Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/2dcd18-c5b6-4ff5-b235-26c67cd0128c/1/OhZtVLJsToPJ5XT9Ri4PQ-fSzP4.roa
File:                     OhZtVLJsToPJ5XT9Ri4PQ-fSzP4.roa (raw, json)
Hash identifier:          cEI9APBy77RnV/y58ZcNRskCn0uMdesQT/xyTSiVBjs=
Subject key identifier:   3A:16:6D:54:B2:6C:4E:83:C9:E5:74:FD:46:2E:0F:43:E7:D2:CC:FE
Certificate issuer:       /CN=2d2a08a7438a49589d634f88a09e93941f8107f6
Certificate serial:       01971C4294601D70B28562104DB53D792003
Authority key identifier: 2D:2A:08:A7:43:8A:49:58:9D:63:4F:88:A0:9E:93:94:1F:81:07:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LSoIp0OKSVidY0-IoJ6TlB-BB_Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/2dcd18-c5b6-4ff5-b235-26c67cd0128c/1/OhZtVLJsToPJ5XT9Ri4PQ-fSzP4.roa
Signing time:             Thu 29 May 2025 13:36:54 +0000
ROA not before:           Thu 29 May 2025 13:36:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2856
IP address blocks:        195.88.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/2dcd18-c5b6-4ff5-b235-26c67cd0128c/1/LSoIp0OKSVidY0-IoJ6TlB-BB_Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/2dcd18-c5b6-4ff5-b235-26c67cd0128c/1/LSoIp0OKSVidY0-IoJ6TlB-BB_Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LSoIp0OKSVidY0-IoJ6TlB-BB_Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:1c:42:94:60:1d:70:b2:85:62:10:4d:b5:3d:79:20:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d2a08a7438a49589d634f88a09e93941f8107f6
        Validity
            Not Before: May 29 13:36:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a166d54b26c4e83c9e574fd462e0f43e7d2ccfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:38:21:bb:6e:ed:5d:e5:f6:ce:ac:3f:fd:82:
                    14:e9:9b:10:53:d3:2e:25:69:16:87:46:77:b8:da:
                    1c:23:8e:1a:a9:d8:8b:9b:44:72:3e:13:45:75:c8:
                    41:d5:56:cb:ea:16:53:00:8f:f9:8d:c6:a7:61:c0:
                    ef:66:f1:7b:4c:39:c6:fc:ad:22:c5:62:62:74:ad:
                    49:ae:82:4a:4e:5b:5c:8a:0b:19:4a:d2:01:f6:1d:
                    64:a4:13:c8:b4:d9:99:02:8f:00:97:78:4b:b2:00:
                    6a:cf:3f:9f:90:b7:43:3f:87:ff:a9:86:65:50:bf:
                    63:ff:c9:a5:04:1a:ed:3a:4f:65:d7:84:b0:32:e3:
                    6c:d6:37:cd:ae:3c:de:35:db:b6:a0:df:8f:c7:1d:
                    25:92:fd:95:7f:8e:da:cf:a7:a8:b6:72:42:0c:21:
                    4c:ac:07:3d:95:45:ec:a0:25:2a:cb:7f:4b:71:f0:
                    6e:d1:6a:53:89:4c:68:2a:8d:da:11:97:26:8b:6a:
                    b3:a5:2a:dd:23:e3:70:3a:f9:a1:ae:d4:ab:e9:1b:
                    1b:f1:a3:b1:d0:0a:74:26:5e:be:76:95:92:a7:10:
                    6a:d1:83:aa:61:6a:7f:7c:1e:32:a4:88:31:d6:34:
                    8c:ae:12:80:0e:fa:4d:70:ff:da:9c:a8:03:c1:3a:
                    2c:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:16:6D:54:B2:6C:4E:83:C9:E5:74:FD:46:2E:0F:43:E7:D2:CC:FE
            X509v3 Authority Key Identifier:
                keyid:2D:2A:08:A7:43:8A:49:58:9D:63:4F:88:A0:9E:93:94:1F:81:07:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LSoIp0OKSVidY0-IoJ6TlB-BB_Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/2dcd18-c5b6-4ff5-b235-26c67cd0128c/1/OhZtVLJsToPJ5XT9Ri4PQ-fSzP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/2dcd18-c5b6-4ff5-b235-26c67cd0128c/1/LSoIp0OKSVidY0-IoJ6TlB-BB_Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:42:0b:75:44:9c:78:5a:4a:84:2e:05:32:95:b1:46:c3:22:
         b1:ff:56:53:c1:0b:f7:20:4e:e2:7b:49:84:0e:ab:b2:2e:d9:
         b6:1b:42:45:6e:2d:90:b7:6b:e2:ac:8c:f3:de:73:a9:8d:f1:
         66:51:15:cb:58:07:1c:b7:02:b9:09:ab:87:4c:dc:a9:69:7d:
         16:3d:4f:21:f0:b0:83:dd:a7:8c:25:f8:c7:8c:47:84:d4:27:
         f8:f6:94:92:eb:be:71:a9:35:e3:fe:ed:52:4b:d6:fb:94:68:
         e8:77:bd:c9:bf:0a:f4:eb:b8:ce:2a:d9:e7:13:b1:40:f9:3e:
         01:f7:37:3c:83:79:f8:8d:b4:e2:24:3d:a3:6d:97:53:ef:a4:
         71:4f:5f:71:07:3f:c0:0e:a9:31:9c:83:00:c2:7a:19:ff:55:
         f1:d6:52:3e:81:f7:0a:71:eb:d9:fd:e0:30:55:6b:2e:71:ff:
         07:e1:01:19:d8:b2:b6:50:a6:64:9e:4d:cb:b4:09:2d:91:a4:
         b1:ed:37:b2:24:49:83:59:f3:a5:c1:fd:80:f5:23:be:e9:9c:
         72:45:f1:a1:50:26:13:f4:97:4d:ce:64:39:c7:2f:a3:b8:4c:
         a6:9c:6d:af:d8:39:f9:37:fb:8e:4d:64:ba:b2:c4:83:2e:59:
         d5:6b:57:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZccQpRgHXCyhWIQTbU9eSADMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMmEwOGE3NDM4YTQ5NTg5ZDYzNGY4OGEwOWU5Mzk0MWY4
MTA3ZjYwHhcNMjUwNTI5MTMzNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTE2NmQ1NGIyNmM0ZTgzYzllNTc0ZmQ0NjJlMGY0M2U3ZDJjY2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzghu27tXeX2zqw//YIU6ZsQU9Mu
JWkWh0Z3uNocI44aqdiLm0RyPhNFdchB1VbL6hZTAI/5jcanYcDvZvF7TDnG/K0i
xWJidK1JroJKTltcigsZStIB9h1kpBPItNmZAo8Al3hLsgBqzz+fkLdDP4f/qYZl
UL9j/8mlBBrtOk9l14SwMuNs1jfNrjzeNdu2oN+Pxx0lkv2Vf47az6eotnJCDCFM
rAc9lUXsoCUqy39LcfBu0WpTiUxoKo3aEZcmi2qzpSrdI+NwOvmhrtSr6Rsb8aOx
0Ap0Jl6+dpWSpxBq0YOqYWp/fB4ypIgx1jSMrhKADvpNcP/anKgDwTosjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDoWbVSybE6DyeV0/UYuD0Pn0sz+MB8GA1UdIwQY
MBaAFC0qCKdDiklYnWNPiKCek5QfgQf2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFNvSXAwT0tTVmlkWTAtSW9KNlRsQi1CQl9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8yZGNkMTgtYzViNi00ZmY1LWIyMzUt
MjZjNjdjZDAxMjhjLzEvT2hadFZMSnNUb1BKNVhUOVJpNFBRLWZTelA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8yZGNkMTgtYzViNi00ZmY1LWIyMzUtMjZjNjdjZDAxMjhj
LzEvTFNvSXAwT0tTVmlkWTAtSW9KNlRsQi1CQl9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1gUMA0G
CSqGSIb3DQEBCwUAA4IBAQCBQgt1RJx4WkqELgUylbFGwyKx/1ZTwQv3IE7ie0mE
DquyLtm2G0JFbi2Qt2virIzz3nOpjfFmURXLWAcctwK5CauHTNypaX0WPU8h8LCD
3aeMJfjHjEeE1Cf49pSS675xqTXj/u1SS9b7lGjod73Jvwr067jOKtnnE7FA+T4B
9zc8g3n4jbTiJD2jbZdT76RxT19xBz/ADqkxnIMAwnoZ/1Xx1lI+gfcKcevZ/eAw
VWsucf8H4QEZ2LK2UKZknk3LtAktkaSx7TeyJEmDWfOlwf2A9SO+6ZxyRfGhUCYT
9JdNzmQ5xy+juEymnG2v2Dn5N/uOTWS6ssSDLlnVa1eK
-----END CERTIFICATE-----