Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/a92eb2-b2ba-4efd-bd09-6abb1ccb6153/1/Oo15GTcnGxdams7W8SOqY2Tu3KQ.roa
File:                     Oo15GTcnGxdams7W8SOqY2Tu3KQ.roa (raw, json)
Hash identifier:          SPZrYYn8eR1ANpkKzJitLECRyTeQovVBfhYuL5RMBfU=
Subject key identifier:   3A:8D:79:19:37:27:1B:17:5A:9A:CE:D6:F1:23:AA:63:64:EE:DC:A4
Certificate issuer:       /CN=93efa2bf90a23728852727f126ede65286c3ca67
Certificate serial:       019423D70ED5363E4603BB8B3810FDC11A2A
Authority key identifier: 93:EF:A2:BF:90:A2:37:28:85:27:27:F1:26:ED:E6:52:86:C3:CA:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k--iv5CiNyiFJyfxJu3mUobDymc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/a92eb2-b2ba-4efd-bd09-6abb1ccb6153/1/Oo15GTcnGxdams7W8SOqY2Tu3KQ.roa
Signing time:             Wed 01 Jan 2025 21:48:04 +0000
ROA not before:           Wed 01 Jan 2025 21:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14445
IP address blocks:        164.152.216.0/24 maxlen: 24
                          2001:3900::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/a92eb2-b2ba-4efd-bd09-6abb1ccb6153/1/k--iv5CiNyiFJyfxJu3mUobDymc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/a92eb2-b2ba-4efd-bd09-6abb1ccb6153/1/k--iv5CiNyiFJyfxJu3mUobDymc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k--iv5CiNyiFJyfxJu3mUobDymc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:0e:d5:36:3e:46:03:bb:8b:38:10:fd:c1:1a:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93efa2bf90a23728852727f126ede65286c3ca67
        Validity
            Not Before: Jan  1 21:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a8d791937271b175a9aced6f123aa6364eedca4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:f3:17:6b:9f:98:49:89:cf:0e:a1:1e:74:5d:
                    af:c6:9f:54:34:74:59:6c:bc:78:e7:63:e7:e8:8f:
                    1d:8c:1c:d5:52:53:db:b4:2f:a2:87:6d:b3:dc:22:
                    36:7b:af:70:57:d4:7d:6d:68:7e:ee:df:c9:a5:11:
                    38:5d:08:5d:4a:1c:4e:e9:1f:59:f5:65:e9:75:fa:
                    42:1c:63:63:cc:5d:3d:59:ea:17:e3:8a:ca:2e:a6:
                    51:d7:5a:0d:48:0a:61:76:07:24:6e:54:b4:9e:cc:
                    e6:61:e9:53:a2:3a:40:54:03:d5:f3:da:a1:1a:60:
                    9e:8e:b2:78:7b:9a:c6:bd:ed:a8:c8:03:03:97:90:
                    e4:9f:d9:76:1d:00:7b:32:4f:a3:ad:91:8e:3b:e9:
                    b4:83:19:cf:25:00:48:ca:93:b5:2e:bc:80:c2:2e:
                    93:78:98:7f:d8:e2:3e:79:4d:9b:fd:94:09:c1:87:
                    a5:78:ff:a9:5c:7e:86:42:77:e8:84:82:e0:50:55:
                    5b:53:dc:00:ba:62:91:3e:9e:49:94:89:34:2f:33:
                    bc:ce:94:72:2a:10:da:d1:58:67:f3:57:60:4c:b0:
                    15:8c:1f:49:15:33:4d:bb:11:00:57:fd:e5:79:b2:
                    12:27:f2:7a:b7:85:c6:cc:25:4a:77:28:46:47:04:
                    28:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:8D:79:19:37:27:1B:17:5A:9A:CE:D6:F1:23:AA:63:64:EE:DC:A4
            X509v3 Authority Key Identifier:
