Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/ovGP4arKXoonSAQIQ1WNcsWj-gQ.roa
File:                     ovGP4arKXoonSAQIQ1WNcsWj-gQ.roa (raw, json)
Hash identifier:          T9HKSRGXUzrIsVuq9KTvv/Pp6ahuWPC0kj3dMzK0+WE=
Subject key identifier:   A2:F1:8F:E1:AA:CA:5E:8A:27:48:04:08:43:55:8D:72:C5:A3:FA:04
Certificate issuer:       /CN=cfe0df82121438271c913c24ff50fd3b62d40dc6
Certificate serial:       019421B2163E2DA60CD8CE8489CE6710C215
Authority key identifier: CF:E0:DF:82:12:14:38:27:1C:91:3C:24:FF:50:FD:3B:62:D4:0D:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z-DfghIUOCcckTwk_1D9O2LUDcY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/ovGP4arKXoonSAQIQ1WNcsWj-gQ.roa
Signing time:             Wed 01 Jan 2025 11:48:26 +0000
ROA not before:           Wed 01 Jan 2025 11:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3332
IP address blocks:        193.40.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/z-DfghIUOCcckTwk_1D9O2LUDcY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/z-DfghIUOCcckTwk_1D9O2LUDcY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z-DfghIUOCcckTwk_1D9O2LUDcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 02:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:16:3e:2d:a6:0c:d8:ce:84:89:ce:67:10:c2:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfe0df82121438271c913c24ff50fd3b62d40dc6
        Validity
            Not Before: Jan  1 11:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a2f18fe1aaca5e8a2748040843558d72c5a3fa04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:43:53:68:d2:88:97:6e:64:e3:03:8e:72:11:
                    ee:6f:cf:7c:7e:8a:9f:09:c3:78:db:5e:9d:25:39:
                    42:24:75:1a:c4:a0:83:77:55:0f:06:c0:aa:56:03:
                    e9:78:3b:00:ad:b4:55:9a:7a:5e:17:ac:40:c6:40:
                    75:00:b8:58:7e:a6:dc:ab:9d:9f:16:b4:b8:ff:db:
                    57:03:51:da:1c:76:f9:78:52:f8:96:d3:51:44:d2:
                    e8:a9:27:cf:e2:05:c6:03:89:5a:0e:ae:c5:8e:52:
                    67:b0:6a:7f:17:e9:e5:51:43:71:3e:88:95:a3:5d:
                    45:84:64:44:b7:77:3f:23:47:3c:13:ec:68:fd:2c:
                    e6:dd:44:6f:dc:ef:37:36:1e:a2:92:0a:d9:42:a3:
                    84:6f:15:28:cd:2f:4a:7c:cb:02:bc:3c:92:03:9f:
                    dd:71:6a:47:e9:c7:b0:54:f3:c9:30:e4:2f:51:88:
                    4e:79:dd:64:4b:fd:d1:0f:e5:27:0e:25:94:da:27:
                    3e:9b:52:23:d8:4c:c1:46:87:5e:c5:c7:4e:40:23:
                    55:0c:6a:09:1f:40:52:4f:29:59:03:a0:72:05:75:
                    e9:69:8a:a7:a2:bd:9c:07:1b:62:c8:32:1c:6e:43:
                    cc:31:24:34:fa:7b:75:a5:29:bb:72:30:ad:aa:8c:
                    ad:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:F1:8F:E1:AA:CA:5E:8A:27:48:04:08:43:55:8D:72:C5:A3:FA:04
            X509v3 Authority Key Identifier:
