Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/Oa9LsMPKbG6aASCQoEwRN7kKYK4.roa
File:                     Oa9LsMPKbG6aASCQoEwRN7kKYK4.roa (raw, json)
Hash identifier:          Pw17YPc4vy9Z5t/JIPzjeYGs6qX3rfu7GNC8UJfrzuc=
Subject key identifier:   39:AF:4B:B0:C3:CA:6C:6E:9A:01:20:90:A0:4C:11:37:B9:0A:60:AE
Certificate issuer:       /CN=f58e0c3b9333cb6fd4139e455a5abbafd569532a
Certificate serial:       0194258EC17D4A2640EBB77C3C9BD02B3F23
Authority key identifier: F5:8E:0C:3B:93:33:CB:6F:D4:13:9E:45:5A:5A:BB:AF:D5:69:53:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/Oa9LsMPKbG6aASCQoEwRN7kKYK4.roa
Signing time:             Thu 02 Jan 2025 05:48:20 +0000
ROA not before:           Thu 02 Jan 2025 05:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213811
IP address blocks:        193.143.16.0/23 maxlen: 24
                          2a14:b000::/29 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:c1:7d:4a:26:40:eb:b7:7c:3c:9b:d0:2b:3f:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f58e0c3b9333cb6fd4139e455a5abbafd569532a
        Validity
            Not Before: Jan  2 05:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39af4bb0c3ca6c6e9a012090a04c1137b90a60ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:cb:a4:f9:4f:42:16:13:3b:31:40:46:dc:0f:
                    14:0c:86:b8:64:52:67:32:4e:e2:c2:47:ca:0e:d5:
                    c9:86:c0:67:9d:b4:1e:73:59:56:ec:c9:45:36:f2:
                    b0:33:5b:f0:91:1d:dc:94:4b:33:9f:20:25:2c:a5:
                    80:94:8a:22:5e:c3:e1:c5:c9:5b:a4:d8:00:a3:13:
                    9d:e3:73:de:cd:28:85:39:6a:ca:39:e8:b5:05:96:
                    ce:07:a4:d9:5a:a2:88:de:10:3c:2a:44:34:4c:ff:
                    80:67:5e:bc:3b:2d:b0:b0:86:42:95:fa:cd:cb:f6:
                    5e:28:59:70:e3:3a:e5:ea:6c:8b:fb:9d:4a:ca:7c:
                    78:69:c8:b5:96:c2:e9:8f:a0:a3:e5:ce:66:35:76:
                    fc:ef:1a:cf:a4:5f:da:5c:1b:cf:c0:98:33:f9:a9:
                    0c:56:97:4a:bb:cc:fd:fe:22:7b:aa:1a:fa:88:71:
                    e4:1c:27:70:7f:01:23:4f:64:88:9e:37:04:0d:90:
                    a7:2c:1b:fb:56:29:41:09:91:7d:1a:8d:dc:4c:75:
                    43:24:2a:4e:44:9d:3b:13:4c:fa:59:3d:b9:a4:34:
                    2a:9f:cd:82:14:26:85:58:0f:3a:78:b0:0f:74:95:
                    dc:cf:f0:32:d6:30:0a:26:2c:49:3e:0b:f2:f2:96:
                    49:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:AF:4B:B0:C3:CA:6C:6E:9A:01:20:90:A0:4C:11:37:B9:0A:60:AE
            X509v3 Authority Key Identifier:
                keyid:F5:8E:0C:3B:93:33:CB:6F:D4:13:9E:45:5A:5A:BB:AF:D5:69:53:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/Oa9LsMPKbG6aASCQoEwRN7kKYK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.143.16.0/23
