Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/dd09dc-2472-4517-9e2d-ea412f21e230/1/OHSgHk7806-Y3EiMMODqh70dnpA.roa
File:                     OHSgHk7806-Y3EiMMODqh70dnpA.roa (raw, json)
Hash identifier:          dwELo2G8zKa9A3mOV9vawf+jeFFyKXxpSg3LwUytDM8=
Subject key identifier:   38:74:A0:1E:4E:FC:D3:AF:98:DC:48:8C:30:E0:EA:87:BD:1D:9E:90
Certificate issuer:       /CN=aea03201cda6a8adbde4fe8046ec65f96ac6a96c
Certificate serial:       0195B7BCAAA2CB2CF118F44AC0C534D35D10
Authority key identifier: AE:A0:32:01:CD:A6:A8:AD:BD:E4:FE:80:46:EC:65:F9:6A:C6:A9:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rqAyAc2mqK295P6ARuxl-WrGqWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/dd09dc-2472-4517-9e2d-ea412f21e230/1/OHSgHk7806-Y3EiMMODqh70dnpA.roa
Signing time:             Fri 21 Mar 2025 08:05:49 +0000
ROA not before:           Fri 21 Mar 2025 08:05:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8881
IP address blocks:        91.204.8.0/22 maxlen: 24
                          195.62.80.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/dd09dc-2472-4517-9e2d-ea412f21e230/1/rqAyAc2mqK295P6ARuxl-WrGqWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/dd09dc-2472-4517-9e2d-ea412f21e230/1/rqAyAc2mqK295P6ARuxl-WrGqWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rqAyAc2mqK295P6ARuxl-WrGqWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b7:bc:aa:a2:cb:2c:f1:18:f4:4a:c0:c5:34:d3:5d:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aea03201cda6a8adbde4fe8046ec65f96ac6a96c
        Validity
            Not Before: Mar 21 08:05:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3874a01e4efcd3af98dc488c30e0ea87bd1d9e90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:92:96:0f:07:73:63:a3:4c:bc:a9:b5:85:5f:
                    c2:78:5b:12:7a:fd:95:eb:c9:f6:74:eb:54:95:be:
                    15:cd:4b:b3:03:df:da:6d:0e:41:2c:f8:f3:8e:c4:
                    04:94:46:ed:50:f3:b2:86:2b:cb:d8:1a:96:de:56:
                    06:7e:30:1f:2b:a8:ba:da:db:8f:09:b3:d7:5a:8e:
                    b0:5a:57:33:f0:9c:32:06:c4:ec:51:58:eb:85:0b:
                    a4:bd:cf:d8:06:a6:22:be:f7:48:ab:09:63:e8:e4:
                    78:57:85:82:e1:32:b1:53:52:cc:79:53:ca:2f:ea:
                    75:ab:03:eb:d6:ea:8b:2d:a1:5e:7e:32:e3:5c:a1:
                    f7:04:61:85:84:ea:45:ad:05:b5:04:55:c0:5d:a1:
                    8a:20:8f:dd:5a:1f:56:83:2d:50:16:5e:bb:6a:d4:
                    90:87:0e:c6:0f:e2:38:51:29:17:f1:ad:83:51:7a:
                    c5:b2:c8:60:ff:95:e9:02:4f:49:f3:e7:04:a2:2f:
                    6c:9d:93:92:45:20:11:f5:5e:b2:09:1c:9e:b1:80:
                    21:96:4b:f0:13:68:39:0a:0a:f2:7c:40:2b:53:35:
                    bf:e8:6e:85:6b:08:e3:33:79:e0:13:0a:75:54:82:
                    1c:6b:c7:9c:81:6b:0f:80:02:b9:0d:4c:50:9c:61:
                    ba:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:74:A0:1E:4E:FC:D3:AF:98:DC:48:8C:30:E0:EA:87:BD:1D:9E:90
            X509v3 Authority Key Identifier:
                keyid:AE:A0:32:01:CD:A6:A8:AD:BD:E4:FE:80:46:EC:65:F9:6A:C6:A9:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rqAyAc2mqK295P6ARuxl-WrGqWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/dd09dc-2472-4517-9e2d-ea412f21e230/1/OHSgHk7806-Y3EiMMODqh70dnpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/dd09dc-2472-4517-9e2d-ea412f21e230/1/rqAyAc2mqK295P6ARuxl-WrGqWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.204.8.0/22
                  195.62.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:0d:af:2f:02:91:4a:20:0b:4f:b0:a9:92:87:6c:7a:a4:b8:
         9b:d4:ae:cf:0e:dd:4c:9d:ec:35:0b:58:6f:b3:eb:7d:42:af:
         b9:ad:76:6a:af:d9:17:43:20:ed:34:d3:03:63:74:69:83:1e:
         5d:c3:bd:8c:aa:0a:82:4c:d9:e8:f4:ff:ec:5e:29:e2:7b:bd:
         bc:43:6f:fc:fd:75:f1:ff:21:d2:e8:89:8b:af:42:2d:39:2b:
         0c:32:31:52:90:d8:03:78:b0:db:85:4b:7d:cc:f8:84:77:29:
         a4:d4:71:2c:68:20:98:b8:ae:d8:7b:6d:a5:bd:9f:af:cc:d9:
         bb:6d:da:b1:e0:34:f1:b1:e9:01:ce:85:78:3b:5a:b9:c1:bb:
         26:31:d2:e0:a0:c8:ec:31:7a:38:66:75:8d:bb:f2:6c:1b:28:
         13:5d:41:de:94:4c:f4:f7:bf:f0:20:a5:12:c2:bc:fb:bf:12:
         56:0b:77:c5:15:ba:e1:1b:b5:08:8a:dd:74:8b:dc:11:75:1b:
         fb:3e:49:35:92:ff:a0:e7:22:2c:7d:47:41:9e:65:7f:73:1e:
         85:f0:d9:6b:80:85:c9:52:59:49:17:18:af:50:55:e9:41:78:
         2d:92:da:b9:dd:98:db:e3:95:60:87:01:1a:58:1a:99:d5:bc:
         6a:8a:ad:0c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZW3vKqiyyzxGPRKwMU0010QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYTAzMjAxY2RhNmE4YWRiZGU0ZmU4MDQ2ZWM2NWY5NmFj
NmE5NmMwHhcNMjUwMzIxMDgwNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODc0YTAxZTRlZmNkM2FmOThkYzQ4OGMzMGUwZWE4N2JkMWQ5ZTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpKWDwdzY6NMvKm1hV/CeFsSev2V
68n2dOtUlb4VzUuzA9/abQ5BLPjzjsQElEbtUPOyhivL2BqW3lYGfjAfK6i62tuP
CbPXWo6wWlcz8JwyBsTsUVjrhQukvc/YBqYivvdIqwlj6OR4V4WC4TKxU1LMeVPK
L+p1qwPr1uqLLaFefjLjXKH3BGGFhOpFrQW1BFXAXaGKII/dWh9Wgy1QFl67atSQ
hw7GD+I4USkX8a2DUXrFsshg/5XpAk9J8+cEoi9snZOSRSAR9V6yCRyesYAhlkvw
E2g5CgryfEArUzW/6G6FawjjM3ngEwp1VIIca8ecgWsPgAK5DUxQnGG67wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDh0oB5O/NOvmNxIjDDg6oe9HZ6QMB8GA1UdIwQY
MBaAFK6gMgHNpqitveT+gEbsZflqxqlsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnFBeUFjMm1xSzI5NVA2QVJ1eGwtV3JHcVd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9kZDA5ZGMtMjQ3Mi00NTE3LTllMmQt
ZWE0MTJmMjFlMjMwLzEvT0hTZ0hrNzgwNi1ZM0VpTU1PRHFoNzBkbnBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9kZDA5ZGMtMjQ3Mi00NTE3LTllMmQtZWE0MTJmMjFlMjMw
LzEvcnFBeUFjMm1xSzI5NVA2QVJ1eGwtV3JHcVd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW8wIAwQB
wz5QMA0GCSqGSIb3DQEBCwUAA4IBAQA0Da8vApFKIAtPsKmSh2x6pLib1K7PDt1M
new1C1hvs+t9Qq+5rXZqr9kXQyDtNNMDY3Rpgx5dw72MqgqCTNno9P/sXinie728
Q2/8/XXx/yHS6ImLr0ItOSsMMjFSkNgDeLDbhUt9zPiEdymk1HEsaCCYuK7Ye22l
vZ+vzNm7bdqx4DTxsekBzoV4O1q5wbsmMdLgoMjsMXo4ZnWNu/JsGygTXUHelEz0
97/wIKUSwrz7vxJWC3fFFbrhG7UIit10i9wRdRv7Pkk1kv+g5yIsfUdBnmV/cx6F
8NlrgIXJUllJFxivUFXpQXgtktq53Zjb45VghwEaWBqZ1bxqiq0M
-----END CERTIFICATE-----