Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/oMVZrnPoAXYW477f8Ut5F92C5Hg.roa
File:                     oMVZrnPoAXYW477f8Ut5F92C5Hg.roa (raw, json)
Hash identifier:          EiJjRzfI4G9nFesuvyvycnPoMO50/InOe562/vYFUqY=
Subject key identifier:   A0:C5:59:AE:73:E8:01:76:16:E3:BE:DF:F1:4B:79:17:DD:82:E4:78
Certificate issuer:       /CN=beba48c7e2c9e05eda546d899146b89f799df85d
Certificate serial:       01942825CA077B61799E2FC725C4E3B1091D
Authority key identifier: BE:BA:48:C7:E2:C9:E0:5E:DA:54:6D:89:91:46:B8:9F:79:9D:F8:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/oMVZrnPoAXYW477f8Ut5F92C5Hg.roa
Signing time:             Thu 02 Jan 2025 17:52:32 +0000
ROA not before:           Thu 02 Jan 2025 17:52:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208511
IP address blocks:        213.108.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:ca:07:7b:61:79:9e:2f:c7:25:c4:e3:b1:09:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=beba48c7e2c9e05eda546d899146b89f799df85d
        Validity
            Not Before: Jan  2 17:52:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a0c559ae73e8017616e3bedff14b7917dd82e478
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:4a:32:43:b7:4f:4f:93:22:d0:93:1c:33:13:
                    35:00:43:97:b7:8f:00:3f:8f:19:2d:11:2b:80:8d:
                    d0:49:10:ed:47:96:8d:53:cf:74:1e:3d:41:91:3e:
                    74:40:2d:8a:a5:90:df:87:95:46:37:2e:5c:9d:d6:
                    00:ea:12:0a:e1:10:20:b6:4f:88:29:b6:ed:c7:e7:
                    d5:70:67:fb:42:1d:38:5c:24:94:d9:f8:8c:39:21:
                    50:05:93:a8:48:b2:0a:c0:28:d2:22:70:0f:f3:c3:
                    30:6a:ce:c5:b4:50:90:9c:86:71:cd:85:cd:c3:52:
                    93:45:a5:74:57:de:ac:18:45:bc:93:29:28:c3:b8:
                    a2:be:cb:6f:58:4a:f6:ff:35:31:e7:32:cd:a0:bc:
                    f5:59:f4:cd:23:64:98:e7:6f:29:c9:e0:72:7b:ca:
                    36:df:6a:a2:c1:6e:8a:42:5b:b3:7a:ff:bb:5e:fd:
                    d0:e1:f9:13:79:e1:51:83:35:29:36:22:cc:b3:4a:
                    97:26:b8:7f:e8:ed:23:6c:67:08:b8:d4:f0:4f:1b:
                    65:25:13:89:78:66:a2:13:92:7d:c9:e8:a4:c0:a3:
                    9c:8a:d3:5c:a2:dc:61:b8:5d:41:56:e2:4e:da:38:
                    a8:5d:88:36:19:8d:3b:02:8c:1a:bc:fb:f4:d9:54:
                    6d:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:C5:59:AE:73:E8:01:76:16:E3:BE:DF:F1:4B:79:17:DD:82:E4:78
            X509v3 Authority Key Identifier:
                keyid:BE:BA:48:C7:E2:C9:E0:5E:DA:54:6D:89:91:46:B8:9F:79:9D:F8:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/oMVZrnPoAXYW477f8Ut5F92C5Hg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.108.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:42:84:cb:a3:d0:d1:8c:ab:a5:d7:cd:7e:f4:90:fd:2e:8c:
         c4:91:29:36:c8:5d:db:f9:dc:1e:73:85:0d:69:56:34:d6:87:
         23:37:d3:a8:9c:ee:e1:c7:b1:6c:6a:1d:77:0e:50:4f:36:93:
         36:99:fb:c5:6d:60:cf:79:d3:aa:a9:0b:2a:44:31:5b:d9:c1:
         b4:53:f1:6d:e9:44:e0:65:3f:89:de:ef:32:45:d6:1b:1d:80:
         ba:fd:7c:11:e8:1f:ac:04:4a:cc:f5:22:e5:f1:0e:30:06:c4:
         1e:61:3a:42:0b:48:3e:b9:77:97:42:85:78:91:5b:5d:a5:29:
         27:a6:7d:bd:84:44:30:68:f7:ed:7e:c6:05:d3:bf:6e:05:87:
         53:d4:31:71:e6:72:68:a6:ea:56:c4:02:56:4f:77:ab:ba:16:
         52:a0:11:4c:bf:29:4a:3e:a2:06:c2:0d:db:3f:e9:b3:bd:ef:
         76:51:99:8d:ed:d0:83:8e:17:7e:7b:aa:a4:98:3c:9c:8f:33:
         f0:7d:c5:be:b8:b4:13:f6:2b:39:8e:b3:53:99:8d:47:31:18:
         80:b1:15:ba:41:6d:69:c5:53:90:ff:27:40:18:98:6d:7d:8e:
         46:8d:9f:f5:26:36:21:3a:30:95:84:6a:65:ad:11:77:f2:1e:
         83:2c:82:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJcoHe2F5ni/HJcTjsQkdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYmE0OGM3ZTJjOWUwNWVkYTU0NmQ4OTkxNDZiODlmNzk5
ZGY4NWQwHhcNMjUwMTAyMTc1MjMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGM1NTlhZTczZTgwMTc2MTZlM2JlZGZmMTRiNzkxN2RkODJlNDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00oyQ7dPT5Mi0JMcMxM1AEOXt48A
P48ZLRErgI3QSRDtR5aNU890Hj1BkT50QC2KpZDfh5VGNy5cndYA6hIK4RAgtk+I
Kbbtx+fVcGf7Qh04XCSU2fiMOSFQBZOoSLIKwCjSInAP88Mwas7FtFCQnIZxzYXN
w1KTRaV0V96sGEW8kykow7iivstvWEr2/zUx5zLNoLz1WfTNI2SY528pyeBye8o2
32qiwW6KQluzev+7Xv3Q4fkTeeFRgzUpNiLMs0qXJrh/6O0jbGcIuNTwTxtlJROJ
eGaiE5J9yeikwKOcitNcotxhuF1BVuJO2jioXYg2GY07AowavPv02VRtZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKDFWa5z6AF2FuO+3/FLeRfdguR4MB8GA1UdIwQY
MBaAFL66SMfiyeBe2lRtiZFGuJ95nfhdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnJwSXgtTEo0RjdhVkcySmtVYTRuM21kLUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC83Zjg4MjEtMTU2Ni00M2Y0LWFiMjYt
M2Q1MjIxODFhMmM0LzEvb01WWnJuUG9BWFlXNDc3ZjhVdDVGOTJDNUhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC83Zjg4MjEtMTU2Ni00M2Y0LWFiMjYtM2Q1MjIxODFhMmM0
LzEvdnJwSXgtTEo0RjdhVkcySmtVYTRuM21kLUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1WwgMA0G
CSqGSIb3DQEBCwUAA4IBAQAjQoTLo9DRjKul181+9JD9LozEkSk2yF3b+dwec4UN
aVY01ocjN9OonO7hx7Fsah13DlBPNpM2mfvFbWDPedOqqQsqRDFb2cG0U/Ft6UTg
ZT+J3u8yRdYbHYC6/XwR6B+sBErM9SLl8Q4wBsQeYTpCC0g+uXeXQoV4kVtdpSkn
pn29hEQwaPftfsYF079uBYdT1DFx5nJopupWxAJWT3eruhZSoBFMvylKPqIGwg3b
P+mzve92UZmN7dCDjhd+e6qkmDycjzPwfcW+uLQT9is5jrNTmY1HMRiAsRW6QW1p
xVOQ/ydAGJhtfY5GjZ/1JjYhOjCVhGplrRF38h6DLILB
-----END CERTIFICATE-----