Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/O3k2fZ7M7h9xxJULFx8hLXZYbIs.roa
File:                     O3k2fZ7M7h9xxJULFx8hLXZYbIs.roa (raw, json)
Hash identifier:          kuz1zxM8tYKSTiUIwS3vwxJteSC19pbyxPNKVlQnoEM=
Subject key identifier:   3B:79:36:7D:9E:CC:EE:1F:71:C4:95:0B:17:1F:21:2D:76:58:6C:8B
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0194ACE4DBAAC74A04D95DF91A67E551CA21
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/O3k2fZ7M7h9xxJULFx8hLXZYbIs.roa
Signing time:             Tue 28 Jan 2025 12:31:07 +0000
ROA not before:           Tue 28 Jan 2025 12:31:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214798
IP address blocks:        194.135.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ac:e4:db:aa:c7:4a:04:d9:5d:f9:1a:67:e5:51:ca:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan 28 12:31:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b79367d9eccee1f71c4950b171f212d76586c8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:05:ce:72:db:1a:92:39:e8:51:9e:a2:f3:91:
                    1f:b5:c9:20:77:48:e5:16:86:92:a8:a7:15:ea:3f:
                    be:19:ab:b2:11:b5:ec:05:d0:eb:1f:12:11:de:ea:
                    96:df:84:ef:5e:2b:01:b3:ec:de:f7:42:3d:c6:ec:
                    86:11:6e:84:97:75:20:a3:84:03:77:7b:92:b2:a5:
                    a9:97:0d:ee:75:00:ef:8f:20:4f:51:b5:04:25:41:
                    a9:3d:9a:b4:5b:38:ec:dd:78:d8:f5:ba:22:49:0b:
                    03:ab:0d:ba:f9:60:43:4d:33:af:3b:08:a8:bc:f1:
                    74:81:2c:b1:1f:44:59:b7:1b:2b:95:d8:63:cd:97:
                    e1:4a:7d:e1:7e:45:85:68:f0:a1:ea:96:1b:73:fb:
                    5a:85:4f:29:27:22:ba:b5:03:58:79:2e:18:65:44:
                    f2:5e:60:bb:65:f3:de:eb:bd:6c:3d:00:3c:ba:7d:
                    fa:d0:80:00:c6:31:2d:4a:b7:18:85:f1:96:9d:57:
                    a1:20:71:bd:6c:ae:98:5d:6f:fd:65:4c:b7:f6:df:
                    66:8a:f5:d7:79:b8:4b:48:c2:7b:bf:b1:1f:e5:41:
                    47:84:6d:e9:a3:b5:71:e6:69:c6:5d:82:4d:7f:fc:
                    bd:ee:20:7e:fa:96:78:84:7d:37:03:b4:c8:87:18:
                    ce:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:79:36:7D:9E:CC:EE:1F:71:C4:95:0B:17:1F:21:2D:76:58:6C:8B
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/O3k2fZ7M7h9xxJULFx8hLXZYbIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.135.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:15:94:5f:4b:8e:34:bd:d9:49:00:ef:63:d3:57:09:3a:15:
         1e:18:4b:42:06:43:b0:05:7c:78:cb:7e:13:89:a2:af:5b:d1:
         6a:67:4c:2f:f3:56:fc:b4:42:ef:5d:b3:40:ce:6b:c8:a6:e3:
         79:13:f4:16:e3:c9:f7:f0:e5:d9:1c:c3:28:1e:fe:2e:d6:4d:
         b4:63:88:2e:98:b1:60:f8:13:3a:83:c4:31:d4:7b:ad:6d:fa:
         52:93:b6:94:e1:89:f2:ea:3e:80:f3:79:dd:f1:fc:2f:e5:e6:
         73:95:07:e2:7b:4d:8c:98:5b:7c:ed:f9:a7:db:c6:85:77:fc:
         16:71:10:d8:2c:bd:db:94:9b:20:24:ee:ef:1f:af:55:1f:4a:
         c2:53:11:61:f5:5c:a4:a8:0e:9e:61:f9:89:05:4c:f9:78:5d:
         0e:17:d3:fa:4f:ef:8e:f9:9e:12:ab:37:b8:c7:37:b2:bf:39:
         30:c9:c3:d2:8d:64:2f:67:cd:26:52:c9:7d:1f:c8:2e:aa:1d:
         d8:75:e7:3f:cf:f7:37:60:19:fb:15:e7:c8:07:82:fd:d5:51:
         bd:76:e3:64:09:59:15:c9:33:3f:9c:47:b3:cd:0f:7f:ed:72:
         dd:43:95:f0:f1:5c:b9:14:57:43:bc:f9:77:63:8d:e0:e5:6e:
         ab:18:83:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSs5Nuqx0oE2V35GmflUcohMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTI4MTIzMTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjc5MzY3ZDllY2NlZTFmNzFjNDk1MGIxNzFmMjEyZDc2NTg2YzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1wXOctsakjnoUZ6i85Eftckgd0jl
FoaSqKcV6j++GauyEbXsBdDrHxIR3uqW34TvXisBs+ze90I9xuyGEW6El3Ugo4QD
d3uSsqWplw3udQDvjyBPUbUEJUGpPZq0Wzjs3XjY9boiSQsDqw26+WBDTTOvOwio
vPF0gSyxH0RZtxsrldhjzZfhSn3hfkWFaPCh6pYbc/tahU8pJyK6tQNYeS4YZUTy
XmC7ZfPe671sPQA8un360IAAxjEtSrcYhfGWnVehIHG9bK6YXW/9ZUy39t9mivXX
ebhLSMJ7v7Ef5UFHhG3po7Vx5mnGXYJNf/y97iB++pZ4hH03A7TIhxjOiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDt5Nn2ezO4fccSVCxcfIS12WGyLMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvTzNrMmZaN003aDl4eEpVTEZ4OGhMWFpZYklzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwocuMA0G
CSqGSIb3DQEBCwUAA4IBAQCDFZRfS440vdlJAO9j01cJOhUeGEtCBkOwBXx4y34T
iaKvW9FqZ0wv81b8tELvXbNAzmvIpuN5E/QW48n38OXZHMMoHv4u1k20Y4gumLFg
+BM6g8Qx1HutbfpSk7aU4Yny6j6A83nd8fwv5eZzlQfie02MmFt87fmn28aFd/wW
cRDYLL3blJsgJO7vH69VH0rCUxFh9VykqA6eYfmJBUz5eF0OF9P6T++O+Z4Sqze4
xzeyvzkwycPSjWQvZ80mUsl9H8guqh3Ydec/z/c3YBn7FefIB4L91VG9duNkCVkV
yTM/nEezzQ9/7XLdQ5Xw8Vy5FFdDvPl3Y43g5W6rGIOi
-----END CERTIFICATE-----