Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/OFc0yBZFy4Wa20RcLrHQGW0n8Z0.roa
File:                     OFc0yBZFy4Wa20RcLrHQGW0n8Z0.roa (raw, json)
Hash identifier:          TB30ZCImx4FabUXsP6FrJ/8xR1ebGEeWXJhQyL3afw0=
Subject key identifier:   38:57:34:C8:16:45:CB:85:9A:DB:44:5C:2E:B1:D0:19:6D:27:F1:9D
Certificate issuer:       /CN=a62f2d3c269d935227690b28b7fbdd953e1e9edc
Certificate serial:       0194221F5B06B578FD355A52954B0A18194F
Authority key identifier: A6:2F:2D:3C:26:9D:93:52:27:69:0B:28:B7:FB:DD:95:3E:1E:9E:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pi8tPCadk1InaQsot_vdlT4entw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/OFc0yBZFy4Wa20RcLrHQGW0n8Z0.roa
Signing time:             Wed 01 Jan 2025 13:47:47 +0000
ROA not before:           Wed 01 Jan 2025 13:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202
IP address blocks:        91.240.72.0/24 maxlen: 24
                          185.42.232.0/24 maxlen: 24
                          185.42.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/pi8tPCadk1InaQsot_vdlT4entw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/pi8tPCadk1InaQsot_vdlT4entw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pi8tPCadk1InaQsot_vdlT4entw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 07:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:5b:06:b5:78:fd:35:5a:52:95:4b:0a:18:19:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a62f2d3c269d935227690b28b7fbdd953e1e9edc
        Validity
            Not Before: Jan  1 13:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=385734c81645cb859adb445c2eb1d0196d27f19d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:f2:aa:51:fd:3b:01:3e:26:f2:ce:05:95:15:
                    c3:e5:71:d3:dc:e4:b2:4c:1c:55:d9:4d:37:05:d0:
                    52:d4:76:ff:77:7c:bf:0b:a7:d7:7a:a8:d1:56:f8:
                    6a:ec:af:05:77:a8:bc:c0:ab:5b:ed:8d:4f:20:11:
                    2f:8c:dd:ee:fa:fb:17:11:c6:ac:6a:5a:43:a8:11:
                    66:f3:24:79:7d:b4:36:59:14:a0:9c:14:71:b4:8e:
                    b4:e5:ed:e0:c5:54:0f:46:f6:41:a5:b6:d1:7d:3f:
                    87:d9:0e:b3:39:54:74:d0:35:65:5a:fc:5d:4d:23:
                    db:9e:23:11:be:e8:8b:6d:eb:9c:85:cf:a8:dd:af:
                    bb:ba:bb:99:d8:0c:45:71:e8:14:07:4b:01:52:2b:
                    1f:e1:b5:28:dd:97:8c:87:73:c4:21:1c:8b:13:04:
                    78:ee:99:9d:97:38:a7:43:62:a9:c4:d6:0e:3c:6b:
                    27:3b:bf:6b:24:ae:9a:60:3b:a0:ee:11:45:fe:f7:
                    4f:d3:f0:30:18:59:bc:0e:2e:4f:e6:05:d0:a4:be:
                    b8:7c:8e:da:42:f0:cb:51:ff:31:df:22:5e:99:19:
                    d6:cb:14:9c:0a:9a:48:1e:a9:41:2a:20:56:a1:7f:
                    00:09:62:2d:a6:b7:0f:6a:c9:dc:81:23:4d:c0:9c:
                    9a:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:57:34:C8:16:45:CB:85:9A:DB:44:5C:2E:B1:D0:19:6D:27:F1:9D
            X509v3 Authority Key Identifier:
