Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/oAMq7eOSrrg7QzHYvuiclu2pDcU.roa
File:                     oAMq7eOSrrg7QzHYvuiclu2pDcU.roa (raw, json)
Hash identifier:          0Dq9HT+D04Msgy5j4AI+QE/myTwZkQVZ5ZeJBagVuyM=
Subject key identifier:   A0:03:2A:ED:E3:92:AE:B8:3B:43:31:D8:BE:E8:9C:96:ED:A9:0D:C5
Certificate issuer:       /CN=9bed36af13da482fdf79fb5403e5074860eecd0d
Certificate serial:       019421B1E083D67087FE2F64494B3AED6BB6
Authority key identifier: 9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/oAMq7eOSrrg7QzHYvuiclu2pDcU.roa
Signing time:             Wed 01 Jan 2025 11:48:12 +0000
ROA not before:           Wed 01 Jan 2025 11:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39232
IP address blocks:        134.19.208.0/22 maxlen: 22
                          134.19.208.0/23 maxlen: 23
                          134.19.210.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 23:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:e0:83:d6:70:87:fe:2f:64:49:4b:3a:ed:6b:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bed36af13da482fdf79fb5403e5074860eecd0d
        Validity
            Not Before: Jan  1 11:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a0032aede392aeb83b4331d8bee89c96eda90dc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:26:a5:53:cc:03:d1:39:47:bb:74:d9:33:98:
                    94:00:21:12:f1:a7:0a:bf:3b:f5:40:8c:3a:f3:7f:
                    9e:94:b8:2b:4a:95:5a:9a:67:d0:e0:82:66:2d:9d:
                    74:2b:02:97:be:88:c6:4d:a4:d8:d3:04:ad:ad:30:
                    01:9c:a5:24:b0:e2:3f:96:67:25:d8:2d:3e:1e:1b:
                    51:3b:d3:a3:d7:4c:08:8a:18:e4:f7:23:de:99:cc:
                    cd:35:d2:d5:18:ce:dd:ea:d3:25:a5:4d:1d:0b:79:
                    db:07:43:04:ad:41:64:fb:45:51:44:25:f6:b3:3b:
                    06:24:c9:c0:40:36:29:61:23:8f:87:46:63:5a:60:
                    4c:54:7f:5f:e5:6d:f1:8b:6d:f3:7b:f4:6e:18:40:
                    42:a3:cf:e1:56:e1:c2:29:2e:93:4b:5e:ca:a5:3a:
                    f4:4a:89:e3:8b:85:9a:45:54:78:9f:db:a2:3b:bd:
                    87:9a:9b:95:7d:3b:7c:4b:64:2a:c9:0c:06:43:7b:
                    7e:26:f1:1a:a9:22:50:c5:f8:95:52:59:f8:b9:e2:
                    53:3c:78:23:a2:2b:57:5b:4b:96:7d:1a:b4:52:ab:
                    09:a3:e8:55:a1:94:57:88:ab:22:a3:f6:d7:8c:67:
                    1b:24:9e:e7:f2:0b:22:ae:3c:09:3a:b8:7e:44:7b:
                    45:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:03:2A:ED:E3:92:AE:B8:3B:43:31:D8:BE:E8:9C:96:ED:A9:0D:C5
            X509v3 Authority Key Identifier:
                keyid:9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/oAMq7eOSrrg7QzHYvuiclu2pDcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.19.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5c:b4:16:c7:2a:0f:33:3d:db:4c:5c:f9:62:83:f5:5f:50:1b:
         bd:cc:cc:55:0a:1d:5e:03:a9:77:de:b9:7f:b1:60:01:81:60:
         b2:55:71:5d:c7:5c:18:e4:1c:15:e9:1f:de:fd:8a:8d:3a:ec:
         7d:38:ef:33:90:89:fe:60:cb:f7:bf:ea:33:07:44:37:00:71:
         74:f0:7c:14:8e:50:48:32:93:28:c4:2c:4e:ce:7d:08:1f:83:
         fa:fa:a2:55:b2:80:90:78:36:3c:03:69:1f:34:19:1f:a5:1e:
         f8:3e:55:96:42:30:7b:7d:e1:09:12:6e:a5:e5:19:70:5e:17:
         93:0b:e9:28:f2:a9:fa:44:d8:3c:47:32:3f:f6:d5:fd:52:d6:
         60:c8:0a:1c:2d:a4:1c:bb:be:5d:2c:6e:af:b2:ee:99:45:83:
         41:c1:36:a5:72:b7:17:2d:66:c0:11:f9:8e:14:a6:55:26:b7:
         d6:c7:19:b4:c6:a5:5c:30:9d:42:4a:46:1d:8d:23:29:8c:15:
         0e:6c:57:73:30:25:13:e9:35:8f:4a:f9:fb:c0:85:9d:9c:82:
         20:c5:25:e7:25:53:0b:e7:64:9c:85:bd:7c:cb:f6:3c:7f:e1:
         f3:bd:a4:67:25:b6:b1:81:b9:06:5f:1f:05:1a:5b:a1:cf:d1:
         4f:5e:b4:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhseCD1nCH/i9kSUs67Wu2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZWQzNmFmMTNkYTQ4MmZkZjc5ZmI1NDAzZTUwNzQ4NjBl
ZWNkMGQwHhcNMjUwMTAxMTE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDAzMmFlZGUzOTJhZWI4M2I0MzMxZDhiZWU4OWM5NmVkYTkwZGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSalU8wD0TlHu3TZM5iUACES8acK
vzv1QIw683+elLgrSpVammfQ4IJmLZ10KwKXvojGTaTY0wStrTABnKUksOI/lmcl
2C0+HhtRO9Oj10wIihjk9yPemczNNdLVGM7d6tMlpU0dC3nbB0MErUFk+0VRRCX2
szsGJMnAQDYpYSOPh0ZjWmBMVH9f5W3xi23ze/RuGEBCo8/hVuHCKS6TS17KpTr0
Sonji4WaRVR4n9uiO72HmpuVfTt8S2QqyQwGQ3t+JvEaqSJQxfiVUln4ueJTPHgj
oitXW0uWfRq0UqsJo+hVoZRXiKsio/bXjGcbJJ7n8gsirjwJOrh+RHtFlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKADKu3jkq64O0Mx2L7onJbtqQ3FMB8GA1UdIwQY
MBaAFJvtNq8T2kgv33n7VAPlB0hg7s0NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbS0wMnJ4UGFTQ19mZWZ0VUEtVUhTR0R1elEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni80YjAyODMtYTkwYy00ZDY0LTgzMDEt
ZDIyMWViZDA4MThkLzEvb0FNcTdlT1Nycmc3UXpIWXZ1aWNsdTJwRGNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni80YjAyODMtYTkwYy00ZDY0LTgzMDEtZDIyMWViZDA4MThk
LzEvbS0wMnJ4UGFTQ19mZWZ0VUEtVUhTR0R1elEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQChhPQMA0G
CSqGSIb3DQEBCwUAA4IBAQBctBbHKg8zPdtMXPlig/VfUBu9zMxVCh1eA6l33rl/
sWABgWCyVXFdx1wY5BwV6R/e/YqNOux9OO8zkIn+YMv3v+ozB0Q3AHF08HwUjlBI
MpMoxCxOzn0IH4P6+qJVsoCQeDY8A2kfNBkfpR74PlWWQjB7feEJEm6l5RlwXheT
C+ko8qn6RNg8RzI/9tX9UtZgyAocLaQcu75dLG6vsu6ZRYNBwTalcrcXLWbAEfmO
FKZVJrfWxxm0xqVcMJ1CSkYdjSMpjBUObFdzMCUT6TWPSvn7wIWdnIIgxSXnJVML
52Schb18y/Y8f+HzvaRnJbaxgbkGXx8FGluhz9FPXrTC
-----END CERTIFICATE-----