                keyid:CF:E0:DF:82:12:14:38:27:1C:91:3C:24:FF:50:FD:3B:62:D4:0D:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z-DfghIUOCcckTwk_1D9O2LUDcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/ovGP4arKXoonSAQIQ1WNcsWj-gQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/z-DfghIUOCcckTwk_1D9O2LUDcY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.40.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:e8:cf:e8:8a:99:e1:fd:17:50:ba:63:44:fe:b7:3c:e0:29:
         b1:fb:a8:30:42:d6:5f:09:43:e1:42:cf:3b:f1:8a:e0:4c:58:
         7f:c0:fb:bb:a3:3c:21:a8:dd:17:b7:d1:5c:91:e8:4b:75:5d:
         b8:65:b0:8f:ea:29:4f:f3:68:4c:8f:99:41:6f:cf:ff:9c:c9:
         f1:e4:f3:1a:7a:47:15:cd:41:53:1c:61:ff:31:67:dc:49:b1:
         ec:3a:84:b1:93:83:1d:06:a2:cf:37:70:b4:7a:53:af:80:d7:
         4b:2b:a4:1f:77:78:3e:6e:f6:32:2b:68:f4:51:1f:ac:51:3f:
         a2:75:73:c6:1b:ba:6f:cc:a0:de:47:75:88:82:70:ad:69:af:
         cc:92:82:6b:56:35:bb:bd:ad:68:f9:6c:9e:c1:bd:dc:47:15:
         0c:1d:14:3b:ca:bd:53:3b:53:9d:2f:66:ee:71:49:80:ae:ce:
         4d:88:71:c0:f7:5e:02:ab:72:d3:d0:1b:4a:fd:d5:d2:1b:f0:
         25:da:07:d9:97:e8:02:c0:5e:bf:a5:54:cd:b8:35:94:ce:b0:
         f1:3e:ad:77:d6:cd:b7:fa:95:6c:f2:14:d1:c9:3f:7c:ee:f3:
         a4:7c:18:b6:a3:02:a2:be:d6:ca:8f:a2:fb:7c:cc:6d:f4:5a:
         14:18:f0:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhshY+LaYM2M6Eic5nEMIVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZTBkZjgyMTIxNDM4MjcxYzkxM2MyNGZmNTBmZDNiNjJk
NDBkYzYwHhcNMjUwMTAxMTE0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmYxOGZlMWFhY2E1ZThhMjc0ODA0MDg0MzU1OGQ3MmM1YTNmYTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUNTaNKIl25k4wOOchHub898foqf
CcN4216dJTlCJHUaxKCDd1UPBsCqVgPpeDsArbRVmnpeF6xAxkB1ALhYfqbcq52f
FrS4/9tXA1HaHHb5eFL4ltNRRNLoqSfP4gXGA4laDq7FjlJnsGp/F+nlUUNxPoiV
o11FhGREt3c/I0c8E+xo/Szm3URv3O83Nh6ikgrZQqOEbxUozS9KfMsCvDySA5/d
cWpH6cewVPPJMOQvUYhOed1kS/3RD+UnDiWU2ic+m1Ij2EzBRodexcdOQCNVDGoJ
H0BSTylZA6ByBXXpaYqnor2cBxtiyDIcbkPMMSQ0+nt1pSm7cjCtqoytgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKLxj+Gqyl6KJ0gECENVjXLFo/oEMB8GA1UdIwQY
MBaAFM/g34ISFDgnHJE8JP9Q/Tti1A3GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvei1EZmdoSVVPQ2Nja1R3a18xRDlPMkxVRGNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yNjMzMWMtMzRhMS00YmM1LWI3NWMt
ZjJjNzkyMmZhZjMyLzEvb3ZHUDRhcktYb29uU0FRSVExV05jc1dqLWdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yNjMzMWMtMzRhMS00YmM1LWI3NWMtZjJjNzkyMmZhZjMy
LzEvei1EZmdoSVVPQ2Nja1R3a18xRDlPMkxVRGNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSjDMA0G
CSqGSIb3DQEBCwUAA4IBAQBg6M/oipnh/RdQumNE/rc84Cmx+6gwQtZfCUPhQs87
8YrgTFh/wPu7ozwhqN0Xt9FckehLdV24ZbCP6ilP82hMj5lBb8//nMnx5PMaekcV
zUFTHGH/MWfcSbHsOoSxk4MdBqLPN3C0elOvgNdLK6Qfd3g+bvYyK2j0UR+sUT+i
dXPGG7pvzKDeR3WIgnCtaa/MkoJrVjW7va1o+Wyewb3cRxUMHRQ7yr1TO1OdL2bu
cUmArs5NiHHA914Cq3LT0BtK/dXSG/Al2gfZl+gCwF6/pVTNuDWUzrDxPq131s23
+pVs8hTRyT987vOkfBi2owKivtbKj6L7fMxt9FoUGPDj
-----END CERTIFICATE-----