                IPv6:
                  2a14:b000::/29

    Signature Algorithm: sha256WithRSAEncryption
         56:ef:95:7e:56:2c:96:d6:79:8c:78:2c:88:bb:73:ab:f4:7e:
         33:3c:b0:c5:7d:0f:6e:80:59:24:96:68:79:03:71:b4:61:c4:
         b1:8a:63:21:1d:d7:c5:cd:b5:f9:c3:76:19:67:d7:e6:11:66:
         2f:2b:d8:1c:09:3a:38:73:e3:3f:ab:5a:8e:4f:ef:df:24:a4:
         06:7b:99:97:4f:d9:23:12:83:cc:75:a3:65:52:f2:92:55:8d:
         ce:4f:99:7f:94:c4:4d:f6:e3:3c:b8:29:d7:ff:1a:0d:2f:fa:
         c1:fc:d8:79:e9:a7:ba:15:15:11:da:ac:9f:70:9b:da:00:02:
         74:c7:e3:0a:0b:72:de:3e:cc:65:8c:b3:81:46:36:39:ac:97:
         ff:3f:72:4b:dc:b7:38:e6:ae:93:b3:12:54:d0:58:3c:47:9a:
         81:02:c3:d7:8c:1a:22:90:89:45:9a:1c:96:fa:7b:b8:e5:fa:
         0b:e3:a3:15:a6:e9:ee:d6:7f:65:ce:b1:92:6d:4c:7a:5c:26:
         81:d9:ae:93:db:9b:b1:0a:71:6d:2f:16:dc:be:21:e0:4b:92:
         e9:ce:5d:bf:55:b2:77:b1:4e:86:0c:72:93:9c:c6:c6:02:df:
         0a:54:3c:5f:e9:96:dd:61:4b:29:ec:e3:63:02:d4:47:75:48:
         4f:44:26:2b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQljsF9SiZA67d8PJvQKz8jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1OGUwYzNiOTMzM2NiNmZkNDEzOWU0NTVhNWFiYmFmZDU2
OTUzMmEwHhcNMjUwMTAyMDU0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWFmNGJiMGMzY2E2YzZlOWEwMTIwOTBhMDRjMTEzN2I5MGE2MGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8uk+U9CFhM7MUBG3A8UDIa4ZFJn
Mk7iwkfKDtXJhsBnnbQec1lW7MlFNvKwM1vwkR3clEsznyAlLKWAlIoiXsPhxclb
pNgAoxOd43PezSiFOWrKOei1BZbOB6TZWqKI3hA8KkQ0TP+AZ168Oy2wsIZClfrN
y/ZeKFlw4zrl6myL+51Kynx4aci1lsLpj6Cj5c5mNXb87xrPpF/aXBvPwJgz+akM
VpdKu8z9/iJ7qhr6iHHkHCdwfwEjT2SInjcEDZCnLBv7VilBCZF9Go3cTHVDJCpO
RJ07E0z6WT25pDQqn82CFCaFWA86eLAPdJXcz/Ay1jAKJixJPgvy8pZJ9QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDmvS7DDymxumgEgkKBMETe5CmCuMB8GA1UdIwQY
MBaAFPWODDuTM8tv1BOeRVpau6/VaVMqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVk0TU81TXp5Ml9VRTU1RldscTdyOVZwVXlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iMWNhNTEtNzVkZC00MWM5LTk0ODQt
MmJjMWFlM2RiZGJlLzEvT2E5THNNUEtiRzZhQVNDUW9Fd1JON2tLWUs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iMWNhNTEtNzVkZC00MWM5LTk0ODQtMmJjMWFlM2RiZGJl
LzEvOVk0TU81TXp5Ml9VRTU1RldscTdyOVZwVXlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBwY8QMA0E
AgACMAcDBQMqFLAAMA0GCSqGSIb3DQEBCwUAA4IBAQBW75V+ViyW1nmMeCyIu3Or
9H4zPLDFfQ9ugFkklmh5A3G0YcSximMhHdfFzbX5w3YZZ9fmEWYvK9gcCTo4c+M/
q1qOT+/fJKQGe5mXT9kjEoPMdaNlUvKSVY3OT5l/lMRN9uM8uCnX/xoNL/rB/Nh5
6ae6FRUR2qyfcJvaAAJ0x+MKC3LePsxljLOBRjY5rJf/P3JL3Lc45q6TsxJU0Fg8
R5qBAsPXjBoikIlFmhyW+nu45foL46MVpunu1n9lzrGSbUx6XCaB2a6T25uxCnFt
LxbcviHgS5Lpzl2/VbJ3sU6GDHKTnMbGAt8KVDxf6ZbdYUsp7ONjAtRHdUhPRCYr
-----END CERTIFICATE-----