Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/OtDWlzXXKG39wBbpoY1vkYd9gq0.roa
File:                     OtDWlzXXKG39wBbpoY1vkYd9gq0.roa (raw, json)
Hash identifier:          WdcFLxAQnCv2XswnBL9bzUjKIrKsdl6kvmFmkECpXVw=
Subject key identifier:   3A:D0:D6:97:35:D7:28:6D:FD:C0:16:E9:A1:8D:6F:91:87:7D:82:AD
Certificate issuer:       /CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
Certificate serial:       0196F7B23AAD6665FABC8C25A55A7815C56A
Authority key identifier: 92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/OtDWlzXXKG39wBbpoY1vkYd9gq0.roa
Signing time:             Thu 22 May 2025 11:12:54 +0000
ROA not before:           Thu 22 May 2025 11:12:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62273
IP address blocks:        147.161.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 14:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f7:b2:3a:ad:66:65:fa:bc:8c:25:a5:5a:78:15:c5:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
        Validity
            Not Before: May 22 11:12:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ad0d69735d7286dfdc016e9a18d6f91877d82ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:6d:5d:2b:a3:97:d7:15:e3:7c:af:b4:f0:62:
                    28:8a:d1:34:89:48:5d:e5:fa:6f:19:ac:a0:b9:10:
                    d6:2a:c3:d1:c0:f6:8b:af:be:1b:b5:27:66:bb:7b:
                    e1:dd:be:2b:5a:69:79:18:bf:6a:87:75:c6:57:82:
                    e8:4f:52:c3:b7:42:49:5b:45:9d:a0:86:0a:2a:4b:
                    69:32:63:ac:15:0e:c5:5d:70:d4:f2:c2:2b:fd:56:
                    8c:4b:a6:0b:95:78:5c:0c:d8:d8:4c:60:6f:ac:7d:
                    e2:1b:85:07:a8:72:a7:50:98:49:0c:0f:a3:6e:4c:
                    36:7d:53:37:e5:b0:95:08:41:63:54:af:df:6d:49:
                    b7:d0:4b:94:52:91:aa:71:77:94:f5:60:c0:fc:84:
                    2a:c6:a1:03:e1:92:d0:bd:d9:20:4f:2f:86:16:df:
                    5e:3c:70:ba:d7:d4:ca:a9:d8:c4:9c:3f:22:31:b4:
                    c1:34:2b:1b:0f:ac:f8:2a:ef:67:b6:01:2c:20:f3:
                    6d:d2:56:14:a1:b6:22:e5:ec:32:be:4d:41:73:24:
                    f7:b9:76:3a:5a:08:2c:4c:9c:7e:08:41:7d:33:d7:
                    3e:a5:c4:b6:b6:e3:51:59:52:e3:dc:f7:35:f8:01:
                    76:a2:91:9d:4b:a2:4e:b2:df:29:37:c9:e0:dd:16:
                    43:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:D0:D6:97:35:D7:28:6D:FD:C0:16:E9:A1:8D:6F:91:87:7D:82:AD
            X509v3 Authority Key Identifier:
                keyid:92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/OtDWlzXXKG39wBbpoY1vkYd9gq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.161.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:d8:ce:09:8b:87:fd:1b:af:b3:b8:2e:d4:b0:5f:bb:8c:a1:
         00:c5:66:03:8a:f6:40:1e:61:96:e0:0c:fc:e2:cf:fe:c9:09:
         c2:82:c9:b0:a5:8d:50:8d:82:3f:94:dd:7a:5c:0d:4f:50:12:
         65:f4:aa:85:b1:1e:21:7d:42:64:30:0b:7a:49:9a:1c:9f:63:
         a0:5c:08:a2:10:ef:6b:1b:73:e1:0b:a1:20:0e:3d:ac:f0:47:
         b6:e2:6d:d3:39:31:94:68:dc:b2:41:28:05:48:7a:24:5c:54:
         83:f5:c5:e5:c5:84:f2:ab:c1:12:3b:57:61:ee:68:36:cb:a7:
         54:f5:a9:78:92:e4:42:0f:f9:70:94:df:58:7a:dc:e0:a7:db:
         42:4f:5d:10:eb:fc:fc:a7:ce:c9:b6:56:38:84:78:bc:54:8a:
         a9:e2:bd:0e:f9:23:4b:da:c1:54:0f:7e:4f:e3:34:78:02:a4:
         c2:d2:af:d7:2f:1e:bf:9a:ff:d5:d3:e9:1b:41:33:87:b6:81:
         89:4b:67:ee:77:d0:33:f5:c6:76:24:ab:99:eb:5a:23:71:23:
         b6:07:c5:ab:60:7f:5d:ce:05:9f:14:00:61:a3:68:25:59:23:
         8d:b2:91:56:16:40:9e:6c:98:a9:ba:39:a6:8e:61:3a:0a:de:
         a2:fd:50:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb3sjqtZmX6vIwlpVp4FcVqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZTcyMDQ2NWM1Y2QwZGE5YzZhMTNiNDRmYTBkODZmNjQ5
ZTUwNTUwHhcNMjUwNTIyMTExMjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWQwZDY5NzM1ZDcyODZkZmRjMDE2ZTlhMThkNmY5MTg3N2Q4MmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqW1dK6OX1xXjfK+08GIoitE0iUhd
5fpvGayguRDWKsPRwPaLr74btSdmu3vh3b4rWml5GL9qh3XGV4LoT1LDt0JJW0Wd
oIYKKktpMmOsFQ7FXXDU8sIr/VaMS6YLlXhcDNjYTGBvrH3iG4UHqHKnUJhJDA+j
bkw2fVM35bCVCEFjVK/fbUm30EuUUpGqcXeU9WDA/IQqxqED4ZLQvdkgTy+GFt9e
PHC619TKqdjEnD8iMbTBNCsbD6z4Ku9ntgEsIPNt0lYUobYi5ewyvk1BcyT3uXY6
WggsTJx+CEF9M9c+pcS2tuNRWVLj3Pc1+AF2opGdS6JOst8pN8ng3RZD6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDrQ1pc11yht/cAW6aGNb5GHfYKtMB8GA1UdIwQY
MBaAFJLnIEZcXNDanGoTtE+g2G9knlBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDkt
OTA5NmUxNjc0ZTIyLzEvT3REV2x6WFhLRzM5d0JicG9ZMXZrWWQ5Z3EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDktOTA5NmUxNjc0ZTIy
LzEva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk6EDMA0G
CSqGSIb3DQEBCwUAA4IBAQBS2M4Ji4f9G6+zuC7UsF+7jKEAxWYDivZAHmGW4Az8
4s/+yQnCgsmwpY1QjYI/lN16XA1PUBJl9KqFsR4hfUJkMAt6SZocn2OgXAiiEO9r
G3PhC6EgDj2s8Ee24m3TOTGUaNyyQSgFSHokXFSD9cXlxYTyq8ESO1dh7mg2y6dU
9al4kuRCD/lwlN9Yetzgp9tCT10Q6/z8p87JtlY4hHi8VIqp4r0O+SNL2sFUD35P
4zR4AqTC0q/XLx6/mv/V0+kbQTOHtoGJS2fud9Az9cZ2JKuZ61ojcSO2B8WrYH9d
zgWfFABho2glWSONspFWFkCebJipujmmjmE6Ct6i/VAC
-----END CERTIFICATE-----