Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/oLt7xT_rHP-Hxh3lUeggtdVEvTs.roa
File:                     oLt7xT_rHP-Hxh3lUeggtdVEvTs.roa (raw, json)
Hash identifier:          hblIrYC6F95+wg2sH5P/uCfjsNRvIhmQ2s3oU6U1S/g=
Subject key identifier:   A0:BB:7B:C5:3F:EB:1C:FF:87:C6:1D:E5:51:E8:20:B5:D5:44:BD:3B
Certificate issuer:       /CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
Certificate serial:       019426D9547DB0F5C5DD121A0092B8461CD3
Authority key identifier: CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/oLt7xT_rHP-Hxh3lUeggtdVEvTs.roa
Signing time:             Thu 02 Jan 2025 11:49:24 +0000
ROA not before:           Thu 02 Jan 2025 11:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212333
IP address blocks:        92.255.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:54:7d:b0:f5:c5:dd:12:1a:00:92:b8:46:1c:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
        Validity
            Not Before: Jan  2 11:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a0bb7bc53feb1cff87c61de551e820b5d544bd3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:58:9c:ce:f5:6b:1d:3e:e5:09:19:7d:98:06:
                    6d:72:f8:77:66:69:90:65:f1:4b:03:5e:77:74:58:
                    5c:4b:f6:3d:da:ea:1f:b6:88:3b:d9:a3:d1:d5:6d:
                    92:f1:2d:dc:21:6e:76:1a:a7:33:a0:3c:79:d2:74:
                    61:c8:fc:d1:f2:db:53:3d:b6:e3:2a:69:63:12:e5:
                    b3:dd:bd:75:24:35:22:20:09:51:bb:99:11:85:b1:
                    11:d4:3b:09:9f:48:4b:31:ff:cb:84:a0:f4:0a:28:
                    af:c7:81:f7:4a:ee:03:11:3d:b8:98:d3:d1:d4:a2:
                    e8:ea:b9:72:91:90:35:aa:49:cd:18:24:bd:6b:5e:
                    4b:61:56:6e:50:3a:e7:e1:77:cc:27:a3:7f:aa:89:
                    e4:6c:74:7f:8a:f0:47:ed:65:2b:71:a8:03:3d:e0:
                    29:6e:05:75:af:5e:b3:f4:26:00:e2:23:b8:76:7b:
                    4e:af:45:dd:f6:82:77:f1:16:2c:db:9b:31:28:81:
                    ea:5a:67:2e:87:28:6a:97:7b:88:ce:c5:d1:8a:0a:
                    82:31:57:eb:b2:27:c1:d6:31:3a:dc:e7:18:bb:86:
                    2e:82:35:c7:dd:50:67:61:ea:08:18:01:8c:5f:4e:
                    73:d2:e2:bf:a3:11:a1:93:38:41:d5:25:83:57:6d:
                    10:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:BB:7B:C5:3F:EB:1C:FF:87:C6:1D:E5:51:E8:20:B5:D5:44:BD:3B
            X509v3 Authority Key Identifier:
                keyid:CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/oLt7xT_rHP-Hxh3lUeggtdVEvTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.255.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:f4:cc:75:0e:01:2e:e1:ed:90:99:ee:38:ab:7c:04:6a:f1:
         7a:ee:fb:37:4d:4a:55:e6:50:7c:3c:4d:7d:d2:1c:35:2d:ba:
         2f:ca:93:80:37:75:ca:9e:b2:c1:64:82:9d:eb:e0:16:f3:8c:
         2f:83:53:79:d4:23:37:43:d1:c6:4a:e7:c8:82:f6:3f:55:59:
         74:00:8f:56:ca:46:b9:5c:80:0b:1b:fd:ba:30:9c:0b:19:05:
         ef:06:c1:90:ce:67:7d:98:63:9a:1e:a1:59:9a:09:c9:0c:27:
         d1:1b:d3:93:d0:b1:f2:84:f6:fc:ab:4f:ef:47:17:f3:47:3e:
         f8:23:c0:d3:34:20:68:d5:c2:33:e3:b1:a2:22:2e:24:d5:5a:
         7b:fc:1a:c8:2f:c3:91:b9:32:04:66:c9:c6:4e:67:99:1e:38:
         df:d5:03:ae:30:74:dc:e3:df:02:92:e7:a2:a9:c8:41:24:4a:
         4b:55:e6:56:be:19:d9:5c:d2:1e:65:68:52:99:66:7d:b4:e3:
         c4:76:40:8d:25:f2:37:07:7a:9a:6a:93:8e:94:ff:00:2e:53:
         92:40:c6:1f:7a:96:43:4d:88:a2:43:43:8d:71:44:01:3e:ad:
         86:1e:98:86:58:ff:a1:52:80:55:d7:af:64:55:cf:15:29:29:
         75:e9:bf:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2VR9sPXF3RIaAJK4RhzTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkODMxM2U0MWU2NDZhMDljZDAxZTJlNmY0NzM5ZDNiZDIz
NmM0ZmYwHhcNMjUwMTAyMTE0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGJiN2JjNTNmZWIxY2ZmODdjNjFkZTU1MWU4MjBiNWQ1NDRiZDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFiczvVrHT7lCRl9mAZtcvh3ZmmQ
ZfFLA153dFhcS/Y92uoftog72aPR1W2S8S3cIW52GqczoDx50nRhyPzR8ttTPbbj
KmljEuWz3b11JDUiIAlRu5kRhbER1DsJn0hLMf/LhKD0Ciivx4H3Su4DET24mNPR
1KLo6rlykZA1qknNGCS9a15LYVZuUDrn4XfMJ6N/qonkbHR/ivBH7WUrcagDPeAp
bgV1r16z9CYA4iO4dntOr0Xd9oJ38RYs25sxKIHqWmcuhyhql3uIzsXRigqCMVfr
sifB1jE63OcYu4YugjXH3VBnYeoIGAGMX05z0uK/oxGhkzhB1SWDV20QvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKC7e8U/6xz/h8Yd5VHoILXVRL07MB8GA1UdIwQY
MBaAFM2DE+QeZGoJzQHi5vRznTvSNsT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQt
ODg2MmI1MTczMTdjLzEvb0x0N3hUX3JIUC1IeGgzbFVlZ2d0ZFZFdlRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQtODg2MmI1MTczMTdj
LzEvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXP8rMA0G
CSqGSIb3DQEBCwUAA4IBAQB39Mx1DgEu4e2Qme44q3wEavF67vs3TUpV5lB8PE19
0hw1LbovypOAN3XKnrLBZIKd6+AW84wvg1N51CM3Q9HGSufIgvY/VVl0AI9Wyka5
XIALG/26MJwLGQXvBsGQzmd9mGOaHqFZmgnJDCfRG9OT0LHyhPb8q0/vRxfzRz74
I8DTNCBo1cIz47GiIi4k1Vp7/BrIL8ORuTIEZsnGTmeZHjjf1QOuMHTc498Ckuei
qchBJEpLVeZWvhnZXNIeZWhSmWZ9tOPEdkCNJfI3B3qaapOOlP8ALlOSQMYfepZD
TYiiQ0ONcUQBPq2GHpiGWP+hUoBV169kVc8VKSl16b+C
-----END CERTIFICATE-----