Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/036434-e95e-4426-8d1c-67280c8bbab8/1/Oh-npebKNll7vvyYtRrj-cg_Nd4.roa
File:                     Oh-npebKNll7vvyYtRrj-cg_Nd4.roa (raw, json)
Hash identifier:          VvG7KPmbGgCRtlU1cK6JWKQbIKFRicXjsb5mCW827Cs=
Subject key identifier:   3A:1F:A7:A5:E6:CA:36:59:7B:BE:FC:98:B5:1A:E3:F9:C8:3F:35:DE
Certificate issuer:       /CN=0239ae11188088547eb3e523483cca98556c115b
Certificate serial:       019425218471B98972CC6EFBBD8CFE87E97E
Authority key identifier: 02:39:AE:11:18:80:88:54:7E:B3:E5:23:48:3C:CA:98:55:6C:11:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AjmuERiAiFR-s-UjSDzKmFVsEVs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/036434-e95e-4426-8d1c-67280c8bbab8/1/Oh-npebKNll7vvyYtRrj-cg_Nd4.roa
Signing time:             Thu 02 Jan 2025 03:49:01 +0000
ROA not before:           Thu 02 Jan 2025 03:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        185.12.32.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/036434-e95e-4426-8d1c-67280c8bbab8/1/AjmuERiAiFR-s-UjSDzKmFVsEVs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/036434-e95e-4426-8d1c-67280c8bbab8/1/AjmuERiAiFR-s-UjSDzKmFVsEVs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AjmuERiAiFR-s-UjSDzKmFVsEVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:84:71:b9:89:72:cc:6e:fb:bd:8c:fe:87:e9:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0239ae11188088547eb3e523483cca98556c115b
        Validity
            Not Before: Jan  2 03:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a1fa7a5e6ca36597bbefc98b51ae3f9c83f35de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ed:81:53:91:69:b4:a2:cb:f9:d5:8a:5c:27:
                    59:3f:b1:14:1c:0d:32:75:1b:fa:fe:83:a8:29:08:
                    f4:51:04:e3:a3:ca:a5:5e:e1:89:6f:91:1d:c0:f1:
                    83:92:c8:fa:d4:76:03:b0:3f:fe:d4:64:51:28:23:
                    e4:b7:c9:8e:e5:41:11:8d:b3:e3:16:f5:0b:d4:bb:
                    41:39:46:ec:13:61:87:c6:bd:7a:f0:c6:67:7b:8c:
                    84:70:97:23:fb:b6:20:45:49:06:1f:ec:00:36:d8:
                    58:75:62:63:30:b6:16:0f:c6:2d:ad:cf:43:c3:3e:
                    64:7e:51:b2:34:63:1c:18:d2:d0:b7:c7:47:e5:19:
                    51:b1:f9:0a:77:32:36:8c:04:94:a4:fa:90:cf:89:
                    da:94:a4:ba:cf:22:cc:71:24:69:76:24:d6:eb:2b:
                    a6:9d:1e:51:76:15:8d:6f:2e:c8:09:b9:37:4c:18:
                    da:55:fc:ac:5d:4b:ab:d8:83:8d:e2:e1:03:98:c2:
                    e1:e1:b3:f3:4f:33:a0:33:b8:31:de:fd:26:52:cd:
                    92:96:a9:88:a0:1c:7b:7e:c0:97:6a:84:e9:ac:d6:
                    dd:e0:d9:20:8f:d9:79:6b:6a:7b:35:7c:88:e8:07:
                    01:f1:dc:a1:d4:0b:b2:60:31:82:18:d2:1f:fb:d6:
                    f6:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:1F:A7:A5:E6:CA:36:59:7B:BE:FC:98:B5:1A:E3:F9:C8:3F:35:DE
            X509v3 Authority Key Identifier:
                keyid:02:39:AE:11:18:80:88:54:7E:B3:E5:23:48:3C:CA:98:55:6C:11:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AjmuERiAiFR-s-UjSDzKmFVsEVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/036434-e95e-4426-8d1c-67280c8bbab8/1/Oh-npebKNll7vvyYtRrj-cg_Nd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/036434-e95e-4426-8d1c-67280c8bbab8/1/AjmuERiAiFR-s-UjSDzKmFVsEVs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.12.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         28:f6:87:39:84:6a:57:dd:fe:d8:d0:c8:44:ae:25:ba:ef:af:
         7e:27:63:e4:2b:00:f6:9e:7d:7c:31:45:1e:72:d3:df:e1:0f:
         04:c1:79:97:7d:af:dd:9c:dd:1e:52:7c:b9:5b:d8:ed:ed:cb:
         fa:9d:23:f9:a6:31:f9:d5:f9:8b:fa:c7:38:56:95:e2:3d:ca:
         6c:b4:72:3a:53:4d:43:4d:92:8f:2b:f5:34:36:1e:aa:0b:59:
         03:2c:4b:b0:a7:3f:47:04:89:57:e6:61:d6:04:b1:b6:29:ae:
         e8:36:f2:cd:01:d8:61:2b:fe:11:9f:9d:a4:c8:dd:15:a0:72:
         86:59:2c:23:e1:e7:f2:38:8a:f3:3c:c6:c9:b6:95:37:f3:9b:
         80:53:04:01:71:a5:7a:ed:5b:d5:9d:3e:5d:7a:2b:df:96:8e:
         33:75:f0:36:27:c2:15:f1:cd:fc:60:b6:5a:5d:e5:5e:5a:ee:
         cd:b7:05:79:a9:e1:de:34:3a:f6:5e:e4:cd:2f:4c:d5:7f:d1:
         ba:fb:88:70:79:5b:e6:b6:6c:e3:02:1e:b8:67:29:4d:20:4b:
         8d:e4:43:c3:60:ee:33:a9:de:a2:11:10:60:89:3b:a6:f3:1b:
         41:d2:0d:78:54:20:16:df:dc:3a:80:6e:90:32:7f:63:8e:b4:
         87:e9:c0:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIYRxuYlyzG77vYz+h+l+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyMzlhZTExMTg4MDg4NTQ3ZWIzZTUyMzQ4M2NjYTk4NTU2
YzExNWIwHhcNMjUwMTAyMDM0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTFmYTdhNWU2Y2EzNjU5N2JiZWZjOThiNTFhZTNmOWM4M2YzNWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+2BU5FptKLL+dWKXCdZP7EUHA0y
dRv6/oOoKQj0UQTjo8qlXuGJb5EdwPGDksj61HYDsD/+1GRRKCPkt8mO5UERjbPj
FvUL1LtBOUbsE2GHxr168MZne4yEcJcj+7YgRUkGH+wANthYdWJjMLYWD8Ytrc9D
wz5kflGyNGMcGNLQt8dH5RlRsfkKdzI2jASUpPqQz4nalKS6zyLMcSRpdiTW6yum
nR5RdhWNby7ICbk3TBjaVfysXUur2ION4uEDmMLh4bPzTzOgM7gx3v0mUs2SlqmI
oBx7fsCXaoTprNbd4Nkgj9l5a2p7NXyI6AcB8dyh1AuyYDGCGNIf+9b2SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDofp6XmyjZZe778mLUa4/nIPzXeMB8GA1UdIwQY
MBaAFAI5rhEYgIhUfrPlI0g8yphVbBFbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWptdUVSaUFpRlItcy1ValNEekttRlZzRVZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS8wMzY0MzQtZTk1ZS00NDI2LThkMWMt
NjcyODBjOGJiYWI4LzEvT2gtbnBlYktObGw3dnZ5WXRScmotY2dfTmQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS8wMzY0MzQtZTk1ZS00NDI2LThkMWMtNjcyODBjOGJiYWI4
LzEvQWptdUVSaUFpRlItcy1ValNEekttRlZzRVZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuQwgMA0G
CSqGSIb3DQEBCwUAA4IBAQAo9oc5hGpX3f7Y0MhEriW6769+J2PkKwD2nn18MUUe
ctPf4Q8EwXmXfa/dnN0eUny5W9jt7cv6nSP5pjH51fmL+sc4VpXiPcpstHI6U01D
TZKPK/U0Nh6qC1kDLEuwpz9HBIlX5mHWBLG2Ka7oNvLNAdhhK/4Rn52kyN0VoHKG
WSwj4efyOIrzPMbJtpU385uAUwQBcaV67VvVnT5deivflo4zdfA2J8IV8c38YLZa
XeVeWu7NtwV5qeHeNDr2XuTNL0zVf9G6+4hweVvmtmzjAh64ZylNIEuN5EPDYO4z
qd6iERBgiTum8xtB0g14VCAW39w6gG6QMn9jjrSH6cA+
-----END CERTIFICATE-----