Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/OL6yc8ZRNNzUrmUlMJiUidDHuh8.roa
File:                     OL6yc8ZRNNzUrmUlMJiUidDHuh8.roa (raw, json)
Hash identifier:          yRgWUM0pwyoXJeRdU0MzJI562R7I/kz9Vz80Sl7k9NU=
Subject key identifier:   38:BE:B2:73:C6:51:34:DC:D4:AE:65:25:30:98:94:89:D0:C7:BA:1F
Certificate issuer:       /CN=5949b31ebb6e4cbbd0cc770cc6f4d50f78f0eb7b
Certificate serial:       019420D5DC35912F5B11141E6270B98BDDB8
Authority key identifier: 59:49:B3:1E:BB:6E:4C:BB:D0:CC:77:0C:C6:F4:D5:0F:78:F0:EB:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WUmzHrtuTLvQzHcMxvTVD3jw63s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/OL6yc8ZRNNzUrmUlMJiUidDHuh8.roa
Signing time:             Wed 01 Jan 2025 07:47:53 +0000
ROA not before:           Wed 01 Jan 2025 07:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4755
IP address blocks:        194.104.188.0/24 maxlen: 24
                          194.104.189.0/24 maxlen: 24
                          194.104.190.0/24 maxlen: 24
                          194.104.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/WUmzHrtuTLvQzHcMxvTVD3jw63s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/WUmzHrtuTLvQzHcMxvTVD3jw63s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WUmzHrtuTLvQzHcMxvTVD3jw63s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 10:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:dc:35:91:2f:5b:11:14:1e:62:70:b9:8b:dd:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5949b31ebb6e4cbbd0cc770cc6f4d50f78f0eb7b
        Validity
            Not Before: Jan  1 07:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38beb273c65134dcd4ae652530989489d0c7ba1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:00:13:53:26:0b:a1:e5:d8:ba:b8:4f:6a:87:
                    d6:8c:5e:9d:b2:1f:9e:70:0a:86:6d:7f:d1:82:6c:
                    29:a7:d1:d3:a9:04:81:f7:9e:e0:78:fc:7b:02:5c:
                    e9:da:49:f4:a5:b7:af:df:bc:32:59:27:40:89:88:
                    27:90:ee:81:a6:ff:26:85:b4:70:5a:0a:88:a6:ce:
                    97:d7:d1:3a:30:bc:ee:fb:89:e3:07:d0:eb:d8:77:
                    1a:86:6d:b5:9a:80:60:3a:03:a9:17:d1:2f:f6:4b:
                    6d:b6:a9:c4:d6:99:71:38:3c:79:59:4d:c5:6d:c1:
                    70:c1:72:13:0e:25:1d:3c:a2:30:70:d1:24:74:dd:
                    f1:b7:86:28:03:b3:4c:ea:5d:8b:7e:03:d8:7c:bf:
                    51:69:f9:75:ed:a0:74:97:ca:05:50:c1:c0:76:10:
                    fd:14:eb:d2:b4:c1:6a:57:71:73:ea:83:d5:d8:f2:
                    01:d2:36:61:e1:e6:cd:8d:b7:5b:45:1d:7f:1a:c1:
                    68:11:10:af:aa:d1:ba:66:58:f4:16:63:b3:bd:ab:
                    1c:b8:22:b3:c4:17:c1:38:a3:7d:f4:a2:a8:1a:b5:
                    2c:d1:1e:1e:f4:be:8c:7a:b9:14:db:b2:c1:61:af:
                    ae:92:53:a2:f3:ac:ca:4e:13:5e:6d:23:7d:7e:04:
                    ed:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:BE:B2:73:C6:51:34:DC:D4:AE:65:25:30:98:94:89:D0:C7:BA:1F
