Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/c284cd-b2b7-4911-b20b-b2cea7690837/1/OXX9g3YRUJUzVcg_bBkk4JValdo.roa
File:                     OXX9g3YRUJUzVcg_bBkk4JValdo.roa (raw, json)
Hash identifier:          ZCgBMUHW1tIAOZ4DRx/DGMhGuGDo8XA3rdIaP/zAdak=
Subject key identifier:   39:75:FD:83:76:11:50:95:33:55:C8:3F:6C:19:24:E0:95:5A:95:DA
Certificate issuer:       /CN=9d36e91b62d3dc7c137a28aaa006ede9b9ea1fe4
Certificate serial:       019424B3B4D31BA7472D4854DA56BC571C99
Authority key identifier: 9D:36:E9:1B:62:D3:DC:7C:13:7A:28:AA:A0:06:ED:E9:B9:EA:1F:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nTbpG2LT3HwTeiiqoAbt6bnqH-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/c284cd-b2b7-4911-b20b-b2cea7690837/1/OXX9g3YRUJUzVcg_bBkk4JValdo.roa
Signing time:             Thu 02 Jan 2025 01:49:04 +0000
ROA not before:           Thu 02 Jan 2025 01:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50351
IP address blocks:        195.191.110.0/24 maxlen: 24
                          195.191.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/c284cd-b2b7-4911-b20b-b2cea7690837/1/nTbpG2LT3HwTeiiqoAbt6bnqH-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/c284cd-b2b7-4911-b20b-b2cea7690837/1/nTbpG2LT3HwTeiiqoAbt6bnqH-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nTbpG2LT3HwTeiiqoAbt6bnqH-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:b4:d3:1b:a7:47:2d:48:54:da:56:bc:57:1c:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d36e91b62d3dc7c137a28aaa006ede9b9ea1fe4
        Validity
            Not Before: Jan  2 01:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3975fd83761150953355c83f6c1924e0955a95da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:c2:58:5d:3a:bd:c7:8b:68:48:9e:a6:5a:cb:
                    c3:7b:19:b8:07:86:66:38:2f:0a:5d:b2:a2:a8:96:
                    82:29:d1:6a:d1:42:e4:76:a6:5a:6f:5a:8b:fe:9a:
                    a8:94:66:ba:49:bb:fd:49:16:57:47:be:bd:46:f4:
                    17:15:ba:9b:a4:76:31:93:9e:15:d8:97:6b:18:d8:
                    b7:f9:3b:30:4e:e8:94:45:98:8d:af:20:8d:7a:77:
                    81:1e:0a:3d:db:e5:a7:53:49:7c:ec:43:49:62:33:
                    df:85:05:02:fe:08:ff:d9:38:3b:1c:37:19:f6:c7:
                    19:5f:4c:27:4f:0e:78:40:66:89:88:c6:29:29:6b:
                    25:7e:a6:b2:3b:d2:3c:15:df:39:09:92:ee:47:ee:
                    79:db:1b:e0:6c:93:74:6e:c9:9c:c4:ee:44:61:99:
                    2f:93:d4:16:da:da:86:69:8c:af:b3:d2:21:43:9a:
                    6c:be:b8:da:ac:8e:a2:d6:9f:3d:41:af:1c:29:76:
                    4c:5a:c8:78:39:82:18:43:9f:af:c2:04:cd:33:a0:
                    fc:23:7b:42:bd:8b:a7:e1:6b:4b:77:98:a8:8b:a3:
                    0f:26:a8:72:9a:44:c9:e1:11:c1:4c:9f:ef:d0:a3:
                    73:65:30:c9:19:d0:11:78:7d:22:5a:cc:6c:c7:3a:
                    88:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:75:FD:83:76:11:50:95:33:55:C8:3F:6C:19:24:E0:95:5A:95:DA
            X509v3 Authority Key Identifier:
                keyid:9D:36:E9:1B:62:D3:DC:7C:13:7A:28:AA:A0:06:ED:E9:B9:EA:1F:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nTbpG2LT3HwTeiiqoAbt6bnqH-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/c284cd-b2b7-4911-b20b-b2cea7690837/1/OXX9g3YRUJUzVcg_bBkk4JValdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/c284cd-b2b7-4911-b20b-b2cea7690837/1/nTbpG2LT3HwTeiiqoAbt6bnqH-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:23:35:3b:2b:79:b0:9b:c5:cf:9b:98:1a:d5:e0:60:d6:66:
         72:4f:03:18:f1:43:21:12:27:1b:27:46:5e:03:31:4e:15:89:
         9a:3c:a7:82:d8:9a:32:40:d9:12:ff:97:70:62:5b:95:9c:a1:
         5a:0a:b3:9c:b6:5c:14:6b:aa:52:ca:57:4b:d8:c3:7b:d8:1c:
         58:61:65:be:0b:3b:2e:a8:ab:cd:7a:dc:82:dc:49:8f:09:08:
         b1:12:73:9d:92:ab:70:17:7e:08:d6:9d:25:be:06:58:c4:6f:
         1d:b3:15:77:cb:5f:54:d5:f7:3b:f4:79:69:32:28:86:d2:f4:
         e7:11:8d:2f:56:a0:21:dd:ff:84:09:c4:4d:0d:98:dc:0c:66:
         88:c2:22:17:e6:27:90:c2:c4:4f:f1:c9:7c:8b:3e:bf:f4:4e:
         4d:0e:70:2b:3b:b1:2d:32:b4:16:a0:57:90:f4:51:51:80:f5:
         d7:49:ab:16:6c:5d:72:56:45:fd:26:db:3b:0a:bd:75:d9:dd:
         93:21:c4:97:4c:e0:b0:c5:f8:6c:40:af:ca:79:aa:bd:e8:a8:
         f7:16:35:ae:c1:98:04:d8:b5:1d:3b:fe:8c:91:5f:46:e0:29:
         84:f6:33:34:10:63:2f:aa:a6:bb:3a:00:df:64:93:4f:cc:87:
         b8:86:70:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks7TTG6dHLUhU2la8VxyZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMzZlOTFiNjJkM2RjN2MxMzdhMjhhYWEwMDZlZGU5Yjll
YTFmZTQwHhcNMjUwMTAyMDE0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTc1ZmQ4Mzc2MTE1MDk1MzM1NWM4M2Y2YzE5MjRlMDk1NWE5NWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4cJYXTq9x4toSJ6mWsvDexm4B4Zm
OC8KXbKiqJaCKdFq0ULkdqZab1qL/pqolGa6Sbv9SRZXR769RvQXFbqbpHYxk54V
2JdrGNi3+TswTuiURZiNryCNeneBHgo92+WnU0l87ENJYjPfhQUC/gj/2Tg7HDcZ
9scZX0wnTw54QGaJiMYpKWslfqayO9I8Fd85CZLuR+552xvgbJN0bsmcxO5EYZkv
k9QW2tqGaYyvs9IhQ5psvrjarI6i1p89Qa8cKXZMWsh4OYIYQ5+vwgTNM6D8I3tC
vYun4WtLd5ioi6MPJqhymkTJ4RHBTJ/v0KNzZTDJGdAReH0iWsxsxzqIUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDl1/YN2EVCVM1XIP2wZJOCVWpXaMB8GA1UdIwQY
MBaAFJ026Rti09x8E3ooqqAG7em56h/kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblRicEcyTFQzSHdUZWlpcW9BYnQ2Ym5xSC1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9jMjg0Y2QtYjJiNy00OTExLWIyMGIt
YjJjZWE3NjkwODM3LzEvT1hYOWczWVJVSlV6VmNnX2JCa2s0SlZhbGRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9jMjg0Y2QtYjJiNy00OTExLWIyMGItYjJjZWE3NjkwODM3
LzEvblRicEcyTFQzSHdUZWlpcW9BYnQ2Ym5xSC1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw79uMA0G
CSqGSIb3DQEBCwUAA4IBAQBeIzU7K3mwm8XPm5ga1eBg1mZyTwMY8UMhEicbJ0Ze
AzFOFYmaPKeC2JoyQNkS/5dwYluVnKFaCrOctlwUa6pSyldL2MN72BxYYWW+Czsu
qKvNetyC3EmPCQixEnOdkqtwF34I1p0lvgZYxG8dsxV3y19U1fc79HlpMiiG0vTn
EY0vVqAh3f+ECcRNDZjcDGaIwiIX5ieQwsRP8cl8iz6/9E5NDnArO7EtMrQWoFeQ
9FFRgPXXSasWbF1yVkX9Jts7Cr112d2TIcSXTOCwxfhsQK/Keaq96Kj3FjWuwZgE
2LUdO/6MkV9G4CmE9jM0EGMvqqa7OgDfZJNPzIe4hnBZ
-----END CERTIFICATE-----