Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/OUGBI7BlnTw0a5X7dKKwHfI0HEE.roa
File:                     OUGBI7BlnTw0a5X7dKKwHfI0HEE.roa (raw, json)
Hash identifier:          Yz2VNrBZP3pqqAR/Tq6Xwl7KjOjN+fv8NOiFldptcCo=
Subject key identifier:   39:41:81:23:B0:65:9D:3C:34:6B:95:FB:74:A2:B0:1D:F2:34:1C:41
Certificate issuer:       /CN=8f4669216a2078cb024231f4632eab4da7ee4bc1
Certificate serial:       0196B090A06149C4CFA6B07D1DE1898915D5
Authority key identifier: 8F:46:69:21:6A:20:78:CB:02:42:31:F4:63:2E:AB:4D:A7:EE:4B:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/OUGBI7BlnTw0a5X7dKKwHfI0HEE.roa
Signing time:             Thu 08 May 2025 15:43:10 +0000
ROA not before:           Thu 08 May 2025 15:43:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.46.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b0:90:a0:61:49:c4:cf:a6:b0:7d:1d:e1:89:89:15:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4669216a2078cb024231f4632eab4da7ee4bc1
        Validity
            Not Before: May  8 15:43:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39418123b0659d3c346b95fb74a2b01df2341c41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:55:33:e4:99:e5:a0:58:a8:a7:ee:38:80:ba:
                    18:b5:bf:40:4e:ad:cc:ba:3f:16:6b:32:1d:64:1e:
                    b9:16:d8:b7:04:83:bb:d5:d8:0c:0c:6c:ec:43:12:
                    65:35:61:36:31:c6:9d:58:8a:6f:49:4d:0a:c6:ea:
                    65:33:0b:3a:06:f4:99:d3:c6:d0:4b:61:7c:b4:7b:
                    d0:4e:83:16:2a:57:d9:6a:a6:84:90:79:81:8e:99:
                    82:61:cc:8f:8c:d1:dc:73:2b:6d:4a:d6:d8:b1:ce:
                    37:8d:e4:a4:47:fd:3f:7f:5b:4e:03:50:e2:e1:44:
                    82:c1:78:c0:dc:35:c8:63:d5:e4:36:bc:94:c2:77:
                    41:be:47:f3:88:17:90:49:b5:21:62:d5:db:41:d9:
                    a9:95:2b:81:c5:ba:1d:c6:9a:92:89:63:c8:9b:8d:
                    40:4c:04:67:51:d4:02:71:b8:97:4b:cd:ce:d8:a3:
                    8b:cc:87:42:53:3e:fa:d6:4b:bc:26:0b:2e:ff:c2:
                    d9:8b:2f:15:6d:d6:eb:31:24:2a:06:50:91:ad:91:
                    4e:ed:a5:49:24:f6:2c:66:9c:64:ec:7e:53:d9:51:
                    e2:f5:03:bf:c2:ab:0b:e0:c7:00:56:33:43:cb:11:
                    97:29:8f:66:78:b1:b1:ef:a9:b2:63:ff:02:59:8a:
                    67:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:41:81:23:B0:65:9D:3C:34:6B:95:FB:74:A2:B0:1D:F2:34:1C:41
            X509v3 Authority Key Identifier:
                keyid:8F:46:69:21:6A:20:78:CB:02:42:31:F4:63:2E:AB:4D:A7:EE:4B:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/OUGBI7BlnTw0a5X7dKKwHfI0HEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:50:d1:d5:d0:ed:41:a2:55:55:49:73:a9:20:52:0d:94:03:
         a2:ca:ff:47:2b:ab:1b:f3:4b:21:ee:2b:b5:bd:2e:4f:39:ea:
         86:68:6f:04:f3:41:a5:7d:ec:b1:0b:7e:5c:ff:94:c0:c6:92:
         b0:6d:00:6b:63:3a:e2:dc:6e:16:5b:c9:80:71:21:fd:e6:e2:
         5e:b3:f1:57:de:08:e2:8a:7f:ae:c1:9c:dd:47:f9:f1:66:74:
         71:98:8c:d2:99:4a:27:e2:fa:ad:c2:02:79:29:59:5a:dd:f0:
         c4:f5:34:44:0d:fb:9c:54:29:cc:17:47:22:86:04:42:5f:ab:
         3f:bc:e1:ce:c7:65:1d:aa:00:6f:91:1e:68:7b:70:d4:77:e7:
         82:4d:9c:b2:31:80:7a:83:4d:ec:91:a0:73:80:78:f6:c6:1a:
         83:70:f5:10:ec:33:7c:9b:2e:bf:70:46:d8:89:fe:a3:e7:3f:
         16:ea:88:c5:f7:a4:35:16:d1:0b:b0:98:96:11:3c:df:c6:49:
         99:00:ff:5f:2d:57:33:fc:4a:a9:e9:f6:54:16:1c:25:fc:40:
         6e:8c:4f:67:77:5d:4f:84:88:0d:b6:83:97:b7:e6:09:14:11:
         30:a3:36:2e:de:e7:77:4f:c6:8f:30:14:98:44:16:f1:68:5f:
         32:63:c5:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZawkKBhScTPprB9HeGJiRXVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmNDY2OTIxNmEyMDc4Y2IwMjQyMzFmNDYzMmVhYjRkYTdl
ZTRiYzEwHhcNMjUwNTA4MTU0MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTQxODEyM2IwNjU5ZDNjMzQ2Yjk1ZmI3NGEyYjAxZGYyMzQxYzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2VUz5JnloFiop+44gLoYtb9ATq3M
uj8WazIdZB65Fti3BIO71dgMDGzsQxJlNWE2McadWIpvSU0KxuplMws6BvSZ08bQ
S2F8tHvQToMWKlfZaqaEkHmBjpmCYcyPjNHccyttStbYsc43jeSkR/0/f1tOA1Di
4USCwXjA3DXIY9XkNryUwndBvkfziBeQSbUhYtXbQdmplSuBxbodxpqSiWPIm41A
TARnUdQCcbiXS83O2KOLzIdCUz761ku8Jgsu/8LZiy8VbdbrMSQqBlCRrZFO7aVJ
JPYsZpxk7H5T2VHi9QO/wqsL4McAVjNDyxGXKY9meLGx76myY/8CWYpntQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDlBgSOwZZ08NGuV+3SisB3yNBxBMB8GA1UdIwQY
MBaAFI9GaSFqIHjLAkIx9GMuq02n7kvBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajBacElXb2dlTXNDUWpIMFl5NnJUYWZ1UzhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9kYTQ4ZTItZmY2My00YmNkLTgyYTIt
ZDdiOGViNDYwOGUyLzEvT1VHQkk3QmxuVHcwYTVYN2RLS3dIZkkwSEVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9kYTQ4ZTItZmY2My00YmNkLTgyYTItZDdiOGViNDYwOGUy
LzEvajBacElXb2dlTXNDUWpIMFl5NnJUYWZ1UzhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuS5xMA0G
CSqGSIb3DQEBCwUAA4IBAQAlUNHV0O1BolVVSXOpIFINlAOiyv9HK6sb80sh7iu1
vS5POeqGaG8E80GlfeyxC35c/5TAxpKwbQBrYzri3G4WW8mAcSH95uJes/FX3gji
in+uwZzdR/nxZnRxmIzSmUon4vqtwgJ5KVla3fDE9TREDfucVCnMF0cihgRCX6s/
vOHOx2UdqgBvkR5oe3DUd+eCTZyyMYB6g03skaBzgHj2xhqDcPUQ7DN8my6/cEbY
if6j5z8W6ojF96Q1FtELsJiWETzfxkmZAP9fLVcz/Eqp6fZUFhwl/EBujE9nd11P
hIgNtoOXt+YJFBEwozYu3ud3T8aPMBSYRBbxaF8yY8Ux
-----END CERTIFICATE-----