                keyid:93:EF:A2:BF:90:A2:37:28:85:27:27:F1:26:ED:E6:52:86:C3:CA:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k--iv5CiNyiFJyfxJu3mUobDymc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/a92eb2-b2ba-4efd-bd09-6abb1ccb6153/1/Oo15GTcnGxdams7W8SOqY2Tu3KQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/a92eb2-b2ba-4efd-bd09-6abb1ccb6153/1/k--iv5CiNyiFJyfxJu3mUobDymc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.152.216.0/24
                IPv6:
                  2001:3900::/29

    Signature Algorithm: sha256WithRSAEncryption
         ac:85:b0:75:fa:8c:2b:14:4c:37:1e:04:6b:d8:11:2d:35:96:
         31:78:ce:b4:e3:6c:47:57:75:1b:0f:57:59:26:7f:f1:10:e8:
         ac:55:45:fd:d7:de:e8:b9:20:68:33:66:e8:0e:3e:48:41:3d:
         b8:75:8a:80:0b:87:40:cb:f5:31:04:fa:6d:f8:ad:73:b9:87:
         62:3c:dc:fb:c2:12:4f:1c:1d:5d:1f:c3:67:dd:04:e7:89:49:
         79:73:6b:be:ff:c5:74:e9:07:7e:6e:eb:ef:1e:b7:ad:7a:6e:
         f8:e9:ad:c9:cd:1b:ba:5b:30:43:a5:70:1b:91:a1:0e:5a:59:
         f7:3e:77:84:68:f9:96:7c:2d:3f:c3:b6:4a:39:b9:1f:2d:04:
         4b:e0:d2:49:82:9d:5c:92:17:90:cb:50:33:97:de:89:e3:54:
         74:1d:f8:d9:e4:95:b1:ff:a9:8f:35:35:30:7b:a7:c7:18:bb:
         7f:37:41:2c:06:e6:fb:ce:33:e9:05:b7:40:8b:3a:82:2f:b9:
         23:b3:a9:ef:20:ba:af:0e:11:ad:c8:ea:e1:3c:47:01:a8:85:
         55:da:b0:3e:a2:7b:f4:5c:8a:60:a2:1f:e4:85:8d:c5:da:e9:
         61:65:97:ce:24:54:f3:52:4a:29:03:c2:46:31:ec:e3:fc:03:
         5b:da:ac:36
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQj1w7VNj5GA7uLOBD9wRoqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZWZhMmJmOTBhMjM3Mjg4NTI3MjdmMTI2ZWRlNjUyODZj
M2NhNjcwHhcNMjUwMTAxMjE0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYThkNzkxOTM3MjcxYjE3NWE5YWNlZDZmMTIzYWE2MzY0ZWVkY2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvMXa5+YSYnPDqEedF2vxp9UNHRZ
bLx452Pn6I8djBzVUlPbtC+ih22z3CI2e69wV9R9bWh+7t/JpRE4XQhdShxO6R9Z
9WXpdfpCHGNjzF09WeoX44rKLqZR11oNSAphdgckblS0nszmYelTojpAVAPV89qh
GmCejrJ4e5rGve2oyAMDl5Dkn9l2HQB7Mk+jrZGOO+m0gxnPJQBIypO1LryAwi6T
eJh/2OI+eU2b/ZQJwYeleP+pXH6GQnfohILgUFVbU9wAumKRPp5JlIk0LzO8zpRy
KhDa0Vhn81dgTLAVjB9JFTNNuxEAV/3lebISJ/J6t4XGzCVKdyhGRwQogwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDqNeRk3JxsXWprO1vEjqmNk7tykMB8GA1UdIwQY
MBaAFJPvor+QojcohScn8Sbt5lKGw8pnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay0taXY1Q2lOeWlGSnlmeEp1M21Vb2JEeW1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9hOTJlYjItYjJiYS00ZWZkLWJkMDkt
NmFiYjFjY2I2MTUzLzEvT28xNUdUY25HeGRhbXM3VzhTT3FZMlR1M0tRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9hOTJlYjItYjJiYS00ZWZkLWJkMDktNmFiYjFjY2I2MTUz
LzEvay0taXY1Q2lOeWlGSnlmeEp1M21Vb2JEeW1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQApJjYMA0E
AgACMAcDBQMgATkAMA0GCSqGSIb3DQEBCwUAA4IBAQCshbB1+owrFEw3HgRr2BEt
NZYxeM6042xHV3UbD1dZJn/xEOisVUX9197ouSBoM2boDj5IQT24dYqAC4dAy/Ux
BPpt+K1zuYdiPNz7whJPHB1dH8Nn3QTniUl5c2u+/8V06Qd+buvvHretem746a3J
zRu6WzBDpXAbkaEOWln3PneEaPmWfC0/w7ZKObkfLQRL4NJJgp1ckheQy1Azl96J
41R0HfjZ5JWx/6mPNTUwe6fHGLt/N0EsBub7zjPpBbdAizqCL7kjs6nvILqvDhGt
yOrhPEcBqIVV2rA+onv0XIpgoh/khY3F2ulhZZfOJFTzUkopA8JGMezj/ANb2qw2
-----END CERTIFICATE-----