Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/OCl4O_g8kh_MMdyOLYMnZrJN_o0.roa
File:                     OCl4O_g8kh_MMdyOLYMnZrJN_o0.roa (raw, json)
Hash identifier:          i1wR3mlRtlouSF3tMzR6qf6WRAKsPfUQiKuxrhK0qNU=
Subject key identifier:   38:29:78:3B:F8:3C:92:1F:CC:31:DC:8E:2D:83:27:66:B2:4D:FE:8D
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       0195ABE0C724A79E1307A12906F1A03D1C8B
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/OCl4O_g8kh_MMdyOLYMnZrJN_o0.roa
Signing time:             Wed 19 Mar 2025 00:49:49 +0000
ROA not before:           Wed 19 Mar 2025 00:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395374
IP address blocks:        188.241.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 09:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ab:e0:c7:24:a7:9e:13:07:a1:29:06:f1:a0:3d:1c:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Mar 19 00:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3829783bf83c921fcc31dc8e2d832766b24dfe8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:e9:ad:1a:88:ff:b8:53:1d:b0:31:21:f6:e6:
                    ce:5f:c4:b3:03:b8:47:c1:66:bf:65:db:07:4b:95:
                    23:3a:c9:bb:74:1a:5b:a8:13:48:bf:cb:99:b9:82:
                    d3:e9:4b:c9:64:2f:da:82:e3:70:a9:53:10:df:73:
                    b5:1d:3d:0d:d9:80:4e:ed:33:b0:1a:1f:e2:57:6a:
                    1a:f6:ac:5b:a3:7a:5f:21:7d:39:f8:05:26:4c:5b:
                    69:a6:10:ec:2b:b9:03:61:5a:b6:1f:c1:85:36:84:
                    1b:ba:7e:9d:03:78:42:19:6e:0c:42:11:06:b8:35:
                    9c:4e:6b:e8:22:31:28:a9:74:c4:76:c4:f3:82:05:
                    df:25:97:2f:97:be:14:12:5b:95:b7:d6:37:8c:ca:
                    6d:f0:67:32:db:00:79:b7:ac:db:5f:d1:84:6c:49:
                    73:3a:58:25:4e:25:97:9d:62:c1:22:1e:65:7b:f5:
                    c1:50:2d:d0:84:84:d5:0f:9d:c6:d1:50:59:81:22:
                    af:31:1d:8f:8e:a6:56:46:a4:54:0e:a4:0f:5d:ff:
                    79:9a:23:75:67:0a:ef:fa:d6:bc:7d:7f:3a:cb:10:
                    6f:39:cd:32:53:43:57:18:a0:8b:96:c3:56:7d:39:
                    71:a0:69:d5:ac:80:1c:78:19:10:3e:e9:33:86:cb:
                    f8:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:29:78:3B:F8:3C:92:1F:CC:31:DC:8E:2D:83:27:66:B2:4D:FE:8D
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/OCl4O_g8kh_MMdyOLYMnZrJN_o0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.241.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:13:75:fc:fb:7c:ab:10:de:64:d8:10:0d:5b:64:a9:b9:e5:
         44:9a:df:10:b0:44:b5:0e:63:f1:b7:72:8d:7e:34:7b:3b:79:
         20:81:80:af:79:6a:f2:1e:03:c2:01:a5:57:08:6b:d4:a0:48:
         71:c8:00:ae:f4:5d:92:2b:ad:6d:ed:c1:f4:8b:17:f1:6f:83:
         77:17:09:86:be:19:8c:e3:9e:72:7e:08:e7:9e:5b:24:22:a6:
         69:fb:b4:bd:f6:4d:3e:eb:a4:1f:f9:e0:fd:92:4d:c4:ed:ac:
         61:54:c5:cc:32:6c:3a:15:e7:96:bc:ff:73:f0:63:a6:89:13:
         dc:9c:12:3e:79:97:84:86:c1:58:a0:22:c9:d1:37:0f:ae:ed:
         ab:a2:9c:33:86:0a:73:d0:d9:24:ed:87:dd:71:4f:b7:88:46:
         16:5c:9b:f2:b1:26:bf:4c:a5:47:f8:bc:10:17:21:ac:7b:66:
         88:ab:e3:78:34:00:59:41:bf:0b:94:eb:f5:4d:3b:84:24:ed:
         13:e6:cd:c9:03:0d:dd:55:bb:6f:55:d0:6e:0d:09:2a:75:74:
         ea:15:3a:f0:f5:a8:87:55:c6:70:30:9b:b7:c2:d5:90:f9:4b:
         01:ef:e8:3e:32:ba:a4:d7:5c:02:db:99:91:09:8b:60:73:45:
         6b:77:b0:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWr4Mckp54TB6EpBvGgPRyLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUwMzE5MDA0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODI5NzgzYmY4M2M5MjFmY2MzMWRjOGUyZDgzMjc2NmIyNGRmZThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+mtGoj/uFMdsDEh9ubOX8SzA7hH
wWa/ZdsHS5UjOsm7dBpbqBNIv8uZuYLT6UvJZC/aguNwqVMQ33O1HT0N2YBO7TOw
Gh/iV2oa9qxbo3pfIX05+AUmTFtpphDsK7kDYVq2H8GFNoQbun6dA3hCGW4MQhEG
uDWcTmvoIjEoqXTEdsTzggXfJZcvl74UEluVt9Y3jMpt8Gcy2wB5t6zbX9GEbElz
OlglTiWXnWLBIh5le/XBUC3QhITVD53G0VBZgSKvMR2PjqZWRqRUDqQPXf95miN1
Zwrv+ta8fX86yxBvOc0yU0NXGKCLlsNWfTlxoGnVrIAceBkQPukzhsv4QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDgpeDv4PJIfzDHcji2DJ2ayTf6NMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvT0NsNE9fZzhraF9NTWR5T0xZTW5ackpOX28wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvPHAMA0G
CSqGSIb3DQEBCwUAA4IBAQB5E3X8+3yrEN5k2BANW2SpueVEmt8QsES1DmPxt3KN
fjR7O3kggYCveWryHgPCAaVXCGvUoEhxyACu9F2SK61t7cH0ixfxb4N3FwmGvhmM
455yfgjnnlskIqZp+7S99k0+66Qf+eD9kk3E7axhVMXMMmw6FeeWvP9z8GOmiRPc
nBI+eZeEhsFYoCLJ0TcPru2ropwzhgpz0Nkk7YfdcU+3iEYWXJvysSa/TKVH+LwQ
FyGse2aIq+N4NABZQb8LlOv1TTuEJO0T5s3JAw3dVbtvVdBuDQkqdXTqFTrw9aiH
VcZwMJu3wtWQ+UsB7+g+Mrqk11wC25mRCYtgc0Vrd7Cn
-----END CERTIFICATE-----