Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/1OezRia-k7vPALmaug5Tyf6JyZs.roa
File:                     1OezRia-k7vPALmaug5Tyf6JyZs.roa (raw, json)
Hash identifier:          Ha3xi1O77ATOvN0AekzMfn+aCeju2C51gXeE1CbDPB0=
Subject key identifier:   D4:E7:B3:46:26:BE:93:BB:CF:00:B9:9A:BA:0E:53:C9:FE:89:C9:9B
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       019283BE7D19E9996CEDD06317023EFCBF89
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/1OezRia-k7vPALmaug5Tyf6JyZs.roa
Signing time:             Sun 13 Oct 2024 02:39:11 +0000
ROA not before:           Sun 13 Oct 2024 02:39:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61138
IP address blocks:        168.199.240.0/22 maxlen: 24
                          168.199.252.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:83:be:7d:19:e9:99:6c:ed:d0:63:17:02:3e:fc:bf:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Oct 13 02:39:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4e7b34626be93bbcf00b99aba0e53c9fe89c99b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:66:6f:f7:14:30:ff:46:4f:31:e1:bc:6c:b6:
                    77:41:b4:15:d0:1f:90:33:a1:d7:f6:e7:e7:b2:e5:
                    f0:38:b5:e7:46:94:9d:27:a6:dd:db:41:39:f4:53:
                    65:bb:ca:ee:a0:f8:19:92:87:64:e3:90:58:8e:bb:
                    b7:d4:6e:f4:8d:7a:7b:b7:a4:fb:02:a3:6a:db:75:
                    57:8e:a4:a4:2f:3f:c7:a2:a3:83:d1:fe:1b:b8:97:
                    45:0a:c0:65:ae:c4:51:df:d9:7e:6a:eb:fd:45:ed:
                    30:f7:e7:b8:2b:49:2f:e9:a9:90:7a:e5:b4:8e:9f:
                    e5:58:1b:5f:e2:ce:15:f2:aa:9a:06:9a:88:a0:4a:
                    fc:d1:7b:01:11:2b:a4:6b:db:a5:81:de:2a:c3:69:
                    c3:e2:f2:33:ae:5b:38:1c:47:f9:d5:ff:88:c6:66:
                    b1:6a:da:45:f9:bc:ad:0a:ee:30:44:d9:d7:db:02:
                    1d:09:6b:80:9e:0b:f4:bd:18:ec:64:f7:74:55:94:
                    d7:ce:4e:5b:19:1d:f7:7a:01:a1:ac:54:47:d1:27:
                    89:c7:3a:e6:20:03:79:31:99:c8:a7:b7:9c:2a:b9:
                    91:14:e3:fe:87:50:71:8e:d8:f4:26:f5:f1:e3:99:
                    9a:4b:03:bf:e5:c6:f8:ee:51:b9:e9:50:fa:c8:0d:
                    74:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:E7:B3:46:26:BE:93:BB:CF:00:B9:9A:BA:0E:53:C9:FE:89:C9:9B
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/1OezRia-k7vPALmaug5Tyf6JyZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.199.240.0/22
                  168.199.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:5c:7a:67:57:29:21:f5:2e:78:f5:e1:5f:1d:c4:75:43:ef:
         45:54:f4:00:98:b1:98:df:f5:db:0f:d6:95:c3:e6:01:5e:b5:
         a8:a6:7f:16:bf:4d:76:82:94:d8:d5:f2:45:6c:52:34:e1:bf:
         16:37:a5:2b:a5:ce:2d:ca:b9:a3:ed:3c:41:e3:3a:61:4c:fd:
         69:47:02:c3:c9:75:37:69:05:c5:ab:2a:27:84:bc:a3:69:23:
         78:25:21:6a:94:4b:8b:c6:8c:ff:7e:07:ce:30:26:af:58:51:
         72:c3:9e:95:08:2f:8e:79:66:bc:1d:e0:a7:cc:72:00:b1:91:
         6a:96:6b:8c:17:80:a1:60:36:6a:5e:7a:35:b0:1d:6c:8e:d2:
         dc:bc:fc:e8:9e:6f:7b:e1:55:3c:77:b3:fa:b2:ee:ae:e6:5c:
         27:f7:10:03:ea:41:1b:3a:64:ad:f0:55:3a:34:e2:70:c3:98:
         6e:88:fb:67:8f:4b:2f:b7:0c:90:8d:23:52:8a:9b:a4:61:eb:
         f8:8b:60:49:0d:6e:2f:53:9d:76:1c:f2:59:27:13:f0:49:af:
         6f:89:75:31:5c:e5:37:93:c5:66:77:1c:c9:97:81:a9:f0:38:
         c7:c7:e0:58:ab:a0:bd:d0:1b:68:eb:25:7c:56:ab:96:33:a7:
         9e:a5:be:36
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZKDvn0Z6Zls7dBjFwI+/L+JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjQxMDEzMDIzOTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGU3YjM0NjI2YmU5M2JiY2YwMGI5OWFiYTBlNTNjOWZlODljOTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGZv9xQw/0ZPMeG8bLZ3QbQV0B+Q
M6HX9ufnsuXwOLXnRpSdJ6bd20E59FNlu8ruoPgZkodk45BYjru31G70jXp7t6T7
AqNq23VXjqSkLz/HoqOD0f4buJdFCsBlrsRR39l+auv9Re0w9+e4K0kv6amQeuW0
jp/lWBtf4s4V8qqaBpqIoEr80XsBESuka9ulgd4qw2nD4vIzrls4HEf51f+Ixmax
atpF+bytCu4wRNnX2wIdCWuAngv0vRjsZPd0VZTXzk5bGR33egGhrFRH0SeJxzrm
IAN5MZnIp7ecKrmRFOP+h1Bxjtj0JvXx45maSwO/5cb47lG56VD6yA10mQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNTns0YmvpO7zwC5mroOU8n+icmbMB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvMU9lelJpYS1rN3ZQQUxtYXVnNVR5ZjZKeVpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCqMfwAwQC
qMf8MA0GCSqGSIb3DQEBCwUAA4IBAQBBXHpnVykh9S549eFfHcR1Q+9FVPQAmLGY
3/XbD9aVw+YBXrWopn8Wv012gpTY1fJFbFI04b8WN6Urpc4tyrmj7TxB4zphTP1p
RwLDyXU3aQXFqyonhLyjaSN4JSFqlEuLxoz/fgfOMCavWFFyw56VCC+OeWa8HeCn
zHIAsZFqlmuMF4ChYDZqXno1sB1sjtLcvPzonm974VU8d7P6su6u5lwn9xAD6kEb
OmSt8FU6NOJww5huiPtnj0svtwyQjSNSipukYev4i2BJDW4vU512HPJZJxPwSa9v
iXUxXOU3k8VmdxzJl4Gp8DjHx+BYq6C90Bto6yV8VquWM6eepb42
-----END CERTIFICATE-----