                keyid:A6:2F:2D:3C:26:9D:93:52:27:69:0B:28:B7:FB:DD:95:3E:1E:9E:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pi8tPCadk1InaQsot_vdlT4entw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/OFc0yBZFy4Wa20RcLrHQGW0n8Z0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/pi8tPCadk1InaQsot_vdlT4entw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.72.0/24
                  185.42.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:85:bb:8a:18:ae:a7:e4:a1:0e:ee:0b:e5:b6:3f:7a:2e:ff:
         a6:44:5c:f8:c4:45:f8:da:e1:bd:9c:27:25:96:53:d5:26:a4:
         46:ed:be:02:fc:ef:53:07:42:4f:13:90:da:4d:72:5d:e2:ce:
         fd:e0:96:e7:f5:78:3b:8d:c1:cb:cd:b6:dc:5d:ee:c0:3e:a6:
         d9:a1:8a:dd:03:29:0e:5b:e7:b7:43:fe:ff:b4:41:bd:f7:da:
         5c:c1:cc:68:3a:12:e3:df:66:32:16:45:45:22:53:88:38:b7:
         93:14:ce:e0:f3:6b:fe:94:c4:50:4e:63:0b:75:58:66:a2:c5:
         89:d0:be:84:28:03:00:01:8a:a8:6f:4f:ae:fe:2b:69:12:4d:
         d6:7d:a1:79:54:3e:0d:37:28:cd:b6:33:34:59:cc:08:54:fe:
         9a:e5:d3:0d:71:dd:7f:45:d4:b8:8f:eb:9d:0a:66:c2:28:3e:
         5d:ee:d1:22:4e:cb:c9:c2:19:10:ac:36:44:6a:6e:27:4e:f4:
         12:7e:86:49:20:82:43:75:4b:a1:b4:17:63:d2:25:25:d3:c4:
         72:1a:88:b2:99:bd:31:d8:4a:2e:15:92:05:d4:2b:21:f1:ca:
         98:42:29:5f:f3:97:7a:78:a5:a0:21:3f:c4:64:c0:99:19:c6:
         cf:a1:44:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH1sGtXj9NVpSlUsKGBlPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MmYyZDNjMjY5ZDkzNTIyNzY5MGIyOGI3ZmJkZDk1M2Ux
ZTllZGMwHhcNMjUwMTAxMTM0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODU3MzRjODE2NDVjYjg1OWFkYjQ0NWMyZWIxZDAxOTZkMjdmMTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPKqUf07AT4m8s4FlRXD5XHT3OSy
TBxV2U03BdBS1Hb/d3y/C6fXeqjRVvhq7K8Fd6i8wKtb7Y1PIBEvjN3u+vsXEcas
alpDqBFm8yR5fbQ2WRSgnBRxtI605e3gxVQPRvZBpbbRfT+H2Q6zOVR00DVlWvxd
TSPbniMRvuiLbeuchc+o3a+7uruZ2AxFcegUB0sBUisf4bUo3ZeMh3PEIRyLEwR4
7pmdlzinQ2KpxNYOPGsnO79rJK6aYDug7hFF/vdP0/AwGFm8Di5P5gXQpL64fI7a
QvDLUf8x3yJemRnWyxScCppIHqlBKiBWoX8ACWItprcPasncgSNNwJyawQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDhXNMgWRcuFmttEXC6x0BltJ/GdMB8GA1UdIwQY
MBaAFKYvLTwmnZNSJ2kLKLf73ZU+Hp7cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGk4dFBDYWRrMUluYVFzb3RfdmRsVDRlbnR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8zMjViODQtMmVkNC00MDkyLTkwNmMt
MTAwZWVkODEyYzQwLzEvT0ZjMHlCWkZ5NFdhMjBSY0xySFFHVzBuOFowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8zMjViODQtMmVkNC00MDkyLTkwNmMtMTAwZWVkODEyYzQw
LzEvcGk4dFBDYWRrMUluYVFzb3RfdmRsVDRlbnR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/BIAwQB
uSroMA0GCSqGSIb3DQEBCwUAA4IBAQAFhbuKGK6n5KEO7gvltj96Lv+mRFz4xEX4
2uG9nCclllPVJqRG7b4C/O9TB0JPE5DaTXJd4s794Jbn9Xg7jcHLzbbcXe7APqbZ
oYrdAykOW+e3Q/7/tEG999pcwcxoOhLj32YyFkVFIlOIOLeTFM7g82v+lMRQTmML
dVhmosWJ0L6EKAMAAYqob0+u/itpEk3WfaF5VD4NNyjNtjM0WcwIVP6a5dMNcd1/
RdS4j+udCmbCKD5d7tEiTsvJwhkQrDZEam4nTvQSfoZJIIJDdUuhtBdj0iUl08Ry
Goiymb0x2EouFZIF1Csh8cqYQilf85d6eKWgIT/EZMCZGcbPoUQ+
-----END CERTIFICATE-----