Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/OhDCqCKfAFaXsXhd0gKQoDKYCvI.roa
File:                     OhDCqCKfAFaXsXhd0gKQoDKYCvI.roa (raw, json)
Hash identifier:          QLijyVoBjHRCj6G7QWN6t5aH2KftVDSPxZ4yQhURnSM=
Subject key identifier:   3A:10:C2:A8:22:9F:00:56:97:B1:78:5D:D2:02:90:A0:32:98:0A:F2
Certificate issuer:       /CN=d66738a8dadac2d0d3aeddb934f820066b9f5feb
Certificate serial:       019425FC4FD43D4F48B404CC8846BBCF11E9
Authority key identifier: D6:67:38:A8:DA:DA:C2:D0:D3:AE:DD:B9:34:F8:20:06:6B:9F:5F:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1mc4qNrawtDTrt25NPggBmufX-s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/OhDCqCKfAFaXsXhd0gKQoDKYCvI.roa
Signing time:             Thu 02 Jan 2025 07:47:59 +0000
ROA not before:           Thu 02 Jan 2025 07:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197229
IP address blocks:        212.72.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/1mc4qNrawtDTrt25NPggBmufX-s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/1mc4qNrawtDTrt25NPggBmufX-s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1mc4qNrawtDTrt25NPggBmufX-s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 06:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:4f:d4:3d:4f:48:b4:04:cc:88:46:bb:cf:11:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d66738a8dadac2d0d3aeddb934f820066b9f5feb
        Validity
            Not Before: Jan  2 07:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a10c2a8229f005697b1785dd20290a032980af2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f3:ca:14:ea:17:36:a5:c5:02:cd:1e:ca:85:
                    14:90:e6:cf:71:d2:83:d7:fd:92:c6:4c:c8:56:0e:
                    e2:51:5c:12:fb:6c:1f:46:3e:c0:59:48:76:f9:16:
                    b2:d4:ef:82:b8:04:99:33:8b:7e:32:3e:6c:59:15:
                    db:ca:8e:16:6a:6a:63:3b:d1:c9:22:f9:1d:80:22:
                    21:e2:71:4a:09:36:61:6a:52:9b:3c:6c:04:22:ff:
                    cc:6d:98:1e:1e:cd:f7:21:72:e0:82:50:87:5d:1d:
                    76:24:1d:91:e3:f6:1f:24:41:d8:2b:b9:51:e5:6e:
                    45:85:6d:62:d9:b2:87:c5:3f:50:60:06:1f:de:67:
                    3d:c1:b4:3b:a4:d1:bd:81:9f:c2:84:da:40:45:50:
                    5d:69:68:cd:39:5c:f0:1c:8d:40:57:95:92:9c:55:
                    5c:7c:0c:e1:f2:f9:74:b6:25:c8:48:1e:11:13:38:
                    a8:a9:3b:43:33:cc:ee:22:e3:a2:3e:19:00:f1:d5:
                    71:96:8d:d1:f6:99:49:34:77:3e:1a:b4:1b:e1:5e:
                    49:31:f6:ab:53:47:75:49:08:a2:e1:4b:6f:4a:e9:
                    09:5d:58:e3:c3:a9:03:c6:f8:1f:28:72:b0:bc:ff:
                    01:fc:5f:47:c2:aa:d5:51:6f:ee:54:4a:89:17:71:
                    7c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:10:C2:A8:22:9F:00:56:97:B1:78:5D:D2:02:90:A0:32:98:0A:F2
            X509v3 Authority Key Identifier:
