Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/973047-8914-41c6-a1e0-0ac7b7ede42b/1/ouICw0nyK_0-5jscxv12aq634vw.roa
File:                     ouICw0nyK_0-5jscxv12aq634vw.roa (raw, json)
Hash identifier:          ZpjXF6V0UreF7p2IPTzGzZ30r7TGS05jqHG074BeOko=
Subject key identifier:   A2:E2:02:C3:49:F2:2B:FD:3E:E6:3B:1C:C6:FD:76:6A:AE:B7:E2:FC
Certificate issuer:       /CN=a5b9df7e98f6f39fe2ba4022da277d2819828021
Certificate serial:       0194FF8D5F55D58EBF90697C3BB6D29D2966
Authority key identifier: A5:B9:DF:7E:98:F6:F3:9F:E2:BA:40:22:DA:27:7D:28:19:82:80:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pbnffpj285_iukAi2id9KBmCgCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/973047-8914-41c6-a1e0-0ac7b7ede42b/1/ouICw0nyK_0-5jscxv12aq634vw.roa
Signing time:             Thu 13 Feb 2025 13:44:02 +0000
ROA not before:           Thu 13 Feb 2025 13:44:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212362
IP address blocks:        2a0e:acc7::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/973047-8914-41c6-a1e0-0ac7b7ede42b/1/pbnffpj285_iukAi2id9KBmCgCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/973047-8914-41c6-a1e0-0ac7b7ede42b/1/pbnffpj285_iukAi2id9KBmCgCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pbnffpj285_iukAi2id9KBmCgCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ff:8d:5f:55:d5:8e:bf:90:69:7c:3b:b6:d2:9d:29:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5b9df7e98f6f39fe2ba4022da277d2819828021
        Validity
            Not Before: Feb 13 13:44:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a2e202c349f22bfd3ee63b1cc6fd766aaeb7e2fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e7:17:72:65:8d:c3:c4:6b:1a:c6:67:c8:0e:
                    a2:04:7c:6d:69:ab:86:f9:ce:30:ad:e8:6d:9f:d9:
                    36:a0:81:92:e6:5e:9a:14:e4:7e:fb:a9:0d:22:51:
                    d0:32:39:de:2c:04:5f:c4:5e:d0:e5:31:74:a9:fc:
                    5d:fa:dd:97:4f:39:6a:59:b9:db:cb:fc:65:a3:44:
                    9f:56:23:0d:9c:bd:3f:74:e6:5c:60:77:5f:79:b2:
                    38:47:4e:90:64:5d:be:aa:68:80:5a:8b:e3:62:31:
                    c3:fe:91:df:57:c7:6a:17:22:8b:86:80:94:2c:96:
                    6c:a9:60:21:5a:13:6d:76:8e:61:7f:b7:e1:9c:05:
                    37:71:30:01:e9:a0:12:d2:76:0c:ec:e3:e5:58:25:
                    4f:2b:aa:2c:ba:99:1f:62:48:a5:eb:1b:55:ae:46:
                    df:7a:be:7b:dd:d5:8d:4b:09:f3:1b:e1:bf:da:c3:
                    4b:ac:c1:26:76:70:bd:ab:a7:1d:bf:69:67:2a:66:
                    da:43:2f:f2:07:6e:1c:b7:7d:c9:81:de:b2:28:9b:
                    05:8a:8f:5c:e2:07:49:f5:44:1e:88:81:c4:3b:89:
                    af:2a:70:f3:b1:01:47:de:fc:b2:ec:ad:02:8d:ce:
                    a6:f1:1c:df:96:b0:d2:e6:8b:27:e3:67:e2:37:8c:
                    51:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:E2:02:C3:49:F2:2B:FD:3E:E6:3B:1C:C6:FD:76:6A:AE:B7:E2:FC
            X509v3 Authority Key Identifier:
