Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/878a1c-a7a0-4fd1-98a0-33e44621db07/1/1-OIAlKZkamjD55UMqzWQx8P8ujA.roa
File:                     1-OIAlKZkamjD55UMqzWQx8P8ujA.roa (raw, json)
Hash identifier:          60FXDRY9jVOvfNl6JHlrniUKuc6zQEI45l9Gv0k62G4=
Subject key identifier:   F8:E2:00:94:A6:64:6A:68:C3:E7:95:0C:AB:35:90:C7:C3:FC:BA:30
Certificate issuer:       /CN=b31f0671f399e4da20a48bd327c47afa4a41ffc3
Certificate serial:       01942143E586B86B7AA8807C2C134974CB5D
Authority key identifier: B3:1F:06:71:F3:99:E4:DA:20:A4:8B:D3:27:C4:7A:FA:4A:41:FF:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sx8GcfOZ5NogpIvTJ8R6-kpB_8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/878a1c-a7a0-4fd1-98a0-33e44621db07/1/1-OIAlKZkamjD55UMqzWQx8P8ujA.roa
Signing time:             Wed 01 Jan 2025 09:48:05 +0000
ROA not before:           Wed 01 Jan 2025 09:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2852
IP address blocks:        147.231.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/878a1c-a7a0-4fd1-98a0-33e44621db07/1/sx8GcfOZ5NogpIvTJ8R6-kpB_8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/878a1c-a7a0-4fd1-98a0-33e44621db07/1/sx8GcfOZ5NogpIvTJ8R6-kpB_8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sx8GcfOZ5NogpIvTJ8R6-kpB_8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:e5:86:b8:6b:7a:a8:80:7c:2c:13:49:74:cb:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b31f0671f399e4da20a48bd327c47afa4a41ffc3
        Validity
            Not Before: Jan  1 09:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8e20094a6646a68c3e7950cab3590c7c3fcba30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:40:20:1f:9f:8c:b1:78:75:4e:01:42:7a:47:
                    33:3c:3e:05:3a:02:7c:0d:b7:f0:8e:be:6e:26:a0:
                    a1:3b:f9:50:05:a8:74:a3:3d:6b:27:05:02:9f:23:
                    24:23:84:f2:e0:b9:dc:c0:46:07:29:e0:37:08:c4:
                    81:69:72:37:1f:e1:34:0b:02:65:84:2e:00:e1:5a:
                    04:40:5d:27:f6:c3:52:5f:59:49:3f:e1:ea:a0:50:
                    ac:e5:ac:0e:7a:ba:f6:f5:95:a8:d0:5f:45:88:32:
                    e6:f4:45:f9:95:df:f2:9f:28:d1:1b:fa:0c:8f:e7:
                    f9:80:aa:53:6f:b4:f0:36:5f:ff:60:8d:c5:b2:ef:
                    8c:ad:9b:c2:84:ce:1a:fd:1b:01:a9:33:d6:1c:02:
                    ca:e6:b1:5e:4b:23:c5:c2:d7:6e:0a:5b:26:9d:f4:
                    24:48:8b:c5:ce:b3:6f:3f:f0:29:39:98:27:50:ea:
                    fd:10:7e:80:05:7a:5d:b2:a4:92:90:12:cd:5d:b4:
                    48:6a:3e:38:02:3c:b8:8b:d0:ae:77:a0:7d:bd:06:
                    07:ca:11:6d:58:10:ef:d0:33:f1:e5:97:36:85:6a:
                    c7:3b:f9:f5:f4:ce:b8:af:58:73:cc:ec:9e:ab:7f:
                    06:be:90:c7:dc:a1:a6:bf:a9:4a:7d:ea:43:d4:00:
                    ae:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:E2:00:94:A6:64:6A:68:C3:E7:95:0C:AB:35:90:C7:C3:FC:BA:30
            X509v3 Authority Key Identifier:
                keyid:B3:1F:06:71:F3:99:E4:DA:20:A4:8B:D3:27:C4:7A:FA:4A:41:FF:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sx8GcfOZ5NogpIvTJ8R6-kpB_8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/878a1c-a7a0-4fd1-98a0-33e44621db07/1/1-OIAlKZkamjD55UMqzWQx8P8ujA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/878a1c-a7a0-4fd1-98a0-33e44621db07/1/sx8GcfOZ5NogpIvTJ8R6-kpB_8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.231.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3c:94:c8:6e:6c:ae:bd:96:bf:83:c5:64:6b:e8:75:f5:49:2e:
         03:56:14:5d:b7:75:85:69:68:cb:61:84:82:53:7a:32:79:47:
         f7:c7:e7:ca:26:c7:64:a1:7c:a2:6a:e3:95:b0:fa:c2:8b:19:
         81:fa:51:4d:f5:a1:f2:27:d7:10:f6:b4:7b:79:8d:4d:fb:d4:
         f5:73:67:d0:b7:22:0e:23:23:1a:f2:1a:ea:49:09:5e:af:b2:
         21:a8:71:dd:58:a7:56:fe:26:41:ef:db:d6:25:4c:bd:dc:5d:
         83:f7:79:95:69:38:2e:6b:c3:eb:3f:b0:5d:a9:2e:59:c7:b1:
         1c:cc:af:b9:a4:32:bd:f6:5c:4d:92:f3:44:2a:86:ce:96:94:
         a9:69:52:78:eb:1b:d6:39:78:f4:0f:c1:f4:cf:32:82:4e:85:
         4c:a1:e8:d9:73:52:1f:1a:01:6c:00:c3:89:2d:5a:51:5d:74:
         b8:c2:7e:e2:a3:1c:5a:59:72:6f:ad:2a:1a:3b:b0:27:34:74:
         47:d8:c5:ba:9e:c2:eb:fe:78:95:35:05:6b:85:57:db:11:b3:
         32:20:24:b8:dc:7d:61:a3:14:96:dc:24:21:ee:58:9a:aa:d6:
         1f:ca:db:04:52:92:4d:b5:84:83:2b:cc:5d:0f:f4:95:0e:80:
         e5:65:ea:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ+WGuGt6qIB8LBNJdMtdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMWYwNjcxZjM5OWU0ZGEyMGE0OGJkMzI3YzQ3YWZhNGE0
MWZmYzMwHhcNMjUwMTAxMDk0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGUyMDA5NGE2NjQ2YTY4YzNlNzk1MGNhYjM1OTBjN2MzZmNiYTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUAgH5+MsXh1TgFCekczPD4FOgJ8
Dbfwjr5uJqChO/lQBah0oz1rJwUCnyMkI4Ty4LncwEYHKeA3CMSBaXI3H+E0CwJl
hC4A4VoEQF0n9sNSX1lJP+HqoFCs5awOerr29ZWo0F9FiDLm9EX5ld/ynyjRG/oM
j+f5gKpTb7TwNl//YI3Fsu+MrZvChM4a/RsBqTPWHALK5rFeSyPFwtduClsmnfQk
SIvFzrNvP/ApOZgnUOr9EH6ABXpdsqSSkBLNXbRIaj44Ajy4i9Cud6B9vQYHyhFt
WBDv0DPx5Zc2hWrHO/n19M64r1hzzOyeq38GvpDH3KGmv6lKfepD1ACuEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPjiAJSmZGpow+eVDKs1kMfD/LowMB8GA1UdIwQY
MBaAFLMfBnHzmeTaIKSL0yfEevpKQf/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3g4R2NmT1o1Tm9ncEl2VEo4UjYta3BCXzhNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC84NzhhMWMtYTdhMC00ZmQxLTk4YTAt
MzNlNDQ2MjFkYjA3LzEvMS1PSUFsS1prYW1qRDU1VU1xeldReDhQOHVqQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2QvODc4YTFjLWE3YTAtNGZkMS05OGEwLTMzZTQ0NjIxZGIw
Ny8xL3N4OEdjZk9aNU5vZ3BJdlRKOFI2LWtwQl84TS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJPnMA0G
CSqGSIb3DQEBCwUAA4IBAQA8lMhubK69lr+DxWRr6HX1SS4DVhRdt3WFaWjLYYSC
U3oyeUf3x+fKJsdkoXyiauOVsPrCixmB+lFN9aHyJ9cQ9rR7eY1N+9T1c2fQtyIO
IyMa8hrqSQler7IhqHHdWKdW/iZB79vWJUy93F2D93mVaTgua8PrP7BdqS5Zx7Ec
zK+5pDK99lxNkvNEKobOlpSpaVJ46xvWOXj0D8H0zzKCToVMoejZc1IfGgFsAMOJ
LVpRXXS4wn7ioxxaWXJvrSoaO7AnNHRH2MW6nsLr/niVNQVrhVfbEbMyICS43H1h
oxSW3CQh7liaqtYfytsEUpJNtYSDK8xdD/SVDoDlZep7
-----END CERTIFICATE-----