Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/owgmBs4vbkkXbw2K0OuU1ejAVjM.roa
File:                     owgmBs4vbkkXbw2K0OuU1ejAVjM.roa (raw, json)
Hash identifier:          hWN+IDhiOv5MeOYFdicsOLf4isT8+TWoYgyTGhIN3B8=
Subject key identifier:   A3:08:26:06:CE:2F:6E:49:17:6F:0D:8A:D0:EB:94:D5:E8:C0:56:33
Certificate issuer:       /CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
Certificate serial:       019421B228B3E4693C6EF2381E5BCE964FE6
Authority key identifier: AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/owgmBs4vbkkXbw2K0OuU1ejAVjM.roa
Signing time:             Wed 01 Jan 2025 11:48:31 +0000
ROA not before:           Wed 01 Jan 2025 11:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48753
IP address blocks:        37.221.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:28:b3:e4:69:3c:6e:f2:38:1e:5b:ce:96:4f:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
        Validity
            Not Before: Jan  1 11:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3082606ce2f6e49176f0d8ad0eb94d5e8c05633
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:07:5a:bd:61:c4:ac:ff:44:e6:c0:3e:8c:44:
                    ba:ea:40:7f:5e:03:e1:9f:78:8e:9b:3d:8f:cf:0f:
                    88:e9:b7:b5:56:4a:53:be:a5:ce:f8:1b:92:45:22:
                    cd:71:82:17:1d:41:a3:ed:82:6a:cc:46:5d:40:7b:
                    94:fa:ec:57:43:ab:47:be:28:b7:e8:02:8a:90:c6:
                    d0:f0:2b:92:7e:3b:75:10:e9:61:11:27:a3:03:2a:
                    a6:f1:36:6c:a1:4f:84:01:8c:dd:73:5e:22:b5:2c:
                    6b:f6:99:e2:35:c7:06:25:b1:9a:fe:4a:a8:99:38:
                    69:37:f2:ec:bb:83:fa:ff:e7:24:39:a0:f9:ac:ef:
                    13:8d:ca:49:a4:0f:0e:42:67:b8:fa:32:01:2f:19:
                    78:f2:17:a0:6c:d3:27:c1:14:d3:9a:a0:bc:53:c5:
                    0c:71:70:ef:d1:a3:d2:e1:3f:af:5c:e2:82:dc:27:
                    7d:82:83:1b:1b:aa:99:84:e5:d1:ca:b5:b8:3f:27:
                    b8:33:af:0b:b3:66:22:d5:fe:1d:9c:f0:c6:2f:a9:
                    a4:03:95:34:82:d0:43:f4:c0:8c:90:0e:30:9f:52:
                    b6:3a:4a:f8:58:e1:12:a4:bc:7f:36:89:69:1c:a5:
                    cd:97:9b:5b:97:14:0d:cd:67:f7:7c:62:84:80:59:
                    b0:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:08:26:06:CE:2F:6E:49:17:6F:0D:8A:D0:EB:94:D5:E8:C0:56:33
            X509v3 Authority Key Identifier:
                keyid:AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/owgmBs4vbkkXbw2K0OuU1ejAVjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:74:42:e1:06:69:84:0d:3b:61:38:00:9c:5d:d2:bb:1d:3c:
         0e:8f:42:70:72:ab:cd:b4:32:49:1a:c2:ff:a1:9a:e8:dc:7a:
         25:da:9b:90:c2:cb:20:3e:d6:89:13:4c:d3:0c:6d:81:18:fb:
         3b:72:0d:c4:af:c4:1d:cf:00:58:62:f7:97:10:e6:e2:87:d8:
         4d:64:02:2f:e5:b8:58:45:c4:21:ff:b1:5a:7d:7f:c9:55:4f:
         b8:3e:b3:2e:50:b0:fe:35:6b:96:00:0c:d3:b7:eb:0f:32:4d:
         74:28:97:f5:48:de:11:86:c2:52:b5:9c:7b:30:bf:db:99:74:
         e7:75:7c:16:53:17:5b:34:27:83:97:eb:19:f5:92:7f:a7:b2:
         f2:24:20:3e:1c:25:a2:48:8f:4c:18:d9:31:2e:a8:d0:ea:e0:
         6a:d2:69:42:d7:89:48:f4:17:6c:47:81:9a:ed:28:e6:b0:6e:
         b9:3e:d3:a8:81:f8:41:a3:7b:6d:98:c8:60:8a:17:cb:17:8f:
         18:b6:f7:5e:5b:13:1c:50:df:55:2f:d2:7f:b6:c0:82:3a:a0:
         4f:c3:97:0d:f5:ac:6b:07:04:d8:82:8a:6a:d9:5d:e7:3c:11:
         15:19:e9:b5:d5:0e:da:a7:6b:a8:97:53:eb:4b:27:9f:1a:36:
         87:20:4c:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsiiz5Gk8bvI4HlvOlk/mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYTI1YWFmZTNhOTg3MGU5NTI0YWZhMDI2NTk4N2VkNWE1
YTRkYTMwHhcNMjUwMTAxMTE0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzA4MjYwNmNlMmY2ZTQ5MTc2ZjBkOGFkMGViOTRkNWU4YzA1NjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwdavWHErP9E5sA+jES66kB/XgPh
n3iOmz2Pzw+I6be1VkpTvqXO+BuSRSLNcYIXHUGj7YJqzEZdQHuU+uxXQ6tHvii3
6AKKkMbQ8CuSfjt1EOlhESejAyqm8TZsoU+EAYzdc14itSxr9pniNccGJbGa/kqo
mThpN/Lsu4P6/+ckOaD5rO8TjcpJpA8OQme4+jIBLxl48hegbNMnwRTTmqC8U8UM
cXDv0aPS4T+vXOKC3Cd9goMbG6qZhOXRyrW4Pye4M68Ls2Yi1f4dnPDGL6mkA5U0
gtBD9MCMkA4wn1K2Okr4WOESpLx/NolpHKXNl5tblxQNzWf3fGKEgFmwjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKMIJgbOL25JF28NitDrlNXowFYzMB8GA1UdIwQY
MBaAFK2iWq/jqYcOlSSvoCZZh+1aWk2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUt
OWQ1ODc1ZDg2MzczLzEvb3dnbUJzNHZia2tYYncySzBPdVUxZWpBVmpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUtOWQ1ODc1ZDg2Mzcz
LzEvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJd1CMA0G
CSqGSIb3DQEBCwUAA4IBAQB5dELhBmmEDTthOACcXdK7HTwOj0JwcqvNtDJJGsL/
oZro3Hol2puQwssgPtaJE0zTDG2BGPs7cg3Er8QdzwBYYveXEObih9hNZAIv5bhY
RcQh/7FafX/JVU+4PrMuULD+NWuWAAzTt+sPMk10KJf1SN4RhsJStZx7ML/bmXTn
dXwWUxdbNCeDl+sZ9ZJ/p7LyJCA+HCWiSI9MGNkxLqjQ6uBq0mlC14lI9BdsR4Ga
7SjmsG65PtOogfhBo3ttmMhgihfLF48YtvdeWxMcUN9VL9J/tsCCOqBPw5cN9axr
BwTYgopq2V3nPBEVGem11Q7ap2uol1PrSyefGjaHIEzu
-----END CERTIFICATE-----