Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/oovYU4ihdKXzsDEkmV1alnNpRGA.roa
File:                     oovYU4ihdKXzsDEkmV1alnNpRGA.roa (raw, json)
Hash identifier:          UyGYcedZl+lCulmE6gMb/V9pL/9bFRMdWSzQR3L45KU=
Subject key identifier:   A2:8B:D8:53:88:A1:74:A5:F3:B0:31:24:99:5D:5A:96:73:69:44:60
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019519D596D1F16ECAABF73BD5B11DD8177E
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/oovYU4ihdKXzsDEkmV1alnNpRGA.roa
Signing time:             Tue 18 Feb 2025 16:13:02 +0000
ROA not before:           Tue 18 Feb 2025 16:13:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     153589
IP address blocks:        192.71.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:19:d5:96:d1:f1:6e:ca:ab:f7:3b:d5:b1:1d:d8:17:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Feb 18 16:13:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a28bd85388a174a5f3b03124995d5a9673694460
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:75:c1:4b:97:79:17:58:66:81:01:40:43:55:
                    f8:30:b7:30:69:40:c4:d4:71:e3:c9:80:05:e0:94:
                    8d:3f:b1:53:96:b0:98:2e:84:d0:a9:b8:0c:b8:d8:
                    04:65:b3:ce:ac:0e:a7:2b:e7:e5:d6:3c:30:dd:d9:
                    de:43:b5:48:25:ca:f6:92:17:49:22:fe:27:b2:5e:
                    23:06:cc:b3:bf:a2:e1:9d:94:f8:28:a0:18:2c:77:
                    60:3e:23:8b:78:60:b5:3a:db:4f:64:60:1f:f3:c3:
                    4c:6e:45:40:59:88:8c:dd:b3:43:47:6e:7c:8d:e6:
                    25:3d:0d:af:81:c2:90:c1:9a:0a:b7:46:22:1c:89:
                    df:bf:0c:16:11:f3:fc:e1:fd:9e:81:09:b5:7d:3f:
                    45:9d:38:af:0d:e2:ee:98:c5:09:02:9e:4d:cf:d8:
                    64:d3:02:e0:74:5c:71:df:b6:45:6a:b5:a7:28:03:
                    75:8c:50:d9:b3:1e:a6:18:a1:8f:2b:12:a8:e1:27:
                    d7:76:74:19:50:3a:ce:be:88:f7:e3:77:b6:fc:79:
                    07:a2:dd:59:4b:a6:ca:f6:0c:11:cb:5b:68:1f:db:
                    9c:43:8a:9f:29:46:6d:f5:71:f7:48:7e:41:6a:a3:
                    69:78:20:34:45:e0:93:5a:8c:e7:89:b3:1b:e8:7f:
                    22:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:8B:D8:53:88:A1:74:A5:F3:B0:31:24:99:5D:5A:96:73:69:44:60
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/oovYU4ihdKXzsDEkmV1alnNpRGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.71.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:00:e1:31:b2:4e:8e:91:f5:51:36:f0:bf:0e:5f:b3:f8:c7:
         db:0d:76:a5:98:3f:3f:8f:a9:36:c3:d1:09:56:3a:94:38:66:
         85:51:73:8c:f7:8d:4c:4a:b9:37:c0:28:df:53:60:c5:5c:91:
         6a:01:56:bb:1d:c9:60:f1:18:2f:d8:f8:a7:e0:52:4c:da:4a:
         6f:12:b8:53:ca:0d:ac:47:e8:4b:2b:2f:4c:8a:5e:18:be:8f:
         ca:bf:79:63:1a:19:07:f1:a8:90:14:8b:58:9c:4c:d9:87:05:
         cc:9e:a6:24:9a:ed:b0:5e:bf:08:26:11:4f:17:16:12:41:d9:
         96:db:77:92:f6:3d:45:a5:7d:1e:12:cd:c4:6e:5d:ae:08:a1:
         ec:1d:88:59:c0:01:45:60:99:e4:fc:c2:2f:8f:e3:6d:f5:65:
         83:c9:92:5d:df:ae:14:72:ce:9f:5b:92:d3:e0:c8:33:a6:d7:
         9f:7a:2f:ef:16:de:be:8f:a8:57:38:4b:d8:4b:03:f0:de:06:
         7a:f2:8b:d5:9f:bd:7b:67:42:a4:10:c8:d3:70:7e:e2:fb:58:
         b4:37:b9:94:16:50:44:f1:3b:0a:f8:ce:89:e5:5f:68:28:62:
         dd:c7:71:c3:7c:f7:c8:2c:c8:44:5e:38:b7:32:77:c0:f5:c2:
         53:24:8b:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUZ1ZbR8W7Kq/c71bEd2Bd+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMjE4MTYxMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjhiZDg1Mzg4YTE3NGE1ZjNiMDMxMjQ5OTVkNWE5NjczNjk0NDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXXBS5d5F1hmgQFAQ1X4MLcwaUDE
1HHjyYAF4JSNP7FTlrCYLoTQqbgMuNgEZbPOrA6nK+fl1jww3dneQ7VIJcr2khdJ
Iv4nsl4jBsyzv6LhnZT4KKAYLHdgPiOLeGC1OttPZGAf88NMbkVAWYiM3bNDR258
jeYlPQ2vgcKQwZoKt0YiHInfvwwWEfP84f2egQm1fT9FnTivDeLumMUJAp5Nz9hk
0wLgdFxx37ZFarWnKAN1jFDZsx6mGKGPKxKo4SfXdnQZUDrOvoj343e2/HkHot1Z
S6bK9gwRy1toH9ucQ4qfKUZt9XH3SH5BaqNpeCA0ReCTWoznibMb6H8i9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKKL2FOIoXSl87AxJJldWpZzaURgMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvb292WVU0aWhkS1h6c0RFa21WMWFsbk5wUkdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwEehMA0G
CSqGSIb3DQEBCwUAA4IBAQCgAOExsk6OkfVRNvC/Dl+z+MfbDXalmD8/j6k2w9EJ
VjqUOGaFUXOM941MSrk3wCjfU2DFXJFqAVa7Hclg8Rgv2Pin4FJM2kpvErhTyg2s
R+hLKy9Mil4Yvo/Kv3ljGhkH8aiQFItYnEzZhwXMnqYkmu2wXr8IJhFPFxYSQdmW
23eS9j1FpX0eEs3Ebl2uCKHsHYhZwAFFYJnk/MIvj+Nt9WWDyZJd364Ucs6fW5LT
4Mgzptefei/vFt6+j6hXOEvYSwPw3gZ68ovVn717Z0KkEMjTcH7i+1i0N7mUFlBE
8TsK+M6J5V9oKGLdx3HDfPfILMhEXji3MnfA9cJTJIvG
-----END CERTIFICATE-----