Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/ozTUlRS2BP8xxCFNOquOdzTJVac.roa
File:                     ozTUlRS2BP8xxCFNOquOdzTJVac.roa (raw, json)
Hash identifier:          l1UJXUEegLYZKNp2zf9niVjLEqjlu26RHLObHLwCBJI=
Subject key identifier:   A3:34:D4:95:14:B6:04:FF:31:C4:21:4D:3A:AB:8E:77:34:C9:55:A7
Certificate issuer:       /CN=29a9964e0cd35fb36757e5653ffa7626ac5deee8
Certificate serial:       0194236A397C5B93BA60DB151E26AFD0E6BB
Authority key identifier: 29:A9:96:4E:0C:D3:5F:B3:67:57:E5:65:3F:FA:76:26:AC:5D:EE:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/ozTUlRS2BP8xxCFNOquOdzTJVac.roa
Signing time:             Wed 01 Jan 2025 19:49:11 +0000
ROA not before:           Wed 01 Jan 2025 19:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39826
IP address blocks:        94.250.32.0/23 maxlen: 23
                          94.250.33.0/24 maxlen: 24
                          94.250.34.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 22:01:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:39:7c:5b:93:ba:60:db:15:1e:26:af:d0:e6:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29a9964e0cd35fb36757e5653ffa7626ac5deee8
        Validity
            Not Before: Jan  1 19:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a334d49514b604ff31c4214d3aab8e7734c955a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2d:7f:4b:0c:ef:51:c5:93:58:53:56:21:e5:
                    0c:63:8c:29:4d:e5:09:62:12:30:cf:b5:05:c4:b3:
                    95:39:fd:77:e5:0c:4b:8d:2d:e6:f5:94:b3:74:f2:
                    c4:5c:f8:2d:a4:cd:e9:48:5f:87:3c:01:3a:11:7b:
                    0d:95:66:58:b4:0b:92:1f:ba:7c:7f:33:61:9e:8b:
                    1e:c0:2f:92:99:2a:71:c7:44:2c:17:a3:70:cc:aa:
                    dd:c8:d2:70:a2:d0:cd:ae:2c:85:2a:fd:65:1e:ac:
                    d3:54:92:51:d2:46:44:5d:ab:c0:00:f4:f4:d9:2f:
                    28:9e:88:ab:96:97:23:19:75:3f:a2:01:6a:d8:cb:
                    fd:74:c5:7d:b3:3a:59:0a:a0:68:ce:8b:bb:7a:0d:
                    d0:6d:e3:04:f2:80:00:1f:69:c0:d9:5c:3b:ab:65:
                    eb:3a:7c:43:02:e7:74:2e:0c:92:46:2e:fd:10:2d:
                    e5:c0:74:52:03:fc:c8:2d:98:91:d0:a4:85:30:a3:
                    f4:b4:b2:88:5f:08:d0:d9:79:de:42:32:c8:d6:55:
                    1d:8c:3c:d8:19:ed:b8:eb:dd:b7:eb:f9:ce:8e:0c:
                    06:52:5a:0e:11:a9:43:0b:b1:5a:26:fe:65:33:5e:
                    7b:0f:1c:df:d3:c1:7e:af:a5:ae:c8:a8:4b:74:05:
                    b6:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:34:D4:95:14:B6:04:FF:31:C4:21:4D:3A:AB:8E:77:34:C9:55:A7
            X509v3 Authority Key Identifier:
                keyid:29:A9:96:4E:0C:D3:5F:B3:67:57:E5:65:3F:FA:76:26:AC:5D:EE:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KamWTgzTX7NnV-VlP_p2Jqxd7ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/ozTUlRS2BP8xxCFNOquOdzTJVac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/214063-f88f-4958-ae52-d9b533f7fbc3/1/KamWTgzTX7NnV-VlP_p2Jqxd7ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.250.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9b:a0:e0:d8:ab:1f:36:26:6e:e9:97:a9:af:76:7b:f5:65:9b:
         a0:d6:c2:5b:69:6c:67:ce:dc:92:1e:57:59:2f:d8:2b:3c:20:
         9b:17:f6:37:ab:67:64:06:8c:81:69:3e:18:41:79:b6:90:78:
         15:04:33:1e:0a:b3:d7:f1:da:ab:f1:c8:17:02:e5:d1:be:20:
         e8:4f:43:5d:6a:cd:8b:f1:bc:bd:93:71:6c:01:b9:bd:e0:bd:
         a2:22:25:12:2e:17:23:61:6c:e8:04:f0:a1:9b:61:a4:e5:55:
         6d:1c:af:2d:cc:97:25:d5:2f:00:e1:45:f5:92:11:94:d7:83:
         20:7e:f4:b0:89:87:13:15:57:e5:88:b2:5e:4f:77:ab:99:65:
         c1:87:2e:b2:ee:db:87:9e:b1:3e:40:0c:44:1d:19:d1:e8:5c:
         3f:0b:2d:70:c6:60:d1:52:da:03:d3:8e:1a:e3:c6:11:91:8b:
         b0:15:c3:af:16:cd:c4:74:20:27:3d:f0:a5:0d:3f:d6:a7:7e:
         ba:c7:00:bc:16:4f:1b:13:00:4e:6c:e0:63:c0:d7:9d:22:83:
         93:dc:09:fe:71:dd:ec:13:7d:6e:c7:55:79:30:dd:50:04:d2:
         cd:e3:4f:79:30:48:99:38:10:67:15:e3:cc:40:e3:a6:e4:5f:
         1b:40:ee:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjajl8W5O6YNsVHiav0Oa7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YTk5NjRlMGNkMzVmYjM2NzU3ZTU2NTNmZmE3NjI2YWM1
ZGVlZTgwHhcNMjUwMTAxMTk0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzM0ZDQ5NTE0YjYwNGZmMzFjNDIxNGQzYWFiOGU3NzM0Yzk1NWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuy1/SwzvUcWTWFNWIeUMY4wpTeUJ
YhIwz7UFxLOVOf135QxLjS3m9ZSzdPLEXPgtpM3pSF+HPAE6EXsNlWZYtAuSH7p8
fzNhnosewC+SmSpxx0QsF6NwzKrdyNJwotDNriyFKv1lHqzTVJJR0kZEXavAAPT0
2S8onoirlpcjGXU/ogFq2Mv9dMV9szpZCqBozou7eg3QbeME8oAAH2nA2Vw7q2Xr
OnxDAud0LgySRi79EC3lwHRSA/zILZiR0KSFMKP0tLKIXwjQ2XneQjLI1lUdjDzY
Ge2469236/nOjgwGUloOEalDC7FaJv5lM157Dxzf08F+r6WuyKhLdAW2eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKM01JUUtgT/McQhTTqrjnc0yVWnMB8GA1UdIwQY
MBaAFCmplk4M01+zZ1flZT/6diasXe7oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2FtV1RnelRYN05uVi1WbFBfcDJKcXhkN3VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8yMTQwNjMtZjg4Zi00OTU4LWFlNTIt
ZDliNTMzZjdmYmMzLzEvb3pUVWxSUzJCUDh4eENGTk9xdU9kelRKVmFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8yMTQwNjMtZjg4Zi00OTU4LWFlNTItZDliNTMzZjdmYmMz
LzEvS2FtV1RnelRYN05uVi1WbFBfcDJKcXhkN3VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXvogMA0G
CSqGSIb3DQEBCwUAA4IBAQCboODYqx82Jm7pl6mvdnv1ZZug1sJbaWxnztySHldZ
L9grPCCbF/Y3q2dkBoyBaT4YQXm2kHgVBDMeCrPX8dqr8cgXAuXRviDoT0Ndas2L
8by9k3FsAbm94L2iIiUSLhcjYWzoBPChm2Gk5VVtHK8tzJcl1S8A4UX1khGU14Mg
fvSwiYcTFVfliLJeT3ermWXBhy6y7tuHnrE+QAxEHRnR6Fw/Cy1wxmDRUtoD044a
48YRkYuwFcOvFs3EdCAnPfClDT/Wp366xwC8Fk8bEwBObOBjwNedIoOT3An+cd3s
E31ux1V5MN1QBNLN4095MEiZOBBnFePMQOOm5F8bQO50
-----END CERTIFICATE-----