Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/oFLSLxTROTSIlscGjGR0gR901FM.roa
File:                     oFLSLxTROTSIlscGjGR0gR901FM.roa (raw, json)
Hash identifier:          WRbdNPDyjk05klC3/AGlx6tP1ckSGAuLYeSpiKLvrT0=
Subject key identifier:   A0:52:D2:2F:14:D1:39:34:88:96:C7:06:8C:64:74:81:1F:74:D4:53
Certificate issuer:       /CN=fca396f1c344b079c5d2f27bfb313377febb2ec7
Certificate serial:       01942747EADDA2F9787B482E278D3ECA0C4A
Authority key identifier: FC:A3:96:F1:C3:44:B0:79:C5:D2:F2:7B:FB:31:33:77:FE:BB:2E:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/oFLSLxTROTSIlscGjGR0gR901FM.roa
Signing time:             Thu 02 Jan 2025 13:50:12 +0000
ROA not before:           Thu 02 Jan 2025 13:50:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15404
IP address blocks:        194.117.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:ea:dd:a2:f9:78:7b:48:2e:27:8d:3e:ca:0c:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fca396f1c344b079c5d2f27bfb313377febb2ec7
        Validity
            Not Before: Jan  2 13:50:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a052d22f14d139348896c7068c6474811f74d453
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:68:2d:d7:2c:da:eb:72:da:26:6c:b0:fc:56:
                    01:0b:72:45:13:8c:9b:0a:43:fa:fa:b4:ad:85:db:
                    d4:42:37:96:e7:8b:0d:2f:f3:8d:fb:1c:8d:55:ac:
                    65:0b:08:b0:4d:bb:2d:ee:ff:1e:88:98:64:d0:29:
                    1c:59:65:5b:69:40:2a:a4:26:d4:9f:9b:21:45:6f:
                    24:ff:5f:e3:17:ac:45:0d:35:57:2a:5b:e4:72:44:
                    6a:cc:82:d7:92:ae:5e:3a:cc:16:76:0c:a8:0d:0a:
                    b0:1a:0d:99:f5:79:da:9d:4c:a9:0a:b3:e3:52:74:
                    f0:77:7b:af:41:d6:80:ac:b7:8b:52:b7:a8:05:92:
                    5c:28:68:b0:c9:f8:00:fd:df:fb:88:fc:aa:3c:23:
                    c9:4d:c1:a2:aa:a0:cf:9b:85:99:9d:f8:38:22:6a:
                    30:32:de:a9:00:26:4b:38:7b:bd:8b:29:e9:cb:d9:
                    9c:52:15:6a:0b:3b:45:b5:4a:8a:91:8b:32:ae:6c:
                    99:b1:e7:a3:f3:de:39:3e:62:32:fd:dd:11:d2:6b:
                    0b:bc:33:ca:5e:91:87:aa:4a:56:eb:b7:e8:67:e3:
                    bb:ec:03:02:1b:a7:50:b9:2d:c3:c5:10:1a:52:da:
                    13:d7:f3:d1:34:ee:4b:f5:b7:6d:8d:13:fe:40:65:
                    3e:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:52:D2:2F:14:D1:39:34:88:96:C7:06:8C:64:74:81:1F:74:D4:53
            X509v3 Authority Key Identifier:
                keyid:FC:A3:96:F1:C3:44:B0:79:C5:D2:F2:7B:FB:31:33:77:FE:BB:2E:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/oFLSLxTROTSIlscGjGR0gR901FM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.117.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:ee:55:8c:34:a8:5a:fe:b5:05:9b:90:99:48:ce:5e:e5:0b:
         be:0b:b9:51:4b:c0:31:e5:64:81:99:19:ea:68:2f:d3:16:96:
         ae:26:52:c3:d5:29:a2:dc:2c:e6:cc:32:45:79:2a:b4:87:26:
         93:c0:70:82:a1:dc:84:72:5b:66:bc:bc:8a:11:01:9d:ed:ee:
         0a:16:81:e2:56:1e:13:47:8e:47:b1:a1:c9:fb:1b:17:bb:de:
         20:16:08:29:ff:80:25:83:7e:ec:be:9b:77:88:e2:4a:7c:b4:
         00:9d:e8:bf:9b:fb:15:2b:c3:0f:b8:da:b0:cb:53:cb:88:64:
         32:17:2c:d0:1a:36:ee:36:38:83:a0:c1:9a:41:67:0c:e1:1a:
         21:c9:f8:bc:ed:58:ff:ea:aa:f8:4e:e5:86:b5:64:8b:67:67:
         10:ac:19:c2:50:25:ae:cc:75:cc:b2:59:be:e8:0d:64:36:12:
         e8:f6:92:2b:96:c0:20:ce:ca:75:18:15:64:07:0b:39:31:bd:
         82:f2:ec:51:f8:6a:96:10:27:e1:54:9a:23:01:f6:0b:db:53:
         71:5f:d0:c2:d1:05:f9:a5:32:4f:c9:c4:ea:eb:ce:07:90:0f:
         56:97:e6:32:d2:d7:5b:fc:bb:6a:4b:78:b1:b4:41:33:11:b8:
         c1:c0:8a:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR+rdovl4e0guJ40+ygxKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjYTM5NmYxYzM0NGIwNzljNWQyZjI3YmZiMzEzMzc3ZmVi
YjJlYzcwHhcNMjUwMTAyMTM1MDEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDUyZDIyZjE0ZDEzOTM0ODg5NmM3MDY4YzY0NzQ4MTFmNzRkNDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6mgt1yza63LaJmyw/FYBC3JFE4yb
CkP6+rSthdvUQjeW54sNL/ON+xyNVaxlCwiwTbst7v8eiJhk0CkcWWVbaUAqpCbU
n5shRW8k/1/jF6xFDTVXKlvkckRqzILXkq5eOswWdgyoDQqwGg2Z9XnanUypCrPj
UnTwd3uvQdaArLeLUreoBZJcKGiwyfgA/d/7iPyqPCPJTcGiqqDPm4WZnfg4Imow
Mt6pACZLOHu9iynpy9mcUhVqCztFtUqKkYsyrmyZseej8945PmIy/d0R0msLvDPK
XpGHqkpW67foZ+O77AMCG6dQuS3DxRAaUtoT1/PRNO5L9bdtjRP+QGU+dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKBS0i8U0Tk0iJbHBoxkdIEfdNRTMB8GA1UdIwQY
MBaAFPyjlvHDRLB5xdLye/sxM3f+uy7HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0tPVzhjTkVzSG5GMHZKNy16RXpkXzY3THNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xNGUxNDEtY2FhNS00MWZiLTk0NWIt
ZmZiMTZlYmQxMTFmLzEvb0ZMU0x4VFJPVFNJbHNjR2pHUjBnUjkwMUZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xNGUxNDEtY2FhNS00MWZiLTk0NWItZmZiMTZlYmQxMTFm
LzEvX0tPVzhjTkVzSG5GMHZKNy16RXpkXzY3THNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnXvMA0G
CSqGSIb3DQEBCwUAA4IBAQBS7lWMNKha/rUFm5CZSM5e5Qu+C7lRS8Ax5WSBmRnq
aC/TFpauJlLD1Smi3CzmzDJFeSq0hyaTwHCCodyEcltmvLyKEQGd7e4KFoHiVh4T
R45HsaHJ+xsXu94gFggp/4Alg37svpt3iOJKfLQAnei/m/sVK8MPuNqwy1PLiGQy
FyzQGjbuNjiDoMGaQWcM4Rohyfi87Vj/6qr4TuWGtWSLZ2cQrBnCUCWuzHXMslm+
6A1kNhLo9pIrlsAgzsp1GBVkBws5Mb2C8uxR+GqWECfhVJojAfYL21NxX9DC0QX5
pTJPycTq684HkA9Wl+Yy0tdb/LtqS3ixtEEzEbjBwIpR
-----END CERTIFICATE-----