Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/3e6842-7229-4212-b2d4-cc47c1de01bd/1/O_lyoeGqf219CPNaRILiVGtpSnw.roa
File:                     O_lyoeGqf219CPNaRILiVGtpSnw.roa (raw, json)
Hash identifier:          MBjGGTF1i33MT6liDQumorJo2rjHXFkdaYBR/A83Hr4=
Subject key identifier:   3B:F9:72:A1:E1:AA:7F:6D:7D:08:F3:5A:44:82:E2:54:6B:69:4A:7C
Certificate issuer:       /CN=7e02a961b0375d72191bd970815d6b15f427d073
Certificate serial:       019423D6DFBDA74FD12D13D13CF4362946E0
Authority key identifier: 7E:02:A9:61:B0:37:5D:72:19:1B:D9:70:81:5D:6B:15:F4:27:D0:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fgKpYbA3XXIZG9lwgV1rFfQn0HM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/3e6842-7229-4212-b2d4-cc47c1de01bd/1/O_lyoeGqf219CPNaRILiVGtpSnw.roa
Signing time:             Wed 01 Jan 2025 21:47:51 +0000
ROA not before:           Wed 01 Jan 2025 21:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204299
IP address blocks:        185.254.20.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/3e6842-7229-4212-b2d4-cc47c1de01bd/1/fgKpYbA3XXIZG9lwgV1rFfQn0HM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/3e6842-7229-4212-b2d4-cc47c1de01bd/1/fgKpYbA3XXIZG9lwgV1rFfQn0HM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fgKpYbA3XXIZG9lwgV1rFfQn0HM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:df:bd:a7:4f:d1:2d:13:d1:3c:f4:36:29:46:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e02a961b0375d72191bd970815d6b15f427d073
        Validity
            Not Before: Jan  1 21:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3bf972a1e1aa7f6d7d08f35a4482e2546b694a7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:48:1b:b5:05:5f:bd:f7:e4:56:8f:e6:75:3d:
                    ec:f8:fc:81:10:80:f2:54:13:83:67:dc:a6:ff:f1:
                    e3:c2:36:78:ac:19:b2:20:37:1f:ff:92:5a:96:96:
                    d3:39:c5:4a:f3:0f:fa:11:76:df:b4:79:e8:a8:dc:
                    5a:de:1f:0e:74:23:66:14:f0:14:0a:a5:ca:59:d4:
                    c2:33:e8:4d:4d:5e:c5:6b:48:63:73:8d:91:b9:a2:
                    28:78:2f:53:0b:a2:5c:ac:13:61:86:e1:f9:44:db:
                    00:1c:cb:88:00:e1:49:bb:1c:ee:ea:46:f6:f2:88:
                    82:17:69:e4:c5:13:1f:70:f3:35:d0:4d:99:5f:9b:
                    e3:83:87:2c:50:fb:23:74:97:62:c6:68:0c:fd:50:
                    5c:44:6b:c8:0c:82:29:86:f6:03:38:e1:0d:29:c8:
                    b5:94:93:e0:a6:75:59:b7:e5:55:93:73:3e:1d:ea:
                    81:b7:0e:19:21:9f:a1:9d:45:ad:ea:c3:8e:3c:0e:
                    d8:cd:27:cc:02:96:aa:ad:0a:38:bd:de:22:6a:31:
                    dc:4c:e1:4e:ab:c6:0b:e5:97:8b:09:fe:97:e1:87:
                    67:9b:02:76:f6:60:cf:25:f2:eb:55:1e:0d:f8:79:
                    42:50:de:23:99:11:f2:07:e3:03:bb:68:3d:40:32:
                    54:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:F9:72:A1:E1:AA:7F:6D:7D:08:F3:5A:44:82:E2:54:6B:69:4A:7C
            X509v3 Authority Key Identifier:
                keyid:7E:02:A9:61:B0:37:5D:72:19:1B:D9:70:81:5D:6B:15:F4:27:D0:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fgKpYbA3XXIZG9lwgV1rFfQn0HM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/3e6842-7229-4212-b2d4-cc47c1de01bd/1/O_lyoeGqf219CPNaRILiVGtpSnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/3e6842-7229-4212-b2d4-cc47c1de01bd/1/fgKpYbA3XXIZG9lwgV1rFfQn0HM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:e3:5f:f6:b2:f0:f7:68:f1:2f:0f:c1:6f:f5:15:07:1c:4c:
         8f:32:38:68:e6:94:b0:97:ae:79:5b:1a:f4:d6:b5:81:09:95:
         62:74:29:79:58:cf:28:77:6d:ed:25:63:71:3f:89:21:8c:53:
         f8:2d:11:f3:7c:58:58:14:d8:42:ca:9f:ff:e4:04:f9:87:48:
         37:f7:9b:48:33:c0:91:87:22:30:08:f9:c5:e6:95:75:2a:3b:
         c4:81:cc:1a:66:f5:46:0e:9d:59:41:04:47:05:d3:2a:0a:46:
         ba:cf:e1:a6:29:3d:89:c7:23:a6:42:e8:07:8d:b9:73:a0:8d:
         f3:e8:93:0a:46:88:9c:ba:d5:7f:33:32:1b:b7:43:c8:82:e5:
         56:be:e3:5d:92:92:c9:69:aa:a6:b3:be:89:1b:0a:ce:3e:d7:
         e4:82:5a:11:3f:b1:9d:15:c0:03:87:2c:32:a7:c8:76:c2:5a:
         37:3d:e1:60:b7:5a:36:94:4e:0c:9f:eb:f2:77:b1:b6:09:c1:
         ca:5b:08:69:92:bb:ec:73:68:28:2d:92:c0:9b:34:95:d4:90:
         9f:ea:c7:85:19:55:f1:3f:55:2f:91:ed:71:60:69:a4:f6:3d:
         7a:3f:91:32:ef:7e:36:37:23:14:5f:ab:59:32:42:2a:2a:ce:
         9f:73:34:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1t+9p0/RLRPRPPQ2KUbgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMDJhOTYxYjAzNzVkNzIxOTFiZDk3MDgxNWQ2YjE1ZjQy
N2QwNzMwHhcNMjUwMTAxMjE0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmY5NzJhMWUxYWE3ZjZkN2QwOGYzNWE0NDgyZTI1NDZiNjk0YTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0gbtQVfvffkVo/mdT3s+PyBEIDy
VBODZ9ym//HjwjZ4rBmyIDcf/5JalpbTOcVK8w/6EXbftHnoqNxa3h8OdCNmFPAU
CqXKWdTCM+hNTV7Fa0hjc42RuaIoeC9TC6JcrBNhhuH5RNsAHMuIAOFJuxzu6kb2
8oiCF2nkxRMfcPM10E2ZX5vjg4csUPsjdJdixmgM/VBcRGvIDIIphvYDOOENKci1
lJPgpnVZt+VVk3M+HeqBtw4ZIZ+hnUWt6sOOPA7YzSfMApaqrQo4vd4iajHcTOFO
q8YL5ZeLCf6X4YdnmwJ29mDPJfLrVR4N+HlCUN4jmRHyB+MDu2g9QDJUuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDv5cqHhqn9tfQjzWkSC4lRraUp8MB8GA1UdIwQY
MBaAFH4CqWGwN11yGRvZcIFdaxX0J9BzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmdLcFliQTNYWElaRzlsd2dWMXJGZlFuMEhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8zZTY4NDItNzIyOS00MjEyLWIyZDQt
Y2M0N2MxZGUwMWJkLzEvT19seW9lR3FmMjE5Q1BOYVJJTGlWR3RwU253LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8zZTY4NDItNzIyOS00MjEyLWIyZDQtY2M0N2MxZGUwMWJk
LzEvZmdLcFliQTNYWElaRzlsd2dWMXJGZlFuMEhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuf4UMA0G
CSqGSIb3DQEBCwUAA4IBAQAJ41/2svD3aPEvD8Fv9RUHHEyPMjho5pSwl655Wxr0
1rWBCZVidCl5WM8od23tJWNxP4khjFP4LRHzfFhYFNhCyp//5AT5h0g395tIM8CR
hyIwCPnF5pV1KjvEgcwaZvVGDp1ZQQRHBdMqCka6z+GmKT2JxyOmQugHjblzoI3z
6JMKRoicutV/MzIbt0PIguVWvuNdkpLJaaqms76JGwrOPtfkgloRP7GdFcADhywy
p8h2wlo3PeFgt1o2lE4Mn+vyd7G2CcHKWwhpkrvsc2goLZLAmzSV1JCf6seFGVXx
P1Uvke1xYGmk9j16P5Ey7342NyMUX6tZMkIqKs6fczS5
-----END CERTIFICATE-----