Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/826eeb-0bb2-42a8-84e2-b75b4904982f/1/Oc_LJaADC2cknQ1kKmCdsTOaMZk.roa
File:                     Oc_LJaADC2cknQ1kKmCdsTOaMZk.roa (raw, json)
Hash identifier:          JMTbvNQOvHmoLJzyFa8UDUWlgTHr2CpWgpqDOMIvsck=
Subject key identifier:   39:CF:CB:25:A0:03:0B:67:24:9D:0D:64:2A:60:9D:B1:33:9A:31:99
Certificate issuer:       /CN=6007365e0cf30ca8fce98c62660d186a979bc959
Certificate serial:       0194206822F685535D102B495F8D55825501
Authority key identifier: 60:07:36:5E:0C:F3:0C:A8:FC:E9:8C:62:66:0D:18:6A:97:9B:C9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YAc2XgzzDKj86YxiZg0YapebyVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/826eeb-0bb2-42a8-84e2-b75b4904982f/1/Oc_LJaADC2cknQ1kKmCdsTOaMZk.roa
Signing time:             Wed 01 Jan 2025 05:48:03 +0000
ROA not before:           Wed 01 Jan 2025 05:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201586
IP address blocks:        193.246.106.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/826eeb-0bb2-42a8-84e2-b75b4904982f/1/YAc2XgzzDKj86YxiZg0YapebyVk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/826eeb-0bb2-42a8-84e2-b75b4904982f/1/YAc2XgzzDKj86YxiZg0YapebyVk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YAc2XgzzDKj86YxiZg0YapebyVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:22:f6:85:53:5d:10:2b:49:5f:8d:55:82:55:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6007365e0cf30ca8fce98c62660d186a979bc959
        Validity
            Not Before: Jan  1 05:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39cfcb25a0030b67249d0d642a609db1339a3199
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:40:62:9c:5a:30:38:20:91:96:0f:e4:76:7e:
                    83:25:cc:89:9a:ee:30:9c:f0:92:3b:b1:71:df:5c:
                    16:81:91:15:35:00:03:85:56:09:50:c5:d9:88:75:
                    25:2a:bb:c7:a0:0d:1b:28:78:d9:15:56:56:61:50:
                    d1:e0:f8:3c:b1:60:1f:2b:21:fc:d4:1e:71:cb:99:
                    2c:bd:31:c7:17:0e:a2:e7:fc:ae:6f:85:08:52:c9:
                    be:08:09:d1:30:a2:8f:1b:9e:92:5b:79:a7:6e:a7:
                    b3:ce:b3:a9:48:73:8d:38:46:12:91:16:10:51:61:
                    9e:47:09:6e:e8:20:1e:32:3e:20:fb:91:30:b4:5b:
                    7f:d5:c5:c9:8e:d7:34:7c:9e:59:01:36:87:3b:08:
                    bd:04:74:31:e5:73:b0:99:0f:7b:ee:5e:1d:74:43:
                    ca:ab:57:76:cd:d9:9b:3e:4d:45:38:dd:a2:c5:20:
                    b3:0c:a1:68:9a:11:e0:ce:e5:4f:a2:d4:03:cd:02:
                    21:54:25:4a:d6:e8:e5:32:e4:0f:9f:9d:0a:98:5b:
                    58:04:b5:1b:d6:08:08:33:cd:33:73:49:e1:d4:c8:
                    90:58:f3:05:29:94:aa:94:09:17:bc:ec:26:ff:82:
                    bc:8d:68:8f:6c:7a:b4:08:43:e1:c8:44:4b:ea:6b:
                    56:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:CF:CB:25:A0:03:0B:67:24:9D:0D:64:2A:60:9D:B1:33:9A:31:99
            X509v3 Authority Key Identifier:
                keyid:60:07:36:5E:0C:F3:0C:A8:FC:E9:8C:62:66:0D:18:6A:97:9B:C9:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YAc2XgzzDKj86YxiZg0YapebyVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/826eeb-0bb2-42a8-84e2-b75b4904982f/1/Oc_LJaADC2cknQ1kKmCdsTOaMZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/826eeb-0bb2-42a8-84e2-b75b4904982f/1/YAc2XgzzDKj86YxiZg0YapebyVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.246.106.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:65:1a:cc:96:53:a8:b2:87:a7:24:4a:15:e6:2a:39:c3:1b:
         e6:55:3f:fe:91:d2:6a:cc:db:1e:76:f1:36:12:d1:a3:b4:55:
         a6:d8:2a:2f:63:69:b9:b1:8a:5b:f6:65:4e:57:88:35:c3:f5:
         d9:9a:8e:dd:c2:4b:91:63:5a:b6:97:c2:7d:f7:62:43:55:df:
         0b:1d:e7:65:d2:9b:c5:51:ad:bc:2e:0b:a2:42:1a:49:8e:5b:
         d4:88:8a:b4:c4:01:37:4a:1f:14:e8:c4:d3:6f:a3:1d:12:4c:
         70:83:d3:8a:78:93:46:00:df:4d:18:c2:21:52:51:08:43:0c:
         61:21:dc:05:e7:e0:ea:2c:f8:28:c0:7e:5c:d3:3d:ca:1c:fd:
         02:dc:36:9d:a2:2a:7a:bc:44:c9:90:ce:4a:78:21:c4:a3:99:
         35:c3:b9:da:bc:5b:ee:a1:da:a3:9f:af:eb:32:75:6e:ef:ce:
         56:1f:6f:c6:68:10:7e:8a:54:9b:45:15:ab:83:b0:7d:09:12:
         8b:6d:b3:dd:2f:64:8f:df:f3:25:f9:da:54:32:e1:f4:55:6c:
         50:cd:65:f3:3e:d0:ed:b6:9a:84:a2:54:fc:08:7e:3e:39:e2:
         a2:f7:04:e7:ae:2e:82:9f:34:46:18:ff:7c:2a:8a:1b:2f:80:
         b6:42:7e:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaCL2hVNdECtJX41VglUBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMDczNjVlMGNmMzBjYThmY2U5OGM2MjY2MGQxODZhOTc5
YmM5NTkwHhcNMjUwMTAxMDU0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWNmY2IyNWEwMDMwYjY3MjQ5ZDBkNjQyYTYwOWRiMTMzOWEzMTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3EBinFowOCCRlg/kdn6DJcyJmu4w
nPCSO7Fx31wWgZEVNQADhVYJUMXZiHUlKrvHoA0bKHjZFVZWYVDR4Pg8sWAfKyH8
1B5xy5ksvTHHFw6i5/yub4UIUsm+CAnRMKKPG56SW3mnbqezzrOpSHONOEYSkRYQ
UWGeRwlu6CAeMj4g+5EwtFt/1cXJjtc0fJ5ZATaHOwi9BHQx5XOwmQ977l4ddEPK
q1d2zdmbPk1FON2ixSCzDKFomhHgzuVPotQDzQIhVCVK1ujlMuQPn50KmFtYBLUb
1ggIM80zc0nh1MiQWPMFKZSqlAkXvOwm/4K8jWiPbHq0CEPhyERL6mtWiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDnPyyWgAwtnJJ0NZCpgnbEzmjGZMB8GA1UdIwQY
MBaAFGAHNl4M8wyo/OmMYmYNGGqXm8lZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUFjMlhnenpES2o4Nll4aVpnMFlhcGVieVZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi84MjZlZWItMGJiMi00MmE4LTg0ZTIt
Yjc1YjQ5MDQ5ODJmLzEvT2NfTEphQURDMmNrblExa0ttQ2RzVE9hTVprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi84MjZlZWItMGJiMi00MmE4LTg0ZTItYjc1YjQ5MDQ5ODJm
LzEvWUFjMlhnenpES2o4Nll4aVpnMFlhcGVieVZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwfZqMA0G
CSqGSIb3DQEBCwUAA4IBAQBrZRrMllOosoenJEoV5io5wxvmVT/+kdJqzNsedvE2
EtGjtFWm2CovY2m5sYpb9mVOV4g1w/XZmo7dwkuRY1q2l8J992JDVd8LHedl0pvF
Ua28LguiQhpJjlvUiIq0xAE3Sh8U6MTTb6MdEkxwg9OKeJNGAN9NGMIhUlEIQwxh
IdwF5+DqLPgowH5c0z3KHP0C3Dadoip6vETJkM5KeCHEo5k1w7navFvuodqjn6/r
MnVu785WH2/GaBB+ilSbRRWrg7B9CRKLbbPdL2SP3/Ml+dpUMuH0VWxQzWXzPtDt
tpqEolT8CH4+OeKi9wTnri6CnzRGGP98KoobL4C2Qn7y
-----END CERTIFICATE-----