Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/c7dc34-44db-4c06-8a32-e22aed1f08ec/1/gOpessaE3KR3BE7y4M-QryrS1Ks.roa
File:                     gOpessaE3KR3BE7y4M-QryrS1Ks.roa (raw, json)
Hash identifier:          YdF4inQqBoygiKj6DuoyGUjs1/73Ha+wGsnO74e4IH4=
Subject key identifier:   80:EA:5E:B2:C6:84:DC:A4:77:04:4E:F2:E0:CF:90:AF:2A:D2:D4:AB
Certificate issuer:       /CN=b5167e7ee37838f0751c49c5e5f3ec000064ae95
Certificate serial:       019420D5D338783F9FA14C36349754D8B7A7
Authority key identifier: B5:16:7E:7E:E3:78:38:F0:75:1C:49:C5:E5:F3:EC:00:00:64:AE:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tRZ-fuN4OPB1HEnF5fPsAABkrpU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/c7dc34-44db-4c06-8a32-e22aed1f08ec/1/gOpessaE3KR3BE7y4M-QryrS1Ks.roa
Signing time:             Wed 01 Jan 2025 07:47:51 +0000
ROA not before:           Wed 01 Jan 2025 07:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212533
IP address blocks:        193.30.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/c7dc34-44db-4c06-8a32-e22aed1f08ec/1/tRZ-fuN4OPB1HEnF5fPsAABkrpU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/c7dc34-44db-4c06-8a32-e22aed1f08ec/1/tRZ-fuN4OPB1HEnF5fPsAABkrpU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tRZ-fuN4OPB1HEnF5fPsAABkrpU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:d3:38:78:3f:9f:a1:4c:36:34:97:54:d8:b7:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5167e7ee37838f0751c49c5e5f3ec000064ae95
        Validity
            Not Before: Jan  1 07:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80ea5eb2c684dca477044ef2e0cf90af2ad2d4ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:a2:7d:02:fc:9f:db:33:25:0a:69:83:d6:f5:
                    eb:1a:86:01:f5:02:cf:43:23:79:38:8b:bd:d9:b4:
                    1c:7d:6d:7a:f6:72:ee:76:d0:6a:45:fa:c2:20:14:
                    72:39:f6:aa:99:e6:66:7b:5f:44:04:5d:97:57:cd:
                    39:73:32:64:d8:aa:57:03:e2:9d:fa:97:4c:4d:c2:
                    49:b0:67:58:be:89:7f:27:98:7c:9b:fd:23:ba:60:
                    27:d8:43:8b:2d:71:b6:f6:1c:35:b9:3c:33:65:da:
                    c7:42:0c:05:5f:47:e4:c7:3c:af:73:a2:bf:9e:e7:
                    8c:39:10:b1:ed:19:90:e3:95:04:bd:8f:60:40:31:
                    5b:45:9b:bf:1a:f1:4f:8f:0d:f0:10:07:ad:06:57:
                    6a:83:b6:eb:c3:16:94:13:62:b1:59:95:87:82:61:
                    28:cb:f5:a4:b2:d6:90:3f:5c:6a:e0:63:56:f7:3f:
                    19:fb:6e:84:e1:ca:a6:ca:79:b3:d1:b0:76:56:69:
                    5e:06:53:0c:ce:3c:fc:a0:63:f4:a1:d1:b4:d6:0e:
                    fd:d3:ab:88:ad:83:eb:3c:08:7b:1f:c1:06:97:4d:
                    5a:35:33:28:ba:db:bf:cd:36:d4:ab:c9:04:c9:dd:
                    19:a5:6a:15:fe:ff:b5:2f:46:40:24:c9:13:77:e7:
                    3e:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:EA:5E:B2:C6:84:DC:A4:77:04:4E:F2:E0:CF:90:AF:2A:D2:D4:AB
            X509v3 Authority Key Identifier:
                keyid:B5:16:7E:7E:E3:78:38:F0:75:1C:49:C5:E5:F3:EC:00:00:64:AE:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tRZ-fuN4OPB1HEnF5fPsAABkrpU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/c7dc34-44db-4c06-8a32-e22aed1f08ec/1/gOpessaE3KR3BE7y4M-QryrS1Ks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/c7dc34-44db-4c06-8a32-e22aed1f08ec/1/tRZ-fuN4OPB1HEnF5fPsAABkrpU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:f5:07:64:5e:67:95:bd:62:77:6e:9a:08:bd:41:1b:72:68:
         e5:27:29:39:9d:7e:19:f9:29:07:fa:f8:62:14:2f:89:cb:33:
         32:bd:50:b9:2b:d7:56:0b:28:ac:eb:09:e6:1c:e0:27:ce:24:
         05:a9:7a:8b:2a:ae:7f:c1:c3:e9:8e:35:01:4d:c8:19:6d:e4:
         fc:68:13:1c:1b:b8:03:c9:21:f1:68:03:52:cd:db:e8:87:4a:
         d9:7e:cf:56:7a:54:04:c1:3a:08:b0:52:20:cd:be:82:b4:8a:
         4a:28:68:bf:40:3b:c4:4c:38:bd:9c:68:53:5e:e2:19:de:fa:
         38:6b:42:7d:38:00:05:f6:7b:00:df:0e:6a:55:66:ce:7f:30:
         69:d1:7e:fb:74:03:df:d5:be:b6:93:ca:7e:1e:44:6b:34:24:
         2f:42:fe:fc:fd:62:79:57:9f:39:5d:9f:0c:10:0f:4b:98:26:
         0c:1f:5c:9a:92:d8:12:44:4d:d6:f1:8e:f8:ba:c4:22:23:3e:
         0c:7b:79:d7:a1:45:35:2a:b5:08:5a:93:25:74:99:3b:b1:7c:
         1a:ca:ca:8f:5d:4b:e5:59:c2:c0:c3:b7:42:75:29:1d:75:2e:
         f2:20:bc:4e:40:98:41:c9:84:d6:3d:9b:1e:7c:77:8a:5b:1c:
         06:8a:4e:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1dM4eD+foUw2NJdU2LenMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1MTY3ZTdlZTM3ODM4ZjA3NTFjNDljNWU1ZjNlYzAwMDA2
NGFlOTUwHhcNMjUwMTAxMDc0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGVhNWViMmM2ODRkY2E0NzcwNDRlZjJlMGNmOTBhZjJhZDJkNGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaJ9Avyf2zMlCmmD1vXrGoYB9QLP
QyN5OIu92bQcfW169nLudtBqRfrCIBRyOfaqmeZme19EBF2XV805czJk2KpXA+Kd
+pdMTcJJsGdYvol/J5h8m/0jumAn2EOLLXG29hw1uTwzZdrHQgwFX0fkxzyvc6K/
nueMORCx7RmQ45UEvY9gQDFbRZu/GvFPjw3wEAetBldqg7brwxaUE2KxWZWHgmEo
y/WkstaQP1xq4GNW9z8Z+26E4cqmynmz0bB2VmleBlMMzjz8oGP0odG01g7906uI
rYPrPAh7H8EGl01aNTMoutu/zTbUq8kEyd0ZpWoV/v+1L0ZAJMkTd+c+awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIDqXrLGhNykdwRO8uDPkK8q0tSrMB8GA1UdIwQY
MBaAFLUWfn7jeDjwdRxJxeXz7AAAZK6VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFJaLWZ1TjRPUEIxSEVuRjVmUHNBQUJrcnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9jN2RjMzQtNDRkYi00YzA2LThhMzIt
ZTIyYWVkMWYwOGVjLzEvZ09wZXNzYUUzS1IzQkU3eTRNLVFyeXJTMUtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9jN2RjMzQtNDRkYi00YzA2LThhMzItZTIyYWVkMWYwOGVj
LzEvdFJaLWZ1TjRPUEIxSEVuRjVmUHNBQUJrcnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR52MA0G
CSqGSIb3DQEBCwUAA4IBAQDQ9QdkXmeVvWJ3bpoIvUEbcmjlJyk5nX4Z+SkH+vhi
FC+JyzMyvVC5K9dWCyis6wnmHOAnziQFqXqLKq5/wcPpjjUBTcgZbeT8aBMcG7gD
ySHxaANSzdvoh0rZfs9WelQEwToIsFIgzb6CtIpKKGi/QDvETDi9nGhTXuIZ3vo4
a0J9OAAF9nsA3w5qVWbOfzBp0X77dAPf1b62k8p+HkRrNCQvQv78/WJ5V585XZ8M
EA9LmCYMH1yaktgSRE3W8Y74usQiIz4Me3nXoUU1KrUIWpMldJk7sXwaysqPXUvl
WcLAw7dCdSkddS7yILxOQJhByYTWPZsefHeKWxwGik6B
-----END CERTIFICATE-----