Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/0bf196-65ab-4e74-a61a-819164b92b88/1/O4OjioqtdLSc9vBVs2H8waPnIgU.roa
File:                     O4OjioqtdLSc9vBVs2H8waPnIgU.roa (raw, json)
Hash identifier:          NSGxfFoC9xrE9ZgK+kDfAmJ0Yg5M2rh+aZQuRq8sgYc=
Subject key identifier:   3B:83:A3:8A:8A:AD:74:B4:9C:F6:F0:55:B3:61:FC:C1:A3:E7:22:05
Certificate issuer:       /CN=c51791a5811c7f6ed81fd441b50265af5e9c61b0
Certificate serial:       01963948203F8AF208EFC3DB309B196913D9
Authority key identifier: C5:17:91:A5:81:1C:7F:6E:D8:1F:D4:41:B5:02:65:AF:5E:9C:61:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xReRpYEcf27YH9RBtQJlr16cYbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/0bf196-65ab-4e74-a61a-819164b92b88/1/O4OjioqtdLSc9vBVs2H8waPnIgU.roa
Signing time:             Tue 15 Apr 2025 11:49:10 +0000
ROA not before:           Tue 15 Apr 2025 11:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206108
IP address blocks:        185.170.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/0bf196-65ab-4e74-a61a-819164b92b88/1/xReRpYEcf27YH9RBtQJlr16cYbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/0bf196-65ab-4e74-a61a-819164b92b88/1/xReRpYEcf27YH9RBtQJlr16cYbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xReRpYEcf27YH9RBtQJlr16cYbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Jun 2025 13:26:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:39:48:20:3f:8a:f2:08:ef:c3:db:30:9b:19:69:13:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c51791a5811c7f6ed81fd441b50265af5e9c61b0
        Validity
            Not Before: Apr 15 11:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b83a38a8aad74b49cf6f055b361fcc1a3e72205
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:5c:2c:03:02:ac:15:8c:0f:f5:ad:9d:8b:5d:
                    00:87:b9:88:a5:0c:19:ea:1e:cb:02:a8:e4:56:98:
                    e9:9a:ea:76:07:a2:cb:49:8d:67:47:54:60:c2:2e:
                    ca:8c:11:9e:bb:48:ae:ca:86:48:6b:dd:db:ee:fc:
                    b5:25:f2:f5:0f:f8:1e:6a:f0:a5:b9:5e:b0:fd:3d:
                    0e:36:f6:a1:30:81:75:57:da:6d:9f:6a:6d:98:95:
                    ab:e0:6f:61:fb:59:9d:1a:fe:87:b3:7d:a6:47:50:
                    3e:76:0c:4f:e9:18:14:f2:cb:66:bc:d8:a0:0c:12:
                    33:b0:4c:92:af:0a:c4:12:1b:41:b2:00:43:23:76:
                    42:34:b8:9c:93:a4:89:bf:f7:2a:64:b2:1d:a2:4a:
                    83:29:69:91:11:6a:da:32:8e:7f:c0:b0:c0:ff:9c:
                    ee:99:61:70:08:2a:69:40:ed:fe:32:1a:2a:12:95:
                    2f:18:2e:4b:37:b7:be:48:13:72:1d:fe:ed:ce:93:
                    2f:6e:24:73:fe:10:ea:7d:00:76:86:15:b4:f1:f8:
                    f0:87:50:cc:3e:66:a5:ae:97:0c:73:d7:3c:95:6c:
                    85:3a:a5:d5:75:3a:40:04:02:3b:2b:3c:5b:67:dc:
                    05:c5:b5:9c:7e:7f:29:c3:47:05:1e:cc:c8:24:a0:
                    1f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:83:A3:8A:8A:AD:74:B4:9C:F6:F0:55:B3:61:FC:C1:A3:E7:22:05
            X509v3 Authority Key Identifier:
                keyid:C5:17:91:A5:81:1C:7F:6E:D8:1F:D4:41:B5:02:65:AF:5E:9C:61:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xReRpYEcf27YH9RBtQJlr16cYbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/0bf196-65ab-4e74-a61a-819164b92b88/1/O4OjioqtdLSc9vBVs2H8waPnIgU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/0bf196-65ab-4e74-a61a-819164b92b88/1/xReRpYEcf27YH9RBtQJlr16cYbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:c7:f2:8f:e7:1f:29:82:f1:76:c4:69:5c:59:f5:4e:f7:3c:
         65:5c:1b:f0:2b:d1:04:34:7d:f7:04:9f:8f:26:a9:eb:1c:b0:
         9a:9b:c3:61:1a:7f:61:41:94:d1:82:b0:17:46:95:cc:d5:48:
         1d:39:4a:5a:c4:0d:fb:e2:9f:ee:6a:f4:6d:35:fb:a0:bf:07:
         02:0f:26:59:6b:0d:2d:a7:10:23:44:0d:3b:f8:b9:29:94:2e:
         9b:50:99:43:e7:a7:65:cc:04:b2:fb:e0:ed:9f:03:39:f3:0c:
         78:e3:43:0b:bf:97:da:ad:40:3d:2e:7e:f2:1c:a2:46:cf:7d:
         e6:ed:f7:4d:c1:f1:8d:3a:a2:b0:ec:1e:6c:4e:26:e2:ab:f8:
         99:37:a7:1f:31:4c:c4:30:e9:25:8a:84:15:55:ca:f0:93:e8:
         1f:75:e0:dc:53:85:df:99:11:02:ae:9c:47:0e:6a:93:f0:11:
         17:e8:fa:10:ac:ad:9e:dc:3d:07:0a:76:d2:21:7c:1b:18:7a:
         b7:71:51:5e:52:16:cf:11:83:6f:d2:1c:8e:b3:83:42:1a:66:
         fe:29:e6:1d:e5:df:c2:02:45:35:1c:1f:5b:6d:28:5c:1a:96:
         0e:29:4c:91:e0:1e:76:23:3d:38:83:5a:48:9a:51:75:cd:a4:
         2d:96:60:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY5SCA/ivII78PbMJsZaRPZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1MTc5MWE1ODExYzdmNmVkODFmZDQ0MWI1MDI2NWFmNWU5
YzYxYjAwHhcNMjUwNDE1MTE0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjgzYTM4YThhYWQ3NGI0OWNmNmYwNTViMzYxZmNjMWEzZTcyMjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3lwsAwKsFYwP9a2di10Ah7mIpQwZ
6h7LAqjkVpjpmup2B6LLSY1nR1Rgwi7KjBGeu0iuyoZIa93b7vy1JfL1D/geavCl
uV6w/T0ONvahMIF1V9ptn2ptmJWr4G9h+1mdGv6Hs32mR1A+dgxP6RgU8stmvNig
DBIzsEySrwrEEhtBsgBDI3ZCNLick6SJv/cqZLIdokqDKWmREWraMo5/wLDA/5zu
mWFwCCppQO3+MhoqEpUvGC5LN7e+SBNyHf7tzpMvbiRz/hDqfQB2hhW08fjwh1DM
PmalrpcMc9c8lWyFOqXVdTpABAI7KzxbZ9wFxbWcfn8pw0cFHszIJKAfhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuDo4qKrXS0nPbwVbNh/MGj5yIFMB8GA1UdIwQY
MBaAFMUXkaWBHH9u2B/UQbUCZa9enGGwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFJlUnBZRWNmMjdZSDlSQnRRSmxyMTZjWWJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8wYmYxOTYtNjVhYi00ZTc0LWE2MWEt
ODE5MTY0YjkyYjg4LzEvTzRPamlvcXRkTFNjOXZCVnMySDh3YVBuSWdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8wYmYxOTYtNjVhYi00ZTc0LWE2MWEtODE5MTY0YjkyYjg4
LzEveFJlUnBZRWNmMjdZSDlSQnRRSmxyMTZjWWJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuarjMA0G
CSqGSIb3DQEBCwUAA4IBAQBAx/KP5x8pgvF2xGlcWfVO9zxlXBvwK9EENH33BJ+P
JqnrHLCam8NhGn9hQZTRgrAXRpXM1UgdOUpaxA374p/uavRtNfugvwcCDyZZaw0t
pxAjRA07+LkplC6bUJlD56dlzASy++DtnwM58wx440MLv5farUA9Ln7yHKJGz33m
7fdNwfGNOqKw7B5sTibiq/iZN6cfMUzEMOklioQVVcrwk+gfdeDcU4XfmRECrpxH
DmqT8BEX6PoQrK2e3D0HCnbSIXwbGHq3cVFeUhbPEYNv0hyOs4NCGmb+KeYd5d/C
AkU1HB9bbShcGpYOKUyR4B52Iz04g1pImlF1zaQtlmCR
-----END CERTIFICATE-----