Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/oxi_ya_EdBtJCrjY1pYIsNptA_Q.roa
File:                     oxi_ya_EdBtJCrjY1pYIsNptA_Q.roa (raw, json)
Hash identifier:          /Rw4xq/Rq6iapjKpArPGVtAk2zVGOyS/eMr3PI823Lo=
Subject key identifier:   A3:18:BF:C9:AF:C4:74:1B:49:0A:B8:D8:D6:96:08:B0:DA:6D:03:F4
Certificate issuer:       /CN=2add438a7ce3cb379f28cfa051cf63d5ad8fe3ca
Certificate serial:       0194266C2D96D7EEC86809D7312E8A8A871F
Authority key identifier: 2A:DD:43:8A:7C:E3:CB:37:9F:28:CF:A0:51:CF:63:D5:AD:8F:E3:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kt1DinzjyzefKM-gUc9j1a2P48o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/oxi_ya_EdBtJCrjY1pYIsNptA_Q.roa
Signing time:             Thu 02 Jan 2025 09:50:11 +0000
ROA not before:           Thu 02 Jan 2025 09:50:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43309
IP address blocks:        2.56.168.0/24 maxlen: 24
                          2a0f:ca00::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/Kt1DinzjyzefKM-gUc9j1a2P48o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/Kt1DinzjyzefKM-gUc9j1a2P48o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kt1DinzjyzefKM-gUc9j1a2P48o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:2d:96:d7:ee:c8:68:09:d7:31:2e:8a:8a:87:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2add438a7ce3cb379f28cfa051cf63d5ad8fe3ca
        Validity
            Not Before: Jan  2 09:50:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a318bfc9afc4741b490ab8d8d69608b0da6d03f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:1e:e6:29:a1:89:16:d7:9b:ec:13:9f:78:ba:
                    3f:a0:f1:0a:3c:7e:db:36:ca:82:fe:38:21:78:4d:
                    5b:fc:21:9f:33:6f:4e:2a:5e:ca:00:17:6b:aa:d8:
                    8b:4c:0c:97:f2:f7:7b:1b:28:a1:c2:93:55:a5:45:
                    5a:11:56:17:5f:be:89:48:7c:ed:52:ac:ce:dc:20:
                    a0:19:69:23:d3:56:4a:57:9a:b7:48:ad:c7:4e:dc:
                    4b:db:5f:79:8c:1c:e3:47:c6:ce:27:d4:1c:69:48:
                    24:57:ed:44:e2:d8:f1:70:31:0f:9e:50:b0:06:b9:
                    80:84:15:62:87:cf:52:53:53:3b:0d:c0:00:3a:e9:
                    ff:b9:fe:4e:0d:f8:43:dd:30:85:65:8f:a7:59:6e:
                    c5:bd:ad:d2:3a:f3:b1:d1:67:86:e9:81:a7:a4:0f:
                    9a:b0:7e:d3:ec:9b:f6:80:7d:1a:8b:10:9e:90:55:
                    50:ad:89:ab:7d:d6:11:66:c9:35:71:b1:27:82:b8:
                    82:9e:5a:59:32:98:57:e0:5c:f9:f3:f4:a0:df:d5:
                    99:e6:bc:38:c2:cc:2d:f8:fa:30:e8:a6:1a:fa:22:
                    59:a1:d1:0f:8b:7f:eb:cd:87:0b:15:18:e7:c6:9d:
                    62:b8:67:a7:73:14:10:e8:ee:9b:9f:45:bb:41:58:
                    a7:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:18:BF:C9:AF:C4:74:1B:49:0A:B8:D8:D6:96:08:B0:DA:6D:03:F4
            X509v3 Authority Key Identifier:
                keyid:2A:DD:43:8A:7C:E3:CB:37:9F:28:CF:A0:51:CF:63:D5:AD:8F:E3:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kt1DinzjyzefKM-gUc9j1a2P48o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/oxi_ya_EdBtJCrjY1pYIsNptA_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/Kt1DinzjyzefKM-gUc9j1a2P48o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.168.0/24
                IPv6:
                  2a0f:ca00::/33

    Signature Algorithm: sha256WithRSAEncryption
         01:ba:c5:b1:6d:45:2c:91:4f:f3:71:6c:00:c1:be:39:92:1a:
         40:2b:33:b2:37:95:3b:36:7e:dd:30:16:80:1f:4e:c1:4f:c6:
         0c:8d:8b:2e:aa:32:c0:72:f0:c9:1b:74:92:3f:7c:da:1c:7d:
         d7:04:bd:9e:d1:52:64:e9:6d:87:5f:16:44:6b:de:ba:1b:65:
         59:35:71:74:2d:69:8f:b7:47:d3:be:32:3e:45:5f:e0:de:07:
         ab:de:bb:62:e2:42:e8:4b:d2:51:b4:b3:db:6a:6b:d1:60:2e:
         65:91:a7:d3:2c:54:69:6f:20:df:b3:50:ef:f2:a4:aa:18:56:
         0e:92:f0:46:7d:86:40:3e:af:4f:d0:6a:f3:3a:7c:57:26:36:
         e6:6e:c3:6f:17:62:42:38:df:6b:ad:bf:c0:70:d5:8a:7a:8f:
         2f:a0:c3:a4:7c:fe:07:38:e4:8c:81:2a:7d:50:93:6a:17:5c:
         34:f9:6a:75:7b:1f:0f:3f:ae:6e:e0:d3:d0:d0:48:6b:39:d5:
         82:b5:5a:99:58:ad:9f:34:3e:84:b7:bb:06:27:47:73:d5:46:
         20:58:68:ad:04:74:b4:c9:e7:13:7d:33:13:0e:3f:02:b0:58:
         5b:36:5a:62:a0:e1:72:07:ee:e8:71:02:d0:17:40:13:50:fc:
         91:72:97:07
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQmbC2W1+7IaAnXMS6KiocfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhZGQ0MzhhN2NlM2NiMzc5ZjI4Y2ZhMDUxY2Y2M2Q1YWQ4
ZmUzY2EwHhcNMjUwMTAyMDk1MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzE4YmZjOWFmYzQ3NDFiNDkwYWI4ZDhkNjk2MDhiMGRhNmQwM2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8h7mKaGJFteb7BOfeLo/oPEKPH7b
NsqC/jgheE1b/CGfM29OKl7KABdrqtiLTAyX8vd7GyihwpNVpUVaEVYXX76JSHzt
UqzO3CCgGWkj01ZKV5q3SK3HTtxL2195jBzjR8bOJ9QcaUgkV+1E4tjxcDEPnlCw
BrmAhBVih89SU1M7DcAAOun/uf5ODfhD3TCFZY+nWW7Fva3SOvOx0WeG6YGnpA+a
sH7T7Jv2gH0aixCekFVQrYmrfdYRZsk1cbEngriCnlpZMphX4Fz58/Sg39WZ5rw4
wswt+Pow6KYa+iJZodEPi3/rzYcLFRjnxp1iuGencxQQ6O6bn0W7QVinHQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFKMYv8mvxHQbSQq42NaWCLDabQP0MB8GA1UdIwQY
MBaAFCrdQ4p848s3nyjPoFHPY9Wtj+PKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3QxRGluemp5emVmS00tZ1VjOWoxYTJQNDhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8wYjYxY2YtODBiYS00ZThlLWEyZTUt
MjBhMGQxMzBjNDU2LzEvb3hpX3lhX0VkQnRKQ3JqWTFwWUlzTnB0QV9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8wYjYxY2YtODBiYS00ZThlLWEyZTUtMjBhMGQxMzBjNDU2
LzEvS3QxRGluemp5emVmS00tZ1VjOWoxYTJQNDhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAAjioMA4E
AgACMAgDBgcqD8oAADANBgkqhkiG9w0BAQsFAAOCAQEAAbrFsW1FLJFP83FsAMG+
OZIaQCszsjeVOzZ+3TAWgB9OwU/GDI2LLqoywHLwyRt0kj982hx91wS9ntFSZOlt
h18WRGveuhtlWTVxdC1pj7dH074yPkVf4N4Hq967YuJC6EvSUbSz22pr0WAuZZGn
0yxUaW8g37NQ7/KkqhhWDpLwRn2GQD6vT9Bq8zp8VyY25m7DbxdiQjjfa62/wHDV
inqPL6DDpHz+BzjkjIEqfVCTahdcNPlqdXsfDz+ubuDT0NBIaznVgrVamVitnzQ+
hLe7BidHc9VGIFhorQR0tMnnE30zEw4/ArBYWzZaYqDhcgfu6HEC0BdAE1D8kXKX
Bw==
-----END CERTIFICATE-----