Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6f6826-1aad-4c3c-bd91-cca37e2f2729/1/OyzZxs_hVYKW1cYJmnARu5WD5PU.roa
File:                     OyzZxs_hVYKW1cYJmnARu5WD5PU.roa (raw, json)
Hash identifier:          Mxe+uv54doiDC6rq1qVmsEa8Vr9FlHaFSsIh3iiGLqc=
Subject key identifier:   3B:2C:D9:C6:CF:E1:55:82:96:D5:C6:09:9A:70:11:BB:95:83:E4:F5
Certificate issuer:       /CN=f826ffe96cdc41efaa8bfb3125862d6594be9827
Certificate serial:       0194228E3DB5663B2C7280092C02DDFF1596
Authority key identifier: F8:26:FF:E9:6C:DC:41:EF:AA:8B:FB:31:25:86:2D:65:94:BE:98:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-Cb_6WzcQe-qi_sxJYYtZZS-mCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6f6826-1aad-4c3c-bd91-cca37e2f2729/1/OyzZxs_hVYKW1cYJmnARu5WD5PU.roa
Signing time:             Wed 01 Jan 2025 15:48:54 +0000
ROA not before:           Wed 01 Jan 2025 15:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        134.76.0.0/16 maxlen: 16
                          195.12.38.0/24 maxlen: 24
                          2a06:93c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/6f6826-1aad-4c3c-bd91-cca37e2f2729/1/1-Cb_6WzcQe-qi_sxJYYtZZS-mCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/6f6826-1aad-4c3c-bd91-cca37e2f2729/1/1-Cb_6WzcQe-qi_sxJYYtZZS-mCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-Cb_6WzcQe-qi_sxJYYtZZS-mCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 03:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:3d:b5:66:3b:2c:72:80:09:2c:02:dd:ff:15:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f826ffe96cdc41efaa8bfb3125862d6594be9827
        Validity
            Not Before: Jan  1 15:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b2cd9c6cfe1558296d5c6099a7011bb9583e4f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:96:1f:40:8f:2c:04:b7:3b:2c:12:ee:61:a0:
                    39:4e:fb:3e:c6:89:45:5b:b0:a1:f0:d0:23:d3:7f:
                    23:8f:ec:c7:d9:6c:6d:46:3e:65:56:b9:e9:18:53:
                    f2:04:cc:79:c0:9b:86:e4:51:5f:9f:99:96:66:10:
                    9d:3c:5f:28:64:f5:e3:00:f2:b7:3a:ce:de:94:f2:
                    92:70:94:1d:39:70:a6:ae:8d:ef:0a:1d:02:c5:a3:
                    35:7a:c1:7b:9d:67:f5:c3:81:28:50:b0:f9:12:d3:
                    c1:da:9a:3d:5b:56:41:c9:9c:56:08:09:4b:57:86:
                    19:af:6e:40:b4:e5:73:10:33:a1:09:09:8d:d9:89:
                    29:d9:f8:46:fc:d5:fc:d8:d7:e7:83:c6:f7:f7:04:
                    72:14:59:f9:6e:c1:3d:53:6a:2a:90:18:55:57:05:
                    03:54:01:d8:ae:50:2e:84:ee:87:b6:32:a7:d5:0f:
                    2f:ca:1c:37:72:56:e9:f9:cf:21:c6:d8:74:0b:b7:
                    9c:f3:5c:e4:f1:da:51:ca:9e:b4:30:d2:f5:e0:92:
                    0f:a4:ec:79:ff:15:92:09:e6:48:ab:c6:74:5a:3e:
                    33:6d:fa:a2:67:89:bd:c1:62:fc:62:b1:16:97:f5:
                    a2:b6:8e:e5:d0:b9:cc:1a:aa:2e:ae:a7:a3:9f:09:
                    d2:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:2C:D9:C6:CF:E1:55:82:96:D5:C6:09:9A:70:11:BB:95:83:E4:F5
            X509v3 Authority Key Identifier:
                keyid:F8:26:FF:E9:6C:DC:41:EF:AA:8B:FB:31:25:86:2D:65:94:BE:98:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-Cb_6WzcQe-qi_sxJYYtZZS-mCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6f6826-1aad-4c3c-bd91-cca37e2f2729/1/OyzZxs_hVYKW1cYJmnARu5WD5PU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6f6826-1aad-4c3c-bd91-cca37e2f2729/1/1-Cb_6WzcQe-qi_sxJYYtZZS-mCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.76.0.0/16
                  195.12.38.0/24
                IPv6:
                  2a06:93c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         65:8a:8f:4c:1b:f0:d8:d5:6d:51:45:2e:d3:1d:a1:e0:aa:ba:
         c0:be:77:04:7e:8d:f0:43:96:3d:4b:4c:e9:17:45:92:96:b0:
         b5:3d:b6:17:c0:87:b9:8f:98:7e:59:ba:e6:b1:c9:74:93:00:
         f3:56:dd:74:c3:d6:ac:19:a1:d2:0b:74:28:9a:17:94:dd:77:
         64:57:3e:00:d7:c9:5e:f4:04:7c:05:48:f1:04:8c:41:74:ab:
         c1:f9:95:64:44:30:40:73:a6:b9:72:e3:32:aa:05:f0:27:32:
         01:1e:5e:db:fe:73:bc:7c:8d:2e:39:8b:d3:b2:d3:a2:ae:68:
         e8:78:22:34:83:d0:ec:2f:20:44:c5:d1:2e:2c:ca:4b:6c:49:
         d7:a1:1a:04:d8:89:e6:cc:f0:e3:f1:e8:e7:9b:e4:45:db:22:
         db:60:5f:cb:f2:ba:0c:80:b1:32:62:55:d7:0b:82:74:ec:51:
         ed:19:b1:08:88:c3:33:dc:52:85:24:76:7a:0b:95:0c:bb:b6:
         4b:75:ab:63:9c:1d:a0:d0:f7:32:cf:2a:f6:41:da:2b:d4:ea:
         85:d0:ac:cb:df:f7:12:1b:3b:60:5f:43:dc:11:81:26:2b:7d:
         e0:90:f0:23:8a:34:9b:a5:fb:11:17:70:a1:dc:f4:70:3d:e3:
         8c:29:e8:fc
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZQijj21ZjsscoAJLALd/xWWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MjZmZmU5NmNkYzQxZWZhYThiZmIzMTI1ODYyZDY1OTRi
ZTk4MjcwHhcNMjUwMTAxMTU0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjJjZDljNmNmZTE1NTgyOTZkNWM2MDk5YTcwMTFiYjk1ODNlNGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA35YfQI8sBLc7LBLuYaA5Tvs+xolF
W7Ch8NAj038jj+zH2WxtRj5lVrnpGFPyBMx5wJuG5FFfn5mWZhCdPF8oZPXjAPK3
Os7elPKScJQdOXCmro3vCh0CxaM1esF7nWf1w4EoULD5EtPB2po9W1ZByZxWCAlL
V4YZr25AtOVzEDOhCQmN2Ykp2fhG/NX82Nfng8b39wRyFFn5bsE9U2oqkBhVVwUD
VAHYrlAuhO6HtjKn1Q8vyhw3clbp+c8hxth0C7ec81zk8dpRyp60MNL14JIPpOx5
/xWSCeZIq8Z0Wj4zbfqiZ4m9wWL8YrEWl/Wito7l0LnMGqourqejnwnSiwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFDss2cbP4VWCltXGCZpwEbuVg+T1MB8GA1UdIwQY
MBaAFPgm/+ls3EHvqov7MSWGLWWUvpgnMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1DYl82V3pjUWUtcWlfc3hKWVl0WlpTLW1DYy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjIvNmY2ODI2LTFhYWQtNGMzYy1iZDkx
LWNjYTM3ZTJmMjcyOS8xL095elp4c19oVllLVzFjWUptbkFSdTVXRDVQVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjIvNmY2ODI2LTFhYWQtNGMzYy1iZDkxLWNjYTM3ZTJmMjcy
OS8xLzEtQ2JfNld6Y1FlLXFpX3N4SllZdFpaUy1tQ2MuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMwYIKwYBBQUHAQcBAf8EJDAiMBEEAgABMAsDAwCGTAME
AMMMJjANBAIAAjAHAwUDKgaTwDANBgkqhkiG9w0BAQsFAAOCAQEAZYqPTBvw2NVt
UUUu0x2h4Kq6wL53BH6N8EOWPUtM6RdFkpawtT22F8CHuY+Yflm65rHJdJMA81bd
dMPWrBmh0gt0KJoXlN13ZFc+ANfJXvQEfAVI8QSMQXSrwfmVZEQwQHOmuXLjMqoF
8CcyAR5e2/5zvHyNLjmL07LToq5o6HgiNIPQ7C8gRMXRLizKS2xJ16EaBNiJ5szw
4/Ho55vkRdsi22Bfy/K6DICxMmJV1wuCdOxR7RmxCIjDM9xShSR2eguVDLu2S3Wr
Y5wdoND3Ms8q9kHaK9TqhdCsy9/3Ehs7YF9D3BGBJit94JDwI4o0m6X7ERdwodz0
cD3jjCno/A==
-----END CERTIFICATE-----