Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/oQaywy3q8vmyPxGr_AmiNoNzTBA.roa
File:                     oQaywy3q8vmyPxGr_AmiNoNzTBA.roa (raw, json)
Hash identifier:          4Yn0dAJN/4cvXNvMf4Lu9rEegHknGAt0w5s9nflB7/U=
Subject key identifier:   A1:06:B2:C3:2D:EA:F2:F9:B2:3F:11:AB:FC:09:A2:36:83:73:4C:10
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019425FC6D80C3C44A2FB36A5F8113F6B926
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/oQaywy3q8vmyPxGr_AmiNoNzTBA.roa
Signing time:             Thu 02 Jan 2025 07:48:07 +0000
ROA not before:           Thu 02 Jan 2025 07:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9123
IP address blocks:        82.97.240.0/20 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:6d:80:c3:c4:4a:2f:b3:6a:5f:81:13:f6:b9:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  2 07:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a106b2c32deaf2f9b23f11abfc09a23683734c10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:93:d7:a2:25:05:35:98:a2:23:6d:5d:a6:96:
                    90:7e:be:b4:0c:95:cc:17:1b:c5:9c:5b:cb:cf:94:
                    f6:b2:db:4d:90:42:09:9e:65:4d:d3:d5:c8:53:bd:
                    6f:f5:c7:33:92:36:6d:17:bb:34:4c:fd:23:34:10:
                    8a:28:d3:f6:6a:48:70:4b:c7:ce:19:db:62:82:13:
                    35:9d:20:e4:30:ce:a4:ec:27:19:4c:3e:3b:66:8f:
                    9e:9b:f5:e4:b2:52:1c:b4:ff:76:b3:33:4f:78:db:
                    d9:fb:04:ba:51:45:8e:a8:31:18:a7:8b:0d:8d:8e:
                    af:d8:cd:33:87:34:27:75:a8:d9:79:0c:1d:3d:c8:
                    8d:b7:dc:e9:03:4e:e4:b5:45:fd:63:0a:d0:e4:eb:
                    48:d0:b4:b2:75:39:24:0f:02:20:9d:ed:c1:04:55:
                    aa:a8:9e:85:0f:28:77:40:3c:66:3f:67:a0:e6:56:
                    dc:f5:33:76:65:ee:38:c8:51:ab:bd:cd:b0:d2:c1:
                    37:6a:b2:06:67:7c:fc:41:d9:7c:4d:d6:96:67:1a:
                    e6:92:2f:91:31:7e:f0:de:3a:6a:1d:35:7f:8c:fa:
                    ac:ea:58:30:f6:f3:a6:2d:af:2e:25:9b:95:75:75:
                    99:43:f1:4a:19:0e:9c:fb:20:d8:01:05:98:19:18:
                    33:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:06:B2:C3:2D:EA:F2:F9:B2:3F:11:AB:FC:09:A2:36:83:73:4C:10
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/oQaywy3q8vmyPxGr_AmiNoNzTBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.97.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         50:cf:8e:b7:54:41:4a:57:2a:10:ae:b3:96:3a:82:db:5d:c5:
         5b:22:42:e7:81:f6:77:ec:f7:e8:36:97:cc:e6:b3:b1:ab:62:
         15:78:ea:d9:69:88:ec:a6:28:f6:bc:9e:cd:34:1d:04:71:a7:
         2b:fb:bb:5a:07:58:5c:f9:db:c5:6d:b0:29:1f:58:27:2c:8f:
         74:b2:7c:68:31:44:b1:dc:38:03:ca:6a:46:0c:35:97:8a:22:
         0b:4d:10:0c:32:02:2f:9f:77:1f:8e:25:1c:7c:83:93:a5:59:
         7b:41:33:df:20:4e:f3:79:eb:b7:35:20:38:3d:a1:2d:71:99:
         3b:d8:4d:31:74:8c:19:ef:b2:ce:ac:bf:22:24:a8:76:24:30:
         12:22:49:d6:50:df:b7:dc:8f:4d:e2:04:fe:76:af:13:a8:8c:
         b3:e9:12:08:82:5d:19:4e:d2:97:c7:b7:93:a2:da:21:fc:7b:
         12:24:51:9c:43:59:14:0e:8a:af:80:c6:ba:7b:be:a3:27:fb:
         5c:b8:d7:47:54:c3:98:b8:30:a8:b9:6e:0c:bb:8c:36:59:e3:
         04:7e:75:37:a4:6d:e6:11:10:cf:2e:2c:e1:46:f4:09:4b:d6:
         16:59:1e:bb:de:ec:72:5d:3f:e2:e8:02:2c:b1:24:5b:c3:2f:
         2c:16:11:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/G2Aw8RKL7NqX4ET9rkmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwMTAyMDc0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTA2YjJjMzJkZWFmMmY5YjIzZjExYWJmYzA5YTIzNjgzNzM0YzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupPXoiUFNZiiI21dppaQfr60DJXM
FxvFnFvLz5T2sttNkEIJnmVN09XIU71v9cczkjZtF7s0TP0jNBCKKNP2akhwS8fO
GdtighM1nSDkMM6k7CcZTD47Zo+em/XkslIctP92szNPeNvZ+wS6UUWOqDEYp4sN
jY6v2M0zhzQndajZeQwdPciNt9zpA07ktUX9YwrQ5OtI0LSydTkkDwIgne3BBFWq
qJ6FDyh3QDxmP2eg5lbc9TN2Ze44yFGrvc2w0sE3arIGZ3z8Qdl8TdaWZxrmki+R
MX7w3jpqHTV/jPqs6lgw9vOmLa8uJZuVdXWZQ/FKGQ6c+yDYAQWYGRgzbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKEGssMt6vL5sj8Rq/wJojaDc0wQMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvb1FheXd5M3E4dm15UHhHcl9BbWlOb056VEJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUmHwMA0G
CSqGSIb3DQEBCwUAA4IBAQBQz463VEFKVyoQrrOWOoLbXcVbIkLngfZ37PfoNpfM
5rOxq2IVeOrZaYjspij2vJ7NNB0Ecacr+7taB1hc+dvFbbApH1gnLI90snxoMUSx
3DgDympGDDWXiiILTRAMMgIvn3cfjiUcfIOTpVl7QTPfIE7zeeu3NSA4PaEtcZk7
2E0xdIwZ77LOrL8iJKh2JDASIknWUN+33I9N4gT+dq8TqIyz6RIIgl0ZTtKXx7eT
otoh/HsSJFGcQ1kUDoqvgMa6e76jJ/tcuNdHVMOYuDCouW4Mu4w2WeMEfnU3pG3m
ERDPLizhRvQJS9YWWR673uxyXT/i6AIssSRbwy8sFhFk
-----END CERTIFICATE-----