:2b:93:92:fb:3c:d1:a7:ec:c4:8c:64:6f:d5:ba:
                    2f:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:4D:ED:4F:61:F6:7D:45:19:2D:6D:6F:43:B0:73:6D:5D:4C:F2:05
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/OE3tT2H2fUUZLW1vQ7BzbV1M8gU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.179.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:6b:00:79:14:ed:42:b6:b2:2f:d3:23:99:6b:84:aa:16:40:
         f1:86:d6:2e:82:c3:db:8f:c9:f9:e9:34:a4:e7:6f:ca:07:53:
         0e:c3:f6:15:22:01:cb:0c:5c:5f:d0:26:1e:fd:73:b1:eb:d7:
         a5:9e:46:2a:e3:73:bd:26:a7:66:3a:5d:b4:c3:d5:da:61:2f:
         e8:60:57:0c:0b:0c:c1:b1:31:81:96:75:3b:f1:fa:96:e3:b9:
         e2:a5:cc:6e:2d:af:e1:36:fa:3c:66:86:15:bc:b9:f8:2c:73:
         f2:51:77:ea:b3:19:5c:38:88:ab:ba:4e:34:de:e4:71:9a:da:
         a5:bf:e1:ee:49:21:15:e0:f6:2a:dd:cb:1f:b6:bb:70:83:1f:
         ea:91:f9:e0:b6:99:57:b0:99:62:95:96:15:0d:e6:c9:49:ec:
         6f:8e:16:37:2c:e2:c2:f1:57:96:4e:ea:91:68:d4:10:45:3b:
         4f:bf:1f:31:7f:89:b0:76:56:56:d5:84:b9:08:0c:d5:94:aa:
         ab:5c:3f:6c:eb:ec:cd:31:2d:d3:0e:f5:0c:9d:6a:f6:ca:7f:
         c6:cf:bb:9c:c8:02:ea:bd:7d:9d:9f:16:76:8c:62:f0:ba:fd:
         e7:78:a4:6f:55:9c:13:29:8c:b0:49:db:57:51:3a:68:8d:59:
         a6:a8:81:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYecIP5f0vbo94xM6LouFTsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjUwNDEwMDY0MzMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODRkZWQ0ZjYxZjY3ZDQ1MTkyZDZkNmY0M2IwNzM2ZDVkNGNmMjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0197ZNHf8/a4XRJbqx9bY7PIF3NN
YtfI6RWrnzNJxheEH/LRdsKGuHnZPMBQ9A5nwJhyB1LCopWaHRLxvgPzRxs4Numl
KViPI0FdNyK0sncln6dRST6IIxgQ5bAiJINBdnGRMRM4bRd2zvdosBguiEHj6sDt
R6x5I0HqTrNbmYX6uPEsdtQdC9/cgNl9HxoDdqmR2ZILVVgTQZgD0sswzIazEKEO
BRGepfzdVOVDRwZXUA98+LYBYkBFdHKwyRiO3R+FKpX5cfA8DTXVcPMlQe0jUDDt
fkDa57xoVYF1KW/KA3c5u4wySaRjj1BxvmyCK5OS+zzRp+zEjGRv1bovgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDhN7U9h9n1FGS1tb0Owc21dTPIFMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvT0UzdFQySDJmVVVaTFcxdlE3QnpiVjFNOGdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXbNeMA0G
CSqGSIb3DQEBCwUAA4IBAQCKawB5FO1CtrIv0yOZa4SqFkDxhtYugsPbj8n56TSk
52/KB1MOw/YVIgHLDFxf0CYe/XOx69elnkYq43O9JqdmOl20w9XaYS/oYFcMCwzB
sTGBlnU78fqW47nipcxuLa/hNvo8ZoYVvLn4LHPyUXfqsxlcOIiruk403uRxmtql
v+HuSSEV4PYq3csftrtwgx/qkfngtplXsJlilZYVDebJSexvjhY3LOLC8VeWTuqR
aNQQRTtPvx8xf4mwdlZW1YS5CAzVlKqrXD9s6+zNMS3TDvUMnWr2yn/Gz7ucyALq
vX2dnxZ2jGLwuv3neKRvVZwTKYywSdtXUTpojVmmqIGs
-----END CERTIFICATE-----