Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/oPG6ASuM5NwkGi_b3hOvB13bafw.roa
File:                     oPG6ASuM5NwkGi_b3hOvB13bafw.roa (raw, json)
Hash identifier:          mQs057DhcF+488qb5FDjeo5bPWiz5QTgGuKn7gUFZzk=
Subject key identifier:   A0:F1:BA:01:2B:8C:E4:DC:24:1A:2F:DB:DE:13:AF:07:5D:DB:69:FC
Certificate issuer:       /CN=5f0226a704cf620eb2000f27e7a919ce730991be
Certificate serial:       01942143F6B40D941152DE704CAE235A6C3D
Authority key identifier: 5F:02:26:A7:04:CF:62:0E:B2:00:0F:27:E7:A9:19:CE:73:09:91:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XwImpwTPYg6yAA8n56kZznMJkb4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/oPG6ASuM5NwkGi_b3hOvB13bafw.roa
Signing time:             Wed 01 Jan 2025 09:48:09 +0000
ROA not before:           Wed 01 Jan 2025 09:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59253
IP address blocks:        194.127.192.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/XwImpwTPYg6yAA8n56kZznMJkb4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/XwImpwTPYg6yAA8n56kZznMJkb4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XwImpwTPYg6yAA8n56kZznMJkb4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:f6:b4:0d:94:11:52:de:70:4c:ae:23:5a:6c:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f0226a704cf620eb2000f27e7a919ce730991be
        Validity
            Not Before: Jan  1 09:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a0f1ba012b8ce4dc241a2fdbde13af075ddb69fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:db:9a:de:61:68:a2:44:88:3f:29:f8:43:46:
                    e6:56:4b:ad:75:7e:e9:3f:63:a2:18:0b:74:a5:d3:
                    74:7c:a2:c0:47:e6:9b:b1:97:a1:ab:de:31:72:9b:
                    30:69:6a:c5:b0:95:d8:02:70:2a:d4:ef:ac:a8:e2:
                    3e:53:b9:d1:7f:20:af:d7:ce:3a:c1:79:36:0c:a5:
                    5d:8d:cc:d2:8b:87:32:56:c5:82:1c:13:77:71:4d:
                    e4:27:d4:77:de:5d:30:2a:32:ba:70:44:2b:f5:ac:
                    66:9e:c5:b6:d8:0c:0a:fc:80:af:70:fe:ff:b2:7b:
                    57:61:67:58:b3:1a:42:75:85:53:f6:eb:41:da:f4:
                    87:e4:1b:78:68:ba:5d:4b:e3:86:7f:f1:f1:ba:4e:
                    68:9e:27:24:80:09:9b:45:11:0a:60:b4:a6:7d:c8:
                    8f:7d:19:df:fd:09:eb:59:b6:b3:72:5f:f6:3d:78:
                    70:88:eb:a1:bc:eb:82:24:40:eb:2e:f6:3b:33:46:
                    78:07:bb:6d:23:66:3a:d1:b2:07:9f:45:a8:bb:61:
                    c6:50:ef:87:dd:bb:7c:01:b6:e3:1c:22:fa:16:a2:
                    0d:f5:b7:a6:bb:be:5a:5e:1a:df:fc:c5:4d:2a:01:
                    3d:68:da:20:60:c6:a8:6e:0b:ae:76:df:dd:de:e4:
                    40:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:F1:BA:01:2B:8C:E4:DC:24:1A:2F:DB:DE:13:AF:07:5D:DB:69:FC
            X509v3 Authority Key Identifier:
                keyid:5F:02:26:A7:04:CF:62:0E:B2:00:0F:27:E7:A9:19:CE:73:09:91:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XwImpwTPYg6yAA8n56kZznMJkb4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/oPG6ASuM5NwkGi_b3hOvB13bafw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/XwImpwTPYg6yAA8n56kZznMJkb4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         43:5d:2f:c4:f6:28:cc:22:13:19:cf:d6:a2:76:58:50:ef:a3:
         fe:85:98:ec:68:cb:ad:6f:3a:38:34:be:92:2b:f5:86:c9:d3:
         6b:8b:0c:37:b9:56:08:39:f0:85:ad:25:5b:eb:65:d7:57:41:
         8e:7b:e3:65:0c:fa:f5:69:ae:65:df:64:09:23:e9:f5:e5:d9:
         08:7a:61:40:5e:22:55:d5:94:93:93:1f:27:3c:7f:b2:55:9a:
         57:3c:c5:47:27:54:bf:cd:81:97:04:b5:9f:27:07:7b:f0:f8:
         ef:5d:0e:c0:3a:b1:b2:96:1a:dc:f1:74:0e:3d:3b:68:98:c1:
         b0:23:ee:66:cd:11:0c:72:e4:8c:f9:f1:2b:8f:40:ae:48:24:
         15:80:4b:97:44:28:72:94:c5:a5:e3:bd:7f:f4:43:47:02:87:
         7e:78:e7:13:ef:01:e2:ce:86:fd:7e:98:1d:46:33:e0:bb:12:
         31:96:a2:d0:ef:df:dd:1b:33:46:e8:30:99:94:6b:09:fb:7d:
         9a:63:2f:88:52:e7:f0:dc:fd:cf:7f:e5:f8:01:4d:79:f7:90:
         f1:8d:ef:9a:97:3c:12:7a:d2:79:7a:97:78:91:97:d9:a1:ff:
         7a:46:b4:d4:11:51:b5:58:03:e5:4c:57:62:df:e1:54:b3:0c:
         2e:51:91:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/a0DZQRUt5wTK4jWmw9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMDIyNmE3MDRjZjYyMGViMjAwMGYyN2U3YTkxOWNlNzMw
OTkxYmUwHhcNMjUwMTAxMDk0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGYxYmEwMTJiOGNlNGRjMjQxYTJmZGJkZTEzYWYwNzVkZGI2OWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNua3mFookSIPyn4Q0bmVkutdX7p
P2OiGAt0pdN0fKLAR+absZehq94xcpswaWrFsJXYAnAq1O+sqOI+U7nRfyCv1846
wXk2DKVdjczSi4cyVsWCHBN3cU3kJ9R33l0wKjK6cEQr9axmnsW22AwK/ICvcP7/
sntXYWdYsxpCdYVT9utB2vSH5Bt4aLpdS+OGf/Hxuk5onickgAmbRREKYLSmfciP
fRnf/QnrWbazcl/2PXhwiOuhvOuCJEDrLvY7M0Z4B7ttI2Y60bIHn0Wou2HGUO+H
3bt8AbbjHCL6FqIN9bemu75aXhrf/MVNKgE9aNogYMaobguudt/d3uRAOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKDxugErjOTcJBov294Trwdd22n8MB8GA1UdIwQY
MBaAFF8CJqcEz2IOsgAPJ+epGc5zCZG+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHdJbXB3VFBZZzZ5QUE4bjU2a1p6bk1Ka2I0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC82M2VmYjgtYmYyNC00OGMyLThjNTAt
NzVkOWNlNWI4ZDljLzEvb1BHNkFTdU01TndrR2lfYjNoT3ZCMTNiYWZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC82M2VmYjgtYmYyNC00OGMyLThjNTAtNzVkOWNlNWI4ZDlj
LzEvWHdJbXB3VFBZZzZ5QUE4bjU2a1p6bk1Ka2I0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwn/AMA0G
CSqGSIb3DQEBCwUAA4IBAQBDXS/E9ijMIhMZz9aidlhQ76P+hZjsaMutbzo4NL6S
K/WGydNriww3uVYIOfCFrSVb62XXV0GOe+NlDPr1aa5l32QJI+n15dkIemFAXiJV
1ZSTkx8nPH+yVZpXPMVHJ1S/zYGXBLWfJwd78PjvXQ7AOrGylhrc8XQOPTtomMGw
I+5mzREMcuSM+fErj0CuSCQVgEuXRChylMWl471/9ENHAod+eOcT7wHizob9fpgd
RjPguxIxlqLQ79/dGzNG6DCZlGsJ+32aYy+IUufw3P3Pf+X4AU1595Dxje+alzwS
etJ5epd4kZfZof96RrTUEVG1WAPlTFdi3+FUswwuUZEN
-----END CERTIFICATE-----