Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/og-QYcWWG7blmQPnjS8N7Pfy2CI.roa
File:                     og-QYcWWG7blmQPnjS8N7Pfy2CI.roa (raw, json)
Hash identifier:          F2sqc18qvqzf4/nshb6Uc/1k3H2tfbxW4Ckt/4G4dtQ=
Subject key identifier:   A2:0F:90:61:C5:96:1B:B6:E5:99:03:E7:8D:2F:0D:EC:F7:F2:D8:22
Certificate issuer:       /CN=61b866e323382caea961e7d2423e53cab5099131
Certificate serial:       0194221F9E8B48A97FE70775AA82ED854A31
Authority key identifier: 61:B8:66:E3:23:38:2C:AE:A9:61:E7:D2:42:3E:53:CA:B5:09:91:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ybhm4yM4LK6pYefSQj5TyrUJkTE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/og-QYcWWG7blmQPnjS8N7Pfy2CI.roa
Signing time:             Wed 01 Jan 2025 13:48:04 +0000
ROA not before:           Wed 01 Jan 2025 13:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25540
IP address blocks:        185.33.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/Ybhm4yM4LK6pYefSQj5TyrUJkTE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/Ybhm4yM4LK6pYefSQj5TyrUJkTE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ybhm4yM4LK6pYefSQj5TyrUJkTE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:9e:8b:48:a9:7f:e7:07:75:aa:82:ed:85:4a:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b866e323382caea961e7d2423e53cab5099131
        Validity
            Not Before: Jan  1 13:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a20f9061c5961bb6e59903e78d2f0decf7f2d822
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:6d:4e:81:fb:66:77:88:70:ce:be:50:b4:96:
                    48:22:50:e3:f9:d3:1f:3e:6b:73:0f:48:e8:86:e6:
                    3f:5a:48:54:b8:c5:c8:ed:dc:5b:1c:c9:3b:55:e4:
                    69:00:b2:b6:cd:99:22:27:89:89:fe:d6:f3:e9:bf:
                    16:b3:0d:19:60:50:f6:89:ff:47:be:95:29:5f:dd:
                    df:3d:b0:14:98:bb:92:93:d8:d2:3e:d8:61:5c:cb:
                    96:3b:e2:3d:18:1a:d4:18:52:96:8c:cb:a8:4d:82:
                    81:4a:9f:fb:dc:1a:e7:37:de:53:0b:ce:bb:4d:68:
                    04:99:f2:ba:94:8a:c0:d7:ae:a4:03:5f:ee:f3:e6:
                    24:93:9a:29:7a:2f:fd:30:d0:8b:14:8d:b2:fa:3a:
                    4f:71:dd:3c:89:ac:ff:c7:2f:3b:c8:c6:8d:c9:e6:
                    99:2a:d5:f4:c7:a6:6b:21:35:20:db:3b:82:40:54:
                    31:35:f6:52:97:2b:d5:ea:d4:1e:7a:8f:6a:1d:09:
                    43:7c:9c:cd:d9:53:d4:cd:3a:8d:55:91:b6:0c:aa:
                    20:b9:70:42:37:f5:0e:66:00:b8:17:84:d9:b7:43:
                    8b:62:07:6a:52:c0:cb:b8:fd:6a:da:ee:c7:85:2a:
                    27:36:c5:ac:5f:05:84:7d:7a:bf:3a:69:f0:15:47:
                    e3:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:0F:90:61:C5:96:1B:B6:E5:99:03:E7:8D:2F:0D:EC:F7:F2:D8:22
            X509v3 Authority Key Identifier:
                keyid:61:B8:66:E3:23:38:2C:AE:A9:61:E7:D2:42:3E:53:CA:B5:09:91:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ybhm4yM4LK6pYefSQj5TyrUJkTE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/og-QYcWWG7blmQPnjS8N7Pfy2CI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/Ybhm4yM4LK6pYefSQj5TyrUJkTE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:33:d3:55:3d:56:b4:3f:4c:9a:e7:a8:89:62:55:17:63:79:
         86:65:6d:80:84:51:77:b4:af:e3:64:f9:85:97:bb:51:7a:a3:
         51:44:06:f1:cd:29:d2:88:2f:da:32:b4:b6:e0:fb:e0:39:49:
         79:4f:e3:59:6f:ea:39:29:be:0d:17:7c:8c:76:85:ff:67:6c:
         ee:7d:a3:be:4d:b3:bf:a9:9c:fc:e4:74:00:f0:d8:78:20:32:
         94:52:b9:bf:71:6e:09:c3:9c:b2:13:9c:1e:0a:a8:55:a2:27:
         0e:e9:3b:28:79:61:c2:c8:f8:bd:91:b3:1a:21:78:df:e5:25:
         d9:35:73:b4:01:96:9e:6f:51:fb:79:c1:95:c2:1f:a9:cd:54:
         4b:7b:86:92:58:77:41:8e:77:c8:3f:f2:7b:9f:be:25:ad:e2:
         db:4f:13:8f:1c:88:d0:06:88:d3:73:0b:c4:73:a6:ba:aa:05:
         da:da:3b:9d:80:60:07:fb:b6:96:70:bd:39:17:00:95:50:87:
         34:e3:52:9b:fd:87:61:c7:0b:72:29:36:77:b2:c2:39:75:16:
         f2:c0:6d:11:eb:d6:33:bc:22:80:71:04:e7:96:6f:86:a7:b1:
         3a:d1:ba:ab:fe:4a:96:73:02:34:48:1e:56:a4:55:38:f6:20:
         b9:c6:98:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH56LSKl/5wd1qoLthUoxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYjg2NmUzMjMzODJjYWVhOTYxZTdkMjQyM2U1M2NhYjUw
OTkxMzEwHhcNMjUwMTAxMTM0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjBmOTA2MWM1OTYxYmI2ZTU5OTAzZTc4ZDJmMGRlY2Y3ZjJkODIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArG1Ogftmd4hwzr5QtJZIIlDj+dMf
PmtzD0johuY/WkhUuMXI7dxbHMk7VeRpALK2zZkiJ4mJ/tbz6b8Wsw0ZYFD2if9H
vpUpX93fPbAUmLuSk9jSPthhXMuWO+I9GBrUGFKWjMuoTYKBSp/73BrnN95TC867
TWgEmfK6lIrA166kA1/u8+Ykk5opei/9MNCLFI2y+jpPcd08iaz/xy87yMaNyeaZ
KtX0x6ZrITUg2zuCQFQxNfZSlyvV6tQeeo9qHQlDfJzN2VPUzTqNVZG2DKoguXBC
N/UOZgC4F4TZt0OLYgdqUsDLuP1q2u7HhSonNsWsXwWEfXq/OmnwFUfjmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKIPkGHFlhu25ZkD540vDez38tgiMB8GA1UdIwQY
MBaAFGG4ZuMjOCyuqWHn0kI+U8q1CZExMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJobTR5TTRMSzZwWWVmU1FqNVR5clVKa1RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS80ZWY0YTktNmQ5Ni00OTg5LTljODEt
ZDkyZTY4ZGZmZmU0LzEvb2ctUVljV1dHN2JsbVFQbmpTOE43UGZ5MkNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS80ZWY0YTktNmQ5Ni00OTg5LTljODEtZDkyZTY4ZGZmZmU0
LzEvWWJobTR5TTRMSzZwWWVmU1FqNVR5clVKa1RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSEMMA0G
CSqGSIb3DQEBCwUAA4IBAQBrM9NVPVa0P0ya56iJYlUXY3mGZW2AhFF3tK/jZPmF
l7tReqNRRAbxzSnSiC/aMrS24PvgOUl5T+NZb+o5Kb4NF3yMdoX/Z2zufaO+TbO/
qZz85HQA8Nh4IDKUUrm/cW4Jw5yyE5weCqhVoicO6TsoeWHCyPi9kbMaIXjf5SXZ
NXO0AZaeb1H7ecGVwh+pzVRLe4aSWHdBjnfIP/J7n74lreLbTxOPHIjQBojTcwvE
c6a6qgXa2judgGAH+7aWcL05FwCVUIc041Kb/YdhxwtyKTZ3ssI5dRbywG0R69Yz
vCKAcQTnlm+Gp7E60bqr/kqWcwI0SB5WpFU49iC5xphX
-----END CERTIFICATE-----