Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/OEhtadn0DUNS84bfQrg1WlzSzCQ.roa
File:                     OEhtadn0DUNS84bfQrg1WlzSzCQ.roa (raw, json)
Hash identifier:          HF+3GH/+d8FVR6v6MNdyNa599Q4jMft4g5RBqFNqn7s=
Subject key identifier:   38:48:6D:69:D9:F4:0D:43:52:F3:86:DF:42:B8:35:5A:5C:D2:CC:24
Certificate issuer:       /CN=7c29c2f5723f29ec5e0e793e73ab55b8a1c86ba9
Certificate serial:       01942747833A5D95304F38729F05CD7E51FB
Authority key identifier: 7C:29:C2:F5:72:3F:29:EC:5E:0E:79:3E:73:AB:55:B8:A1:C8:6B:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fCnC9XI_KexeDnk-c6tVuKHIa6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/OEhtadn0DUNS84bfQrg1WlzSzCQ.roa
Signing time:             Thu 02 Jan 2025 13:49:45 +0000
ROA not before:           Thu 02 Jan 2025 13:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48610
IP address blocks:        176.97.194.0/24 maxlen: 24
                          2a13:8e40::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/fCnC9XI_KexeDnk-c6tVuKHIa6k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/fCnC9XI_KexeDnk-c6tVuKHIa6k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fCnC9XI_KexeDnk-c6tVuKHIa6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 22:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:83:3a:5d:95:30:4f:38:72:9f:05:cd:7e:51:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c29c2f5723f29ec5e0e793e73ab55b8a1c86ba9
        Validity
            Not Before: Jan  2 13:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38486d69d9f40d4352f386df42b8355a5cd2cc24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:bb:23:d9:10:fa:43:f3:06:12:59:fc:50:44:
                    37:5c:df:ee:23:8b:fe:d7:43:61:88:cd:c2:0b:b4:
                    d6:02:19:ef:17:26:a1:f5:d7:ea:83:81:eb:a7:39:
                    14:ba:9d:ac:ec:69:e7:96:b0:a0:ea:cf:2a:3b:f8:
                    72:e7:06:50:02:ed:18:50:6b:5a:3e:54:04:46:17:
                    97:a5:2d:e8:33:70:0d:44:ae:a8:36:4e:aa:95:be:
                    3f:2e:ea:58:40:69:52:44:41:5d:d0:33:f4:59:a0:
                    a5:e9:5c:a1:9f:e8:b4:a7:d4:08:4b:13:e5:26:11:
                    60:27:5a:86:8c:fb:e8:e9:20:be:af:28:85:fb:45:
                    2d:11:f7:60:72:f7:e0:11:8d:dd:81:0b:85:82:95:
                    a1:ec:f2:71:b0:8e:c5:4f:7c:75:37:6f:bd:77:f4:
                    b4:c6:9a:5a:d0:a1:04:3c:6c:13:b0:0f:a9:24:a5:
                    e6:6b:98:a7:09:34:54:44:f2:16:7f:de:5a:2d:aa:
                    23:7c:e7:30:b2:98:06:7b:f3:24:a3:bb:31:75:64:
                    32:10:f7:9a:24:24:1d:c1:1b:11:58:66:e1:95:e1:
                    54:a3:cc:80:75:33:99:6a:cb:89:51:89:6f:5e:c0:
                    c9:71:62:1b:f9:d7:59:7c:cf:bb:87:ee:db:5b:20:
                    d2:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:48:6D:69:D9:F4:0D:43:52:F3:86:DF:42:B8:35:5A:5C:D2:CC:24
            X509v3 Authority Key Identifier:
                keyid:7C:29:C2:F5:72:3F:29:EC:5E:0E:79:3E:73:AB:55:B8:A1:C8:6B:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fCnC9XI_KexeDnk-c6tVuKHIa6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/OEhtadn0DUNS84bfQrg1WlzSzCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/fCnC9XI_KexeDnk-c6tVuKHIa6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.97.194.0/24
                IPv6:
                  2a13:8e40::/36

    Signature Algorithm: sha256WithRSAEncryption
         87:36:37:0c:5a:e4:b1:ea:e8:68:54:46:42:16:f0:ca:a0:ba:
         58:44:61:5c:17:02:dc:85:ad:21:06:de:eb:3d:75:04:a5:da:
         ca:f6:33:3c:1e:0b:4d:98:03:5e:11:6a:45:d4:23:4e:5a:31:
         6f:a3:19:1d:24:c0:49:f1:e2:ee:c5:6a:a0:dd:1a:f6:7d:f1:
         80:2b:89:d4:63:dd:50:d8:04:97:c1:87:37:b5:90:c6:28:0d:
         8d:d4:19:e9:d3:ed:67:1d:7a:5a:37:89:5d:a8:24:f9:36:3a:
         25:5e:3c:9f:16:09:19:05:a6:82:03:12:ab:e5:26:4f:3e:95:
         b9:42:c6:48:58:c4:5e:f1:44:b9:20:f7:91:9a:fa:2b:51:e2:
         ca:8b:06:3b:57:e5:10:71:bb:f9:0e:03:7a:a2:b0:48:ad:dc:
         d8:6d:93:4d:41:13:a2:97:ac:cb:a0:4e:51:d7:db:48:7d:3a:
         14:67:27:d1:eb:7c:c0:47:16:b8:d0:57:69:d1:c7:c9:7d:8c:
         54:ae:fd:03:ad:f0:c8:09:b0:f1:fd:40:9e:2b:86:77:26:86:
         5a:aa:fb:f3:bb:39:15:66:28:9a:d7:e8:81:fe:8e:4b:58:be:
         d6:8e:7c:4a:a3:43:13:70:ce:ed:97:67:f4:d9:df:30:b0:d9:
         8c:34:62:d8
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQnR4M6XZUwTzhynwXNflH7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjMjljMmY1NzIzZjI5ZWM1ZTBlNzkzZTczYWI1NWI4YTFj
ODZiYTkwHhcNMjUwMTAyMTM0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODQ4NmQ2OWQ5ZjQwZDQzNTJmMzg2ZGY0MmI4MzU1YTVjZDJjYzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLsj2RD6Q/MGEln8UEQ3XN/uI4v+
10NhiM3CC7TWAhnvFyah9dfqg4HrpzkUup2s7GnnlrCg6s8qO/hy5wZQAu0YUGta
PlQERheXpS3oM3ANRK6oNk6qlb4/LupYQGlSREFd0DP0WaCl6Vyhn+i0p9QISxPl
JhFgJ1qGjPvo6SC+ryiF+0UtEfdgcvfgEY3dgQuFgpWh7PJxsI7FT3x1N2+9d/S0
xppa0KEEPGwTsA+pJKXma5inCTRURPIWf95aLaojfOcwspgGe/Mko7sxdWQyEPea
JCQdwRsRWGbhleFUo8yAdTOZasuJUYlvXsDJcWIb+ddZfM+7h+7bWyDSswIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFDhIbWnZ9A1DUvOG30K4NVpc0swkMB8GA1UdIwQY
MBaAFHwpwvVyPynsXg55PnOrVbihyGupMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkNuQzlYSV9LZXhlRG5rLWM2dFZ1S0hJYTZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9kOTlmYWMtMzVkYy00ZjJjLThmOTUt
ZjE5NTIyM2QwM2IzLzEvT0VodGFkbjBEVU5TODRiZlFyZzFXbHpTekNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9kOTlmYWMtMzVkYy00ZjJjLThmOTUtZjE5NTIyM2QwM2Iz
LzEvZkNuQzlYSV9LZXhlRG5rLWM2dFZ1S0hJYTZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAsGHCMA4E
AgACMAgDBgQqE45AADANBgkqhkiG9w0BAQsFAAOCAQEAhzY3DFrkseroaFRGQhbw
yqC6WERhXBcC3IWtIQbe6z11BKXayvYzPB4LTZgDXhFqRdQjTloxb6MZHSTASfHi
7sVqoN0a9n3xgCuJ1GPdUNgEl8GHN7WQxigNjdQZ6dPtZx16WjeJXagk+TY6JV48
nxYJGQWmggMSq+UmTz6VuULGSFjEXvFEuSD3kZr6K1HiyosGO1flEHG7+Q4DeqKw
SK3c2G2TTUETopesy6BOUdfbSH06FGcn0et8wEcWuNBXadHHyX2MVK79A63wyAmw
8f1AniuGdyaGWqr787s5FWYomtfogf6OS1i+1o58SqNDE3DO7Zdn9NnfMLDZjDRi
2A==
-----END CERTIFICATE-----