Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/b5e438-e292-4d22-a90e-ceebdfde01fc/1/OCYkPImwnimwz8s4rkU4_ZSSVP4.roa
File:                     OCYkPImwnimwz8s4rkU4_ZSSVP4.roa (raw, json)
Hash identifier:          IT8FmqKb7k4tTBmkTpzEjVWks2g+luw2EP1CzS8y1xM=
Subject key identifier:   38:26:24:3C:89:B0:9E:29:B0:CF:CB:38:AE:45:38:FD:94:92:54:FE
Certificate issuer:       /CN=885e6e65e8d74182039634566cd1fa2b2b325702
Certificate serial:       01949052B342D8EEEE2F5BA46C1514040C89
Authority key identifier: 88:5E:6E:65:E8:D7:41:82:03:96:34:56:6C:D1:FA:2B:2B:32:57:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iF5uZejXQYIDljRWbNH6KysyVwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/b5e438-e292-4d22-a90e-ceebdfde01fc/1/OCYkPImwnimwz8s4rkU4_ZSSVP4.roa
Signing time:             Wed 22 Jan 2025 23:22:06 +0000
ROA not before:           Wed 22 Jan 2025 23:22:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42638
IP address blocks:        91.189.200.0/21 maxlen: 21
                          2a14:bb00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/b5e438-e292-4d22-a90e-ceebdfde01fc/1/iF5uZejXQYIDljRWbNH6KysyVwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/b5e438-e292-4d22-a90e-ceebdfde01fc/1/iF5uZejXQYIDljRWbNH6KysyVwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iF5uZejXQYIDljRWbNH6KysyVwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:90:52:b3:42:d8:ee:ee:2f:5b:a4:6c:15:14:04:0c:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885e6e65e8d74182039634566cd1fa2b2b325702
        Validity
            Not Before: Jan 22 23:22:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3826243c89b09e29b0cfcb38ae4538fd949254fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:19:c8:b3:b3:45:d9:58:8f:74:f8:76:ce:87:
                    c8:85:a2:f6:8c:de:35:d8:46:16:e8:bf:d4:be:28:
                    1e:a5:56:83:5a:af:b9:4a:20:f5:b8:1c:9a:06:95:
                    f2:27:c5:b0:4e:f6:b3:26:13:a3:ae:9c:23:4a:4b:
                    ba:d2:25:4d:ac:33:07:bf:e6:2c:26:fd:e7:24:b6:
                    7c:27:65:2b:8a:cd:55:74:2d:dc:fc:03:af:5f:f7:
                    10:9d:62:c4:00:66:a5:3e:6a:ea:1a:0b:ed:ed:cf:
                    8c:9c:3c:01:c0:6b:24:54:da:8b:a9:a3:7b:60:7b:
                    95:72:7b:4f:51:9e:27:db:a4:4d:7b:78:37:c5:d3:
                    6c:92:a5:b4:d6:2b:93:f2:f7:ee:fd:a4:f6:66:15:
                    5e:3e:e6:6a:23:30:12:bb:de:e6:0b:67:bd:10:14:
                    d0:85:28:66:a9:b5:22:97:bf:c1:f8:de:d9:94:d1:
                    9b:b4:9a:99:c6:56:42:89:a9:1d:cc:6e:bb:16:c6:
                    b8:e7:ca:28:84:27:0e:22:67:be:5b:b5:70:05:4c:
                    b0:37:f5:c4:dd:bf:bb:11:d4:3d:86:4b:72:83:39:
                    c5:50:aa:a2:5c:b2:84:bc:c9:9b:1e:3f:b7:1c:bf:
                    bb:43:1f:83:52:cf:27:78:cb:1d:70:57:95:0d:cd:
                    82:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:26:24:3C:89:B0:9E:29:B0:CF:CB:38:AE:45:38:FD:94:92:54:FE
            X509v3 Authority Key Identifier:
                keyid:88:5E:6E:65:E8:D7:41:82:03:96:34:56:6C:D1:FA:2B:2B:32:57:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iF5uZejXQYIDljRWbNH6KysyVwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/b5e438-e292-4d22-a90e-ceebdfde01fc/1/OCYkPImwnimwz8s4rkU4_ZSSVP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/b5e438-e292-4d22-a90e-ceebdfde01fc/1/iF5uZejXQYIDljRWbNH6KysyVwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.189.200.0/21
                IPv6:
                  2a14:bb00::/29

    Signature Algorithm: sha256WithRSAEncryption
         96:7e:f7:2d:06:19:54:60:d5:d0:24:ec:62:58:ae:4b:c5:71:
         11:19:45:b6:3b:bb:22:9a:40:63:3e:04:85:2b:d1:0c:4e:69:
         ee:2e:8a:f9:d5:4b:0d:9a:c3:d6:ea:2b:1b:58:03:cd:8a:de:
         46:4e:28:f2:be:9a:b2:9c:f9:fe:c1:a9:ce:15:e3:7e:31:28:
         f6:13:9e:00:dc:f4:8e:c7:63:e7:4e:77:09:77:74:12:14:95:
         21:b2:e0:27:3a:b9:0c:bf:91:68:c8:de:55:58:fa:81:93:6c:
         77:1d:4e:33:ff:00:09:2a:9a:76:cc:2a:b0:45:3c:38:73:e6:
         55:04:3a:12:59:e1:63:40:8e:f2:de:d5:3f:1f:07:c3:6b:63:
         a3:0b:13:bd:07:2b:27:c5:ea:9d:49:9b:68:9e:30:fa:ca:6e:
         d8:d3:cf:6f:87:e1:1a:94:f4:b2:09:7a:f5:2d:2a:ad:d8:46:
         56:e6:25:f2:e9:5e:66:03:30:e6:f8:48:c3:d4:19:cc:2a:eb:
         4b:06:6a:8a:96:99:37:49:e1:a0:21:b1:81:3f:9e:cc:21:c7:
         0b:56:c3:f3:1e:49:70:49:03:10:ac:71:2e:bd:21:1c:15:7d:
         26:13:29:c7:70:a7:4b:58:d4:e5:4d:a0:32:45:87:a3:c9:73:
         d8:23:06:55
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZSQUrNC2O7uL1ukbBUUBAyJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWU2ZTY1ZThkNzQxODIwMzk2MzQ1NjZjZDFmYTJiMmIz
MjU3MDIwHhcNMjUwMTIyMjMyMjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODI2MjQzYzg5YjA5ZTI5YjBjZmNiMzhhZTQ1MzhmZDk0OTI1NGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBnIs7NF2ViPdPh2zofIhaL2jN41
2EYW6L/UvigepVaDWq+5SiD1uByaBpXyJ8WwTvazJhOjrpwjSku60iVNrDMHv+Ys
Jv3nJLZ8J2Uris1VdC3c/AOvX/cQnWLEAGalPmrqGgvt7c+MnDwBwGskVNqLqaN7
YHuVcntPUZ4n26RNe3g3xdNskqW01iuT8vfu/aT2ZhVePuZqIzASu97mC2e9EBTQ
hShmqbUil7/B+N7ZlNGbtJqZxlZCiakdzG67Fsa458oohCcOIme+W7VwBUywN/XE
3b+7EdQ9hktygznFUKqiXLKEvMmbHj+3HL+7Qx+DUs8neMsdcFeVDc2C2QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDgmJDyJsJ4psM/LOK5FOP2UklT+MB8GA1UdIwQY
MBaAFIhebmXo10GCA5Y0VmzR+isrMlcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUY1dVplalhRWUlEbGpSV2JOSDZLeXN5VndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9iNWU0MzgtZTI5Mi00ZDIyLWE5MGUt
Y2VlYmRmZGUwMWZjLzEvT0NZa1BJbXduaW13ejhzNHJrVTRfWlNTVlA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9iNWU0MzgtZTI5Mi00ZDIyLWE5MGUtY2VlYmRmZGUwMWZj
LzEvaUY1dVplalhRWUlEbGpSV2JOSDZLeXN5VndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDW73IMA0E
AgACMAcDBQMqFLsAMA0GCSqGSIb3DQEBCwUAA4IBAQCWfvctBhlUYNXQJOxiWK5L
xXERGUW2O7simkBjPgSFK9EMTmnuLor51UsNmsPW6isbWAPNit5GTijyvpqynPn+
wanOFeN+MSj2E54A3PSOx2PnTncJd3QSFJUhsuAnOrkMv5FoyN5VWPqBk2x3HU4z
/wAJKpp2zCqwRTw4c+ZVBDoSWeFjQI7y3tU/HwfDa2OjCxO9BysnxeqdSZtonjD6
ym7Y089vh+EalPSyCXr1LSqt2EZW5iXy6V5mAzDm+EjD1BnMKutLBmqKlpk3SeGg
IbGBP57MIccLVsPzHklwSQMQrHEuvSEcFX0mEynHcKdLWNTlTaAyRYejyXPYIwZV
-----END CERTIFICATE-----