Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1564-3466-4732-83bd-b90d974e5fb5/1/OvOurKu8T2ws1g_rbUDf-nmHO_k.roa
File:                     OvOurKu8T2ws1g_rbUDf-nmHO_k.roa (raw, json)
Hash identifier:          il6P6mcaD6j7wpNIC2MuV0ZyXgmG33aNWz7qa9/JNHg=
Subject key identifier:   3A:F3:AE:AC:AB:BC:4F:6C:2C:D6:0F:EB:6D:40:DF:FA:79:87:3B:F9
Certificate issuer:       /CN=644ca1f90518d4253f325947d7f32db78721647c
Certificate serial:       0196F307749C88498A27BC2C3D9C7FE38633
Authority key identifier: 64:4C:A1:F9:05:18:D4:25:3F:32:59:47:D7:F3:2D:B7:87:21:64:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZEyh-QUY1CU_MllH1_Mtt4chZHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1564-3466-4732-83bd-b90d974e5fb5/1/OvOurKu8T2ws1g_rbUDf-nmHO_k.roa
Signing time:             Wed 21 May 2025 13:27:54 +0000
ROA not before:           Wed 21 May 2025 13:27:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47292
IP address blocks:        185.245.48.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1564-3466-4732-83bd-b90d974e5fb5/1/ZEyh-QUY1CU_MllH1_Mtt4chZHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1564-3466-4732-83bd-b90d974e5fb5/1/ZEyh-QUY1CU_MllH1_Mtt4chZHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZEyh-QUY1CU_MllH1_Mtt4chZHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 13:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f3:07:74:9c:88:49:8a:27:bc:2c:3d:9c:7f:e3:86:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=644ca1f90518d4253f325947d7f32db78721647c
        Validity
            Not Before: May 21 13:27:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3af3aeacabbc4f6c2cd60feb6d40dffa79873bf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:16:9d:53:7f:de:27:a8:31:a0:0b:39:6e:f0:
                    0c:b1:60:ea:ad:b1:2a:53:81:d0:c9:6b:97:8e:4b:
                    39:1a:ac:58:e5:38:5b:ac:5d:b1:0d:44:f3:4e:fa:
                    9f:02:b2:5e:64:fa:a5:b5:13:71:69:ed:23:2b:27:
                    40:6d:1c:80:f6:12:3e:36:e4:c6:b0:2f:87:30:40:
                    8b:cf:bd:51:cc:57:5c:32:5c:ec:8c:1d:15:c9:62:
                    4c:29:84:d4:0a:0c:50:a3:92:b0:db:4d:ec:e0:7b:
                    9b:1b:9d:05:0f:cb:22:ad:79:9b:e2:3f:ec:ef:c4:
                    32:67:7d:12:89:ac:a6:c9:97:15:16:b0:74:5c:8d:
                    c7:23:4d:a9:47:48:d4:21:01:29:12:21:64:b8:13:
                    60:20:35:48:fe:5e:32:f3:56:39:44:e6:08:38:1b:
                    9c:14:00:c5:9a:70:09:a8:73:0c:8c:d3:9f:42:fa:
                    b8:e7:a0:10:7a:87:6b:8d:89:5f:04:89:34:f5:c3:
                    fa:ac:c6:fa:c1:f8:0e:7b:b6:33:5b:52:49:13:d7:
                    61:2e:c8:91:26:72:df:09:6a:52:d6:64:8e:b2:dd:
                    71:05:d5:7e:cd:b3:66:f6:f2:f8:f6:84:b6:4a:53:
                    57:73:e6:7c:05:b6:7d:63:5b:db:a0:d9:75:30:15:
                    22:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:F3:AE:AC:AB:BC:4F:6C:2C:D6:0F:EB:6D:40:DF:FA:79:87:3B:F9
            X509v3 Authority Key Identifier:
                keyid:64:4C:A1:F9:05:18:D4:25:3F:32:59:47:D7:F3:2D:B7:87:21:64:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZEyh-QUY1CU_MllH1_Mtt4chZHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1564-3466-4732-83bd-b90d974e5fb5/1/OvOurKu8T2ws1g_rbUDf-nmHO_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1564-3466-4732-83bd-b90d974e5fb5/1/ZEyh-QUY1CU_MllH1_Mtt4chZHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b6:88:82:3b:2c:6e:45:64:24:56:15:66:30:75:41:49:96:49:
         bf:d3:52:e6:73:f3:c8:70:9b:c8:fa:ab:d9:53:49:4b:09:d0:
         cf:37:f3:89:3c:63:77:7b:a4:35:48:5d:e7:75:60:7d:ca:5e:
         ac:90:5a:84:1e:af:c9:d2:51:22:13:79:c6:9b:15:0c:46:c7:
         e5:d7:e8:e9:18:d8:01:1f:84:26:a1:2b:af:f4:57:97:e8:67:
         56:4c:20:e7:22:ed:8c:1d:96:ae:c7:28:2b:e4:0a:46:0f:d5:
         43:19:d1:18:ae:58:12:0e:3e:75:75:8b:04:b8:bd:42:ea:a6:
         ab:5b:18:16:2f:ac:04:be:c5:e2:92:b7:6e:ad:8d:2a:a0:11:
         95:c8:0b:fe:8b:f3:c4:7b:84:6b:ec:39:f3:68:32:27:50:8e:
         40:06:01:f8:e9:3f:48:72:fa:14:cc:ea:55:79:74:cf:82:b9:
         8c:a0:4b:bd:67:d1:ce:65:57:5b:26:78:90:4c:21:e4:ad:75:
         d8:db:08:5a:59:54:58:5a:51:e8:ca:98:98:53:81:f5:c1:5c:
         cb:ec:b6:2d:f7:25:59:39:63:95:d4:a5:66:ea:70:a4:54:15:
         c4:77:e4:23:cc:d2:1b:d9:9f:83:ce:db:97:a0:df:5c:1f:e6:
         19:81:b5:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbzB3SciEmKJ7wsPZx/44YzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0NGNhMWY5MDUxOGQ0MjUzZjMyNTk0N2Q3ZjMyZGI3ODcy
MTY0N2MwHhcNMjUwNTIxMTMyNzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWYzYWVhY2FiYmM0ZjZjMmNkNjBmZWI2ZDQwZGZmYTc5ODczYmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBadU3/eJ6gxoAs5bvAMsWDqrbEq
U4HQyWuXjks5GqxY5ThbrF2xDUTzTvqfArJeZPqltRNxae0jKydAbRyA9hI+NuTG
sC+HMECLz71RzFdcMlzsjB0VyWJMKYTUCgxQo5Kw203s4HubG50FD8sirXmb4j/s
78QyZ30SiaymyZcVFrB0XI3HI02pR0jUIQEpEiFkuBNgIDVI/l4y81Y5ROYIOBuc
FADFmnAJqHMMjNOfQvq456AQeodrjYlfBIk09cP6rMb6wfgOe7YzW1JJE9dhLsiR
JnLfCWpS1mSOst1xBdV+zbNm9vL49oS2SlNXc+Z8BbZ9Y1vboNl1MBUizQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDrzrqyrvE9sLNYP621A3/p5hzv5MB8GA1UdIwQY
MBaAFGRMofkFGNQlPzJZR9fzLbeHIWR8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkV5aC1RVVkxQ1VfTWxsSDFfTXR0NGNoWkh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE1NjQtMzQ2Ni00NzMyLTgzYmQt
YjkwZDk3NGU1ZmI1LzEvT3ZPdXJLdThUMndzMWdfcmJVRGYtbm1IT19rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE1NjQtMzQ2Ni00NzMyLTgzYmQtYjkwZDk3NGU1ZmI1
LzEvWkV5aC1RVVkxQ1VfTWxsSDFfTXR0NGNoWkh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufUwMA0G
CSqGSIb3DQEBCwUAA4IBAQC2iII7LG5FZCRWFWYwdUFJlkm/01Lmc/PIcJvI+qvZ
U0lLCdDPN/OJPGN3e6Q1SF3ndWB9yl6skFqEHq/J0lEiE3nGmxUMRsfl1+jpGNgB
H4QmoSuv9FeX6GdWTCDnIu2MHZauxygr5ApGD9VDGdEYrlgSDj51dYsEuL1C6qar
WxgWL6wEvsXikrdurY0qoBGVyAv+i/PEe4Rr7DnzaDInUI5ABgH46T9IcvoUzOpV
eXTPgrmMoEu9Z9HOZVdbJniQTCHkrXXY2whaWVRYWlHoypiYU4H1wVzL7LYt9yVZ
OWOV1KVm6nCkVBXEd+QjzNIb2Z+DztuXoN9cH+YZgbWT
-----END CERTIFICATE-----