Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/c10b5d-c8fc-4c68-b01e-4cc01b6f8847/1/ObLj8Es3CGwudgx4z3Eal1DaMsg.roa
File:                     ObLj8Es3CGwudgx4z3Eal1DaMsg.roa (raw, json)
Hash identifier:          OBOYU0pVuU2YZL5sdRS5axOYzVZesgjz4ueFKZ8ujls=
Subject key identifier:   39:B2:E3:F0:4B:37:08:6C:2E:76:0C:78:CF:71:1A:97:50:DA:32:C8
Certificate issuer:       /CN=8a16a5fac65ac5e9c5ebbfed71518cae0c1311c5
Certificate serial:       0194258F1C19E57CF30F307971056190AE52
Authority key identifier: 8A:16:A5:FA:C6:5A:C5:E9:C5:EB:BF:ED:71:51:8C:AE:0C:13:11:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ihal-sZaxenF67_tcVGMrgwTEcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/c10b5d-c8fc-4c68-b01e-4cc01b6f8847/1/ObLj8Es3CGwudgx4z3Eal1DaMsg.roa
Signing time:             Thu 02 Jan 2025 05:48:43 +0000
ROA not before:           Thu 02 Jan 2025 05:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8220
IP address blocks:        194.113.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/c10b5d-c8fc-4c68-b01e-4cc01b6f8847/1/ihal-sZaxenF67_tcVGMrgwTEcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/c10b5d-c8fc-4c68-b01e-4cc01b6f8847/1/ihal-sZaxenF67_tcVGMrgwTEcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ihal-sZaxenF67_tcVGMrgwTEcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:1c:19:e5:7c:f3:0f:30:79:71:05:61:90:ae:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a16a5fac65ac5e9c5ebbfed71518cae0c1311c5
        Validity
            Not Before: Jan  2 05:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39b2e3f04b37086c2e760c78cf711a9750da32c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:c8:0f:6e:07:04:48:d8:cb:ba:5d:bf:7a:67:
                    eb:6a:b6:7a:56:c9:bb:e8:ec:fe:e6:a1:68:da:55:
                    70:25:de:71:8f:bb:9d:73:10:86:e0:b9:f0:0d:6c:
                    e2:5b:43:0b:df:b1:d4:f3:3d:43:b0:43:34:33:38:
                    ec:96:8f:c4:b9:d8:0b:ad:86:65:73:d5:40:84:ff:
                    4c:cc:ab:1a:89:f4:7c:20:ea:fe:94:b0:45:df:4c:
                    7c:1b:33:d1:13:81:7b:8d:4c:62:27:a8:3c:9d:6a:
                    42:84:95:4e:5e:74:30:f4:fa:93:73:47:ac:05:c9:
                    9b:01:eb:d4:ad:0e:9b:52:ad:91:03:30:5b:e5:d5:
                    ec:78:15:02:17:2d:30:33:04:8b:b4:c5:c5:b8:09:
                    18:4c:bc:a6:bc:3b:13:5d:7f:1b:12:4e:e4:20:54:
                    77:ae:ef:71:d5:da:25:3b:1d:a5:d8:0c:02:ac:6e:
                    c0:3e:f0:99:44:cc:0d:04:65:e8:f0:1c:c8:6f:58:
                    32:41:bb:3d:0a:96:e0:e2:e0:7d:e0:72:33:84:27:
                    25:41:d7:f4:5b:cc:65:70:c3:98:10:96:7b:9f:e6:
                    c2:dd:b6:7b:15:d4:72:05:4b:96:7b:3e:7e:61:f8:
                    05:08:04:60:00:d4:81:f2:52:4a:1c:11:e5:e2:7a:
                    20:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:B2:E3:F0:4B:37:08:6C:2E:76:0C:78:CF:71:1A:97:50:DA:32:C8
            X509v3 Authority Key Identifier:
                keyid:8A:16:A5:FA:C6:5A:C5:E9:C5:EB:BF:ED:71:51:8C:AE:0C:13:11:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ihal-sZaxenF67_tcVGMrgwTEcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/c10b5d-c8fc-4c68-b01e-4cc01b6f8847/1/ObLj8Es3CGwudgx4z3Eal1DaMsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/c10b5d-c8fc-4c68-b01e-4cc01b6f8847/1/ihal-sZaxenF67_tcVGMrgwTEcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:3d:60:4f:1d:da:fe:e6:2f:9c:f2:28:7a:7f:c6:2f:dd:61:
         81:9d:33:01:b8:e0:53:d1:d8:b9:04:91:0d:a0:7a:c0:58:64:
         08:72:75:77:81:23:59:3d:91:8b:1e:d9:bf:b1:42:30:5e:e5:
         bf:1a:0b:d0:94:d7:18:fa:98:24:e5:a5:e8:8d:a2:e1:31:bb:
         81:2c:1a:df:e0:84:43:6c:00:39:40:55:27:8a:2e:08:31:c4:
         91:66:41:14:dd:b7:19:04:97:7a:7c:c8:59:3b:42:d4:e3:fa:
         ca:b8:46:87:64:33:5e:f0:03:96:fd:2b:c6:98:6e:6d:6b:f2:
         06:e2:e8:f5:b0:ae:8e:a9:b8:69:e0:90:1c:58:40:cd:05:04:
         1e:13:3a:ed:a3:3e:cb:cc:a9:7b:33:2a:4f:ad:3f:35:0d:27:
         d9:0c:50:2d:71:82:8d:0b:ab:8e:ee:be:cb:76:2b:fd:0e:04:
         82:f1:67:fd:4a:bd:26:9a:53:ad:bf:ec:b5:1b:f0:08:0f:ef:
         9c:29:54:e5:03:89:a2:39:2d:0f:eb:76:f6:3c:e6:7f:c6:c6:
         c3:be:0b:e2:b8:36:fc:b9:40:0f:be:86:c3:44:4c:db:a5:a4:
         f2:9d:fa:fb:17:38:87:d9:96:d5:6a:78:82:b7:8c:1d:01:1c:
         e1:8d:cb:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljxwZ5XzzDzB5cQVhkK5SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMTZhNWZhYzY1YWM1ZTljNWViYmZlZDcxNTE4Y2FlMGMx
MzExYzUwHhcNMjUwMTAyMDU0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWIyZTNmMDRiMzcwODZjMmU3NjBjNzhjZjcxMWE5NzUwZGEzMmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8gPbgcESNjLul2/emfrarZ6Vsm7
6Oz+5qFo2lVwJd5xj7udcxCG4LnwDWziW0ML37HU8z1DsEM0Mzjslo/EudgLrYZl
c9VAhP9MzKsaifR8IOr+lLBF30x8GzPRE4F7jUxiJ6g8nWpChJVOXnQw9PqTc0es
BcmbAevUrQ6bUq2RAzBb5dXseBUCFy0wMwSLtMXFuAkYTLymvDsTXX8bEk7kIFR3
ru9x1dolOx2l2AwCrG7APvCZRMwNBGXo8BzIb1gyQbs9Cpbg4uB94HIzhCclQdf0
W8xlcMOYEJZ7n+bC3bZ7FdRyBUuWez5+YfgFCARgANSB8lJKHBHl4nogjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDmy4/BLNwhsLnYMeM9xGpdQ2jLIMB8GA1UdIwQY
MBaAFIoWpfrGWsXpxeu/7XFRjK4MExHFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWhhbC1zWmF4ZW5GNjdfdGNWR01yZ3dURWNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9jMTBiNWQtYzhmYy00YzY4LWIwMWUt
NGNjMDFiNmY4ODQ3LzEvT2JMajhFczNDR3d1ZGd4NHozRWFsMURhTXNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9jMTBiNWQtYzhmYy00YzY4LWIwMWUtNGNjMDFiNmY4ODQ3
LzEvaWhhbC1zWmF4ZW5GNjdfdGNWR01yZ3dURWNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnH2MA0G
CSqGSIb3DQEBCwUAA4IBAQAwPWBPHdr+5i+c8ih6f8Yv3WGBnTMBuOBT0di5BJEN
oHrAWGQIcnV3gSNZPZGLHtm/sUIwXuW/GgvQlNcY+pgk5aXojaLhMbuBLBrf4IRD
bAA5QFUnii4IMcSRZkEU3bcZBJd6fMhZO0LU4/rKuEaHZDNe8AOW/SvGmG5ta/IG
4uj1sK6Oqbhp4JAcWEDNBQQeEzrtoz7LzKl7MypPrT81DSfZDFAtcYKNC6uO7r7L
div9DgSC8Wf9Sr0mmlOtv+y1G/AID++cKVTlA4miOS0P63b2POZ/xsbDvgviuDb8
uUAPvobDREzbpaTynfr7FziH2ZbVaniCt4wdARzhjctO
-----END CERTIFICATE-----