Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/xOL_ByJQJZQBMqDAvRuOKjD76Yk.roa
File:                     xOL_ByJQJZQBMqDAvRuOKjD76Yk.roa (raw, json)
Hash identifier:          oV4k7YTonHST8wxb9nEmyy0EnbuDv3hYSGZBk73gZvg=
Subject key identifier:   C4:E2:FF:07:22:50:25:94:01:32:A0:C0:BD:1B:8E:2A:30:FB:E9:89
Certificate issuer:       /CN=dbbf37909ce17ba53ad90a8632377a5d938743e5
Certificate serial:       019423D6F960DF81534373CA510FD207DED2
Authority key identifier: DB:BF:37:90:9C:E1:7B:A5:3A:D9:0A:86:32:37:7A:5D:93:87:43:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2783kJzhe6U62QqGMjd6XZOHQ-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/xOL_ByJQJZQBMqDAvRuOKjD76Yk.roa
Signing time:             Wed 01 Jan 2025 21:47:58 +0000
ROA not before:           Wed 01 Jan 2025 21:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39738
IP address blocks:        82.86.0.0/16 maxlen: 16
                          82.86.0.0/19 maxlen: 19
                          82.86.32.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/2783kJzhe6U62QqGMjd6XZOHQ-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/2783kJzhe6U62QqGMjd6XZOHQ-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2783kJzhe6U62QqGMjd6XZOHQ-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:f9:60:df:81:53:43:73:ca:51:0f:d2:07:de:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbbf37909ce17ba53ad90a8632377a5d938743e5
        Validity
            Not Before: Jan  1 21:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4e2ff07225025940132a0c0bd1b8e2a30fbe989
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:70:ea:50:e5:c6:82:17:fd:cc:a2:f1:8e:90:
                    09:54:2e:d6:f5:80:e6:44:83:d6:51:dc:46:35:04:
                    e1:96:2c:6a:89:bb:9c:fa:ef:fa:f8:e3:be:1c:37:
                    42:15:08:18:5b:1a:3d:2b:e0:4d:f5:d3:19:67:e2:
                    90:33:f3:99:54:22:04:05:04:ae:4a:f2:16:e6:37:
                    72:26:21:8d:21:2d:79:8b:04:ca:a1:55:30:7d:91:
                    36:76:b2:fc:25:91:b6:45:cf:85:ea:ef:1b:3c:5e:
                    1e:ee:88:d3:5b:7a:a7:9c:33:e6:a5:8b:8e:80:99:
                    d4:ee:b0:44:d1:4c:cf:46:ad:e5:60:fe:4b:4b:0a:
                    0f:b2:82:fc:09:f3:80:ba:58:e9:ef:0f:e6:50:fd:
                    db:02:e6:19:86:f5:e7:6f:fe:e0:78:76:b6:8c:99:
                    29:c3:73:ef:d4:a1:c0:f9:65:11:6d:a3:45:02:c8:
                    e1:39:35:c2:f5:d5:14:57:c4:0a:c8:d2:d8:5d:72:
                    ff:f4:f5:dd:96:24:84:7c:36:f7:e2:8d:83:a8:db:
                    94:b8:fb:76:d5:39:5f:0e:69:d1:e5:2a:3a:d8:4b:
                    6d:91:ec:4c:a9:51:1f:27:25:af:ce:cc:24:31:fb:
                    fb:cc:23:a4:9d:7d:a8:1e:01:cd:08:46:b2:60:f6:
                    5c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:E2:FF:07:22:50:25:94:01:32:A0:C0:BD:1B:8E:2A:30:FB:E9:89
            X509v3 Authority Key Identifier:
                keyid:DB:BF:37:90:9C:E1:7B:A5:3A:D9:0A:86:32:37:7A:5D:93:87:43:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2783kJzhe6U62QqGMjd6XZOHQ-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/xOL_ByJQJZQBMqDAvRuOKjD76Yk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/2783kJzhe6U62QqGMjd6XZOHQ-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.86.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         72:7d:ed:be:d2:34:3f:dc:5c:83:4e:45:fb:4a:a9:97:94:82:
         f5:f6:9c:09:ff:ea:8d:34:e5:95:2e:0a:8e:bc:fc:6c:cb:74:
         db:0c:d0:66:3e:0f:98:46:43:6b:69:3d:d9:ba:33:6d:3b:a2:
         d0:03:81:7f:ef:48:ae:28:c5:fa:9c:13:e9:25:84:4a:67:37:
         12:79:ac:e8:0d:9a:4d:44:9d:0a:3b:f5:e5:ea:8b:8a:18:a7:
         45:7f:7f:ce:c6:b5:b8:2d:2f:09:30:cb:69:f9:89:88:f2:76:
         53:1d:bd:9f:f1:cd:4e:b5:ae:a6:1d:ac:78:fc:b4:3a:24:09:
         03:77:21:b6:5c:84:b1:7f:a1:af:73:f8:60:12:39:fe:e1:b8:
         35:0b:35:64:1d:74:51:2c:5d:df:ce:50:18:df:5e:1b:7e:49:
         53:12:66:46:9b:12:c7:af:97:b4:fa:91:d6:39:72:87:f1:2a:
         37:18:74:b2:21:1b:ef:74:60:d6:73:20:d8:22:a1:14:66:b3:
         40:ae:e0:3e:0b:27:97:d3:d1:56:50:80:27:b6:06:c4:7c:be:
         90:91:36:9a:ce:02:30:9f:a0:79:fc:81:b9:f0:c7:ff:15:81:
         a7:5f:7c:f1:49:2d:a1:1f:b4:b1:6c:ee:95:68:f3:f9:eb:6f:
         3d:09:ca:af
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQj1vlg34FTQ3PKUQ/SB97SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYmYzNzkwOWNlMTdiYTUzYWQ5MGE4NjMyMzc3YTVkOTM4
NzQzZTUwHhcNMjUwMTAxMjE0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGUyZmYwNzIyNTAyNTk0MDEzMmEwYzBiZDFiOGUyYTMwZmJlOTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznDqUOXGghf9zKLxjpAJVC7W9YDm
RIPWUdxGNQThlixqibuc+u/6+OO+HDdCFQgYWxo9K+BN9dMZZ+KQM/OZVCIEBQSu
SvIW5jdyJiGNIS15iwTKoVUwfZE2drL8JZG2Rc+F6u8bPF4e7ojTW3qnnDPmpYuO
gJnU7rBE0UzPRq3lYP5LSwoPsoL8CfOAuljp7w/mUP3bAuYZhvXnb/7geHa2jJkp
w3Pv1KHA+WURbaNFAsjhOTXC9dUUV8QKyNLYXXL/9PXdliSEfDb34o2DqNuUuPt2
1TlfDmnR5So62EttkexMqVEfJyWvzswkMfv7zCOknX2oHgHNCEayYPZcyQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFMTi/wciUCWUATKgwL0bjiow++mJMB8GA1UdIwQY
MBaAFNu/N5Cc4XulOtkKhjI3el2Th0PlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjc4M2tKemhlNlU2MlFxR01qZDZYWk9IUS1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8xMzczYTAtOGMzZC00MjgzLWE1Y2Ut
ODIyZWE0M2RjMThkLzEveE9MX0J5SlFKWlFCTXFEQXZSdU9LakQ3NllrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8xMzczYTAtOGMzZC00MjgzLWE1Y2UtODIyZWE0M2RjMThk
LzEvMjc4M2tKemhlNlU2MlFxR01qZDZYWk9IUS1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAUlYwDQYJ
KoZIhvcNAQELBQADggEBAHJ97b7SND/cXINORftKqZeUgvX2nAn/6o005ZUuCo68
/GzLdNsM0GY+D5hGQ2tpPdm6M207otADgX/vSK4oxfqcE+klhEpnNxJ5rOgNmk1E
nQo79eXqi4oYp0V/f87GtbgtLwkwy2n5iYjydlMdvZ/xzU61rqYdrHj8tDokCQN3
IbZchLF/oa9z+GASOf7huDULNWQddFEsXd/OUBjfXht+SVMSZkabEsevl7T6kdY5
cofxKjcYdLIhG+90YNZzINgioRRms0Cu4D4LJ5fT0VZQgCe2BsR8vpCRNprOAjCf
oHn8gbnwx/8VgadffPFJLaEftLFs7pVo8/nrbz0Jyq8=
-----END CERTIFICATE-----