Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/OeWAQhxz5E883h7RJjR3cmkBM6o.roa
File:                     OeWAQhxz5E883h7RJjR3cmkBM6o.roa (raw, json)
Hash identifier:          SpK+6FCkO+sEnLY+zrox32fWgUHKX5y3hElZSDHvkaU=
Subject key identifier:   39:E5:80:42:1C:73:E4:4F:3C:DE:1E:D1:26:34:77:72:69:01:33:AA
Certificate issuer:       /CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
Certificate serial:       0194228DA780559D54E714C1559D71D317FB
Authority key identifier: 79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/OeWAQhxz5E883h7RJjR3cmkBM6o.roa
Signing time:             Wed 01 Jan 2025 15:48:16 +0000
ROA not before:           Wed 01 Jan 2025 15:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29509
IP address blocks:        80.250.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:a7:80:55:9d:54:e7:14:c1:55:9d:71:d3:17:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
        Validity
            Not Before: Jan  1 15:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39e580421c73e44f3cde1ed126347772690133aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:36:aa:78:48:53:1a:f0:ad:ed:f4:14:0a:6a:
                    f3:cf:d5:7c:0a:37:ce:63:2d:78:2c:39:2a:a2:bc:
                    db:77:c8:61:f1:dc:48:80:31:eb:07:5c:22:20:aa:
                    7a:23:6c:a7:18:52:99:5f:22:df:68:d4:e6:2c:42:
                    03:1e:f2:c0:ea:52:1d:77:a2:4e:c5:7b:b9:c6:14:
                    d6:f8:5f:f3:81:b6:a2:ec:5b:54:7f:1e:c1:00:b0:
                    05:be:53:d3:ad:98:e2:06:29:17:32:3e:83:2e:b9:
                    87:52:b2:59:26:be:1e:64:49:ee:4e:98:90:ce:1e:
                    15:aa:00:e2:f2:52:a1:19:1a:db:cb:d1:6c:4b:10:
                    b6:5e:20:98:07:aa:48:2d:17:95:93:43:cd:ab:94:
                    4d:41:84:2e:8a:9e:35:a3:24:2e:07:f2:c3:60:36:
                    48:b7:10:b3:9c:bc:c4:e1:cc:5b:85:a0:31:de:22:
                    4b:22:39:d1:68:d7:12:0f:0a:86:86:57:d8:89:8c:
                    2a:ed:62:f5:10:51:ee:13:67:4a:d4:ea:94:99:fb:
                    82:7d:22:c3:9a:5b:7e:85:b1:ce:ba:2a:c3:00:d5:
                    c7:3d:cf:6a:11:4f:44:05:29:6c:9b:10:15:4b:5c:
                    f5:76:89:b5:82:bf:94:80:d3:0f:d7:e2:04:39:64:
                    ea:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:E5:80:42:1C:73:E4:4F:3C:DE:1E:D1:26:34:77:72:69:01:33:AA
            X509v3 Authority Key Identifier:
                keyid:79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/OeWAQhxz5E883h7RJjR3cmkBM6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.250.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:ba:4a:f0:95:9b:95:c3:5d:23:aa:0d:70:38:38:a6:2a:d6:
         0e:05:05:97:13:3d:5e:18:3a:0b:b2:aa:ea:43:b3:0b:a8:ea:
         6f:5a:4c:9b:8c:93:8c:bc:4a:29:23:59:a3:cf:a4:67:1a:96:
         3d:e1:73:f5:0e:2b:65:6c:57:7b:3c:e2:bb:d7:9d:83:6c:a5:
         a9:87:c3:e9:c2:25:32:7e:e3:cf:1b:a7:d8:d5:91:45:1c:8c:
         fe:27:84:6f:69:50:8c:ba:7f:9d:39:ee:35:de:ff:c2:a6:13:
         2a:7a:24:b7:d4:3c:45:68:db:84:74:56:86:e6:8e:5a:a7:d6:
         d5:85:85:c1:26:f6:0e:e8:f3:5a:5b:a2:a8:ce:b8:fa:b5:32:
         8c:81:51:bb:c2:37:84:1c:8a:b3:64:7c:bf:ab:b2:49:9b:59:
         74:b9:2b:45:f9:4a:c1:f2:76:57:96:1b:5d:9e:33:d1:5c:8f:
         72:c6:37:87:20:64:d1:74:2f:3a:d6:4f:2a:01:e9:0b:f4:9f:
         ae:17:c5:ac:67:16:66:5a:f1:70:7f:64:ca:68:1c:04:6d:1e:
         0f:01:32:9f:eb:e4:70:a9:7e:c1:6f:b0:41:a4:e4:36:66:aa:
         42:02:8b:9b:66:a8:8d:e7:29:83:38:08:47:8e:e3:b2:ce:6e:
         7d:24:cf:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijaeAVZ1U5xTBVZ1x0xf7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5Nzk4NjNjZWE4MmFlYjhlOWRmMzg0YjM5YWE1MTc2ZjRi
Y2ZhNjEwHhcNMjUwMTAxMTU0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWU1ODA0MjFjNzNlNDRmM2NkZTFlZDEyNjM0Nzc3MjY5MDEzM2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6jaqeEhTGvCt7fQUCmrzz9V8CjfO
Yy14LDkqorzbd8hh8dxIgDHrB1wiIKp6I2ynGFKZXyLfaNTmLEIDHvLA6lIdd6JO
xXu5xhTW+F/zgbai7FtUfx7BALAFvlPTrZjiBikXMj6DLrmHUrJZJr4eZEnuTpiQ
zh4VqgDi8lKhGRrby9FsSxC2XiCYB6pILReVk0PNq5RNQYQuip41oyQuB/LDYDZI
txCznLzE4cxbhaAx3iJLIjnRaNcSDwqGhlfYiYwq7WL1EFHuE2dK1OqUmfuCfSLD
mlt+hbHOuirDANXHPc9qEU9EBSlsmxAVS1z1dom1gr+UgNMP1+IEOWTqKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDnlgEIcc+RPPN4e0SY0d3JpATOqMB8GA1UdIwQY
MBaAFHl5hjzqgq646d84SzmqUXb0vPphMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEt
ZGU0YWNmNDQ3ZmFlLzEvT2VXQVFoeHo1RTg4M2g3UkpqUjNjbWtCTTZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEtZGU0YWNmNDQ3ZmFl
LzEvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPpXMA0G
CSqGSIb3DQEBCwUAA4IBAQCsukrwlZuVw10jqg1wODimKtYOBQWXEz1eGDoLsqrq
Q7MLqOpvWkybjJOMvEopI1mjz6RnGpY94XP1DitlbFd7POK7152DbKWph8PpwiUy
fuPPG6fY1ZFFHIz+J4RvaVCMun+dOe413v/CphMqeiS31DxFaNuEdFaG5o5ap9bV
hYXBJvYO6PNaW6Kozrj6tTKMgVG7wjeEHIqzZHy/q7JJm1l0uStF+UrB8nZXlhtd
njPRXI9yxjeHIGTRdC861k8qAekL9J+uF8WsZxZmWvFwf2TKaBwEbR4PATKf6+Rw
qX7Bb7BBpOQ2ZqpCAoubZqiN5ymDOAhHjuOyzm59JM8c
-----END CERTIFICATE-----