Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/e66f01-1d9d-4513-956a-f96bfb04e645/1/OYSQ0B4bWIaFBDGeUbIro8GjNIM.roa
File:                     OYSQ0B4bWIaFBDGeUbIro8GjNIM.roa (raw, json)
Hash identifier:          ArDmycoBPumVopAcq7qMWyEpeGKW74OE/HKNZi11EfI=
Subject key identifier:   39:84:90:D0:1E:1B:58:86:85:04:31:9E:51:B2:2B:A3:C1:A3:34:83
Certificate issuer:       /CN=65cd7803f41fe499e800664e0aacadee19b66d9d
Certificate serial:       019427483D5C8ECE23780BCE020B77774E5F
Authority key identifier: 65:CD:78:03:F4:1F:E4:99:E8:00:66:4E:0A:AC:AD:EE:19:B6:6D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zc14A_Qf5JnoAGZOCqyt7hm2bZ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/e66f01-1d9d-4513-956a-f96bfb04e645/1/OYSQ0B4bWIaFBDGeUbIro8GjNIM.roa
Signing time:             Thu 02 Jan 2025 13:50:33 +0000
ROA not before:           Thu 02 Jan 2025 13:50:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34622
IP address blocks:        85.197.128.0/18 maxlen: 18
                          2a05:e840::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/e66f01-1d9d-4513-956a-f96bfb04e645/1/Zc14A_Qf5JnoAGZOCqyt7hm2bZ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/e66f01-1d9d-4513-956a-f96bfb04e645/1/Zc14A_Qf5JnoAGZOCqyt7hm2bZ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zc14A_Qf5JnoAGZOCqyt7hm2bZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 10:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:3d:5c:8e:ce:23:78:0b:ce:02:0b:77:77:4e:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65cd7803f41fe499e800664e0aacadee19b66d9d
        Validity
            Not Before: Jan  2 13:50:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=398490d01e1b58868504319e51b22ba3c1a33483
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:76:cd:60:8f:06:51:d1:5a:42:9b:a3:8e:a4:
                    8c:8a:aa:d7:e7:bc:2e:14:95:df:44:47:18:b6:65:
                    9d:7a:07:e1:98:61:a1:26:48:39:0e:c7:1b:29:81:
                    97:29:5b:1b:da:ae:b4:70:4e:fa:2e:a1:00:36:3b:
                    57:93:09:0d:41:2d:a1:19:b1:ce:d8:0a:a7:a5:a6:
                    aa:3d:cc:20:1c:23:b2:44:11:f4:fe:95:2d:53:d6:
                    94:5b:9b:e9:35:80:cf:be:9d:fd:1e:d9:5b:1e:8e:
                    5f:5a:31:fa:75:41:ea:41:c0:a0:de:5a:d4:c5:47:
                    f1:61:f3:c5:be:06:c9:b0:ce:a3:cc:ee:c2:fe:6e:
                    38:d8:f3:61:72:2c:42:0b:02:4e:57:ea:3f:bf:da:
                    9a:85:7b:6b:65:4b:f0:ab:30:b0:de:bc:fe:ca:04:
                    f1:0e:7d:10:7e:b6:21:dc:1a:09:80:55:f9:91:c2:
                    28:d1:3e:06:69:03:74:d5:c1:86:38:76:96:67:0d:
                    4d:57:e2:b9:9a:f1:10:2f:10:73:bb:68:5c:da:4b:
                    21:a1:a8:36:32:21:87:0c:b0:16:51:82:6f:29:44:
                    1c:9c:71:34:b5:a5:be:71:e2:c0:15:0e:73:36:b5:
                    0f:79:03:c2:0d:ac:be:96:e0:e3:b3:7a:4a:6a:5a:
                    c7:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:84:90:D0:1E:1B:58:86:85:04:31:9E:51:B2:2B:A3:C1:A3:34:83
            X509v3 Authority Key Identifier:
                keyid:65:CD:78:03:F4:1F:E4:99:E8:00:66:4E:0A:AC:AD:EE:19:B6:6D:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zc14A_Qf5JnoAGZOCqyt7hm2bZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/e66f01-1d9d-4513-956a-f96bfb04e645/1/OYSQ0B4bWIaFBDGeUbIro8GjNIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/e66f01-1d9d-4513-956a-f96bfb04e645/1/Zc14A_Qf5JnoAGZOCqyt7hm2bZ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.197.128.0/18
                IPv6:
                  2a05:e840::/29

    Signature Algorithm: sha256WithRSAEncryption
         53:c8:1b:6b:fa:be:87:15:55:21:42:f9:bc:df:7e:dc:11:d1:
         a6:99:d6:d7:26:ce:df:c6:4e:c4:5a:2c:9c:95:cd:8f:56:39:
         f1:29:55:b0:a0:54:96:ba:85:1c:45:f1:7d:09:cd:08:11:5c:
         da:ed:e5:59:15:a7:ab:13:eb:5e:d1:36:d4:0f:68:fb:d2:6e:
         99:1f:10:3c:73:a6:30:8b:46:ed:68:97:30:9e:38:0c:86:15:
         be:be:25:50:79:af:a1:8d:c7:44:2a:fa:04:87:e9:c7:a3:bc:
         f5:77:ec:89:17:b3:d3:5d:d9:22:b4:2a:8b:3d:ed:18:f4:c0:
         ad:60:f4:22:b9:7d:b8:9d:9f:af:53:0c:0f:0d:3e:11:60:2b:
         c7:85:ce:34:4d:94:fa:8f:b8:b6:95:bc:47:61:73:16:b8:47:
         96:e0:cf:c1:e9:b7:a6:f7:8a:4f:4f:06:8c:fd:b2:bb:88:4d:
         f9:ae:52:a2:0b:9b:c4:c8:68:87:2f:4d:98:52:6e:54:87:dd:
         d9:f6:d9:e0:92:60:d3:57:3c:d2:c8:0e:32:54:9e:e3:1c:ce:
         b2:82:1c:85:2e:e3:4f:61:bf:ce:fe:7d:72:71:54:3a:14:84:
         aa:37:1b:e1:b9:7f:77:18:6e:23:00:92:39:c2:3a:e4:a0:c0:
         8f:09:ff:0b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnSD1cjs4jeAvOAgt3d05fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1Y2Q3ODAzZjQxZmU0OTllODAwNjY0ZTBhYWNhZGVlMTli
NjZkOWQwHhcNMjUwMTAyMTM1MDMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTg0OTBkMDFlMWI1ODg2ODUwNDMxOWU1MWIyMmJhM2MxYTMzNDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA13bNYI8GUdFaQpujjqSMiqrX57wu
FJXfREcYtmWdegfhmGGhJkg5DscbKYGXKVsb2q60cE76LqEANjtXkwkNQS2hGbHO
2AqnpaaqPcwgHCOyRBH0/pUtU9aUW5vpNYDPvp39HtlbHo5fWjH6dUHqQcCg3lrU
xUfxYfPFvgbJsM6jzO7C/m442PNhcixCCwJOV+o/v9qahXtrZUvwqzCw3rz+ygTx
Dn0QfrYh3BoJgFX5kcIo0T4GaQN01cGGOHaWZw1NV+K5mvEQLxBzu2hc2kshoag2
MiGHDLAWUYJvKUQcnHE0taW+ceLAFQ5zNrUPeQPCDay+luDjs3pKalrHHwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDmEkNAeG1iGhQQxnlGyK6PBozSDMB8GA1UdIwQY
MBaAFGXNeAP0H+SZ6ABmTgqsre4Ztm2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmMxNEFfUWY1Sm5vQUdaT0NxeXQ3aG0yYlowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9lNjZmMDEtMWQ5ZC00NTEzLTk1NmEt
Zjk2YmZiMDRlNjQ1LzEvT1lTUTBCNGJXSWFGQkRHZVViSXJvOEdqTklNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9lNjZmMDEtMWQ5ZC00NTEzLTk1NmEtZjk2YmZiMDRlNjQ1
LzEvWmMxNEFfUWY1Sm5vQUdaT0NxeXQ3aG0yYlowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQGVcWAMA0E
AgACMAcDBQMqBehAMA0GCSqGSIb3DQEBCwUAA4IBAQBTyBtr+r6HFVUhQvm8337c
EdGmmdbXJs7fxk7EWiyclc2PVjnxKVWwoFSWuoUcRfF9Cc0IEVza7eVZFaerE+te
0TbUD2j70m6ZHxA8c6Ywi0btaJcwnjgMhhW+viVQea+hjcdEKvoEh+nHo7z1d+yJ
F7PTXdkitCqLPe0Y9MCtYPQiuX24nZ+vUwwPDT4RYCvHhc40TZT6j7i2lbxHYXMW
uEeW4M/B6bem94pPTwaM/bK7iE35rlKiC5vEyGiHL02YUm5Uh93Z9tngkmDTVzzS
yA4yVJ7jHM6yghyFLuNPYb/O/n1ycVQ6FISqNxvhuX93GG4jAJI5wjrkoMCPCf8L
-----END CERTIFICATE-----