Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/OMAWMgjFkntxY9hjh7x9HjopsUQ.roa
File:                     OMAWMgjFkntxY9hjh7x9HjopsUQ.roa (raw, json)
Hash identifier:          fC4Wynjh9RIf9v3k1CSQsuZtxFupNj1veyw3ZlhI/Jw=
Subject key identifier:   38:C0:16:32:08:C5:92:7B:71:63:D8:63:87:BC:7D:1E:3A:29:B1:44
Certificate issuer:       /CN=8452b03e1b01709638940d9592983cde77ecab77
Certificate serial:       01942369B1F06A7AF60B876C22337D748CF1
Authority key identifier: 84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/OMAWMgjFkntxY9hjh7x9HjopsUQ.roa
Signing time:             Wed 01 Jan 2025 19:48:36 +0000
ROA not before:           Wed 01 Jan 2025 19:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197490
IP address blocks:        2a02:2000:3c6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:b1:f0:6a:7a:f6:0b:87:6c:22:33:7d:74:8c:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8452b03e1b01709638940d9592983cde77ecab77
        Validity
            Not Before: Jan  1 19:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38c0163208c5927b7163d86387bc7d1e3a29b144
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:3e:5a:5c:f0:98:f9:5b:37:77:2b:22:89:00:
                    7a:29:97:65:b9:fa:6d:2f:12:04:9e:d0:25:d6:58:
                    dc:30:fa:5a:ee:aa:8b:11:24:9d:a2:25:cb:4a:e1:
                    9e:63:88:73:5b:8c:27:38:77:75:a0:38:0a:0b:8c:
                    34:38:c3:9b:01:58:20:35:45:87:18:4d:28:05:6f:
                    3f:53:07:54:66:28:8a:ae:c6:92:80:13:23:c0:a9:
                    46:93:be:c8:a3:3f:4b:05:48:5f:78:fb:ad:1a:f3:
                    72:dc:ee:4a:83:04:53:e7:a6:2c:13:ea:13:2b:50:
                    b1:ca:40:a2:8f:29:12:94:67:06:fc:00:4c:87:5b:
                    dc:6b:d6:5b:9b:e5:7e:bb:20:e4:a6:b9:de:82:f9:
                    97:57:63:2c:4e:eb:0b:08:86:1c:ba:77:cf:67:7f:
                    6e:42:e5:62:e2:b6:35:c4:2e:d0:f3:08:50:1e:90:
                    23:41:6b:64:a8:5f:4d:0f:0a:07:56:3b:f5:dd:e0:
                    42:a7:84:e3:ee:5b:88:7b:17:96:00:42:47:26:1a:
                    e6:b8:a4:3e:19:78:3a:a1:05:48:3a:b4:0b:3b:af:
                    a7:af:cf:7e:43:aa:31:b1:39:0d:7c:ca:61:ea:18:
                    32:65:ad:39:b6:42:d9:e0:d1:f1:b4:c8:f4:db:54:
                    84:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:C0:16:32:08:C5:92:7B:71:63:D8:63:87:BC:7D:1E:3A:29:B1:44
            X509v3 Authority Key Identifier:
                keyid:84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/OMAWMgjFkntxY9hjh7x9HjopsUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2000:3c6::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:90:7b:38:b7:39:a2:62:be:0e:b9:67:f6:30:0e:4e:90:69:
         95:84:f3:37:84:99:4a:e5:e5:17:ef:cb:10:7a:89:7d:f3:fe:
         5c:80:57:49:56:ed:71:e7:d7:05:48:46:8a:14:2e:f0:61:74:
         5c:72:fb:fc:f7:9f:07:9d:35:85:c8:5a:7d:f9:ae:3f:8f:ca:
         1f:59:26:db:7c:99:be:f8:6c:16:36:16:1c:37:57:d3:1e:0a:
         04:86:fb:28:54:60:1b:0a:e1:de:58:02:02:e6:43:45:96:40:
         fe:ea:3b:04:73:20:c2:ba:d7:52:3a:8a:c2:3a:7d:ac:38:61:
         4f:83:f6:7b:a1:a2:ae:5c:c9:26:d8:cb:1f:6c:14:99:4c:90:
         ea:1b:ea:45:37:4d:c7:34:96:84:a4:e8:15:24:51:1e:c6:fe:
         04:af:cf:40:92:b7:f2:9b:ee:5a:d7:81:7e:5e:00:05:b4:03:
         a3:3b:41:1a:31:02:13:fd:94:4e:19:1b:90:e7:13:0c:f6:31:
         86:66:20:7f:71:bc:3d:95:74:41:b6:27:ef:50:6e:3c:f5:e2:
         27:27:dd:9f:b4:72:1c:93:e8:23:be:98:fc:f5:52:c1:cc:2e:
         0d:39:98:14:04:11:c0:2a:b1:55:98:b6:61:45:53:a5:71:be:
         74:c3:f6:12
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjabHwanr2C4dsIjN9dIzxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NTJiMDNlMWIwMTcwOTYzODk0MGQ5NTkyOTgzY2RlNzdl
Y2FiNzcwHhcNMjUwMTAxMTk0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGMwMTYzMjA4YzU5MjdiNzE2M2Q4NjM4N2JjN2QxZTNhMjliMTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArT5aXPCY+Vs3dysiiQB6KZdlufpt
LxIEntAl1ljcMPpa7qqLESSdoiXLSuGeY4hzW4wnOHd1oDgKC4w0OMObAVggNUWH
GE0oBW8/UwdUZiiKrsaSgBMjwKlGk77Ioz9LBUhfePutGvNy3O5KgwRT56YsE+oT
K1CxykCijykSlGcG/ABMh1vca9Zbm+V+uyDkprnegvmXV2MsTusLCIYcunfPZ39u
QuVi4rY1xC7Q8whQHpAjQWtkqF9NDwoHVjv13eBCp4Tj7luIexeWAEJHJhrmuKQ+
GXg6oQVIOrQLO6+nr89+Q6oxsTkNfMph6hgyZa05tkLZ4NHxtMj021SEqwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDjAFjIIxZJ7cWPYY4e8fR46KbFEMB8GA1UdIwQY
MBaAFIRSsD4bAXCWOJQNlZKYPN537Kt3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEZLd1Boc0JjSlk0bEEyVmtwZzgzbmZzcTNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8wMTFmNmUtZTkyOC00ZjJiLWFhMjQt
MjAwZmMyNzRjYjAxLzEvT01BV01nakZrbnR4WTloamg3eDlIam9wc1VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8wMTFmNmUtZTkyOC00ZjJiLWFhMjQtMjAwZmMyNzRjYjAx
LzEvaEZLd1Boc0JjSlk0bEEyVmtwZzgzbmZzcTNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIgAAPG
MA0GCSqGSIb3DQEBCwUAA4IBAQBHkHs4tzmiYr4OuWf2MA5OkGmVhPM3hJlK5eUX
78sQeol98/5cgFdJVu1x59cFSEaKFC7wYXRccvv8958HnTWFyFp9+a4/j8ofWSbb
fJm++GwWNhYcN1fTHgoEhvsoVGAbCuHeWAIC5kNFlkD+6jsEcyDCutdSOorCOn2s
OGFPg/Z7oaKuXMkm2MsfbBSZTJDqG+pFN03HNJaEpOgVJFEexv4Er89Akrfym+5a
14F+XgAFtAOjO0EaMQIT/ZROGRuQ5xMM9jGGZiB/cbw9lXRBtifvUG489eInJ92f
tHIck+gjvpj89VLBzC4NOZgUBBHAKrFVmLZhRVOlcb50w/YS
-----END CERTIFICATE-----