Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/O_vmhwzKvamYIaopZQPHynmcIIw.roa
File:                     O_vmhwzKvamYIaopZQPHynmcIIw.roa (raw, json)
Hash identifier:          kKibiE85RgZGPFq2m5fIHS5P0gqzL+RvJwhCZ6WL+cY=
Subject key identifier:   3B:FB:E6:87:0C:CA:BD:A9:98:21:AA:29:65:03:C7:CA:79:9C:20:8C
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       0194258FA2A0CDA64CD96E1F0333578A1BBE
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/O_vmhwzKvamYIaopZQPHynmcIIw.roa
Signing time:             Thu 02 Jan 2025 05:49:17 +0000
ROA not before:           Thu 02 Jan 2025 05:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202104
IP address blocks:        81.25.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 13:02:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:a2:a0:cd:a6:4c:d9:6e:1f:03:33:57:8a:1b:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 05:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3bfbe6870ccabda99821aa296503c7ca799c208c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:78:ae:28:7c:30:56:1c:96:b9:af:23:90:32:
                    3b:5f:ad:4d:ae:f7:32:c1:5b:45:4d:82:03:e1:3a:
                    62:56:77:c2:97:5e:09:62:a2:e3:a9:b9:c7:2e:cd:
                    b7:f4:b2:09:dc:2c:7e:9f:02:00:ef:53:dc:a6:f1:
                    75:f1:ce:8a:c2:39:99:e5:71:2e:4a:b1:e1:a8:b7:
                    09:e6:a2:07:70:bf:67:c5:c8:07:1a:45:c7:fa:b5:
                    c8:d0:90:14:4b:97:8c:4d:e9:66:c8:50:e1:91:ee:
                    ed:04:9a:76:9e:97:83:90:da:0d:5c:bb:1e:04:e7:
                    a3:24:c2:67:2c:25:bb:68:95:b8:89:aa:2c:14:68:
                    9c:37:9b:db:70:f4:cc:47:5d:2c:e5:10:93:e9:b6:
                    ba:3b:fa:ad:ea:83:46:e0:89:2c:f6:10:56:ca:45:
                    3d:47:07:99:a0:43:dd:b6:b9:ab:84:ea:27:09:08:
                    45:ee:bb:04:73:db:e8:dc:af:3a:99:d5:2c:63:7e:
                    47:26:f3:77:57:0f:1a:bc:10:63:d0:f0:60:78:45:
                    a3:29:a0:eb:3a:5e:5d:13:26:9f:16:ec:a6:50:6f:
                    e4:cf:1c:85:4f:1f:c0:f5:a5:99:46:d4:00:24:fd:
                    3e:95:98:93:53:8c:2a:94:4b:7a:57:86:c5:51:2c:
                    64:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:FB:E6:87:0C:CA:BD:A9:98:21:AA:29:65:03:C7:CA:79:9C:20:8C
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/O_vmhwzKvamYIaopZQPHynmcIIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.25.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:7b:50:5f:c2:4d:51:e5:1e:b7:43:84:23:c3:c1:17:0d:cd:
         d3:5e:ab:0d:82:bf:3f:08:c6:16:2f:b4:68:99:7c:f1:75:dd:
         4a:a5:5c:86:d9:99:3f:87:0e:4c:a6:41:7d:3c:9d:ca:83:08:
         aa:30:b8:fd:8f:ba:ee:21:2b:59:35:a9:ba:9b:16:ee:78:06:
         ee:32:c7:4d:36:99:f4:84:6b:54:15:06:c5:f9:8f:91:7f:45:
         ae:c4:ca:08:8d:08:a5:19:f9:6f:76:20:61:9a:8d:84:e3:6a:
         7e:b0:73:95:aa:fd:c7:ce:b5:c6:4a:99:6c:ea:81:e4:64:d4:
         57:f9:22:57:61:e2:72:d1:63:28:19:d6:01:a6:f9:9a:ef:ba:
         75:fa:27:48:49:db:fb:57:40:5a:9e:cd:5d:fe:b7:14:3f:41:
         39:43:7f:7f:92:e7:24:d4:98:39:44:bb:2e:f6:54:e2:a4:8c:
         ff:fb:4b:a1:cb:d3:b5:df:3e:66:bc:22:6f:18:74:e2:f7:4a:
         53:fb:e9:d1:29:c7:93:fd:b5:0d:ab:c7:92:92:ff:36:e1:35:
         bb:7e:ca:0e:21:75:fd:ee:cb:5d:9a:e8:6a:9b:3e:c8:d9:7b:
         c6:1a:86:05:f0:42:b2:bc:33:6e:3e:fe:5b:02:33:62:2f:13:
         72:3c:12:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj6KgzaZM2W4fAzNXihu+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwMTAyMDU0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmZiZTY4NzBjY2FiZGE5OTgyMWFhMjk2NTAzYzdjYTc5OWMyMDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3iuKHwwVhyWua8jkDI7X61Nrvcy
wVtFTYID4TpiVnfCl14JYqLjqbnHLs239LIJ3Cx+nwIA71PcpvF18c6KwjmZ5XEu
SrHhqLcJ5qIHcL9nxcgHGkXH+rXI0JAUS5eMTelmyFDhke7tBJp2npeDkNoNXLse
BOejJMJnLCW7aJW4iaosFGicN5vbcPTMR10s5RCT6ba6O/qt6oNG4Iks9hBWykU9
RweZoEPdtrmrhOonCQhF7rsEc9vo3K86mdUsY35HJvN3Vw8avBBj0PBgeEWjKaDr
Ol5dEyafFuymUG/kzxyFTx/A9aWZRtQAJP0+lZiTU4wqlEt6V4bFUSxkDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDv75ocMyr2pmCGqKWUDx8p5nCCMMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvT192bWh3ekt2YW1ZSWFvcFpRUEh5bm1jSUl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURlGMA0G
CSqGSIb3DQEBCwUAA4IBAQCIe1Bfwk1R5R63Q4Qjw8EXDc3TXqsNgr8/CMYWL7Ro
mXzxdd1KpVyG2Zk/hw5MpkF9PJ3KgwiqMLj9j7ruIStZNam6mxbueAbuMsdNNpn0
hGtUFQbF+Y+Rf0WuxMoIjQilGflvdiBhmo2E42p+sHOVqv3HzrXGSpls6oHkZNRX
+SJXYeJy0WMoGdYBpvma77p1+idISdv7V0Bans1d/rcUP0E5Q39/kuck1Jg5RLsu
9lTipIz/+0uhy9O13z5mvCJvGHTi90pT++nRKceT/bUNq8eSkv824TW7fsoOIXX9
7stdmuhqmz7I2XvGGoYF8EKyvDNuPv5bAjNiLxNyPBJA
-----END CERTIFICATE-----