            X509v3 Authority Key Identifier:
                keyid:59:49:B3:1E:BB:6E:4C:BB:D0:CC:77:0C:C6:F4:D5:0F:78:F0:EB:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WUmzHrtuTLvQzHcMxvTVD3jw63s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/OL6yc8ZRNNzUrmUlMJiUidDHuh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/WUmzHrtuTLvQzHcMxvTVD3jw63s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:d0:e4:8f:b8:47:fe:be:20:9e:a3:f9:ab:3f:04:6a:3a:f3:
         42:cc:c2:49:83:71:48:65:20:80:da:00:27:96:90:b1:76:94:
         d3:01:60:5a:f4:78:63:e5:2d:bd:95:49:29:68:f3:10:d3:4f:
         cd:1a:24:c6:aa:a5:29:3b:ed:f5:ed:b8:e3:94:ed:91:f9:52:
         24:ed:b8:ec:66:3d:5b:2f:38:f5:0d:19:c2:be:7f:fd:4c:bb:
         00:0e:5e:03:93:01:6f:64:c7:94:58:23:2e:2c:c9:38:bd:f3:
         d4:70:94:bc:62:0f:df:be:34:9d:bf:b2:a6:db:3e:bc:ec:30:
         36:37:2a:cd:97:ef:78:e8:0a:20:10:20:a4:64:d7:ed:b6:5f:
         6b:0f:4e:a0:88:e0:4a:98:6d:ee:6c:22:2b:5a:25:60:15:bb:
         c7:c9:34:96:9f:fb:33:17:93:63:e6:3a:24:a9:c6:4e:8a:f2:
         63:55:72:76:fd:37:13:64:04:43:4f:fd:d3:3a:25:a0:af:33:
         84:0a:29:3d:b2:e3:b2:76:71:d1:58:3b:b3:27:e7:15:c1:86:
         68:e3:38:cf:cb:2b:7c:75:7c:30:ba:3b:b4:f8:44:58:20:1d:
         95:e5:af:51:e1:50:12:c9:32:ce:9e:d1:9f:1f:f2:80:de:68:
         59:22:b9:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1dw1kS9bERQeYnC5i924MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NDliMzFlYmI2ZTRjYmJkMGNjNzcwY2M2ZjRkNTBmNzhm
MGViN2IwHhcNMjUwMTAxMDc0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGJlYjI3M2M2NTEzNGRjZDRhZTY1MjUzMDk4OTQ4OWQwYzdiYTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgATUyYLoeXYurhPaofWjF6dsh+e
cAqGbX/Rgmwpp9HTqQSB957gePx7Alzp2kn0pbev37wyWSdAiYgnkO6Bpv8mhbRw
WgqIps6X19E6MLzu+4njB9Dr2Hcahm21moBgOgOpF9Ev9ktttqnE1plxODx5WU3F
bcFwwXITDiUdPKIwcNEkdN3xt4YoA7NM6l2LfgPYfL9Rafl17aB0l8oFUMHAdhD9
FOvStMFqV3Fz6oPV2PIB0jZh4ebNjbdbRR1/GsFoERCvqtG6Zlj0FmOzvascuCKz
xBfBOKN99KKoGrUs0R4e9L6MerkU27LBYa+uklOi86zKThNebSN9fgTtIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDi+snPGUTTc1K5lJTCYlInQx7ofMB8GA1UdIwQY
MBaAFFlJsx67bky70Mx3DMb01Q948Ot7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1VtekhydHVUTHZRekhjTXh2VFZEM2p3NjNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9kZTVhZGQtYWM2OC00ZmIxLTg0MTkt
MzE4MGFlNDI3NGYzLzEvT0w2eWM4WlJOTnpVcm1VbE1KaVVpZERIdWg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9kZTVhZGQtYWM2OC00ZmIxLTg0MTktMzE4MGFlNDI3NGYz
LzEvV1VtekhydHVUTHZRekhjTXh2VFZEM2p3NjNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwmi8MA0G
CSqGSIb3DQEBCwUAA4IBAQB20OSPuEf+viCeo/mrPwRqOvNCzMJJg3FIZSCA2gAn
lpCxdpTTAWBa9Hhj5S29lUkpaPMQ00/NGiTGqqUpO+317bjjlO2R+VIk7bjsZj1b
Lzj1DRnCvn/9TLsADl4DkwFvZMeUWCMuLMk4vfPUcJS8Yg/fvjSdv7Km2z687DA2
NyrNl+946AogECCkZNfttl9rD06giOBKmG3ubCIrWiVgFbvHyTSWn/szF5Nj5jok
qcZOivJjVXJ2/TcTZARDT/3TOiWgrzOECik9suOydnHRWDuzJ+cVwYZo4zjPyyt8
dXwwuju0+ERYIB2V5a9R4VASyTLOntGfH/KA3mhZIrmG
-----END CERTIFICATE-----