Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/44775f-37a6-4a86-9fe5-e93bdb8d9c85/1/O5tzYrtFkkmA82WUY-iM9I4npFQ.roa
File:                     O5tzYrtFkkmA82WUY-iM9I4npFQ.roa (raw, json)
Hash identifier:          NAkRuZlLqZ6QGa6dyEO9WBh2M5GYWwb6X+60cj2kmSQ=
Subject key identifier:   3B:9B:73:62:BB:45:92:49:80:F3:65:94:63:E8:8C:F4:8E:27:A4:54
Certificate issuer:       /CN=97c4bcdd5312f8a7c33de4b7d75c15b4cbbc1dda
Certificate serial:       019423D7F65669131A0554F2B6535275A5F7
Authority key identifier: 97:C4:BC:DD:53:12:F8:A7:C3:3D:E4:B7:D7:5C:15:B4:CB:BC:1D:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l8S83VMS-KfDPeS311wVtMu8Hdo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/44775f-37a6-4a86-9fe5-e93bdb8d9c85/1/O5tzYrtFkkmA82WUY-iM9I4npFQ.roa
Signing time:             Wed 01 Jan 2025 21:49:03 +0000
ROA not before:           Wed 01 Jan 2025 21:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207255
IP address blocks:        185.161.204.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/44775f-37a6-4a86-9fe5-e93bdb8d9c85/1/l8S83VMS-KfDPeS311wVtMu8Hdo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/44775f-37a6-4a86-9fe5-e93bdb8d9c85/1/l8S83VMS-KfDPeS311wVtMu8Hdo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l8S83VMS-KfDPeS311wVtMu8Hdo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:f6:56:69:13:1a:05:54:f2:b6:53:52:75:a5:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97c4bcdd5312f8a7c33de4b7d75c15b4cbbc1dda
        Validity
            Not Before: Jan  1 21:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b9b7362bb45924980f3659463e88cf48e27a454
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:f9:73:0e:fd:a4:a4:f4:ab:ca:35:94:b3:56:
                    d1:c1:32:ec:78:23:53:50:35:3e:81:14:ca:cd:e5:
                    16:91:8e:c1:c6:a5:5d:15:37:25:da:df:ef:77:46:
                    51:d2:a6:2f:67:d3:03:02:2e:31:25:92:01:b2:3c:
                    bc:7c:34:2b:d1:e5:7a:d2:5d:2b:48:bb:36:6d:06:
                    c3:e7:e2:f7:f7:58:53:72:3c:8b:57:1e:16:56:de:
                    64:17:8c:8a:6f:f5:bd:3c:e0:a6:02:ac:a4:49:5b:
                    e6:0c:60:15:61:6b:42:36:43:a3:eb:13:c0:8c:4a:
                    02:29:09:7a:59:47:5a:a7:e0:91:d7:21:15:96:e8:
                    a0:31:4d:51:4a:66:ae:6a:98:d3:4d:15:e2:f1:62:
                    b4:1c:b9:a0:7e:23:71:86:7e:f9:91:6c:fb:c6:e9:
                    d5:44:97:58:56:9c:47:55:69:68:98:a1:44:71:b0:
                    25:a9:b5:8c:ae:6c:26:da:39:26:df:ba:0a:d5:6d:
                    e7:f1:a9:de:9f:0f:9a:70:9e:58:aa:bc:e8:d4:82:
                    cb:19:6a:9a:c2:17:55:57:36:0c:77:eb:68:89:b0:
                    bc:cf:3f:e9:15:49:42:d3:ec:5f:61:a1:61:ea:47:
                    aa:71:e8:af:5a:db:e8:46:e4:1c:cc:a3:d0:9f:de:
                    e8:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:9B:73:62:BB:45:92:49:80:F3:65:94:63:E8:8C:F4:8E:27:A4:54
            X509v3 Authority Key Identifier:
                keyid:97:C4:BC:DD:53:12:F8:A7:C3:3D:E4:B7:D7:5C:15:B4:CB:BC:1D:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l8S83VMS-KfDPeS311wVtMu8Hdo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/44775f-37a6-4a86-9fe5-e93bdb8d9c85/1/O5tzYrtFkkmA82WUY-iM9I4npFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/44775f-37a6-4a86-9fe5-e93bdb8d9c85/1/l8S83VMS-KfDPeS311wVtMu8Hdo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:af:23:9e:97:ef:09:6d:b7:1f:42:88:ac:5d:c2:5a:82:88:
         f8:52:26:62:4c:48:22:a1:9e:29:1a:c9:b8:f1:40:87:93:b5:
         e7:70:c6:fc:6d:38:75:24:8a:93:76:c3:bc:be:8d:20:e5:7c:
         1f:bd:dd:df:07:0a:43:41:d1:ea:19:8f:f0:a4:6d:d4:0c:30:
         70:27:50:34:5f:81:17:2f:70:c3:e8:be:37:22:9d:e0:04:82:
         f8:d2:3b:da:cd:d3:3d:72:ae:cc:64:1f:65:85:4c:af:75:56:
         91:b9:ee:ea:bc:27:64:33:be:3e:67:c3:d2:bf:89:0e:61:e0:
         08:c3:d2:c5:03:99:84:a0:85:bb:13:51:3f:9e:2c:d8:00:b8:
         71:ca:4e:9e:21:bc:aa:7c:cb:1c:16:30:8a:7f:b2:91:66:72:
         f0:15:76:17:71:bb:ce:83:01:42:02:5f:b0:eb:1f:7f:0f:0c:
         99:9f:2a:41:38:0a:0b:ef:da:b2:6c:2e:f6:39:c2:de:85:e0:
         29:5f:5e:6e:b7:df:34:15:7d:8e:45:e4:ae:9d:3a:cb:18:e9:
         dc:e6:c9:bf:96:e2:65:07:f1:34:4e:f9:e6:81:65:0c:92:9a:
         9f:75:e3:fe:a3:87:a2:cf:7a:82:4a:94:50:13:ea:af:97:df:
         5b:4a:8a:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1/ZWaRMaBVTytlNSdaX3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3YzRiY2RkNTMxMmY4YTdjMzNkZTRiN2Q3NWMxNWI0Y2Ji
YzFkZGEwHhcNMjUwMTAxMjE0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjliNzM2MmJiNDU5MjQ5ODBmMzY1OTQ2M2U4OGNmNDhlMjdhNDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvlzDv2kpPSryjWUs1bRwTLseCNT
UDU+gRTKzeUWkY7BxqVdFTcl2t/vd0ZR0qYvZ9MDAi4xJZIBsjy8fDQr0eV60l0r
SLs2bQbD5+L391hTcjyLVx4WVt5kF4yKb/W9POCmAqykSVvmDGAVYWtCNkOj6xPA
jEoCKQl6WUdap+CR1yEVluigMU1RSmauapjTTRXi8WK0HLmgfiNxhn75kWz7xunV
RJdYVpxHVWlomKFEcbAlqbWMrmwm2jkm37oK1W3n8anenw+acJ5Yqrzo1ILLGWqa
whdVVzYMd+toibC8zz/pFUlC0+xfYaFh6keqceivWtvoRuQczKPQn97oWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDubc2K7RZJJgPNllGPojPSOJ6RUMB8GA1UdIwQY
MBaAFJfEvN1TEvinwz3kt9dcFbTLvB3aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDhTODNWTVMtS2ZEUGVTMzExd1Z0TXU4SGRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC80NDc3NWYtMzdhNi00YTg2LTlmZTUt
ZTkzYmRiOGQ5Yzg1LzEvTzV0ellydEZra21BODJXVVktaU05STRucEZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC80NDc3NWYtMzdhNi00YTg2LTlmZTUtZTkzYmRiOGQ5Yzg1
LzEvbDhTODNWTVMtS2ZEUGVTMzExd1Z0TXU4SGRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaHMMA0G
CSqGSIb3DQEBCwUAA4IBAQBSryOel+8JbbcfQoisXcJagoj4UiZiTEgioZ4pGsm4
8UCHk7XncMb8bTh1JIqTdsO8vo0g5Xwfvd3fBwpDQdHqGY/wpG3UDDBwJ1A0X4EX
L3DD6L43Ip3gBIL40jvazdM9cq7MZB9lhUyvdVaRue7qvCdkM74+Z8PSv4kOYeAI
w9LFA5mEoIW7E1E/nizYALhxyk6eIbyqfMscFjCKf7KRZnLwFXYXcbvOgwFCAl+w
6x9/DwyZnypBOAoL79qybC72OcLeheApX15ut980FX2OReSunTrLGOnc5sm/luJl
B/E0TvnmgWUMkpqfdeP+o4eiz3qCSpRQE+qvl99bSoqR
-----END CERTIFICATE-----