Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/0cda74-c9bb-4d92-9e6f-38997821ffce/1/O5DiGBxXgxkBCTZNGMQgecNF7aI.roa
File:                     O5DiGBxXgxkBCTZNGMQgecNF7aI.roa (raw, json)
Hash identifier:          0ahwaWUfVDJYD2wF/x/njO0sF76KorNYpLUQSfP42Kw=
Subject key identifier:   3B:90:E2:18:1C:57:83:19:01:09:36:4D:18:C4:20:79:C3:45:ED:A2
Certificate issuer:       /CN=3547913ce3a11588b59c3c9f9da9ff77f248ac12
Certificate serial:       01941FFA3AA0832511BD739CDD8ACF34C04B
Authority key identifier: 35:47:91:3C:E3:A1:15:88:B5:9C:3C:9F:9D:A9:FF:77:F2:48:AC:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NUeRPOOhFYi1nDyfnan_d_JIrBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/0cda74-c9bb-4d92-9e6f-38997821ffce/1/O5DiGBxXgxkBCTZNGMQgecNF7aI.roa
Signing time:             Wed 01 Jan 2025 03:48:00 +0000
ROA not before:           Wed 01 Jan 2025 03:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203175
IP address blocks:        185.137.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/0cda74-c9bb-4d92-9e6f-38997821ffce/1/NUeRPOOhFYi1nDyfnan_d_JIrBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/0cda74-c9bb-4d92-9e6f-38997821ffce/1/NUeRPOOhFYi1nDyfnan_d_JIrBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NUeRPOOhFYi1nDyfnan_d_JIrBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:3a:a0:83:25:11:bd:73:9c:dd:8a:cf:34:c0:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3547913ce3a11588b59c3c9f9da9ff77f248ac12
        Validity
            Not Before: Jan  1 03:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b90e2181c5783190109364d18c42079c345eda2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:86:d4:13:c3:d4:50:23:66:e5:ec:0c:eb:1d:
                    b5:37:91:4c:7b:b9:10:f0:72:8f:d3:e4:51:36:1a:
                    31:21:2e:00:86:ee:b9:1a:88:5f:df:38:11:b9:b9:
                    bf:bc:b8:d7:d8:9f:ef:65:97:31:ef:fa:f0:2e:9d:
                    b1:cb:49:b6:32:37:7b:5e:16:79:b7:89:23:5c:33:
                    04:d7:ea:a3:ce:ea:40:78:60:8e:c7:4e:37:20:e7:
                    91:81:d0:59:58:e2:f9:fe:cb:fb:11:28:b1:5a:ad:
                    04:6f:9e:d6:ba:69:06:75:93:ba:8d:d0:19:80:36:
                    2e:9c:77:aa:8b:9a:81:c6:da:1a:a0:ab:1e:f7:a1:
                    c2:3a:c3:75:79:52:a1:6f:83:f0:90:53:05:a2:0d:
                    a2:89:9d:4b:f3:06:68:22:ae:da:47:fa:e4:f3:65:
                    2b:59:ce:17:fb:14:44:af:3a:4a:f7:f6:7b:dc:6d:
                    2e:76:76:e8:a7:54:fb:82:b5:f3:fd:10:b5:e8:3c:
                    e2:14:ce:94:08:af:ae:f8:54:87:09:7f:8c:55:ca:
                    4d:d8:00:81:82:71:88:57:58:7f:3d:1e:dc:20:cd:
                    fa:f2:35:40:4d:0d:18:61:78:6c:61:f9:6f:00:8a:
                    9e:ea:91:8f:74:36:8e:11:0d:3d:9e:0b:8b:c2:d1:
                    3f:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:90:E2:18:1C:57:83:19:01:09:36:4D:18:C4:20:79:C3:45:ED:A2
            X509v3 Authority Key Identifier:
                keyid:35:47:91:3C:E3:A1:15:88:B5:9C:3C:9F:9D:A9:FF:77:F2:48:AC:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NUeRPOOhFYi1nDyfnan_d_JIrBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/0cda74-c9bb-4d92-9e6f-38997821ffce/1/O5DiGBxXgxkBCTZNGMQgecNF7aI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/0cda74-c9bb-4d92-9e6f-38997821ffce/1/NUeRPOOhFYi1nDyfnan_d_JIrBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:1c:46:5a:3e:f2:c3:05:e4:f1:77:49:5e:aa:36:cf:1b:8b:
         77:49:86:60:c4:ff:c1:04:17:5c:db:20:60:b4:f1:66:05:99:
         03:f9:9a:e4:af:0c:90:c1:97:03:8a:a9:62:30:77:12:55:8c:
         5c:af:7f:35:f6:2e:e4:81:28:5a:97:05:6c:21:85:cc:7c:35:
         e3:ea:5e:10:69:77:99:96:cb:d8:66:c4:79:80:a1:42:88:6d:
         ad:1b:50:cc:18:7f:78:7d:0a:39:cd:c5:26:30:f9:fc:7c:d3:
         df:15:5d:49:b2:b2:88:68:84:1a:a4:95:4a:28:26:0f:79:50:
         85:64:1a:3b:23:98:23:cf:fc:6f:22:fd:32:87:29:93:d3:fb:
         c5:fe:52:98:38:42:22:e1:d2:af:6b:ee:f2:4c:23:70:a6:ee:
         02:b6:39:2f:31:25:45:87:10:e9:6c:91:de:9e:11:92:50:60:
         1f:aa:e9:96:26:bb:87:ba:e8:5d:e1:d7:3a:10:f5:c7:ee:a6:
         0d:06:bd:24:2e:56:ea:cb:78:a0:f0:f6:66:3b:a2:f2:99:38:
         52:2d:59:bc:7a:9c:c9:ab:9a:d9:a9:f5:a8:99:f2:5a:95:f8:
         1f:ca:59:02:a5:da:5a:00:3d:1e:bc:a3:97:28:d8:69:22:93:
         70:d6:c7:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+jqggyURvXOc3YrPNMBLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NDc5MTNjZTNhMTE1ODhiNTljM2M5ZjlkYTlmZjc3ZjI0
OGFjMTIwHhcNMjUwMTAxMDM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjkwZTIxODFjNTc4MzE5MDEwOTM2NGQxOGM0MjA3OWMzNDVlZGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxobUE8PUUCNm5ewM6x21N5FMe7kQ
8HKP0+RRNhoxIS4Ahu65Gohf3zgRubm/vLjX2J/vZZcx7/rwLp2xy0m2Mjd7XhZ5
t4kjXDME1+qjzupAeGCOx043IOeRgdBZWOL5/sv7ESixWq0Eb57WumkGdZO6jdAZ
gDYunHeqi5qBxtoaoKse96HCOsN1eVKhb4PwkFMFog2iiZ1L8wZoIq7aR/rk82Ur
Wc4X+xRErzpK9/Z73G0udnbop1T7grXz/RC16DziFM6UCK+u+FSHCX+MVcpN2ACB
gnGIV1h/PR7cIM368jVATQ0YYXhsYflvAIqe6pGPdDaOEQ09nguLwtE/JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuQ4hgcV4MZAQk2TRjEIHnDRe2iMB8GA1UdIwQY
MBaAFDVHkTzjoRWItZw8n52p/3fySKwSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlVlUlBPT2hGWWkxbkR5Zm5hbl9kX0pJckJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8wY2RhNzQtYzliYi00ZDkyLTllNmYt
Mzg5OTc4MjFmZmNlLzEvTzVEaUdCeFhneGtCQ1RaTkdNUWdlY05GN2FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8wY2RhNzQtYzliYi00ZDkyLTllNmYtMzg5OTc4MjFmZmNl
LzEvTlVlUlBPT2hGWWkxbkR5Zm5hbl9kX0pJckJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYkdMA0G
CSqGSIb3DQEBCwUAA4IBAQAnHEZaPvLDBeTxd0leqjbPG4t3SYZgxP/BBBdc2yBg
tPFmBZkD+ZrkrwyQwZcDiqliMHcSVYxcr3819i7kgShalwVsIYXMfDXj6l4QaXeZ
lsvYZsR5gKFCiG2tG1DMGH94fQo5zcUmMPn8fNPfFV1JsrKIaIQapJVKKCYPeVCF
ZBo7I5gjz/xvIv0yhymT0/vF/lKYOEIi4dKva+7yTCNwpu4CtjkvMSVFhxDpbJHe
nhGSUGAfqumWJruHuuhd4dc6EPXH7qYNBr0kLlbqy3ig8PZmO6LymThSLVm8epzJ
q5rZqfWomfJalfgfylkCpdpaAD0evKOXKNhpIpNw1sdt
-----END CERTIFICATE-----