                keyid:A5:B9:DF:7E:98:F6:F3:9F:E2:BA:40:22:DA:27:7D:28:19:82:80:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pbnffpj285_iukAi2id9KBmCgCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/973047-8914-41c6-a1e0-0ac7b7ede42b/1/ouICw0nyK_0-5jscxv12aq634vw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/973047-8914-41c6-a1e0-0ac7b7ede42b/1/pbnffpj285_iukAi2id9KBmCgCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:acc7::/32

    Signature Algorithm: sha256WithRSAEncryption
         5a:e6:be:f3:e8:bc:f5:90:38:cb:0c:10:93:20:ba:5b:f0:53:
         44:7c:9e:5a:f9:cb:ba:6f:d4:76:46:86:f0:ef:b2:3b:df:27:
         c8:e8:05:75:cc:92:d3:9c:7c:a0:d3:3e:bd:d7:b9:0a:d2:89:
         c5:9d:67:93:43:1b:1e:52:fb:d9:25:06:16:7b:fe:71:d9:ac:
         48:6b:15:c0:29:f5:7b:3e:95:18:07:72:f1:bc:38:32:88:36:
         fc:61:90:11:7b:78:9f:b6:4f:dd:a3:f0:01:14:41:c3:6b:37:
         1d:20:4e:69:28:18:7e:8b:8e:6e:d4:e1:12:ac:43:97:bb:b1:
         89:0b:5c:e0:05:51:14:53:13:9b:1c:dd:80:78:92:6d:fa:df:
         4d:7b:df:1b:56:dd:f7:e6:41:77:71:6e:f7:ba:6d:b9:76:d6:
         90:a2:e1:41:eb:24:c3:f9:4e:09:1c:9e:11:96:93:ad:8a:75:
         5d:36:ee:15:03:fc:e2:57:18:64:fb:85:40:79:93:45:5f:43:
         3f:29:87:6b:00:0e:7f:3c:9d:12:94:c8:12:06:24:ee:ca:00:
         2f:c2:b5:d1:d8:82:89:fa:de:22:6e:44:5b:1b:48:45:d6:ca:
         76:48:90:32:69:a3:3a:fd:c1:2e:21:a9:04:3e:31:93:df:48:
         2f:02:22:91
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZT/jV9V1Y6/kGl8O7bSnSlmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YjlkZjdlOThmNmYzOWZlMmJhNDAyMmRhMjc3ZDI4MTk4
MjgwMjEwHhcNMjUwMjEzMTM0NDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmUyMDJjMzQ5ZjIyYmZkM2VlNjNiMWNjNmZkNzY2YWFlYjdlMmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvucXcmWNw8RrGsZnyA6iBHxtaauG
+c4wrehtn9k2oIGS5l6aFOR++6kNIlHQMjneLARfxF7Q5TF0qfxd+t2XTzlqWbnb
y/xlo0SfViMNnL0/dOZcYHdfebI4R06QZF2+qmiAWovjYjHD/pHfV8dqFyKLhoCU
LJZsqWAhWhNtdo5hf7fhnAU3cTAB6aAS0nYM7OPlWCVPK6osupkfYkil6xtVrkbf
er573dWNSwnzG+G/2sNLrMEmdnC9q6cdv2lnKmbaQy/yB24ct33Jgd6yKJsFio9c
4gdJ9UQeiIHEO4mvKnDzsQFH3vyy7K0Cjc6m8RzflrDS5osn42fiN4xRkwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKLiAsNJ8iv9PuY7HMb9dmqut+L8MB8GA1UdIwQY
MBaAFKW5336Y9vOf4rpAItonfSgZgoAhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGJuZmZwajI4NV9pdWtBaTJpZDlLQm1DZ0NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC85NzMwNDctODkxNC00MWM2LWExZTAt
MGFjN2I3ZWRlNDJiLzEvb3VJQ3cwbnlLXzAtNWpzY3h2MTJhcTYzNHZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC85NzMwNDctODkxNC00MWM2LWExZTAtMGFjN2I3ZWRlNDJi
LzEvcGJuZmZwajI4NV9pdWtBaTJpZDlLQm1DZ0NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg6sxzAN
BgkqhkiG9w0BAQsFAAOCAQEAWua+8+i89ZA4ywwQkyC6W/BTRHyeWvnLum/UdkaG
8O+yO98nyOgFdcyS05x8oNM+vde5CtKJxZ1nk0MbHlL72SUGFnv+cdmsSGsVwCn1
ez6VGAdy8bw4Mog2/GGQEXt4n7ZP3aPwARRBw2s3HSBOaSgYfouObtThEqxDl7ux
iQtc4AVRFFMTmxzdgHiSbfrfTXvfG1bd9+ZBd3Fu97ptuXbWkKLhQeskw/lOCRye
EZaTrYp1XTbuFQP84lcYZPuFQHmTRV9DPymHawAOfzydEpTIEgYk7soAL8K10diC
ifreIm5EWxtIRdbKdkiQMmmjOv3BLiGpBD4xk99ILwIikQ==
-----END CERTIFICATE-----