Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/1-Oyne1IgmmWrqBtENenNCty_O2A.roa
File:                     1-Oyne1IgmmWrqBtENenNCty_O2A.roa (raw, json)
Hash identifier:          Q8wTvRyCz1yDrmrQck+MlpXLr7ZhuYFeg4KZS9c1ACI=
Subject key identifier:   F8:EC:A7:7B:52:20:9A:65:AB:A8:1B:44:35:E9:CD:0A:DC:BF:3B:60
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0194BD8526581EBDB352606DFCE57DD65FDF
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/1-Oyne1IgmmWrqBtENenNCty_O2A.roa
Signing time:             Fri 31 Jan 2025 18:00:07 +0000
ROA not before:           Fri 31 Jan 2025 18:00:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54852
IP address blocks:        37.202.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:bd:85:26:58:1e:bd:b3:52:60:6d:fc:e5:7d:d6:5f:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jan 31 18:00:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8eca77b52209a65aba81b4435e9cd0adcbf3b60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:43:ce:a0:af:91:bb:5a:6d:f9:1e:a9:ce:dc:
                    c3:c8:63:ec:87:1e:9a:64:c0:91:a4:8c:29:b6:bf:
                    7b:45:19:9a:7d:15:c1:82:11:04:c4:e4:ce:e2:79:
                    19:d9:72:24:cc:2f:60:c1:3b:2a:e1:dd:46:fa:47:
                    22:4f:65:95:4d:33:9e:5f:49:f1:b0:83:6f:92:78:
                    90:ab:e4:b6:43:e3:c4:b5:f5:17:f5:e0:0a:3b:1a:
                    b6:f1:f4:af:80:25:dd:52:5e:4e:ae:aa:0d:f1:1a:
                    f9:f1:f5:a0:a0:34:10:27:7d:7b:99:3f:60:1a:96:
                    b6:17:b8:07:f9:db:9a:f4:a2:0f:70:cd:6f:53:64:
                    fc:de:63:2e:e8:a7:0e:9c:05:7e:21:7a:60:3d:cc:
                    cd:4b:a0:fb:83:29:f0:ac:03:1b:f0:dc:86:ad:3f:
                    c9:26:93:9c:fe:20:49:45:5f:d5:55:96:5d:f4:6d:
                    9c:91:bd:32:22:15:1f:3c:2c:40:10:bc:09:1c:a2:
                    8b:26:0c:1f:71:51:cb:28:60:0c:16:bb:2b:bb:58:
                    2d:66:04:01:ae:97:48:c7:21:36:95:a4:9d:74:f8:
                    14:94:13:ef:ca:5e:3f:23:5e:ed:6a:de:22:22:22:
                    62:9e:39:37:7d:18:65:3d:90:12:69:3e:15:ac:7f:
                    f6:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:EC:A7:7B:52:20:9A:65:AB:A8:1B:44:35:E9:CD:0A:DC:BF:3B:60
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/1-Oyne1IgmmWrqBtENenNCty_O2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:2d:2a:4c:bb:35:c1:d2:0b:4e:3c:af:36:92:0a:e1:2e:5a:
         d7:28:eb:c6:6f:d1:91:59:67:4e:2c:47:0d:4e:b6:74:30:bc:
         9d:5b:fd:1d:d8:a6:ff:f1:ff:21:4f:00:01:84:b6:66:26:f2:
         5b:f9:7c:8e:f8:77:e6:cf:38:fb:a3:12:db:9a:c6:c6:d3:13:
         55:4e:15:0e:c4:cb:16:b0:d3:b7:66:9f:a8:0f:62:91:ad:bf:
         87:ad:d5:30:8e:ae:46:29:d6:be:d7:03:5c:a1:72:dd:46:09:
         a0:10:c2:92:c9:ef:3e:fd:92:ce:96:bc:d4:54:d7:ff:ef:d7:
         ad:15:c5:50:73:d9:17:50:92:b7:a6:44:d0:4b:01:8e:d0:8c:
         d2:42:0a:e1:5c:41:50:01:75:8f:59:2b:39:30:ee:91:c0:5a:
         cf:91:63:37:d9:34:14:1c:47:70:91:43:04:23:8c:c5:fe:fc:
         25:6f:ef:d3:5a:5f:29:80:a0:40:c1:ae:6f:d7:61:4f:b2:8d:
         43:e3:2c:54:87:3f:bd:00:18:b9:a4:f7:39:67:ac:a1:2b:c9:
         30:a3:4b:2a:6d:6b:d4:ba:dc:10:d3:e5:21:a3:a2:9c:a6:1d:
         c3:71:75:54:c5:ce:64:5e:f5:3f:da:2e:2f:c6:73:6d:f4:ea:
         6a:ad:83:56
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZS9hSZYHr2zUmBt/OV91l/fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMTMxMTgwMDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGVjYTc3YjUyMjA5YTY1YWJhODFiNDQzNWU5Y2QwYWRjYmYzYjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0POoK+Ru1pt+R6pztzDyGPshx6a
ZMCRpIwptr97RRmafRXBghEExOTO4nkZ2XIkzC9gwTsq4d1G+kciT2WVTTOeX0nx
sINvkniQq+S2Q+PEtfUX9eAKOxq28fSvgCXdUl5OrqoN8Rr58fWgoDQQJ317mT9g
Gpa2F7gH+dua9KIPcM1vU2T83mMu6KcOnAV+IXpgPczNS6D7gynwrAMb8NyGrT/J
JpOc/iBJRV/VVZZd9G2ckb0yIhUfPCxAELwJHKKLJgwfcVHLKGAMFrsru1gtZgQB
rpdIxyE2laSddPgUlBPvyl4/I17tat4iIiJinjk3fRhlPZASaT4VrH/27QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPjsp3tSIJplq6gbRDXpzQrcvztgMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvMS1PeW5lMUlnbW1XcnFCdEVOZW5OQ3R5X08yQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGUvZjQzYjFkLTllNTAtNDU1MS1hZTZhLTE3YjlkZTE0MTI1
Mi8xL3htSm05R2I3SkppamxGbXpOUzJpVVZHbHBNQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEACXKzDAN
BgkqhkiG9w0BAQsFAAOCAQEAgi0qTLs1wdILTjyvNpIK4S5a1yjrxm/RkVlnTixH
DU62dDC8nVv9Hdim//H/IU8AAYS2ZibyW/l8jvh35s84+6MS25rGxtMTVU4VDsTL
FrDTt2afqA9ika2/h63VMI6uRinWvtcDXKFy3UYJoBDCksnvPv2Szpa81FTX/+/X
rRXFUHPZF1CSt6ZE0EsBjtCM0kIK4VxBUAF1j1krOTDukcBaz5FjN9k0FBxHcJFD
BCOMxf78JW/v01pfKYCgQMGub9dhT7KNQ+MsVIc/vQAYuaT3OWesoSvJMKNLKm1r
1LrcENPlIaOinKYdw3F1VMXOZF71P9ouL8ZzbfTqaq2DVg==
-----END CERTIFICATE-----