Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/3a9021-2959-47e7-a615-81144fd01564/1/Ofe5y963IBdAewU6cuUJ3GOhnPg.roa
File:                     Ofe5y963IBdAewU6cuUJ3GOhnPg.roa (raw, json)
Hash identifier:          wYPWSR0SRCo8lw+izQyw6mN43vzofM40zE5eYO1oT9w=
Subject key identifier:   39:F7:B9:CB:DE:B7:20:17:40:7B:05:3A:72:E5:09:DC:63:A1:9C:F8
Certificate issuer:       /CN=37a5b8cdfd1d797d860660e34bfa1a2ad85ff9d9
Certificate serial:       01941FFA016B5B84654E744EF9E5109FAF82
Authority key identifier: 37:A5:B8:CD:FD:1D:79:7D:86:06:60:E3:4B:FA:1A:2A:D8:5F:F9:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N6W4zf0deX2GBmDjS_oaKthf-dk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/3a9021-2959-47e7-a615-81144fd01564/1/Ofe5y963IBdAewU6cuUJ3GOhnPg.roa
Signing time:             Wed 01 Jan 2025 03:47:45 +0000
ROA not before:           Wed 01 Jan 2025 03:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2852
IP address blocks:        193.84.53.0/24 maxlen: 24
                          193.84.55.0/24 maxlen: 24
                          193.84.56.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/3a9021-2959-47e7-a615-81144fd01564/1/N6W4zf0deX2GBmDjS_oaKthf-dk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/3a9021-2959-47e7-a615-81144fd01564/1/N6W4zf0deX2GBmDjS_oaKthf-dk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N6W4zf0deX2GBmDjS_oaKthf-dk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:01:6b:5b:84:65:4e:74:4e:f9:e5:10:9f:af:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37a5b8cdfd1d797d860660e34bfa1a2ad85ff9d9
        Validity
            Not Before: Jan  1 03:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39f7b9cbdeb72017407b053a72e509dc63a19cf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ef:9c:27:5a:5a:74:46:18:7e:ce:e2:62:5e:
                    44:e4:09:1f:b7:f0:c8:67:87:0b:28:84:5d:0d:33:
                    1b:54:22:98:3e:f1:38:3c:50:59:1b:30:e4:80:4a:
                    5b:d6:a6:91:8b:1a:de:45:de:f3:4f:27:79:30:bd:
                    6a:42:c7:5b:fe:b3:78:38:f1:11:94:fb:bb:c9:23:
                    19:8f:07:90:4f:67:df:58:9d:2d:e2:e6:1e:c1:a2:
                    f0:c5:0a:b8:01:7a:6d:94:8b:0b:3b:bd:f3:f3:00:
                    0e:75:8f:4d:39:95:c6:24:a1:18:f9:1e:03:2f:d9:
                    98:8e:c4:ec:1f:e0:9b:7c:0f:ba:b7:2d:5b:21:23:
                    0b:30:53:07:29:0e:39:eb:3d:b2:71:63:b9:7b:03:
                    ae:37:5e:bc:12:07:6c:b0:15:b4:6e:18:46:28:fa:
                    e1:8f:19:71:11:06:d2:41:1a:1b:79:28:74:c6:3b:
                    70:12:9d:b2:44:62:0f:62:f4:cf:d1:d5:04:8f:3e:
                    c9:c2:9a:31:49:2f:1d:12:e1:e6:fe:7d:db:b1:5a:
                    80:19:5e:b4:bf:bd:00:6c:fb:8d:82:98:eb:02:52:
                    83:32:00:60:cf:c7:7c:a5:47:d6:a1:71:89:60:63:
                    f3:7c:d1:89:78:7b:f4:de:8b:01:46:72:3d:b9:71:
                    2e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:F7:B9:CB:DE:B7:20:17:40:7B:05:3A:72:E5:09:DC:63:A1:9C:F8
            X509v3 Authority Key Identifier:
                keyid:37:A5:B8:CD:FD:1D:79:7D:86:06:60:E3:4B:FA:1A:2A:D8:5F:F9:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N6W4zf0deX2GBmDjS_oaKthf-dk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/3a9021-2959-47e7-a615-81144fd01564/1/Ofe5y963IBdAewU6cuUJ3GOhnPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/3a9021-2959-47e7-a615-81144fd01564/1/N6W4zf0deX2GBmDjS_oaKthf-dk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.53.0/24
                  193.84.55.0-193.84.63.255

    Signature Algorithm: sha256WithRSAEncryption
         1d:01:15:7e:01:81:e4:63:25:54:ca:ad:7b:49:0b:10:cb:94:
         f1:b6:d6:68:0f:cb:a7:2f:d4:2f:76:22:3f:dd:68:63:dc:06:
         9b:c4:15:5e:72:65:bb:6b:fe:5d:78:ad:51:bd:02:40:80:a2:
         a6:b8:ad:36:28:ce:9a:c3:13:8d:ce:59:0d:4f:26:d8:9e:c9:
         0b:76:a6:54:0c:b0:24:db:6a:ad:db:b2:a4:d8:84:af:70:3a:
         a6:5f:28:cc:ee:d5:70:8c:01:1d:54:63:3a:40:b2:13:db:b1:
         b7:39:f3:45:65:7d:cb:c5:12:4b:98:99:3c:ec:36:5b:bc:07:
         68:74:d8:d5:8c:96:b2:5b:b4:36:1a:46:b6:05:44:a7:81:40:
         77:23:9d:0c:32:ff:7c:24:f5:78:d0:87:07:65:93:f9:aa:7c:
         6b:87:23:7a:fe:ab:e4:09:36:a2:95:df:9b:31:36:0c:31:b1:
         7d:c9:32:9e:f3:7e:3c:bf:b6:0e:b6:b6:3a:4e:c7:aa:5e:21:
         c5:d2:3b:f8:d0:9c:26:ac:0b:83:08:36:8a:1d:07:61:24:63:
         89:ff:be:7a:0c:a9:6c:23:91:63:1b:7f:8c:00:db:d6:39:46:
         50:2a:e5:a3:f2:63:a8:89:65:07:af:2d:9c:9e:5d:53:02:d3:
         15:16:0c:77
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQf+gFrW4RlTnRO+eUQn6+CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3YTViOGNkZmQxZDc5N2Q4NjA2NjBlMzRiZmExYTJhZDg1
ZmY5ZDkwHhcNMjUwMTAxMDM0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWY3YjljYmRlYjcyMDE3NDA3YjA1M2E3MmU1MDlkYzYzYTE5Y2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx++cJ1padEYYfs7iYl5E5Akft/DI
Z4cLKIRdDTMbVCKYPvE4PFBZGzDkgEpb1qaRixreRd7zTyd5ML1qQsdb/rN4OPER
lPu7ySMZjweQT2ffWJ0t4uYewaLwxQq4AXptlIsLO73z8wAOdY9NOZXGJKEY+R4D
L9mYjsTsH+CbfA+6ty1bISMLMFMHKQ456z2ycWO5ewOuN168EgdssBW0bhhGKPrh
jxlxEQbSQRobeSh0xjtwEp2yRGIPYvTP0dUEjz7JwpoxSS8dEuHm/n3bsVqAGV60
v70AbPuNgpjrAlKDMgBgz8d8pUfWoXGJYGPzfNGJeHv03osBRnI9uXEuFwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDn3ucvetyAXQHsFOnLlCdxjoZz4MB8GA1UdIwQY
MBaAFDeluM39HXl9hgZg40v6GirYX/nZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjZXNHpmMGRlWDJHQm1EalNfb2FLdGhmLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8zYTkwMjEtMjk1OS00N2U3LWE2MTUt
ODExNDRmZDAxNTY0LzEvT2ZlNXk5NjNJQmRBZXdVNmN1VUozR09oblBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8zYTkwMjEtMjk1OS00N2U3LWE2MTUtODExNDRmZDAxNTY0
LzEvTjZXNHpmMGRlWDJHQm1EalNfb2FLdGhmLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAwVQ1MAwD
BADBVDcDBAbBVAAwDQYJKoZIhvcNAQELBQADggEBAB0BFX4BgeRjJVTKrXtJCxDL
lPG21mgPy6cv1C92Ij/daGPcBpvEFV5yZbtr/l14rVG9AkCAoqa4rTYozprDE43O
WQ1PJtieyQt2plQMsCTbaq3bsqTYhK9wOqZfKMzu1XCMAR1UYzpAshPbsbc580Vl
fcvFEkuYmTzsNlu8B2h02NWMlrJbtDYaRrYFRKeBQHcjnQwy/3wk9XjQhwdlk/mq
fGuHI3r+q+QJNqKV35sxNgwxsX3JMp7zfjy/tg62tjpOx6peIcXSO/jQnCasC4MI
NoodB2EkY4n/vnoMqWwjkWMbf4wA29Y5RlAq5aPyY6iJZQevLZyeXVMC0xUWDHc=
-----END CERTIFICATE-----