                keyid:D6:67:38:A8:DA:DA:C2:D0:D3:AE:DD:B9:34:F8:20:06:6B:9F:5F:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1mc4qNrawtDTrt25NPggBmufX-s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/OhDCqCKfAFaXsXhd0gKQoDKYCvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c57727-9396-4bf8-b25d-6a1e0ec71da8/1/1mc4qNrawtDTrt25NPggBmufX-s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.72.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:5a:58:cd:b0:03:1a:2f:e8:c8:31:d7:53:f6:ed:9c:26:61:
         4e:5b:b5:b0:36:c1:82:5c:7a:2e:e5:1b:0d:8b:d7:1d:e3:bd:
         6d:d2:bb:d8:37:ee:0f:4c:57:85:9c:64:30:50:14:67:97:d0:
         37:b4:ee:f1:f6:62:f3:d2:c5:36:2f:33:29:e3:1c:cb:a5:54:
         8e:38:ab:ec:f5:88:49:18:78:99:f1:1b:f0:b6:ab:7b:8a:e5:
         99:b2:39:97:36:75:c9:7d:9a:78:1b:b0:97:4b:60:12:81:54:
         02:db:50:4c:3f:15:24:09:19:37:c5:be:b6:27:d3:d3:d8:ea:
         ad:8a:cb:8d:1b:62:ce:71:bc:6d:c5:11:23:ad:03:3d:2c:a0:
         9f:ff:c7:36:1c:c5:c9:5b:14:b0:c0:61:ef:7c:81:53:6b:6b:
         ff:24:05:7e:06:26:2b:c3:7d:e6:29:6b:d6:1a:98:87:72:7a:
         7f:12:29:2f:fd:c6:eb:ab:b2:c1:2f:76:8d:9b:1f:88:d5:ff:
         16:96:83:da:b1:3b:8c:e6:83:96:35:60:a9:19:d9:6d:f7:d6:
         ee:41:b5:1a:0e:07:61:f1:0b:01:6f:3e:15:85:be:7a:4d:df:
         6f:dd:49:90:7b:7a:bf:ee:6b:85:e9:62:6f:3b:53:9d:1e:2f:
         83:a9:e4:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/E/UPU9ItATMiEa7zxHpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NjczOGE4ZGFkYWMyZDBkM2FlZGRiOTM0ZjgyMDA2NmI5
ZjVmZWIwHhcNMjUwMTAyMDc0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTEwYzJhODIyOWYwMDU2OTdiMTc4NWRkMjAyOTBhMDMyOTgwYWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPPKFOoXNqXFAs0eyoUUkObPcdKD
1/2SxkzIVg7iUVwS+2wfRj7AWUh2+Ray1O+CuASZM4t+Mj5sWRXbyo4WampjO9HJ
IvkdgCIh4nFKCTZhalKbPGwEIv/MbZgeHs33IXLgglCHXR12JB2R4/YfJEHYK7lR
5W5FhW1i2bKHxT9QYAYf3mc9wbQ7pNG9gZ/ChNpARVBdaWjNOVzwHI1AV5WSnFVc
fAzh8vl0tiXISB4REzioqTtDM8zuIuOiPhkA8dVxlo3R9plJNHc+GrQb4V5JMfar
U0d1SQii4UtvSukJXVjjw6kDxvgfKHKwvP8B/F9HwqrVUW/uVEqJF3F8OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDoQwqginwBWl7F4XdICkKAymAryMB8GA1UdIwQY
MBaAFNZnOKja2sLQ067duTT4IAZrn1/rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW1jNHFOcmF3dERUcnQyNU5QZ2dCbXVmWC1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jNTc3MjctOTM5Ni00YmY4LWIyNWQt
NmExZTBlYzcxZGE4LzEvT2hEQ3FDS2ZBRmFYc1hoZDBnS1FvREtZQ3ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jNTc3MjctOTM5Ni00YmY4LWIyNWQtNmExZTBlYzcxZGE4
LzEvMW1jNHFOcmF3dERUcnQyNU5QZ2dCbXVmWC1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EibMA0G
CSqGSIb3DQEBCwUAA4IBAQAmWljNsAMaL+jIMddT9u2cJmFOW7WwNsGCXHou5RsN
i9cd471t0rvYN+4PTFeFnGQwUBRnl9A3tO7x9mLz0sU2LzMp4xzLpVSOOKvs9YhJ
GHiZ8Rvwtqt7iuWZsjmXNnXJfZp4G7CXS2ASgVQC21BMPxUkCRk3xb62J9PT2Oqt
isuNG2LOcbxtxREjrQM9LKCf/8c2HMXJWxSwwGHvfIFTa2v/JAV+BiYrw33mKWvW
GpiHcnp/Eikv/cbrq7LBL3aNmx+I1f8WloPasTuM5oOWNWCpGdlt99buQbUaDgdh
8QsBbz4Vhb56Td9v3UmQe3q/7muF6WJvO1OdHi+DqeSX
-----END CERTIFICATE-----