Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/228b42-49fb-42cd-8b1b-2164d9995198/1/OMjXgufGu7qz8nFaTx0akX2s_bA.roa
File:                     OMjXgufGu7qz8nFaTx0akX2s_bA.roa (raw, json)
Hash identifier:          BFAAWnjI4vlasJk/UdPdP2Sw5YmLCiP6pm/D70iwFGw=
Subject key identifier:   38:C8:D7:82:E7:C6:BB:BA:B3:F2:71:5A:4F:1D:1A:91:7D:AC:FD:B0
Certificate issuer:       /CN=2d2cc139321951db276f3ffa293ac0a0f3fa8bf7
Certificate serial:       019715F56BD4EF0D334C49F6C2E8646308AA
Authority key identifier: 2D:2C:C1:39:32:19:51:DB:27:6F:3F:FA:29:3A:C0:A0:F3:FA:8B:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LSzBOTIZUdsnbz_6KTrAoPP6i_c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/228b42-49fb-42cd-8b1b-2164d9995198/1/OMjXgufGu7qz8nFaTx0akX2s_bA.roa
Signing time:             Wed 28 May 2025 08:14:54 +0000
ROA not before:           Wed 28 May 2025 08:14:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213701
IP address blocks:        193.17.67.0/24 maxlen: 24
                          2001:678:3ec::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/228b42-49fb-42cd-8b1b-2164d9995198/1/LSzBOTIZUdsnbz_6KTrAoPP6i_c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/228b42-49fb-42cd-8b1b-2164d9995198/1/LSzBOTIZUdsnbz_6KTrAoPP6i_c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LSzBOTIZUdsnbz_6KTrAoPP6i_c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 16:57:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:15:f5:6b:d4:ef:0d:33:4c:49:f6:c2:e8:64:63:08:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d2cc139321951db276f3ffa293ac0a0f3fa8bf7
        Validity
            Not Before: May 28 08:14:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38c8d782e7c6bbbab3f2715a4f1d1a917dacfdb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:6c:f4:68:ea:fa:3e:c5:6a:fc:ee:3c:43:7d:
                    cc:20:83:a4:90:4d:25:f0:c3:09:22:af:a6:38:f8:
                    ca:80:c7:26:b8:00:40:6c:a4:eb:9e:72:ae:65:ad:
                    ee:af:5a:f2:d7:2b:e2:c3:58:b6:28:a4:ee:3c:33:
                    31:a7:9e:d6:57:ae:59:f7:2c:77:6e:ff:43:35:c4:
                    13:94:0b:1a:a4:41:3c:d9:fc:c3:f4:a2:8c:c3:3c:
                    4f:e8:ab:35:96:ef:e9:a1:95:0e:22:8b:03:0d:d9:
                    99:a3:2c:c3:60:99:2f:46:26:71:04:e4:61:c8:38:
                    b6:76:9d:34:02:d1:01:9a:bd:13:76:82:db:1c:aa:
                    b7:81:3d:f2:27:59:a4:ec:8b:d8:a1:de:56:e6:b8:
                    07:0c:8d:38:9c:dc:0a:79:cb:66:a9:28:2e:89:0f:
                    b1:39:b3:60:8f:45:1b:9d:78:e9:aa:bd:10:5e:cd:
                    3e:f8:60:39:e2:2f:02:cb:b5:ed:ee:57:80:9b:4b:
                    38:53:50:a5:6d:76:17:d5:26:31:4f:01:ae:64:bb:
                    7f:f9:a4:08:51:ba:b1:98:12:e0:ed:9e:7d:6f:39:
                    48:20:73:40:54:ed:65:9b:a5:80:72:57:a2:0b:e7:
                    25:7a:9b:8e:ed:89:23:b7:d5:85:de:f9:56:09:cd:
                    54:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:C8:D7:82:E7:C6:BB:BA:B3:F2:71:5A:4F:1D:1A:91:7D:AC:FD:B0
            X509v3 Authority Key Identifier:
                keyid:2D:2C:C1:39:32:19:51:DB:27:6F:3F:FA:29:3A:C0:A0:F3:FA:8B:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LSzBOTIZUdsnbz_6KTrAoPP6i_c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/228b42-49fb-42cd-8b1b-2164d9995198/1/OMjXgufGu7qz8nFaTx0akX2s_bA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/228b42-49fb-42cd-8b1b-2164d9995198/1/LSzBOTIZUdsnbz_6KTrAoPP6i_c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.67.0/24
                IPv6:
                  2001:678:3ec::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:47:5d:9b:ac:24:79:ba:9e:7c:65:62:8d:d8:1f:bb:c5:7c:
         5c:d4:f5:0c:56:5a:a3:a7:1f:3f:94:07:9c:14:5a:4e:94:42:
         53:17:24:89:f5:f2:59:af:82:9c:4f:62:10:0f:73:f4:3a:b7:
         1e:b2:4f:33:b7:6d:55:82:0a:fa:35:c1:d9:d4:10:aa:1f:e6:
         25:fa:6c:b3:f6:c3:d4:4f:a4:7b:d1:7a:06:96:27:a7:df:25:
         03:7b:d6:82:e7:41:14:9d:7c:16:ae:b6:23:0a:3b:ef:d7:b9:
         ac:89:73:70:52:3c:94:14:30:a9:86:a0:ab:c9:0c:a9:fa:f7:
         6c:47:e2:97:57:63:12:22:9b:75:5b:d0:4b:db:ca:7c:cb:88:
         13:96:33:67:e4:4c:f6:0f:fb:f6:44:39:55:a7:73:1f:e3:10:
         97:70:37:91:79:24:f0:7d:31:38:46:41:a0:b6:66:5b:46:53:
         fb:14:38:4f:dc:64:23:f9:cc:3e:82:57:a3:bb:50:43:47:86:
         c2:3c:43:74:ae:b0:f9:31:8c:9d:eb:7a:14:e9:da:75:1c:f9:
         d9:de:e9:96:58:94:59:e7:3c:31:de:db:5d:93:c8:f0:46:57:
         e5:b4:34:16:07:c6:5f:0d:1c:7f:3b:69:26:36:2d:4d:cc:19:
         d3:66:e1:bb
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZcV9WvU7w0zTEn2wuhkYwiqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMmNjMTM5MzIxOTUxZGIyNzZmM2ZmYTI5M2FjMGEwZjNm
YThiZjcwHhcNMjUwNTI4MDgxNDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGM4ZDc4MmU3YzZiYmJhYjNmMjcxNWE0ZjFkMWE5MTdkYWNmZGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2z0aOr6PsVq/O48Q33MIIOkkE0l
8MMJIq+mOPjKgMcmuABAbKTrnnKuZa3ur1ry1yviw1i2KKTuPDMxp57WV65Z9yx3
bv9DNcQTlAsapEE82fzD9KKMwzxP6Ks1lu/poZUOIosDDdmZoyzDYJkvRiZxBORh
yDi2dp00AtEBmr0TdoLbHKq3gT3yJ1mk7IvYod5W5rgHDI04nNwKectmqSguiQ+x
ObNgj0UbnXjpqr0QXs0++GA54i8Cy7Xt7leAm0s4U1ClbXYX1SYxTwGuZLt/+aQI
UbqxmBLg7Z59bzlIIHNAVO1lm6WAcleiC+clepuO7Ykjt9WF3vlWCc1UNwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDjI14Lnxru6s/JxWk8dGpF9rP2wMB8GA1UdIwQY
MBaAFC0swTkyGVHbJ28/+ik6wKDz+ov3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFN6Qk9USVpVZHNuYnpfNktUckFvUFA2aV9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8yMjhiNDItNDlmYi00MmNkLThiMWIt
MjE2NGQ5OTk1MTk4LzEvT01qWGd1Zkd1N3F6OG5GYVR4MGFrWDJzX2JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi8yMjhiNDItNDlmYi00MmNkLThiMWItMjE2NGQ5OTk1MTk4
LzEvTFN6Qk9USVpVZHNuYnpfNktUckFvUFA2aV9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwRFDMA8E
AgACMAkDBwAgAQZ4A+wwDQYJKoZIhvcNAQELBQADggEBAD5HXZusJHm6nnxlYo3Y
H7vFfFzU9QxWWqOnHz+UB5wUWk6UQlMXJIn18lmvgpxPYhAPc/Q6tx6yTzO3bVWC
Cvo1wdnUEKof5iX6bLP2w9RPpHvRegaWJ6ffJQN71oLnQRSdfBautiMKO+/XuayJ
c3BSPJQUMKmGoKvJDKn692xH4pdXYxIim3Vb0EvbynzLiBOWM2fkTPYP+/ZEOVWn
cx/jEJdwN5F5JPB9MThGQaC2ZltGU/sUOE/cZCP5zD6CV6O7UENHhsI8Q3SusPkx
jJ3rehTp2nUc+dne6ZZYlFnnPDHe212TyPBGV+W0NBYHxl8NHH87aSY2LU3MGdNm
4bs=
-----END CERTIFICATE-----